> Enter [BeforeAll] [release-service-suite Release service tenant pipeline] - /tmp/tmp.x1MqQ7KQDy/tests/release/service/tenant_pipelines.go:41 @ 05/06/26 07:02:05.861 snapshotPush.Name: %s snapshot-sample-zzeb < Exit [BeforeAll] [release-service-suite Release service tenant pipeline] - /tmp/tmp.x1MqQ7KQDy/tests/release/service/tenant_pipelines.go:41 @ 05/06/26 07:02:30.144 (24.283s) > Enter [It] verifies that a Release CR should have been created in the dev namespace - /tmp/tmp.x1MqQ7KQDy/tests/release/service/tenant_pipelines.go:110 @ 05/06/26 07:02:30.144 < Exit [It] verifies that a Release CR should have been created in the dev namespace - /tmp/tmp.x1MqQ7KQDy/tests/release/service/tenant_pipelines.go:110 @ 05/06/26 07:02:30.236 (92ms) > Enter [AfterEach] [release-service-suite Release service tenant pipeline] - /tmp/tmp.x1MqQ7KQDy/tests/release/service/tenant_pipelines.go:28 @ 05/06/26 07:02:30.236 < Exit [AfterEach] [release-service-suite Release service tenant pipeline] - /tmp/tmp.x1MqQ7KQDy/tests/release/service/tenant_pipelines.go:28 @ 05/06/26 07:02:30.236 (0s) > Enter [It] verifies that Tenant PipelineRun is triggered - /tmp/tmp.x1MqQ7KQDy/tests/release/service/tenant_pipelines.go:117 @ 05/06/26 07:02:30.237 PipelineRun has not been created yet for release %s/%s tenant-dev-uatr snapshot-sample-zzeb-pts4s PipelineRun tenant-fg6ff reason: Running PipelineRun tenant-fg6ff reason: Succeeded < Exit [It] verifies that Tenant PipelineRun is triggered - /tmp/tmp.x1MqQ7KQDy/tests/release/service/tenant_pipelines.go:117 @ 05/06/26 07:03:10.343 (40.106s) > Enter [AfterEach] [release-service-suite Release service tenant pipeline] - /tmp/tmp.x1MqQ7KQDy/tests/release/service/tenant_pipelines.go:28 @ 05/06/26 07:03:10.343 < Exit [AfterEach] [release-service-suite Release service tenant pipeline] - /tmp/tmp.x1MqQ7KQDy/tests/release/service/tenant_pipelines.go:28 @ 05/06/26 07:03:10.343 (0s) > Enter [It] verifies that a Release is marked as succeeded. - /tmp/tmp.x1MqQ7KQDy/tests/release/service/tenant_pipelines.go:121 @ 05/06/26 07:03:10.344 < Exit [It] verifies that a Release is marked as succeeded. - /tmp/tmp.x1MqQ7KQDy/tests/release/service/tenant_pipelines.go:121 @ 05/06/26 07:03:10.397 (53ms) > Enter [AfterEach] [release-service-suite Release service tenant pipeline] - /tmp/tmp.x1MqQ7KQDy/tests/release/service/tenant_pipelines.go:28 @ 05/06/26 07:03:10.397 < Exit [AfterEach] [release-service-suite Release service tenant pipeline] - /tmp/tmp.x1MqQ7KQDy/tests/release/service/tenant_pipelines.go:28 @ 05/06/26 07:03:10.397 (0s) > Enter [AfterAll] [release-service-suite Release service tenant pipeline] - /tmp/tmp.x1MqQ7KQDy/tests/release/service/tenant_pipelines.go:102 @ 05/06/26 07:03:10.397 < Exit [AfterAll] [release-service-suite Release service tenant pipeline] - /tmp/tmp.x1MqQ7KQDy/tests/release/service/tenant_pipelines.go:102 @ 05/06/26 07:04:11.572 (1m1.175s) > Enter [BeforeAll] DR Backwards-Compat - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:48 @ 05/06/26 07:42:16.334 STEP: Validating OADP operator health: pods running in openshift-adp - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:52 @ 05/06/26 07:42:17.923 STEP: Validating Velero readiness: deployment has ready replicas - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:52 @ 05/06/26 07:42:17.93 STEP: Validating BSL availability: at least one BackupStorageLocation is Available - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:52 @ 05/06/26 07:42:17.937 STEP: Validating GitHub repo is reachable: https://github.com/redhat-appstudio-qe/DR_test_MathWizz - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:52 @ 05/06/26 07:42:17.96 STEP: Validating repo structure: 3 component Dockerfiles exist - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:52 @ 05/06/26 07:42:17.96 STEP: Forking DR_test_MathWizz → DR-MathWizz-qsllmm for tenant dr-test-kokohazamar-backwards-compat-dr - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:55 @ 05/06/26 07:42:18.247 STEP: Forking DR_test_MathWizz → DR-MathWizz-seoipt for tenant dr-test-moshekipod-backwards-compat-dr - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:55 @ 05/06/26 07:42:19.411 < Exit [BeforeAll] DR Backwards-Compat - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:48 @ 05/06/26 07:42:20.446 (4.112s) > Enter [It] should create both tenants concurrently - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:61 @ 05/06/26 07:42:20.446 STEP: Creating tenant namespace dr-test-moshekipod-backwards-compat-dr - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:68 @ 05/06/26 07:42:20.446 STEP: Creating tenant namespace dr-test-kokohazamar-backwards-compat-dr - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:68 @ 05/06/26 07:42:20.446 STEP: Creating Application moshekipod-backwards-compat-dr in namespace dr-test-moshekipod-backwards-compat-dr - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:68 @ 05/06/26 07:42:21.499 STEP: Creating Component mathwizz-web-server in namespace dr-test-moshekipod-backwards-compat-dr - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:68 @ 05/06/26 07:42:21.626 STEP: Creating Component mathwizz-history-worker in namespace dr-test-moshekipod-backwards-compat-dr - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:68 @ 05/06/26 07:42:21.689 STEP: Creating Component mathwizz-frontend in namespace dr-test-moshekipod-backwards-compat-dr - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:68 @ 05/06/26 07:42:21.712 STEP: Creating managed namespace dr-test-moshekipod-backwards-compat-dr-managed for release pipelines - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:68 @ 05/06/26 07:42:21.756 STEP: Creating Application kokohazamar-backwards-compat-dr in namespace dr-test-kokohazamar-backwards-compat-dr - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:68 @ 05/06/26 07:42:23.528 STEP: Creating Component mathwizz-web-server in namespace dr-test-kokohazamar-backwards-compat-dr - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:68 @ 05/06/26 07:42:23.575 STEP: Creating Component mathwizz-history-worker in namespace dr-test-kokohazamar-backwards-compat-dr - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:68 @ 05/06/26 07:42:23.599 STEP: Creating Component mathwizz-frontend in namespace dr-test-kokohazamar-backwards-compat-dr - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:68 @ 05/06/26 07:42:23.623 STEP: Creating managed namespace dr-test-kokohazamar-backwards-compat-dr-managed for release pipelines - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:68 @ 05/06/26 07:42:23.643 STEP: Creating release pipeline ServiceAccount release-service-account in managed namespace dr-test-moshekipod-backwards-compat-dr-managed - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:68 @ 05/06/26 07:42:23.817 STEP: Creating release pipeline RoleBinding in managed namespace dr-test-moshekipod-backwards-compat-dr-managed - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:68 @ 05/06/26 07:42:23.833 STEP: Creating registry auth secrets in managed namespace dr-test-moshekipod-backwards-compat-dr-managed - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:68 @ 05/06/26 07:42:23.848 STEP: Linking Quay auth secret to release SA in managed namespace dr-test-moshekipod-backwards-compat-dr-managed - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:68 @ 05/06/26 07:42:23.868 STEP: Creating cosign signing secret in managed namespace dr-test-moshekipod-backwards-compat-dr-managed - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:68 @ 05/06/26 07:42:23.872 STEP: Getting default Enterprise Contract policy from enterprise-contract-service namespace - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:68 @ 05/06/26 07:42:23.884 STEP: Creating Enterprise Contract policy dr-ec-policy in managed namespace dr-test-moshekipod-backwards-compat-dr-managed - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:68 @ 05/06/26 07:42:23.889 STEP: Creating ReleasePlan dr-releaseplan in tenant namespace dr-test-moshekipod-backwards-compat-dr - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:68 @ 05/06/26 07:42:23.9 STEP: Creating ReleasePlanAdmission dr-releaseplanadmission in managed namespace dr-test-moshekipod-backwards-compat-dr-managed - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:68 @ 05/06/26 07:42:24.158 STEP: Creating release PVC dr-release-pvc in managed namespace dr-test-moshekipod-backwards-compat-dr-managed - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:68 @ 05/06/26 07:42:24.281 STEP: Creating secrets access Role in managed namespace dr-test-moshekipod-backwards-compat-dr-managed - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:68 @ 05/06/26 07:42:24.3 STEP: Creating secrets access RoleBinding in managed namespace dr-test-moshekipod-backwards-compat-dr-managed - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:68 @ 05/06/26 07:42:24.308 STEP: Creating release pipeline ServiceAccount release-service-account in managed namespace dr-test-kokohazamar-backwards-compat-dr-managed - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:68 @ 05/06/26 07:42:26.687 STEP: Creating release pipeline RoleBinding in managed namespace dr-test-kokohazamar-backwards-compat-dr-managed - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:68 @ 05/06/26 07:42:26.698 STEP: Creating registry auth secrets in managed namespace dr-test-kokohazamar-backwards-compat-dr-managed - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:68 @ 05/06/26 07:42:26.719 STEP: Linking Quay auth secret to release SA in managed namespace dr-test-kokohazamar-backwards-compat-dr-managed - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:68 @ 05/06/26 07:42:26.735 STEP: Creating cosign signing secret in managed namespace dr-test-kokohazamar-backwards-compat-dr-managed - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:68 @ 05/06/26 07:42:26.745 STEP: Getting default Enterprise Contract policy from enterprise-contract-service namespace - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:68 @ 05/06/26 07:42:26.762 STEP: Creating Enterprise Contract policy dr-ec-policy in managed namespace dr-test-kokohazamar-backwards-compat-dr-managed - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:68 @ 05/06/26 07:42:26.768 STEP: Creating ReleasePlan dr-releaseplan in tenant namespace dr-test-kokohazamar-backwards-compat-dr - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:68 @ 05/06/26 07:42:26.778 STEP: Creating ReleasePlanAdmission dr-releaseplanadmission in managed namespace dr-test-kokohazamar-backwards-compat-dr-managed - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:68 @ 05/06/26 07:42:26.848 STEP: Creating release PVC dr-release-pvc in managed namespace dr-test-kokohazamar-backwards-compat-dr-managed - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:68 @ 05/06/26 07:42:26.87 STEP: Creating secrets access Role in managed namespace dr-test-kokohazamar-backwards-compat-dr-managed - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:68 @ 05/06/26 07:42:26.888 STEP: Creating secrets access RoleBinding in managed namespace dr-test-kokohazamar-backwards-compat-dr-managed - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:68 @ 05/06/26 07:42:26.902 < Exit [It] should create both tenants concurrently - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:61 @ 05/06/26 07:42:26.919 (6.473s) > Enter [AfterEach] DR Backwards-Compat - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:44 @ 05/06/26 07:42:26.919 < Exit [AfterEach] DR Backwards-Compat - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:44 @ 05/06/26 07:42:26.919 (0s) [TIMEDOUT] A suite timeout occurred In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:74 @ 05/06/26 08:29:39.171 This is the Progress Report generated when the suite timeout occurred: [disaster-recovery DR Suite] DR Backwards-Compat when creating tenants on the old Konflux version should wait for all build PipelineRuns to succeed (Spec Runtime: 47m12.251s) /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:74 In [It] (Node Runtime: 47m12.251s) /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:74 At [By Step] Waiting for test PipelineRun for mathwizz-frontend in dr-test-kokohazamar-backwards-compat-dr (base: 0) (Step Runtime: 42m11.945s) /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/tenant_application_lifecycle.go:201 Spec Goroutine goroutine 373 [sync.WaitGroup.Wait, 49 minutes] sync.runtime_SemacquireWaitGroup(0xc001c3f040?, 0x80?) /usr/lib/golang/src/runtime/sema.go:114 sync.(*WaitGroup).Wait(0xc001c54480) /usr/lib/golang/src/sync/waitgroup.go:206 > github.com/konflux-ci/e2e-tests/tests/disaster-recovery.waitForPipelineChains(0xc000d20100, {0xc00146f5c0, 0x2, 0xc0001736a0?}, 0x0, 0x0) /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/tenant_application_lifecycle.go:208 | } | } > wg.Wait() | | // Release PipelineRuns run in the managed namespace and may not map 1:1 > github.com/konflux-ci/e2e-tests/tests/disaster-recovery.defineBackwardsCompatSpecs.func1.2.2() /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:75 | | It("should wait for all build PipelineRuns to succeed", func() { > waitForPipelineChains(fw, bcTenants, nil, nil) | }) | github.com/onsi/ginkgo/v2/internal.extractBodyFunction.func3({0xc000683638?, 0xc000173782?}) /opt/app-root/src/go/pkg/mod/github.com/onsi/ginkgo/v2@v2.28.3/internal/node.go:585 github.com/onsi/ginkgo/v2/internal.(*Suite).runNode.func3() /opt/app-root/src/go/pkg/mod/github.com/onsi/ginkgo/v2@v2.28.3/internal/suite.go:946 github.com/onsi/ginkgo/v2/internal.(*Suite).runNode in goroutine 60 /opt/app-root/src/go/pkg/mod/github.com/onsi/ginkgo/v2@v2.28.3/internal/suite.go:911 Goroutines of Interest goroutine 374 [select] github.com/onsi/gomega/internal.(*AsyncAssertion).match(0xc0007672d0, {0x4999208, 0xc001cd0b70}, 0x1, {0xc001a7b600, 0x4, 0x4}) /opt/app-root/src/go/pkg/mod/github.com/onsi/gomega@v1.40.0/internal/async_assertion.go:558 github.com/onsi/gomega/internal.(*AsyncAssertion).Should(0xc0007672d0, {0x4999208, 0xc001cd0b70}, {0xc001a7b600, 0x4, 0x4}) /opt/app-root/src/go/pkg/mod/github.com/onsi/gomega@v1.40.0/internal/async_assertion.go:145 > github.com/konflux-ci/e2e-tests/tests/disaster-recovery.waitForSucceededPRCount(0xc000d20100, {0x40a0631, 0x27}, {0x400b9c7, 0x4}, {0x40447c8, 0x13}, 0x1, 0x4e94914f000, 0x6fc23ac00) /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/tenant_application_lifecycle.go:137 | namespace, succeededCount, expectedCount, displayType) | return succeededCount > }, timeout, poll).Should(Equal(expectedCount), | "expected %d successful %s PipelineRuns in namespace %s", | expectedCount, displayType, namespace) > github.com/konflux-ci/e2e-tests/tests/disaster-recovery.waitForPipelineChains.func1({{0x40a0631, 0x27}, {0x40cdd10, 0x2f}, {0x4077adb, 0x1f}, {0x409b699, 0x26}, {0xc001780318, 0x12}, ...}, ...) /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/tenant_application_lifecycle.go:203 | By(fmt.Sprintf("Waiting for test PipelineRun for %s in %s (base: %d)", | component.Name, tenant.Namespace, base.test)) > waitForSucceededPRCount(fw, tenant.Namespace, "test", component.Name, | base.test+1, PipelineTimeout, PipelinePoll) | }(t, comp) > github.com/konflux-ci/e2e-tests/tests/disaster-recovery.waitForPipelineChains in goroutine 373 /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/tenant_application_lifecycle.go:189 | for _, comp := range Components { | wg.Add(1) > go func(tenant Tenant, component ComponentDef) { | defer GinkgoRecover() | defer wg.Done() goroutine 375 [select] github.com/onsi/gomega/internal.(*AsyncAssertion).match(0xc000979110, {0x4999208, 0xc0009d82c0}, 0x1, {0xc001ebaec0, 0x4, 0x4}) /opt/app-root/src/go/pkg/mod/github.com/onsi/gomega@v1.40.0/internal/async_assertion.go:558 github.com/onsi/gomega/internal.(*AsyncAssertion).Should(0xc000979110, {0x4999208, 0xc0009d82c0}, {0xc001ebaec0, 0x4, 0x4}) /opt/app-root/src/go/pkg/mod/github.com/onsi/gomega@v1.40.0/internal/async_assertion.go:145 > github.com/konflux-ci/e2e-tests/tests/disaster-recovery.waitForSucceededPRCount(0xc000d20100, {0x40a0631, 0x27}, {0x400b9c7, 0x4}, {0x4054ec3, 0x17}, 0x1, 0x4e94914f000, 0x6fc23ac00) /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/tenant_application_lifecycle.go:137 | namespace, succeededCount, expectedCount, displayType) | return succeededCount > }, timeout, poll).Should(Equal(expectedCount), | "expected %d successful %s PipelineRuns in namespace %s", | expectedCount, displayType, namespace) > github.com/konflux-ci/e2e-tests/tests/disaster-recovery.waitForPipelineChains.func1({{0x40a0631, 0x27}, {0x40cdd10, 0x2f}, {0x4077adb, 0x1f}, {0x409b699, 0x26}, {0xc001780318, 0x12}, ...}, ...) /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/tenant_application_lifecycle.go:203 | By(fmt.Sprintf("Waiting for test PipelineRun for %s in %s (base: %d)", | component.Name, tenant.Namespace, base.test)) > waitForSucceededPRCount(fw, tenant.Namespace, "test", component.Name, | base.test+1, PipelineTimeout, PipelinePoll) | }(t, comp) > github.com/konflux-ci/e2e-tests/tests/disaster-recovery.waitForPipelineChains in goroutine 373 /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/tenant_application_lifecycle.go:189 | for _, comp := range Components { | wg.Add(1) > go func(tenant Tenant, component ComponentDef) { | defer GinkgoRecover() | defer wg.Done() goroutine 376 [select] github.com/onsi/gomega/internal.(*AsyncAssertion).match(0xc00077f0a0, {0x4999208, 0xc0015abd70}, 0x1, {0xc001aed3c0, 0x4, 0x4}) /opt/app-root/src/go/pkg/mod/github.com/onsi/gomega@v1.40.0/internal/async_assertion.go:558 github.com/onsi/gomega/internal.(*AsyncAssertion).Should(0xc00077f0a0, {0x4999208, 0xc0015abd70}, {0xc001aed3c0, 0x4, 0x4}) /opt/app-root/src/go/pkg/mod/github.com/onsi/gomega@v1.40.0/internal/async_assertion.go:145 > github.com/konflux-ci/e2e-tests/tests/disaster-recovery.waitForSucceededPRCount(0xc000d20100, {0x40a0631, 0x27}, {0x400b9c7, 0x4}, {0x403ba55, 0x11}, 0x1, 0x4e94914f000, 0x6fc23ac00) /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/tenant_application_lifecycle.go:137 | namespace, succeededCount, expectedCount, displayType) | return succeededCount > }, timeout, poll).Should(Equal(expectedCount), | "expected %d successful %s PipelineRuns in namespace %s", | expectedCount, displayType, namespace) > github.com/konflux-ci/e2e-tests/tests/disaster-recovery.waitForPipelineChains.func1({{0x40a0631, 0x27}, {0x40cdd10, 0x2f}, {0x4077adb, 0x1f}, {0x409b699, 0x26}, {0xc001780318, 0x12}, ...}, ...) /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/tenant_application_lifecycle.go:203 | By(fmt.Sprintf("Waiting for test PipelineRun for %s in %s (base: %d)", | component.Name, tenant.Namespace, base.test)) > waitForSucceededPRCount(fw, tenant.Namespace, "test", component.Name, | base.test+1, PipelineTimeout, PipelinePoll) | }(t, comp) > github.com/konflux-ci/e2e-tests/tests/disaster-recovery.waitForPipelineChains in goroutine 373 /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/tenant_application_lifecycle.go:189 | for _, comp := range Components { | wg.Add(1) > go func(tenant Tenant, component ComponentDef) { | defer GinkgoRecover() | defer wg.Done() goroutine 377 [select] github.com/onsi/gomega/internal.(*AsyncAssertion).match(0xc000775110, {0x4999208, 0xc000a83630}, 0x1, {0xc00160d380, 0x4, 0x4}) /opt/app-root/src/go/pkg/mod/github.com/onsi/gomega@v1.40.0/internal/async_assertion.go:558 github.com/onsi/gomega/internal.(*AsyncAssertion).Should(0xc000775110, {0x4999208, 0xc000a83630}, {0xc00160d380, 0x4, 0x4}) /opt/app-root/src/go/pkg/mod/github.com/onsi/gomega@v1.40.0/internal/async_assertion.go:145 > github.com/konflux-ci/e2e-tests/tests/disaster-recovery.waitForSucceededPRCount(0xc000d20100, {0x409b6bf, 0x26}, {0x400b9c7, 0x4}, {0x40447c8, 0x13}, 0x1, 0x4e94914f000, 0x6fc23ac00) /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/tenant_application_lifecycle.go:137 | namespace, succeededCount, expectedCount, displayType) | return succeededCount > }, timeout, poll).Should(Equal(expectedCount), | "expected %d successful %s PipelineRuns in namespace %s", | expectedCount, displayType, namespace) > github.com/konflux-ci/e2e-tests/tests/disaster-recovery.waitForPipelineChains.func1({{0x409b6bf, 0x26}, {0x40c7ad6, 0x2e}, {0x4073a8f, 0x1e}, {0x40965a4, 0x25}, {0xc0018f0b58, 0x12}, ...}, ...) /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/tenant_application_lifecycle.go:203 | By(fmt.Sprintf("Waiting for test PipelineRun for %s in %s (base: %d)", | component.Name, tenant.Namespace, base.test)) > waitForSucceededPRCount(fw, tenant.Namespace, "test", component.Name, | base.test+1, PipelineTimeout, PipelinePoll) | }(t, comp) > github.com/konflux-ci/e2e-tests/tests/disaster-recovery.waitForPipelineChains in goroutine 373 /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/tenant_application_lifecycle.go:189 | for _, comp := range Components { | wg.Add(1) > go func(tenant Tenant, component ComponentDef) { | defer GinkgoRecover() | defer wg.Done() goroutine 378 [select] github.com/onsi/gomega/internal.(*AsyncAssertion).match(0xc0006f03f0, {0x4999208, 0xc001b5a920}, 0x1, {0xc00134b380, 0x4, 0x4}) /opt/app-root/src/go/pkg/mod/github.com/onsi/gomega@v1.40.0/internal/async_assertion.go:558 github.com/onsi/gomega/internal.(*AsyncAssertion).Should(0xc0006f03f0, {0x4999208, 0xc001b5a920}, {0xc00134b380, 0x4, 0x4}) /opt/app-root/src/go/pkg/mod/github.com/onsi/gomega@v1.40.0/internal/async_assertion.go:145 > github.com/konflux-ci/e2e-tests/tests/disaster-recovery.waitForSucceededPRCount(0xc000d20100, {0x409b6bf, 0x26}, {0x400b9c7, 0x4}, {0x4054ec3, 0x17}, 0x1, 0x4e94914f000, 0x6fc23ac00) /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/tenant_application_lifecycle.go:137 | namespace, succeededCount, expectedCount, displayType) | return succeededCount > }, timeout, poll).Should(Equal(expectedCount), | "expected %d successful %s PipelineRuns in namespace %s", | expectedCount, displayType, namespace) > github.com/konflux-ci/e2e-tests/tests/disaster-recovery.waitForPipelineChains.func1({{0x409b6bf, 0x26}, {0x40c7ad6, 0x2e}, {0x4073a8f, 0x1e}, {0x40965a4, 0x25}, {0xc0018f0b58, 0x12}, ...}, ...) /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/tenant_application_lifecycle.go:203 | By(fmt.Sprintf("Waiting for test PipelineRun for %s in %s (base: %d)", | component.Name, tenant.Namespace, base.test)) > waitForSucceededPRCount(fw, tenant.Namespace, "test", component.Name, | base.test+1, PipelineTimeout, PipelinePoll) | }(t, comp) > github.com/konflux-ci/e2e-tests/tests/disaster-recovery.waitForPipelineChains in goroutine 373 /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/tenant_application_lifecycle.go:189 | for _, comp := range Components { | wg.Add(1) > go func(tenant Tenant, component ComponentDef) { | defer GinkgoRecover() | defer wg.Done() goroutine 379 [select] github.com/onsi/gomega/internal.(*AsyncAssertion).match(0xc00095da40, {0x4999208, 0xc001703000}, 0x1, {0xc0013c3800, 0x4, 0x4}) /opt/app-root/src/go/pkg/mod/github.com/onsi/gomega@v1.40.0/internal/async_assertion.go:558 github.com/onsi/gomega/internal.(*AsyncAssertion).Should(0xc00095da40, {0x4999208, 0xc001703000}, {0xc0013c3800, 0x4, 0x4}) /opt/app-root/src/go/pkg/mod/github.com/onsi/gomega@v1.40.0/internal/async_assertion.go:145 > github.com/konflux-ci/e2e-tests/tests/disaster-recovery.waitForSucceededPRCount(0xc000d20100, {0x409b6bf, 0x26}, {0x400b9c7, 0x4}, {0x403ba55, 0x11}, 0x1, 0x4e94914f000, 0x6fc23ac00) /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/tenant_application_lifecycle.go:137 | namespace, succeededCount, expectedCount, displayType) | return succeededCount > }, timeout, poll).Should(Equal(expectedCount), | "expected %d successful %s PipelineRuns in namespace %s", | expectedCount, displayType, namespace) > github.com/konflux-ci/e2e-tests/tests/disaster-recovery.waitForPipelineChains.func1({{0x409b6bf, 0x26}, {0x40c7ad6, 0x2e}, {0x4073a8f, 0x1e}, {0x40965a4, 0x25}, {0xc0018f0b58, 0x12}, ...}, ...) /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/tenant_application_lifecycle.go:203 | By(fmt.Sprintf("Waiting for test PipelineRun for %s in %s (base: %d)", | component.Name, tenant.Namespace, base.test)) > waitForSucceededPRCount(fw, tenant.Namespace, "test", component.Name, | base.test+1, PipelineTimeout, PipelinePoll) | }(t, comp) > github.com/konflux-ci/e2e-tests/tests/disaster-recovery.waitForPipelineChains in goroutine 373 /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/tenant_application_lifecycle.go:189 | for _, comp := range Components { | wg.Add(1) > go func(tenant Tenant, component ComponentDef) { | defer GinkgoRecover() | defer wg.Done() > Enter [It] should wait for all build PipelineRuns to succeed - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:74 @ 05/06/26 07:42:26.92 STEP: Waiting for per-component build → test chains across all tenants - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:75 @ 05/06/26 07:42:26.92 STEP: Waiting for build PipelineRun for mathwizz-frontend in dr-test-moshekipod-backwards-compat-dr (base: 0) - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/tenant_application_lifecycle.go:196 @ 05/06/26 07:42:26.92 STEP: Waiting for build PipelineRun for mathwizz-frontend in dr-test-kokohazamar-backwards-compat-dr (base: 0) - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/tenant_application_lifecycle.go:196 @ 05/06/26 07:42:26.92 STEP: Waiting for build PipelineRun for mathwizz-web-server in dr-test-kokohazamar-backwards-compat-dr (base: 0) - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/tenant_application_lifecycle.go:196 @ 05/06/26 07:42:26.92 STEP: Waiting for build PipelineRun for mathwizz-history-worker in dr-test-kokohazamar-backwards-compat-dr (base: 0) - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/tenant_application_lifecycle.go:196 @ 05/06/26 07:42:26.92 STEP: Waiting for build PipelineRun for mathwizz-web-server in dr-test-moshekipod-backwards-compat-dr (base: 0) - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/tenant_application_lifecycle.go:196 @ 05/06/26 07:42:26.92 STEP: Waiting for build PipelineRun for mathwizz-history-worker in dr-test-moshekipod-backwards-compat-dr (base: 0) - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/tenant_application_lifecycle.go:196 @ 05/06/26 07:42:26.92 namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 1/1 build PipelineRuns succeeded STEP: Waiting for test PipelineRun for mathwizz-web-server in dr-test-kokohazamar-backwards-compat-dr (base: 0) - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/tenant_application_lifecycle.go:201 @ 05/06/26 07:46:57.109 namespace dr-test-moshekipod-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 1/1 build PipelineRuns succeeded STEP: Waiting for test PipelineRun for mathwizz-frontend in dr-test-moshekipod-backwards-compat-dr (base: 0) - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/tenant_application_lifecycle.go:201 @ 05/06/26 07:47:27.124 namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 1/1 build PipelineRuns succeeded STEP: Waiting for test PipelineRun for mathwizz-history-worker in dr-test-kokohazamar-backwards-compat-dr (base: 0) - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/tenant_application_lifecycle.go:201 @ 05/06/26 07:47:27.225 namespace dr-test-moshekipod-backwards-compat-dr: 1/1 build PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 1/1 build PipelineRuns succeeded STEP: Waiting for test PipelineRun for mathwizz-web-server in dr-test-moshekipod-backwards-compat-dr (base: 0) - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/tenant_application_lifecycle.go:201 @ 05/06/26 07:47:27.225 STEP: Waiting for test PipelineRun for mathwizz-history-worker in dr-test-moshekipod-backwards-compat-dr (base: 0) - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/tenant_application_lifecycle.go:201 @ 05/06/26 07:47:27.225 namespace dr-test-kokohazamar-backwards-compat-dr: 1/1 build PipelineRuns succeeded STEP: Waiting for test PipelineRun for mathwizz-frontend in dr-test-kokohazamar-backwards-compat-dr (base: 0) - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/tenant_application_lifecycle.go:201 @ 05/06/26 07:47:27.226 namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded [TIMEDOUT] A suite timeout occurred In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:74 @ 05/06/26 08:29:39.171 This is the Progress Report generated when the suite timeout occurred: [disaster-recovery DR Suite] DR Backwards-Compat when creating tenants on the old Konflux version should wait for all build PipelineRuns to succeed (Spec Runtime: 47m12.251s) /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:74 In [It] (Node Runtime: 47m12.251s) /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:74 At [By Step] Waiting for test PipelineRun for mathwizz-frontend in dr-test-kokohazamar-backwards-compat-dr (base: 0) (Step Runtime: 42m11.945s) /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/tenant_application_lifecycle.go:201 Spec Goroutine goroutine 373 [sync.WaitGroup.Wait, 49 minutes] sync.runtime_SemacquireWaitGroup(0xc001c3f040?, 0x80?) /usr/lib/golang/src/runtime/sema.go:114 sync.(*WaitGroup).Wait(0xc001c54480) /usr/lib/golang/src/sync/waitgroup.go:206 > github.com/konflux-ci/e2e-tests/tests/disaster-recovery.waitForPipelineChains(0xc000d20100, {0xc00146f5c0, 0x2, 0xc0001736a0?}, 0x0, 0x0) /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/tenant_application_lifecycle.go:208 | } | } > wg.Wait() | | // Release PipelineRuns run in the managed namespace and may not map 1:1 > github.com/konflux-ci/e2e-tests/tests/disaster-recovery.defineBackwardsCompatSpecs.func1.2.2() /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:75 | | It("should wait for all build PipelineRuns to succeed", func() { > waitForPipelineChains(fw, bcTenants, nil, nil) | }) | github.com/onsi/ginkgo/v2/internal.extractBodyFunction.func3({0xc000683638?, 0xc000173782?}) /opt/app-root/src/go/pkg/mod/github.com/onsi/ginkgo/v2@v2.28.3/internal/node.go:585 github.com/onsi/ginkgo/v2/internal.(*Suite).runNode.func3() /opt/app-root/src/go/pkg/mod/github.com/onsi/ginkgo/v2@v2.28.3/internal/suite.go:946 github.com/onsi/ginkgo/v2/internal.(*Suite).runNode in goroutine 60 /opt/app-root/src/go/pkg/mod/github.com/onsi/ginkgo/v2@v2.28.3/internal/suite.go:911 Goroutines of Interest goroutine 374 [select] github.com/onsi/gomega/internal.(*AsyncAssertion).match(0xc0007672d0, {0x4999208, 0xc001cd0b70}, 0x1, {0xc001a7b600, 0x4, 0x4}) /opt/app-root/src/go/pkg/mod/github.com/onsi/gomega@v1.40.0/internal/async_assertion.go:558 github.com/onsi/gomega/internal.(*AsyncAssertion).Should(0xc0007672d0, {0x4999208, 0xc001cd0b70}, {0xc001a7b600, 0x4, 0x4}) /opt/app-root/src/go/pkg/mod/github.com/onsi/gomega@v1.40.0/internal/async_assertion.go:145 > github.com/konflux-ci/e2e-tests/tests/disaster-recovery.waitForSucceededPRCount(0xc000d20100, {0x40a0631, 0x27}, {0x400b9c7, 0x4}, {0x40447c8, 0x13}, 0x1, 0x4e94914f000, 0x6fc23ac00) /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/tenant_application_lifecycle.go:137 | namespace, succeededCount, expectedCount, displayType) | return succeededCount > }, timeout, poll).Should(Equal(expectedCount), | "expected %d successful %s PipelineRuns in namespace %s", | expectedCount, displayType, namespace) > github.com/konflux-ci/e2e-tests/tests/disaster-recovery.waitForPipelineChains.func1({{0x40a0631, 0x27}, {0x40cdd10, 0x2f}, {0x4077adb, 0x1f}, {0x409b699, 0x26}, {0xc001780318, 0x12}, ...}, ...) /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/tenant_application_lifecycle.go:203 | By(fmt.Sprintf("Waiting for test PipelineRun for %s in %s (base: %d)", | component.Name, tenant.Namespace, base.test)) > waitForSucceededPRCount(fw, tenant.Namespace, "test", component.Name, | base.test+1, PipelineTimeout, PipelinePoll) | }(t, comp) > github.com/konflux-ci/e2e-tests/tests/disaster-recovery.waitForPipelineChains in goroutine 373 /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/tenant_application_lifecycle.go:189 | for _, comp := range Components { | wg.Add(1) > go func(tenant Tenant, component ComponentDef) { | defer GinkgoRecover() | defer wg.Done() goroutine 375 [select] github.com/onsi/gomega/internal.(*AsyncAssertion).match(0xc000979110, {0x4999208, 0xc0009d82c0}, 0x1, {0xc001ebaec0, 0x4, 0x4}) /opt/app-root/src/go/pkg/mod/github.com/onsi/gomega@v1.40.0/internal/async_assertion.go:558 github.com/onsi/gomega/internal.(*AsyncAssertion).Should(0xc000979110, {0x4999208, 0xc0009d82c0}, {0xc001ebaec0, 0x4, 0x4}) /opt/app-root/src/go/pkg/mod/github.com/onsi/gomega@v1.40.0/internal/async_assertion.go:145 > github.com/konflux-ci/e2e-tests/tests/disaster-recovery.waitForSucceededPRCount(0xc000d20100, {0x40a0631, 0x27}, {0x400b9c7, 0x4}, {0x4054ec3, 0x17}, 0x1, 0x4e94914f000, 0x6fc23ac00) /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/tenant_application_lifecycle.go:137 | namespace, succeededCount, expectedCount, displayType) | return succeededCount > }, timeout, poll).Should(Equal(expectedCount), | "expected %d successful %s PipelineRuns in namespace %s", | expectedCount, displayType, namespace) > github.com/konflux-ci/e2e-tests/tests/disaster-recovery.waitForPipelineChains.func1({{0x40a0631, 0x27}, {0x40cdd10, 0x2f}, {0x4077adb, 0x1f}, {0x409b699, 0x26}, {0xc001780318, 0x12}, ...}, ...) /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/tenant_application_lifecycle.go:203 | By(fmt.Sprintf("Waiting for test PipelineRun for %s in %s (base: %d)", | component.Name, tenant.Namespace, base.test)) > waitForSucceededPRCount(fw, tenant.Namespace, "test", component.Name, | base.test+1, PipelineTimeout, PipelinePoll) | }(t, comp) > github.com/konflux-ci/e2e-tests/tests/disaster-recovery.waitForPipelineChains in goroutine 373 /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/tenant_application_lifecycle.go:189 | for _, comp := range Components { | wg.Add(1) > go func(tenant Tenant, component ComponentDef) { | defer GinkgoRecover() | defer wg.Done() goroutine 376 [select] github.com/onsi/gomega/internal.(*AsyncAssertion).match(0xc00077f0a0, {0x4999208, 0xc0015abd70}, 0x1, {0xc001aed3c0, 0x4, 0x4}) /opt/app-root/src/go/pkg/mod/github.com/onsi/gomega@v1.40.0/internal/async_assertion.go:558 github.com/onsi/gomega/internal.(*AsyncAssertion).Should(0xc00077f0a0, {0x4999208, 0xc0015abd70}, {0xc001aed3c0, 0x4, 0x4}) /opt/app-root/src/go/pkg/mod/github.com/onsi/gomega@v1.40.0/internal/async_assertion.go:145 > github.com/konflux-ci/e2e-tests/tests/disaster-recovery.waitForSucceededPRCount(0xc000d20100, {0x40a0631, 0x27}, {0x400b9c7, 0x4}, {0x403ba55, 0x11}, 0x1, 0x4e94914f000, 0x6fc23ac00) /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/tenant_application_lifecycle.go:137 | namespace, succeededCount, expectedCount, displayType) | return succeededCount > }, timeout, poll).Should(Equal(expectedCount), | "expected %d successful %s PipelineRuns in namespace %s", | expectedCount, displayType, namespace) > github.com/konflux-ci/e2e-tests/tests/disaster-recovery.waitForPipelineChains.func1({{0x40a0631, 0x27}, {0x40cdd10, 0x2f}, {0x4077adb, 0x1f}, {0x409b699, 0x26}, {0xc001780318, 0x12}, ...}, ...) /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/tenant_application_lifecycle.go:203 | By(fmt.Sprintf("Waiting for test PipelineRun for %s in %s (base: %d)", | component.Name, tenant.Namespace, base.test)) > waitForSucceededPRCount(fw, tenant.Namespace, "test", component.Name, | base.test+1, PipelineTimeout, PipelinePoll) | }(t, comp) > github.com/konflux-ci/e2e-tests/tests/disaster-recovery.waitForPipelineChains in goroutine 373 /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/tenant_application_lifecycle.go:189 | for _, comp := range Components { | wg.Add(1) > go func(tenant Tenant, component ComponentDef) { | defer GinkgoRecover() | defer wg.Done() goroutine 377 [select] github.com/onsi/gomega/internal.(*AsyncAssertion).match(0xc000775110, {0x4999208, 0xc000a83630}, 0x1, {0xc00160d380, 0x4, 0x4}) /opt/app-root/src/go/pkg/mod/github.com/onsi/gomega@v1.40.0/internal/async_assertion.go:558 github.com/onsi/gomega/internal.(*AsyncAssertion).Should(0xc000775110, {0x4999208, 0xc000a83630}, {0xc00160d380, 0x4, 0x4}) /opt/app-root/src/go/pkg/mod/github.com/onsi/gomega@v1.40.0/internal/async_assertion.go:145 > github.com/konflux-ci/e2e-tests/tests/disaster-recovery.waitForSucceededPRCount(0xc000d20100, {0x409b6bf, 0x26}, {0x400b9c7, 0x4}, {0x40447c8, 0x13}, 0x1, 0x4e94914f000, 0x6fc23ac00) /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/tenant_application_lifecycle.go:137 | namespace, succeededCount, expectedCount, displayType) | return succeededCount > }, timeout, poll).Should(Equal(expectedCount), | "expected %d successful %s PipelineRuns in namespace %s", | expectedCount, displayType, namespace) > github.com/konflux-ci/e2e-tests/tests/disaster-recovery.waitForPipelineChains.func1({{0x409b6bf, 0x26}, {0x40c7ad6, 0x2e}, {0x4073a8f, 0x1e}, {0x40965a4, 0x25}, {0xc0018f0b58, 0x12}, ...}, ...) /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/tenant_application_lifecycle.go:203 | By(fmt.Sprintf("Waiting for test PipelineRun for %s in %s (base: %d)", | component.Name, tenant.Namespace, base.test)) > waitForSucceededPRCount(fw, tenant.Namespace, "test", component.Name, | base.test+1, PipelineTimeout, PipelinePoll) | }(t, comp) > github.com/konflux-ci/e2e-tests/tests/disaster-recovery.waitForPipelineChains in goroutine 373 /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/tenant_application_lifecycle.go:189 | for _, comp := range Components { | wg.Add(1) > go func(tenant Tenant, component ComponentDef) { | defer GinkgoRecover() | defer wg.Done() goroutine 378 [select] github.com/onsi/gomega/internal.(*AsyncAssertion).match(0xc0006f03f0, {0x4999208, 0xc001b5a920}, 0x1, {0xc00134b380, 0x4, 0x4}) /opt/app-root/src/go/pkg/mod/github.com/onsi/gomega@v1.40.0/internal/async_assertion.go:558 github.com/onsi/gomega/internal.(*AsyncAssertion).Should(0xc0006f03f0, {0x4999208, 0xc001b5a920}, {0xc00134b380, 0x4, 0x4}) /opt/app-root/src/go/pkg/mod/github.com/onsi/gomega@v1.40.0/internal/async_assertion.go:145 > github.com/konflux-ci/e2e-tests/tests/disaster-recovery.waitForSucceededPRCount(0xc000d20100, {0x409b6bf, 0x26}, {0x400b9c7, 0x4}, {0x4054ec3, 0x17}, 0x1, 0x4e94914f000, 0x6fc23ac00) /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/tenant_application_lifecycle.go:137 | namespace, succeededCount, expectedCount, displayType) | return succeededCount > }, timeout, poll).Should(Equal(expectedCount), | "expected %d successful %s PipelineRuns in namespace %s", | expectedCount, displayType, namespace) > github.com/konflux-ci/e2e-tests/tests/disaster-recovery.waitForPipelineChains.func1({{0x409b6bf, 0x26}, {0x40c7ad6, 0x2e}, {0x4073a8f, 0x1e}, {0x40965a4, 0x25}, {0xc0018f0b58, 0x12}, ...}, ...) /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/tenant_application_lifecycle.go:203 | By(fmt.Sprintf("Waiting for test PipelineRun for %s in %s (base: %d)", | component.Name, tenant.Namespace, base.test)) > waitForSucceededPRCount(fw, tenant.Namespace, "test", component.Name, | base.test+1, PipelineTimeout, PipelinePoll) | }(t, comp) > github.com/konflux-ci/e2e-tests/tests/disaster-recovery.waitForPipelineChains in goroutine 373 /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/tenant_application_lifecycle.go:189 | for _, comp := range Components { | wg.Add(1) > go func(tenant Tenant, component ComponentDef) { | defer GinkgoRecover() | defer wg.Done() goroutine 379 [select] github.com/onsi/gomega/internal.(*AsyncAssertion).match(0xc00095da40, {0x4999208, 0xc001703000}, 0x1, {0xc0013c3800, 0x4, 0x4}) /opt/app-root/src/go/pkg/mod/github.com/onsi/gomega@v1.40.0/internal/async_assertion.go:558 github.com/onsi/gomega/internal.(*AsyncAssertion).Should(0xc00095da40, {0x4999208, 0xc001703000}, {0xc0013c3800, 0x4, 0x4}) /opt/app-root/src/go/pkg/mod/github.com/onsi/gomega@v1.40.0/internal/async_assertion.go:145 > github.com/konflux-ci/e2e-tests/tests/disaster-recovery.waitForSucceededPRCount(0xc000d20100, {0x409b6bf, 0x26}, {0x400b9c7, 0x4}, {0x403ba55, 0x11}, 0x1, 0x4e94914f000, 0x6fc23ac00) /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/tenant_application_lifecycle.go:137 | namespace, succeededCount, expectedCount, displayType) | return succeededCount > }, timeout, poll).Should(Equal(expectedCount), | "expected %d successful %s PipelineRuns in namespace %s", | expectedCount, displayType, namespace) > github.com/konflux-ci/e2e-tests/tests/disaster-recovery.waitForPipelineChains.func1({{0x409b6bf, 0x26}, {0x40c7ad6, 0x2e}, {0x4073a8f, 0x1e}, {0x40965a4, 0x25}, {0xc0018f0b58, 0x12}, ...}, ...) /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/tenant_application_lifecycle.go:203 | By(fmt.Sprintf("Waiting for test PipelineRun for %s in %s (base: %d)", | component.Name, tenant.Namespace, base.test)) > waitForSucceededPRCount(fw, tenant.Namespace, "test", component.Name, | base.test+1, PipelineTimeout, PipelinePoll) | }(t, comp) > github.com/konflux-ci/e2e-tests/tests/disaster-recovery.waitForPipelineChains in goroutine 373 /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/tenant_application_lifecycle.go:189 | for _, comp := range Components { | wg.Add(1) > go func(tenant Tenant, component ComponentDef) { | defer GinkgoRecover() | defer wg.Done() < Exit [It] should wait for all build PipelineRuns to succeed - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:74 @ 05/06/26 08:29:39.171 (47m12.251s) > Enter [AfterEach] DR Backwards-Compat - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:44 @ 05/06/26 08:29:39.172 < Exit [AfterEach] DR Backwards-Compat - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:44 @ 05/06/26 08:29:39.35 (178ms) > Enter [AfterAll] DR Backwards-Compat - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:153 @ 05/06/26 08:29:39.35 Deleting fork repo DR-MathWizz-qsllmm for tenant dr-test-kokohazamar-backwards-compat-dr Deleting fork repo DR-MathWizz-seoipt for tenant dr-test-moshekipod-backwards-compat-dr STEP: Collecting Velero pod information - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:156 @ 05/06/26 08:29:40.467 Velero pod: node-agent-695tw | Phase: Running | Ready: true Velero pod: node-agent-lkclk | Phase: Running | Ready: true Velero pod: node-agent-vk6cl | Phase: Running | Ready: true Velero pod: velero-5498cfc4db-bspxt | Phase: Running | Ready: true STEP: Collecting Backup CR status for tenant "dr-test-kokohazamar-backwards-compat-dr" - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:156 @ 05/06/26 08:29:40.479 WARNING: could not get Backup CR "backup-kokohazamar-backwards-compat-dr": backups.velero.io "backup-kokohazamar-backwards-compat-dr" not found STEP: Collecting Restore CR status for tenant "dr-test-kokohazamar-backwards-compat-dr" - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:156 @ 05/06/26 08:29:40.484 WARNING: could not get Restore CR "restore-backup-kokohazamar-backwards-compat-dr": restores.velero.io "restore-backup-kokohazamar-backwards-compat-dr" not found STEP: Collecting Backup CR status for tenant "dr-test-moshekipod-backwards-compat-dr" - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:156 @ 05/06/26 08:29:40.49 WARNING: could not get Backup CR "backup-moshekipod-backwards-compat-dr": backups.velero.io "backup-moshekipod-backwards-compat-dr" not found STEP: Collecting Restore CR status for tenant "dr-test-moshekipod-backwards-compat-dr" - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:156 @ 05/06/26 08:29:40.494 WARNING: could not get Restore CR "restore-backup-moshekipod-backwards-compat-dr": restores.velero.io "restore-backup-moshekipod-backwards-compat-dr" not found < Exit [AfterAll] DR Backwards-Compat - /tmp/tmp.x1MqQ7KQDy/tests/disaster-recovery/dr_backwards_compat.go:153 @ 05/06/26 08:29:40.499 (1.149s) [PANICKED] Test Panicked In [It] at: /opt/app-root/src/go/pkg/mod/k8s.io/apimachinery@v0.34.2/pkg/util/runtime/runtime.go:114 @ 05/06/26 07:02:36.745 runtime error: invalid memory address or nil pointer dereference Full Stack Trace k8s.io/apimachinery/pkg/util/runtime.handleCrash({0x49b45d8, 0xc000991c00}, {0x3878780, 0x6ebb880}, {0x0, 0x0, 0x4470a0?}) /opt/app-root/src/go/pkg/mod/k8s.io/apimachinery@v0.34.2/pkg/util/runtime/runtime.go:114 +0x1a9 k8s.io/apimachinery/pkg/util/runtime.HandleCrashWithContext({0x49b45d8, 0xc000991c00}, {0x0, 0x0, 0x0}) /opt/app-root/src/go/pkg/mod/k8s.io/apimachinery@v0.34.2/pkg/util/runtime/runtime.go:78 +0x5a panic({0x3878780?, 0x6ebb880?}) /usr/lib/golang/src/runtime/panic.go:783 +0x132 github.com/konflux-ci/e2e-tests/pkg/sandbox.(*SandboxController).CheckUserCreatedWithSignUp.func1() /tmp/tmp.x1MqQ7KQDy/pkg/sandbox/sandbox.go:319 +0x35 github.com/konflux-ci/e2e-tests/pkg/utils.WaitUntilWithInterval.func1({0xc000991c01?, 0xc001f20c18?}) /tmp/tmp.x1MqQ7KQDy/pkg/utils/util.go:129 +0x13 k8s.io/apimachinery/pkg/util/wait.loopConditionUntilContext.func1({0x49b45d8?, 0xc000991c00?}, 0x49b45d8?) /opt/app-root/src/go/pkg/mod/k8s.io/apimachinery@v0.34.2/pkg/util/wait/loop.go:53 +0x62 k8s.io/apimachinery/pkg/util/wait.loopConditionUntilContext({0x49b45d8, 0xc000991c00}, {0x499e608, 0xc0008dc800}, 0x1, 0x0, 0xc002791d90) /opt/app-root/src/go/pkg/mod/k8s.io/apimachinery@v0.34.2/pkg/util/wait/loop.go:54 +0x115 k8s.io/apimachinery/pkg/util/wait.PollUntilContextTimeout({0x49b4488?, 0x6f7df80?}, 0xee6b2800, 0x41d765?, 0x1, 0xc001f20d90) /opt/app-root/src/go/pkg/mod/k8s.io/apimachinery@v0.34.2/pkg/util/wait/poll.go:48 +0xa5 github.com/konflux-ci/e2e-tests/pkg/utils.WaitUntilWithInterval(0xa?, 0xc001f20dd8?, 0x1?) /tmp/tmp.x1MqQ7KQDy/pkg/utils/util.go:129 +0x45 github.com/konflux-ci/e2e-tests/pkg/sandbox.(*SandboxController).CheckUserCreatedWithSignUp(0x401f5f7?, {0x401f5f7?, 0x401bbc5?}, 0x8?) /tmp/tmp.x1MqQ7KQDy/pkg/sandbox/sandbox.go:318 +0x72 github.com/konflux-ci/e2e-tests/pkg/sandbox.(*SandboxController).CheckUserCreated(0x0, {0x401f5f7, 0x9}) /tmp/tmp.x1MqQ7KQDy/pkg/sandbox/sandbox.go:314 +0x4b github.com/konflux-ci/e2e-tests/tests/upgrade/verify.VerifyAppStudioProvisionedUser(0x0?) /tmp/tmp.x1MqQ7KQDy/tests/upgrade/verify/verifyUsers.go:14 +0x25 github.com/konflux-ci/e2e-tests/tests/upgrade.init.func1.2() /tmp/tmp.x1MqQ7KQDy/tests/upgrade/verifyWorkload.go:21 +0x1a > Enter [BeforeAll] [upgrade-suite Create users and check their state] - /tmp/tmp.x1MqQ7KQDy/tests/upgrade/verifyWorkload.go:16 @ 05/06/26 07:02:05.762 < Exit [BeforeAll] [upgrade-suite Create users and check their state] - /tmp/tmp.x1MqQ7KQDy/tests/upgrade/verifyWorkload.go:16 @ 05/06/26 07:02:36.745 (30.983s) > Enter [It] Verify AppStudioProvisionedUser - /tmp/tmp.x1MqQ7KQDy/tests/upgrade/verifyWorkload.go:20 @ 05/06/26 07:02:36.745 "msg"="Observed a panic" "error"=null "panic"="runtime error: invalid memory address or nil pointer dereference" "panicGoValue"="\"invalid memory address or nil pointer dereference\"" "stacktrace"="goroutine 170 [running]:\nk8s.io/apimachinery/pkg/util/runtime.logPanic({0x49b4530, 0xc0011ca2a0}, {0x3878780, 0x6ebb880})\n\t/opt/app-root/src/go/pkg/mod/k8s.io/apimachinery@v0.34.2/pkg/util/runtime/runtime.go:132 +0xbc\nk8s.io/apimachinery/pkg/util/runtime.handleCrash({0x49b45d8, 0xc000991c00}, {0x3878780, 0x6ebb880}, {0x0, 0x0, 0x4470a0?})\n\t/opt/app-root/src/go/pkg/mod/k8s.io/apimachinery@v0.34.2/pkg/util/runtime/runtime.go:107 +0x116\nk8s.io/apimachinery/pkg/util/runtime.HandleCrashWithContext({0x49b45d8, 0xc000991c00}, {0x0, 0x0, 0x0})\n\t/opt/app-root/src/go/pkg/mod/k8s.io/apimachinery@v0.34.2/pkg/util/runtime/runtime.go:78 +0x5a\npanic({0x3878780?, 0x6ebb880?})\n\t/usr/lib/golang/src/runtime/panic.go:783 +0x132\ngithub.com/konflux-ci/e2e-tests/pkg/sandbox.(*SandboxController).CheckUserCreatedWithSignUp.func1()\n\t/tmp/tmp.x1MqQ7KQDy/pkg/sandbox/sandbox.go:319 +0x35\ngithub.com/konflux-ci/e2e-tests/pkg/utils.WaitUntilWithInterval.func1({0xc000991c01?, 0xc001f20c18?})\n\t/tmp/tmp.x1MqQ7KQDy/pkg/utils/util.go:129 +0x13\nk8s.io/apimachinery/pkg/util/wait.loopConditionUntilContext.func1({0x49b45d8?, 0xc000991c00?}, 0x49b45d8?)\n\t/opt/app-root/src/go/pkg/mod/k8s.io/apimachinery@v0.34.2/pkg/util/wait/loop.go:53 +0x62\nk8s.io/apimachinery/pkg/util/wait.loopConditionUntilContext({0x49b45d8, 0xc000991c00}, {0x499e608, 0xc0008dc800}, 0x1, 0x0, 0xc001f20d90)\n\t/opt/app-root/src/go/pkg/mod/k8s.io/apimachinery@v0.34.2/pkg/util/wait/loop.go:54 +0x115\nk8s.io/apimachinery/pkg/util/wait.PollUntilContextTimeout({0x49b4488?, 0x6f7df80?}, 0xee6b2800, 0x41d765?, 0x1, 0xc001f20d90)\n\t/opt/app-root/src/go/pkg/mod/k8s.io/apimachinery@v0.34.2/pkg/util/wait/poll.go:48 +0xa5\ngithub.com/konflux-ci/e2e-tests/pkg/utils.WaitUntilWithInterval(0xa?, 0xc001f20dd8?, 0x1?)\n\t/tmp/tmp.x1MqQ7KQDy/pkg/utils/util.go:129 +0x45\ngithub.com/konflux-ci/e2e-tests/pkg/sandbox.(*SandboxController).CheckUserCreatedWithSignUp(0x401f5f7?, {0x401f5f7?, 0x401bbc5?}, 0x8?)\n\t/tmp/tmp.x1MqQ7KQDy/pkg/sandbox/sandbox.go:318 +0x72\ngithub.com/konflux-ci/e2e-tests/pkg/sandbox.(*SandboxController).CheckUserCreated(0x0, {0x401f5f7, 0x9})\n\t/tmp/tmp.x1MqQ7KQDy/pkg/sandbox/sandbox.go:314 +0x4b\ngithub.com/konflux-ci/e2e-tests/tests/upgrade/verify.VerifyAppStudioProvisionedUser(0x0?)\n\t/tmp/tmp.x1MqQ7KQDy/tests/upgrade/verify/verifyUsers.go:14 +0x25\ngithub.com/konflux-ci/e2e-tests/tests/upgrade.init.func1.2()\n\t/tmp/tmp.x1MqQ7KQDy/tests/upgrade/verifyWorkload.go:21 +0x1a\ngithub.com/onsi/ginkgo/v2/internal.extractBodyFunction.func3({0x0?, 0x0?})\n\t/opt/app-root/src/go/pkg/mod/github.com/onsi/ginkgo/v2@v2.28.3/internal/node.go:585 +0x13\ngithub.com/onsi/ginkgo/v2/internal.(*Suite).runNode.func3()\n\t/opt/app-root/src/go/pkg/mod/github.com/onsi/ginkgo/v2@v2.28.3/internal/suite.go:946 +0x393\ncreated by github.com/onsi/ginkgo/v2/internal.(*Suite).runNode in goroutine 85\n\t/opt/app-root/src/go/pkg/mod/github.com/onsi/ginkgo/v2@v2.28.3/internal/suite.go:911 +0xd90\n" [PANICKED] Test Panicked In [It] at: /opt/app-root/src/go/pkg/mod/k8s.io/apimachinery@v0.34.2/pkg/util/runtime/runtime.go:114 @ 05/06/26 07:02:36.745 runtime error: invalid memory address or nil pointer dereference Full Stack Trace k8s.io/apimachinery/pkg/util/runtime.handleCrash({0x49b45d8, 0xc000991c00}, {0x3878780, 0x6ebb880}, {0x0, 0x0, 0x4470a0?}) /opt/app-root/src/go/pkg/mod/k8s.io/apimachinery@v0.34.2/pkg/util/runtime/runtime.go:114 +0x1a9 k8s.io/apimachinery/pkg/util/runtime.HandleCrashWithContext({0x49b45d8, 0xc000991c00}, {0x0, 0x0, 0x0}) /opt/app-root/src/go/pkg/mod/k8s.io/apimachinery@v0.34.2/pkg/util/runtime/runtime.go:78 +0x5a panic({0x3878780?, 0x6ebb880?}) /usr/lib/golang/src/runtime/panic.go:783 +0x132 github.com/konflux-ci/e2e-tests/pkg/sandbox.(*SandboxController).CheckUserCreatedWithSignUp.func1() /tmp/tmp.x1MqQ7KQDy/pkg/sandbox/sandbox.go:319 +0x35 github.com/konflux-ci/e2e-tests/pkg/utils.WaitUntilWithInterval.func1({0xc000991c01?, 0xc001f20c18?}) /tmp/tmp.x1MqQ7KQDy/pkg/utils/util.go:129 +0x13 k8s.io/apimachinery/pkg/util/wait.loopConditionUntilContext.func1({0x49b45d8?, 0xc000991c00?}, 0x49b45d8?) /opt/app-root/src/go/pkg/mod/k8s.io/apimachinery@v0.34.2/pkg/util/wait/loop.go:53 +0x62 k8s.io/apimachinery/pkg/util/wait.loopConditionUntilContext({0x49b45d8, 0xc000991c00}, {0x499e608, 0xc0008dc800}, 0x1, 0x0, 0xc002791d90) /opt/app-root/src/go/pkg/mod/k8s.io/apimachinery@v0.34.2/pkg/util/wait/loop.go:54 +0x115 k8s.io/apimachinery/pkg/util/wait.PollUntilContextTimeout({0x49b4488?, 0x6f7df80?}, 0xee6b2800, 0x41d765?, 0x1, 0xc001f20d90) /opt/app-root/src/go/pkg/mod/k8s.io/apimachinery@v0.34.2/pkg/util/wait/poll.go:48 +0xa5 github.com/konflux-ci/e2e-tests/pkg/utils.WaitUntilWithInterval(0xa?, 0xc001f20dd8?, 0x1?) /tmp/tmp.x1MqQ7KQDy/pkg/utils/util.go:129 +0x45 github.com/konflux-ci/e2e-tests/pkg/sandbox.(*SandboxController).CheckUserCreatedWithSignUp(0x401f5f7?, {0x401f5f7?, 0x401bbc5?}, 0x8?) /tmp/tmp.x1MqQ7KQDy/pkg/sandbox/sandbox.go:318 +0x72 github.com/konflux-ci/e2e-tests/pkg/sandbox.(*SandboxController).CheckUserCreated(0x0, {0x401f5f7, 0x9}) /tmp/tmp.x1MqQ7KQDy/pkg/sandbox/sandbox.go:314 +0x4b github.com/konflux-ci/e2e-tests/tests/upgrade/verify.VerifyAppStudioProvisionedUser(0x0?) /tmp/tmp.x1MqQ7KQDy/tests/upgrade/verify/verifyUsers.go:14 +0x25 github.com/konflux-ci/e2e-tests/tests/upgrade.init.func1.2() /tmp/tmp.x1MqQ7KQDy/tests/upgrade/verifyWorkload.go:21 +0x1a < Exit [It] Verify AppStudioProvisionedUser - /tmp/tmp.x1MqQ7KQDy/tests/upgrade/verifyWorkload.go:20 @ 05/06/26 07:02:36.745 (0s) [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/upgrade/verifyWorkload.go:24 @ 05/06/26 07:02:36.746 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/upgrade/verifyWorkload.go:28 @ 05/06/26 07:02:36.746 > Enter [BeforeAll] [release-service-suite [RELEASE-2136] Release CR fails when block-releases true in ReleasePlanAdmission.] - /tmp/tmp.x1MqQ7KQDy/tests/release/service/block_releases_release_plan_admission.go:34 @ 05/06/26 07:02:36.747 < Exit [BeforeAll] [release-service-suite [RELEASE-2136] Release CR fails when block-releases true in ReleasePlanAdmission.] - /tmp/tmp.x1MqQ7KQDy/tests/release/service/block_releases_release_plan_admission.go:34 @ 05/06/26 07:03:12.492 (35.746s) > Enter [It] block-releases true in ReleasePlanAdmission makes a Release CR set as failed in both IsReleased and IsValid with a proper message to user. - /tmp/tmp.x1MqQ7KQDy/tests/release/service/block_releases_release_plan_admission.go:69 @ 05/06/26 07:03:12.492 < Exit [It] block-releases true in ReleasePlanAdmission makes a Release CR set as failed in both IsReleased and IsValid with a proper message to user. - /tmp/tmp.x1MqQ7KQDy/tests/release/service/block_releases_release_plan_admission.go:69 @ 05/06/26 07:03:12.645 (152ms) > Enter [AfterEach] [release-service-suite [RELEASE-2136] Release CR fails when block-releases true in ReleasePlanAdmission.] - /tmp/tmp.x1MqQ7KQDy/tests/release/service/block_releases_release_plan_admission.go:32 @ 05/06/26 07:03:12.645 < Exit [AfterEach] [release-service-suite [RELEASE-2136] Release CR fails when block-releases true in ReleasePlanAdmission.] - /tmp/tmp.x1MqQ7KQDy/tests/release/service/block_releases_release_plan_admission.go:32 @ 05/06/26 07:03:12.645 (0s) > Enter [AfterAll] [release-service-suite [RELEASE-2136] Release CR fails when block-releases true in ReleasePlanAdmission.] - /tmp/tmp.x1MqQ7KQDy/tests/release/service/block_releases_release_plan_admission.go:61 @ 05/06/26 07:03:12.646 < Exit [AfterAll] [release-service-suite [RELEASE-2136] Release CR fails when block-releases true in ReleasePlanAdmission.] - /tmp/tmp.x1MqQ7KQDy/tests/release/service/block_releases_release_plan_admission.go:61 @ 05/06/26 07:03:55.75 (43.104s) > Enter [BeforeAll] test build annotations - /tmp/tmp.x1MqQ7KQDy/tests/build/annotations.go:35 @ 05/06/26 07:02:05.958 < Exit [BeforeAll] test build annotations - /tmp/tmp.x1MqQ7KQDy/tests/build/annotations.go:35 @ 05/06/26 07:02:28.014 (22.056s) > Enter [BeforeAll] when component is created with invalid build request annotations - /tmp/tmp.x1MqQ7KQDy/tests/build/annotations.go:69 @ 05/06/26 07:02:28.014 Image repository for component test-annotations-bacnds in namespace build-e2e-odfp do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. Image repository for component test-annotations-bacnds in namespace build-e2e-odfp do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. Image repository for component test-annotations-bacnds in namespace build-e2e-odfp do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. < Exit [BeforeAll] when component is created with invalid build request annotations - /tmp/tmp.x1MqQ7KQDy/tests/build/annotations.go:69 @ 05/06/26 07:02:58.37 (30.356s) > Enter [It] handles invalid request annotation - /tmp/tmp.x1MqQ7KQDy/tests/build/annotations.go:89 @ 05/06/26 07:02:58.37 build status annotation value: {"message":"unexpected build request: foo"} < Exit [It] handles invalid request annotation - /tmp/tmp.x1MqQ7KQDy/tests/build/annotations.go:89 @ 05/06/26 07:03:58.39 (1m0.02s) > Enter [AfterAll] test build annotations - /tmp/tmp.x1MqQ7KQDy/tests/build/annotations.go:51 @ 05/06/26 07:03:58.39 < Exit [AfterAll] test build annotations - /tmp/tmp.x1MqQ7KQDy/tests/build/annotations.go:51 @ 05/06/26 07:03:58.575 (185ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/annotations.go:24 @ 05/06/26 07:03:58.576 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/annotations.go:24 @ 05/06/26 07:03:58.576 (0s) > Enter [BeforeAll] [release-service-suite [HACBS-2360] Release CR fails when missing ReleasePlan and ReleasePlanAdmission.] - /tmp/tmp.x1MqQ7KQDy/tests/release/service/missing_release_plan_and_admission.go:34 @ 05/06/26 07:02:05.973 < Exit [BeforeAll] [release-service-suite [HACBS-2360] Release CR fails when missing ReleasePlan and ReleasePlanAdmission.] - /tmp/tmp.x1MqQ7KQDy/tests/release/service/missing_release_plan_and_admission.go:34 @ 05/06/26 07:03:07.908 (1m1.935s) > Enter [It] missing ReleasePlan makes a Release CR set as failed in both IsReleased and IsValid with a proper message to user. - /tmp/tmp.x1MqQ7KQDy/tests/release/service/missing_release_plan_and_admission.go:66 @ 05/06/26 07:03:07.908 < Exit [It] missing ReleasePlan makes a Release CR set as failed in both IsReleased and IsValid with a proper message to user. - /tmp/tmp.x1MqQ7KQDy/tests/release/service/missing_release_plan_and_admission.go:66 @ 05/06/26 07:03:08.03 (122ms) > Enter [AfterEach] [release-service-suite [HACBS-2360] Release CR fails when missing ReleasePlan and ReleasePlanAdmission.] - /tmp/tmp.x1MqQ7KQDy/tests/release/service/missing_release_plan_and_admission.go:32 @ 05/06/26 07:03:08.031 < Exit [AfterEach] [release-service-suite [HACBS-2360] Release CR fails when missing ReleasePlan and ReleasePlanAdmission.] - /tmp/tmp.x1MqQ7KQDy/tests/release/service/missing_release_plan_and_admission.go:32 @ 05/06/26 07:03:08.031 (0s) > Enter [It] missing ReleasePlanAdmission makes a Release CR set as failed in both IsReleased and IsValid with a proper message to user. - /tmp/tmp.x1MqQ7KQDy/tests/release/service/missing_release_plan_and_admission.go:76 @ 05/06/26 07:03:08.031 < Exit [It] missing ReleasePlanAdmission makes a Release CR set as failed in both IsReleased and IsValid with a proper message to user. - /tmp/tmp.x1MqQ7KQDy/tests/release/service/missing_release_plan_and_admission.go:76 @ 05/06/26 07:03:08.057 (25ms) > Enter [AfterEach] [release-service-suite [HACBS-2360] Release CR fails when missing ReleasePlan and ReleasePlanAdmission.] - /tmp/tmp.x1MqQ7KQDy/tests/release/service/missing_release_plan_and_admission.go:32 @ 05/06/26 07:03:08.057 < Exit [AfterEach] [release-service-suite [HACBS-2360] Release CR fails when missing ReleasePlan and ReleasePlanAdmission.] - /tmp/tmp.x1MqQ7KQDy/tests/release/service/missing_release_plan_and_admission.go:32 @ 05/06/26 07:03:08.057 (0s) > Enter [AfterAll] [release-service-suite [HACBS-2360] Release CR fails when missing ReleasePlan and ReleasePlanAdmission.] - /tmp/tmp.x1MqQ7KQDy/tests/release/service/missing_release_plan_and_admission.go:58 @ 05/06/26 07:03:08.057 < Exit [AfterAll] [release-service-suite [HACBS-2360] Release CR fails when missing ReleasePlan and ReleasePlanAdmission.] - /tmp/tmp.x1MqQ7KQDy/tests/release/service/missing_release_plan_and_admission.go:58 @ 05/06/26 07:04:09.145 (1m1.088s) > Enter [BeforeAll] [release-service-suite Release service happy path] - /tmp/tmp.x1MqQ7KQDy/tests/release/service/happy_path.go:42 @ 05/06/26 07:02:05.761 snapshotPush.Name: %s snapshot-sample-jcam < Exit [BeforeAll] [release-service-suite Release service happy path] - /tmp/tmp.x1MqQ7KQDy/tests/release/service/happy_path.go:42 @ 05/06/26 07:03:00.328 (54.567s) > Enter [It] verifies that a Release CR should have been created in the dev namespace - /tmp/tmp.x1MqQ7KQDy/tests/release/service/happy_path.go:151 @ 05/06/26 07:03:00.328 < Exit [It] verifies that a Release CR should have been created in the dev namespace - /tmp/tmp.x1MqQ7KQDy/tests/release/service/happy_path.go:151 @ 05/06/26 07:03:00.451 (123ms) > Enter [AfterEach] [release-service-suite Release service happy path] - /tmp/tmp.x1MqQ7KQDy/tests/release/service/happy_path.go:27 @ 05/06/26 07:03:00.451 < Exit [AfterEach] [release-service-suite Release service happy path] - /tmp/tmp.x1MqQ7KQDy/tests/release/service/happy_path.go:27 @ 05/06/26 07:03:00.451 (0s) > Enter [It] verifies that Release PipelineRun is triggered - /tmp/tmp.x1MqQ7KQDy/tests/release/service/happy_path.go:158 @ 05/06/26 07:03:00.451 PipelineRun has not been created yet for release %s/%s happy-path-joqk snapshot-sample-jcam-ntrst PipelineRun managed-snlcn reason: Running PipelineRun managed-snlcn reason: Running PipelineRun managed-snlcn reason: Running PipelineRun managed-snlcn reason: Running PipelineRun managed-snlcn reason: Succeeded < Exit [It] verifies that Release PipelineRun is triggered - /tmp/tmp.x1MqQ7KQDy/tests/release/service/happy_path.go:158 @ 05/06/26 07:04:40.514 (1m40.063s) > Enter [AfterEach] [release-service-suite Release service happy path] - /tmp/tmp.x1MqQ7KQDy/tests/release/service/happy_path.go:27 @ 05/06/26 07:04:40.514 < Exit [AfterEach] [release-service-suite Release service happy path] - /tmp/tmp.x1MqQ7KQDy/tests/release/service/happy_path.go:27 @ 05/06/26 07:04:40.514 (0s) > Enter [It] verifies that Enterprise Contract Task has succeeded in the Release PipelineRun - /tmp/tmp.x1MqQ7KQDy/tests/release/service/happy_path.go:162 @ 05/06/26 07:04:40.515 the status of the verify-conforma TaskRun on the release pipeline is: [{Succeeded True {2026-05-06 07:04:23 +0000 UTC} Succeeded All Steps have completed executing}] < Exit [It] verifies that Enterprise Contract Task has succeeded in the Release PipelineRun - /tmp/tmp.x1MqQ7KQDy/tests/release/service/happy_path.go:162 @ 05/06/26 07:04:40.667 (152ms) > Enter [AfterEach] [release-service-suite Release service happy path] - /tmp/tmp.x1MqQ7KQDy/tests/release/service/happy_path.go:27 @ 05/06/26 07:04:40.667 < Exit [AfterEach] [release-service-suite Release service happy path] - /tmp/tmp.x1MqQ7KQDy/tests/release/service/happy_path.go:27 @ 05/06/26 07:04:40.667 (0s) > Enter [It] verifies that a Release is marked as succeeded. - /tmp/tmp.x1MqQ7KQDy/tests/release/service/happy_path.go:174 @ 05/06/26 07:04:40.667 < Exit [It] verifies that a Release is marked as succeeded. - /tmp/tmp.x1MqQ7KQDy/tests/release/service/happy_path.go:174 @ 05/06/26 07:04:40.688 (21ms) > Enter [AfterEach] [release-service-suite Release service happy path] - /tmp/tmp.x1MqQ7KQDy/tests/release/service/happy_path.go:27 @ 05/06/26 07:04:40.688 < Exit [AfterEach] [release-service-suite Release service happy path] - /tmp/tmp.x1MqQ7KQDy/tests/release/service/happy_path.go:27 @ 05/06/26 07:04:40.688 (0s) > Enter [AfterAll] [release-service-suite Release service happy path] - /tmp/tmp.x1MqQ7KQDy/tests/release/service/happy_path.go:142 @ 05/06/26 07:04:40.688 < Exit [AfterAll] [release-service-suite Release service happy path] - /tmp/tmp.x1MqQ7KQDy/tests/release/service/happy_path.go:142 @ 05/06/26 07:05:56.826 (1m16.137s) > Enter [BeforeAll] [release-service-suite ReleasePlan and ReleasePlanAdmission match] - /tmp/tmp.x1MqQ7KQDy/tests/release/service/release_plan_and_admission_matched.go:32 @ 05/06/26 07:02:05.865 < Exit [BeforeAll] [release-service-suite ReleasePlan and ReleasePlanAdmission match] - /tmp/tmp.x1MqQ7KQDy/tests/release/service/release_plan_and_admission_matched.go:32 @ 05/06/26 07:02:52.472 (46.607s) > Enter [It] verifies that the ReleasePlan CR is unmatched in the beginning - /tmp/tmp.x1MqQ7KQDy/tests/release/service/release_plan_and_admission_matched.go:57 @ 05/06/26 07:02:52.472 < Exit [It] verifies that the ReleasePlan CR is unmatched in the beginning - /tmp/tmp.x1MqQ7KQDy/tests/release/service/release_plan_and_admission_matched.go:57 @ 05/06/26 07:02:52.589 (117ms) > Enter [AfterEach] [release-service-suite ReleasePlan and ReleasePlanAdmission match] - /tmp/tmp.x1MqQ7KQDy/tests/release/service/release_plan_and_admission_matched.go:30 @ 05/06/26 07:02:52.589 < Exit [AfterEach] [release-service-suite ReleasePlan and ReleasePlanAdmission match] - /tmp/tmp.x1MqQ7KQDy/tests/release/service/release_plan_and_admission_matched.go:30 @ 05/06/26 07:02:52.589 (0s) > Enter [It] Creates ReleasePlanAdmission CR in corresponding managed namespace - /tmp/tmp.x1MqQ7KQDy/tests/release/service/release_plan_and_admission_matched.go:72 @ 05/06/26 07:02:52.59 < Exit [It] Creates ReleasePlanAdmission CR in corresponding managed namespace - /tmp/tmp.x1MqQ7KQDy/tests/release/service/release_plan_and_admission_matched.go:72 @ 05/06/26 07:02:52.641 (51ms) > Enter [AfterEach] [release-service-suite ReleasePlan and ReleasePlanAdmission match] - /tmp/tmp.x1MqQ7KQDy/tests/release/service/release_plan_and_admission_matched.go:30 @ 05/06/26 07:02:52.641 < Exit [AfterEach] [release-service-suite ReleasePlan and ReleasePlanAdmission match] - /tmp/tmp.x1MqQ7KQDy/tests/release/service/release_plan_and_admission_matched.go:30 @ 05/06/26 07:02:52.641 (0s) > Enter [It] verifies that the ReleasePlan CR is set to matched - /tmp/tmp.x1MqQ7KQDy/tests/release/service/release_plan_and_admission_matched.go:85 @ 05/06/26 07:02:52.641 < Exit [It] verifies that the ReleasePlan CR is set to matched - /tmp/tmp.x1MqQ7KQDy/tests/release/service/release_plan_and_admission_matched.go:85 @ 05/06/26 07:02:52.753 (112ms) > Enter [AfterEach] [release-service-suite ReleasePlan and ReleasePlanAdmission match] - /tmp/tmp.x1MqQ7KQDy/tests/release/service/release_plan_and_admission_matched.go:30 @ 05/06/26 07:02:52.754 < Exit [AfterEach] [release-service-suite ReleasePlan and ReleasePlanAdmission match] - /tmp/tmp.x1MqQ7KQDy/tests/release/service/release_plan_and_admission_matched.go:30 @ 05/06/26 07:02:52.754 (0s) > Enter [It] verifies that the ReleasePlanAdmission CR is set to matched - /tmp/tmp.x1MqQ7KQDy/tests/release/service/release_plan_and_admission_matched.go:105 @ 05/06/26 07:02:52.754 < Exit [It] verifies that the ReleasePlanAdmission CR is set to matched - /tmp/tmp.x1MqQ7KQDy/tests/release/service/release_plan_and_admission_matched.go:105 @ 05/06/26 07:02:52.761 (7ms) > Enter [AfterEach] [release-service-suite ReleasePlan and ReleasePlanAdmission match] - /tmp/tmp.x1MqQ7KQDy/tests/release/service/release_plan_and_admission_matched.go:30 @ 05/06/26 07:02:52.762 < Exit [AfterEach] [release-service-suite ReleasePlan and ReleasePlanAdmission match] - /tmp/tmp.x1MqQ7KQDy/tests/release/service/release_plan_and_admission_matched.go:30 @ 05/06/26 07:02:52.762 (0s) > Enter [It] Creates a manual release ReleasePlan CR in devNamespace - /tmp/tmp.x1MqQ7KQDy/tests/release/service/release_plan_and_admission_matched.go:123 @ 05/06/26 07:02:52.762 < Exit [It] Creates a manual release ReleasePlan CR in devNamespace - /tmp/tmp.x1MqQ7KQDy/tests/release/service/release_plan_and_admission_matched.go:123 @ 05/06/26 07:02:52.782 (19ms) > Enter [AfterEach] [release-service-suite ReleasePlan and ReleasePlanAdmission match] - /tmp/tmp.x1MqQ7KQDy/tests/release/service/release_plan_and_admission_matched.go:30 @ 05/06/26 07:02:52.782 < Exit [AfterEach] [release-service-suite ReleasePlan and ReleasePlanAdmission match] - /tmp/tmp.x1MqQ7KQDy/tests/release/service/release_plan_and_admission_matched.go:30 @ 05/06/26 07:02:52.782 (0s) > Enter [It] verifies that the second ReleasePlan CR is set to matched - /tmp/tmp.x1MqQ7KQDy/tests/release/service/release_plan_and_admission_matched.go:129 @ 05/06/26 07:02:52.783 < Exit [It] verifies that the second ReleasePlan CR is set to matched - /tmp/tmp.x1MqQ7KQDy/tests/release/service/release_plan_and_admission_matched.go:129 @ 05/06/26 07:02:52.902 (119ms) > Enter [AfterEach] [release-service-suite ReleasePlan and ReleasePlanAdmission match] - /tmp/tmp.x1MqQ7KQDy/tests/release/service/release_plan_and_admission_matched.go:30 @ 05/06/26 07:02:52.902 < Exit [AfterEach] [release-service-suite ReleasePlan and ReleasePlanAdmission match] - /tmp/tmp.x1MqQ7KQDy/tests/release/service/release_plan_and_admission_matched.go:30 @ 05/06/26 07:02:52.902 (0s) > Enter [It] verifies that the ReleasePlanAdmission CR has two matched ReleasePlan CRs - /tmp/tmp.x1MqQ7KQDy/tests/release/service/release_plan_and_admission_matched.go:150 @ 05/06/26 07:02:52.903 < Exit [It] verifies that the ReleasePlanAdmission CR has two matched ReleasePlan CRs - /tmp/tmp.x1MqQ7KQDy/tests/release/service/release_plan_and_admission_matched.go:150 @ 05/06/26 07:02:52.913 (10ms) > Enter [AfterEach] [release-service-suite ReleasePlan and ReleasePlanAdmission match] - /tmp/tmp.x1MqQ7KQDy/tests/release/service/release_plan_and_admission_matched.go:30 @ 05/06/26 07:02:52.913 < Exit [AfterEach] [release-service-suite ReleasePlan and ReleasePlanAdmission match] - /tmp/tmp.x1MqQ7KQDy/tests/release/service/release_plan_and_admission_matched.go:30 @ 05/06/26 07:02:52.913 (0s) > Enter [It] deletes one ReleasePlan CR - /tmp/tmp.x1MqQ7KQDy/tests/release/service/release_plan_and_admission_matched.go:171 @ 05/06/26 07:02:52.913 < Exit [It] deletes one ReleasePlan CR - /tmp/tmp.x1MqQ7KQDy/tests/release/service/release_plan_and_admission_matched.go:171 @ 05/06/26 07:02:52.925 (12ms) > Enter [AfterEach] [release-service-suite ReleasePlan and ReleasePlanAdmission match] - /tmp/tmp.x1MqQ7KQDy/tests/release/service/release_plan_and_admission_matched.go:30 @ 05/06/26 07:02:52.926 < Exit [AfterEach] [release-service-suite ReleasePlan and ReleasePlanAdmission match] - /tmp/tmp.x1MqQ7KQDy/tests/release/service/release_plan_and_admission_matched.go:30 @ 05/06/26 07:02:52.926 (0s) > Enter [It] verifies that the ReleasePlanAdmission CR has only one matching ReleasePlan - /tmp/tmp.x1MqQ7KQDy/tests/release/service/release_plan_and_admission_matched.go:177 @ 05/06/26 07:02:52.926 < Exit [It] verifies that the ReleasePlanAdmission CR has only one matching ReleasePlan - /tmp/tmp.x1MqQ7KQDy/tests/release/service/release_plan_and_admission_matched.go:177 @ 05/06/26 07:02:52.938 (12ms) > Enter [AfterEach] [release-service-suite ReleasePlan and ReleasePlanAdmission match] - /tmp/tmp.x1MqQ7KQDy/tests/release/service/release_plan_and_admission_matched.go:30 @ 05/06/26 07:02:52.938 < Exit [AfterEach] [release-service-suite ReleasePlan and ReleasePlanAdmission match] - /tmp/tmp.x1MqQ7KQDy/tests/release/service/release_plan_and_admission_matched.go:30 @ 05/06/26 07:02:52.938 (0s) > Enter [It] deletes the ReleasePlanAdmission CR - /tmp/tmp.x1MqQ7KQDy/tests/release/service/release_plan_and_admission_matched.go:198 @ 05/06/26 07:02:52.939 < Exit [It] deletes the ReleasePlanAdmission CR - /tmp/tmp.x1MqQ7KQDy/tests/release/service/release_plan_and_admission_matched.go:198 @ 05/06/26 07:02:52.953 (14ms) > Enter [AfterEach] [release-service-suite ReleasePlan and ReleasePlanAdmission match] - /tmp/tmp.x1MqQ7KQDy/tests/release/service/release_plan_and_admission_matched.go:30 @ 05/06/26 07:02:52.953 < Exit [AfterEach] [release-service-suite ReleasePlan and ReleasePlanAdmission match] - /tmp/tmp.x1MqQ7KQDy/tests/release/service/release_plan_and_admission_matched.go:30 @ 05/06/26 07:02:52.953 (0s) > Enter [It] verifies that the ReleasePlan CR has no matched ReleasePlanAdmission - /tmp/tmp.x1MqQ7KQDy/tests/release/service/release_plan_and_admission_matched.go:204 @ 05/06/26 07:02:52.953 < Exit [It] verifies that the ReleasePlan CR has no matched ReleasePlanAdmission - /tmp/tmp.x1MqQ7KQDy/tests/release/service/release_plan_and_admission_matched.go:204 @ 05/06/26 07:02:53.071 (118ms) > Enter [AfterEach] [release-service-suite ReleasePlan and ReleasePlanAdmission match] - /tmp/tmp.x1MqQ7KQDy/tests/release/service/release_plan_and_admission_matched.go:30 @ 05/06/26 07:02:53.071 < Exit [AfterEach] [release-service-suite ReleasePlan and ReleasePlanAdmission match] - /tmp/tmp.x1MqQ7KQDy/tests/release/service/release_plan_and_admission_matched.go:30 @ 05/06/26 07:02:53.071 (0s) > Enter [AfterAll] [release-service-suite ReleasePlan and ReleasePlanAdmission match] - /tmp/tmp.x1MqQ7KQDy/tests/release/service/release_plan_and_admission_matched.go:48 @ 05/06/26 07:02:53.071 < Exit [AfterAll] [release-service-suite ReleasePlan and ReleasePlanAdmission match] - /tmp/tmp.x1MqQ7KQDy/tests/release/service/release_plan_and_admission_matched.go:48 @ 05/06/26 07:03:27.395 (34.324s) > Enter [BeforeAll] test build secret lookup - /tmp/tmp.x1MqQ7KQDy/tests/build/secret_lookup.go:32 @ 05/06/26 07:03:27.398 < Exit [BeforeAll] test build secret lookup - /tmp/tmp.x1MqQ7KQDy/tests/build/secret_lookup.go:32 @ 05/06/26 07:03:30.598 (3.199s) > Enter [BeforeAll] when two secrets are created - /tmp/tmp.x1MqQ7KQDy/tests/build/secret_lookup.go:100 @ 05/06/26 07:03:30.598 < Exit [BeforeAll] when two secrets are created - /tmp/tmp.x1MqQ7KQDy/tests/build/secret_lookup.go:100 @ 05/06/26 07:03:30.651 (53ms) > Enter [It] creates first component - /tmp/tmp.x1MqQ7KQDy/tests/build/secret_lookup.go:123 @ 05/06/26 07:03:30.651 Image repository for component component-one-vmez in namespace build-e2e-xawj do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. Image repository for component component-one-vmez in namespace build-e2e-xawj do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. < Exit [It] creates first component - /tmp/tmp.x1MqQ7KQDy/tests/build/secret_lookup.go:123 @ 05/06/26 07:04:00.897 (30.246s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/secret_lookup.go:25 @ 05/06/26 07:04:00.897 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/secret_lookup.go:25 @ 05/06/26 07:04:00.897 (0s) > Enter [It] creates second component - /tmp/tmp.x1MqQ7KQDy/tests/build/secret_lookup.go:140 @ 05/06/26 07:04:00.898 Image repository for component component-two-ajrb in namespace build-e2e-xawj do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. Image repository for component component-two-ajrb in namespace build-e2e-xawj do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. < Exit [It] creates second component - /tmp/tmp.x1MqQ7KQDy/tests/build/secret_lookup.go:140 @ 05/06/26 07:04:21.284 (20.386s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/secret_lookup.go:25 @ 05/06/26 07:04:21.284 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/secret_lookup.go:25 @ 05/06/26 07:04:21.284 (0s) > Enter [It] check first component annotation has errors - /tmp/tmp.x1MqQ7KQDy/tests/build/secret_lookup.go:158 @ 05/06/26 07:04:21.285 build status annotation value: {"pac":{"state":"error","error-id":74,"error-message":"74: Access token is unrecognizable by GitHub"},"message":"done"} < Exit [It] check first component annotation has errors - /tmp/tmp.x1MqQ7KQDy/tests/build/secret_lookup.go:158 @ 05/06/26 07:04:21.456 (171ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/secret_lookup.go:25 @ 05/06/26 07:04:21.456 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/secret_lookup.go:25 @ 05/06/26 07:04:21.456 (0s) > Enter [It] triggered PipelineRun is for component - /tmp/tmp.x1MqQ7KQDy/tests/build/secret_lookup.go:178 @ 05/06/26 07:04:21.457 PipelineRun has not been created yet for the component build-e2e-xawj/component-two-ajrb < Exit [It] triggered PipelineRun is for component - /tmp/tmp.x1MqQ7KQDy/tests/build/secret_lookup.go:178 @ 05/06/26 07:04:41.685 (20.228s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/secret_lookup.go:25 @ 05/06/26 07:04:41.685 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/secret_lookup.go:25 @ 05/06/26 07:04:41.685 (0s) > Enter [It] check only one pipelinerun should be triggered - /tmp/tmp.x1MqQ7KQDy/tests/build/secret_lookup.go:193 @ 05/06/26 07:04:41.686 < Exit [It] check only one pipelinerun should be triggered - /tmp/tmp.x1MqQ7KQDy/tests/build/secret_lookup.go:193 @ 05/06/26 07:06:41.687 (2m0.001s) > Enter [AfterAll] test build secret lookup - /tmp/tmp.x1MqQ7KQDy/tests/build/secret_lookup.go:61 @ 05/06/26 07:06:41.687 < Exit [AfterAll] test build secret lookup - /tmp/tmp.x1MqQ7KQDy/tests/build/secret_lookup.go:61 @ 05/06/26 07:06:44.274 (2.587s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/secret_lookup.go:25 @ 05/06/26 07:06:44.274 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/secret_lookup.go:25 @ 05/06/26 07:06:44.274 (0s) [FAILED] Failed to fork repository for fj Unexpected error: <*fmt.wrapError | 0xc00195c140>: error migrating project konflux-qe/devfile-sample-hello-world to konflux-qe/devfile-sample-hello-world-qqbwyj (last error: ): context deadline exceeded { msg: "error migrating project konflux-qe/devfile-sample-hello-world to konflux-qe/devfile-sample-hello-world-qqbwyj (last error: ): context deadline exceeded", err: <context.deadlineExceededError>{}, } occurred In [BeforeAll] at: /tmp/tmp.x1MqQ7KQDy/tests/build/git_provider_config.go:329 @ 05/06/26 07:09:11.905 > Enter [BeforeAll] PaC component build - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:54 @ 05/06/26 07:02:05.962 [FAILED] Failed to fork repository for fj Unexpected error: <*fmt.wrapError | 0xc00195c140>: error migrating project konflux-qe/devfile-sample-hello-world to konflux-qe/devfile-sample-hello-world-qqbwyj (last error: ): context deadline exceeded { msg: "error migrating project konflux-qe/devfile-sample-hello-world to konflux-qe/devfile-sample-hello-world-qqbwyj (last error: ): context deadline exceeded", err: <context.deadlineExceededError>{}, } occurred In [BeforeAll] at: /tmp/tmp.x1MqQ7KQDy/tests/build/git_provider_config.go:329 @ 05/06/26 07:09:11.905 < Exit [BeforeAll] PaC component build - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:54 @ 05/06/26 07:09:11.905 (7m5.942s) > Enter [AfterAll] PaC component build - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:101 @ 05/06/26 07:09:11.905 < Exit [AfterAll] PaC component build - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:101 @ 05/06/26 07:09:11.905 (0s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:09:11.905 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:09:12.051 (146ms) [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:153 @ 05/06/26 07:09:12.052 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:176 @ 05/06/26 07:09:12.052 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:191 @ 05/06/26 07:09:12.052 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:195 @ 05/06/26 07:09:12.053 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:225 @ 05/06/26 07:09:12.053 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:243 @ 05/06/26 07:09:12.053 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:249 @ 05/06/26 07:09:12.053 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:265 @ 05/06/26 07:09:12.053 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:278 @ 05/06/26 07:09:12.053 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:332 @ 05/06/26 07:09:12.054 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:347 @ 05/06/26 07:09:12.054 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:365 @ 05/06/26 07:09:12.054 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:371 @ 05/06/26 07:09:12.054 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:390 @ 05/06/26 07:09:12.055 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:396 @ 05/06/26 07:09:12.055 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:425 @ 05/06/26 07:09:12.055 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:439 @ 05/06/26 07:09:12.055 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:464 @ 05/06/26 07:09:12.055 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:479 @ 05/06/26 07:09:12.056 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:498 @ 05/06/26 07:09:12.056 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:504 @ 05/06/26 07:09:12.056 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:530 @ 05/06/26 07:09:12.056 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:546 @ 05/06/26 07:09:12.057 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:552 @ 05/06/26 07:09:12.057 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:564 @ 05/06/26 07:09:12.057 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:595 @ 05/06/26 07:09:12.057 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:661 @ 05/06/26 07:09:12.058 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:679 @ 05/06/26 07:09:12.058 [FAILED] Unexpected error: <*fmt.wrapError | 0xc00144e080>: error migrating project konflux-qe/build-nudge-parent to konflux-qe/build-nudge-parent-tufopa (last error: ): context deadline exceeded { msg: "error migrating project konflux-qe/build-nudge-parent to konflux-qe/build-nudge-parent-tufopa (last error: ): context deadline exceeded", err: <context.deadlineExceededError>{}, } occurred In [BeforeAll] at: /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:131 @ 05/06/26 07:08:21.891 There were additional failures detected after the initial failure. These are visible in the timeline > Enter [BeforeAll] component update with renovate - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:72 @ 05/06/26 07:02:05.763 [FAILED] Unexpected error: <*fmt.wrapError | 0xc00144e080>: error migrating project konflux-qe/build-nudge-parent to konflux-qe/build-nudge-parent-tufopa (last error: ): context deadline exceeded { msg: "error migrating project konflux-qe/build-nudge-parent to konflux-qe/build-nudge-parent-tufopa (last error: ): context deadline exceeded", err: <context.deadlineExceededError>{}, } occurred In [BeforeAll] at: /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:131 @ 05/06/26 07:08:21.891 < Exit [BeforeAll] component update with renovate - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:72 @ 05/06/26 07:08:21.891 (6m16.128s) > Enter [AfterAll] component update with renovate - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:214 @ 05/06/26 07:08:21.891 [FAILED] Timed out after 120.000s. Expected success, but got an error: <*errors.errorString | 0xc001656330>: could not check for namespace '' existence: resource name may not be empty { s: "could not check for namespace '' existence: resource name may not be empty", } In [AfterAll] at: /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:230 @ 05/06/26 07:10:21.892 < Exit [AfterAll] component update with renovate - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:214 @ 05/06/26 07:10:21.892 (2m0.001s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:28 @ 05/06/26 07:10:21.892 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:28 @ 05/06/26 07:10:22.039 (146ms) [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:259 @ 05/06/26 07:10:22.039 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:274 @ 05/06/26 07:10:22.04 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:285 @ 05/06/26 07:10:22.04 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:289 @ 05/06/26 07:10:22.04 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:307 @ 05/06/26 07:10:22.04 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:318 @ 05/06/26 07:10:22.041 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:358 @ 05/06/26 07:10:22.041 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:375 @ 05/06/26 07:10:22.041 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:385 @ 05/06/26 07:10:22.041 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:401 @ 05/06/26 07:10:22.041 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:412 @ 05/06/26 07:10:22.042 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:429 @ 05/06/26 07:10:22.042 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:440 @ 05/06/26 07:10:22.042 > Enter [BeforeAll] with status reporting of Integration tests in CheckRuns - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/status-reporting-to-pullrequest.go:45 @ 05/06/26 07:02:05.762 Image repository for component test-component-pac-gekbpm in namespace stat-rep-hwqy do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. Build PipelineRun has not been created yet for the component stat-rep-hwqy/test-component-pac-gekbpm Build PipelineRun has not been created yet for the component stat-rep-hwqy/test-component-pac-gekbpm < Exit [BeforeAll] with status reporting of Integration tests in CheckRuns - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/status-reporting-to-pullrequest.go:45 @ 05/06/26 07:03:21.865 (1m16.102s) > Enter [It] does not contain an annotation with a Snapshot Name - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/status-reporting-to-pullrequest.go:111 @ 05/06/26 07:03:21.865 < Exit [It] does not contain an annotation with a Snapshot Name - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/status-reporting-to-pullrequest.go:111 @ 05/06/26 07:03:21.865 (0s) > Enter [AfterEach] [integration-service-suite Status Reporting of Integration tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/status-reporting-to-pullrequest.go:42 @ 05/06/26 07:03:21.865 < Exit [AfterEach] [integration-service-suite Status Reporting of Integration tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/status-reporting-to-pullrequest.go:42 @ 05/06/26 07:03:21.865 (0s) > Enter [It] should have a related PaC init PR created - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/status-reporting-to-pullrequest.go:115 @ 05/06/26 07:03:21.866 < Exit [It] should have a related PaC init PR created - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/status-reporting-to-pullrequest.go:115 @ 05/06/26 07:03:22.177 (312ms) > Enter [AfterEach] [integration-service-suite Status Reporting of Integration tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/status-reporting-to-pullrequest.go:42 @ 05/06/26 07:03:22.178 < Exit [AfterEach] [integration-service-suite Status Reporting of Integration tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/status-reporting-to-pullrequest.go:42 @ 05/06/26 07:03:22.178 (0s) > Enter [It] initialized integration test status is reported to github - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/status-reporting-to-pullrequest.go:134 @ 05/06/26 07:03:22.178 < Exit [It] initialized integration test status is reported to github - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/status-reporting-to-pullrequest.go:134 @ 05/06/26 07:03:22.578 (400ms) > Enter [AfterEach] [integration-service-suite Status Reporting of Integration tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/status-reporting-to-pullrequest.go:42 @ 05/06/26 07:03:22.578 < Exit [AfterEach] [integration-service-suite Status Reporting of Integration tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/status-reporting-to-pullrequest.go:42 @ 05/06/26 07:03:22.578 (0s) [FAILED] build pipelinerun fails for NameSpace/Application/Component stat-rep-hwqy/integ-app-host/test-component-pac-gekbpm with logs: Pipelinerun 'test-component-pac-gekbpm-on-pull-request-k5k86' didn't succeed Expected success, but got an error: <*errors.errorString | 0xc0012bfcc0>: Pipelinerun 'test-component-pac-gekbpm-on-pull-request-k5k86' didn't succeed { s: "Pipelinerun 'test-component-pac-gekbpm-on-pull-request-k5k86' didn't succeed\n", } In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/integration-service/status-reporting-to-pullrequest.go:146 @ 05/06/26 07:12:42.741 > Enter [It] should lead to build PipelineRun finishing successfully - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/status-reporting-to-pullrequest.go:144 @ 05/06/26 07:03:22.579 PipelineRun test-component-pac-gekbpm-on-pull-request-k5k86 reason: ResolvingTaskRef PipelineRun test-component-pac-gekbpm-on-pull-request-k5k86 reason: Running PipelineRun test-component-pac-gekbpm-on-pull-request-k5k86 reason: Running PipelineRun test-component-pac-gekbpm-on-pull-request-k5k86 reason: Running PipelineRun test-component-pac-gekbpm-on-pull-request-k5k86 reason: Running PipelineRun test-component-pac-gekbpm-on-pull-request-k5k86 reason: Running PipelineRun test-component-pac-gekbpm-on-pull-request-k5k86 reason: Running PipelineRun test-component-pac-gekbpm-on-pull-request-k5k86 reason: Running PipelineRun test-component-pac-gekbpm-on-pull-request-k5k86 reason: Running PipelineRun test-component-pac-gekbpm-on-pull-request-k5k86 reason: Running PipelineRun test-component-pac-gekbpm-on-pull-request-k5k86 reason: Running PipelineRun test-component-pac-gekbpm-on-pull-request-k5k86 reason: Running PipelineRun test-component-pac-gekbpm-on-pull-request-k5k86 reason: Running PipelineRun test-component-pac-gekbpm-on-pull-request-k5k86 reason: Running PipelineRun test-component-pac-gekbpm-on-pull-request-k5k86 reason: Running PipelineRun test-component-pac-gekbpm-on-pull-request-k5k86 reason: Running PipelineRun test-component-pac-gekbpm-on-pull-request-k5k86 reason: PipelineRunStopping PipelineRun test-component-pac-gekbpm-on-pull-request-k5k86 reason: PipelineRunStopping PipelineRun test-component-pac-gekbpm-on-pull-request-k5k86 reason: PipelineRunStopping PipelineRun test-component-pac-gekbpm-on-pull-request-k5k86 reason: PipelineRunStopping PipelineRun test-component-pac-gekbpm-on-pull-request-k5k86 reason: PipelineRunStopping PipelineRun test-component-pac-gekbpm-on-pull-request-k5k86 reason: PipelineRunStopping PipelineRun test-component-pac-gekbpm-on-pull-request-k5k86 reason: PipelineRunStopping PipelineRun test-component-pac-gekbpm-on-pull-request-k5k86 reason: PipelineRunStopping PipelineRun test-component-pac-gekbpm-on-pull-request-k5k86 reason: PipelineRunStopping PipelineRun test-component-pac-gekbpm-on-pull-request-k5k86 reason: PipelineRunStopping PipelineRun test-component-pac-gekbpm-on-pull-request-k5k86 reason: PipelineRunStopping PipelineRun test-component-pac-gekbpm-on-pull-request-k5k86 reason: PipelineRunStopping PipelineRun test-component-pac-gekbpm-on-pull-request-k5k86 reason: Failed [FAILED] build pipelinerun fails for NameSpace/Application/Component stat-rep-hwqy/integ-app-host/test-component-pac-gekbpm with logs: Pipelinerun 'test-component-pac-gekbpm-on-pull-request-k5k86' didn't succeed Expected success, but got an error: <*errors.errorString | 0xc0012bfcc0>: Pipelinerun 'test-component-pac-gekbpm-on-pull-request-k5k86' didn't succeed { s: "Pipelinerun 'test-component-pac-gekbpm-on-pull-request-k5k86' didn't succeed\n", } In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/integration-service/status-reporting-to-pullrequest.go:146 @ 05/06/26 07:12:42.741 < Exit [It] should lead to build PipelineRun finishing successfully - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/status-reporting-to-pullrequest.go:144 @ 05/06/26 07:12:42.741 (9m20.163s) > Enter [AfterAll] with status reporting of Integration tests in CheckRuns - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/status-reporting-to-pullrequest.go:94 @ 05/06/26 07:12:42.742 < Exit [AfterAll] with status reporting of Integration tests in CheckRuns - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/status-reporting-to-pullrequest.go:94 @ 05/06/26 07:12:43.557 (816ms) > Enter [AfterEach] [integration-service-suite Status Reporting of Integration tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/status-reporting-to-pullrequest.go:42 @ 05/06/26 07:12:43.557 < Exit [AfterEach] [integration-service-suite Status Reporting of Integration tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/status-reporting-to-pullrequest.go:42 @ 05/06/26 07:12:43.799 (241ms) [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/integration-service/status-reporting-to-pullrequest.go:151 @ 05/06/26 07:12:43.799 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/integration-service/status-reporting-to-pullrequest.go:155 @ 05/06/26 07:12:43.8 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/integration-service/status-reporting-to-pullrequest.go:160 @ 05/06/26 07:12:43.8 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/integration-service/status-reporting-to-pullrequest.go:166 @ 05/06/26 07:12:43.8 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/integration-service/status-reporting-to-pullrequest.go:190 @ 05/06/26 07:12:43.8 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/integration-service/status-reporting-to-pullrequest.go:199 @ 05/06/26 07:12:43.8 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/integration-service/status-reporting-to-pullrequest.go:213 @ 05/06/26 07:12:43.801 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/integration-service/status-reporting-to-pullrequest.go:217 @ 05/06/26 07:12:43.801 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/integration-service/status-reporting-to-pullrequest.go:221 @ 05/06/26 07:12:43.801 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/integration-service/status-reporting-to-pullrequest.go:225 @ 05/06/26 07:12:43.801 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/integration-service/status-reporting-to-pullrequest.go:229 @ 05/06/26 07:12:43.802 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/integration-service/status-reporting-to-pullrequest.go:244 @ 05/06/26 07:12:43.802 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/integration-service/status-reporting-to-pullrequest.go:248 @ 05/06/26 07:12:43.802 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/integration-service/status-reporting-to-pullrequest.go:263 @ 05/06/26 07:12:43.802 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/integration-service/status-reporting-to-pullrequest.go:267 @ 05/06/26 07:12:43.802 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/integration-service/status-reporting-to-pullrequest.go:276 @ 05/06/26 07:12:43.803 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/integration-service/status-reporting-to-pullrequest.go:291 @ 05/06/26 07:12:43.803 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/integration-service/status-reporting-to-pullrequest.go:297 @ 05/06/26 07:12:43.803 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/integration-service/status-reporting-to-pullrequest.go:302 @ 05/06/26 07:12:43.803 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/integration-service/status-reporting-to-pullrequest.go:308 @ 05/06/26 07:12:43.803 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/integration-service/status-reporting-to-pullrequest.go:355 @ 05/06/26 07:12:43.804 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/integration-service/status-reporting-to-pullrequest.go:400 @ 05/06/26 07:12:43.804 > Enter [BeforeAll] [enterprise-contract-suite Conforma E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:31 @ 05/06/26 07:02:05.565 < Exit [BeforeAll] [enterprise-contract-suite Conforma E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:31 @ 05/06/26 07:02:39.565 (34s) > Enter [It] verifies if the chains controller is running - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:43 @ 05/06/26 07:02:39.565 < Exit [It] verifies if the chains controller is running - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:43 @ 05/06/26 07:02:39.677 (112ms) > Enter [AfterEach] [enterprise-contract-suite Conforma E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:29 @ 05/06/26 07:02:39.677 < Exit [AfterEach] [enterprise-contract-suite Conforma E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:29 @ 05/06/26 07:02:39.678 (0s) > Enter [It] verifies the signing secret is present - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:48 @ 05/06/26 07:02:39.678 < Exit [It] verifies the signing secret is present - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:48 @ 05/06/26 07:02:39.69 (12ms) > Enter [AfterEach] [enterprise-contract-suite Conforma E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:29 @ 05/06/26 07:02:39.69 < Exit [AfterEach] [enterprise-contract-suite Conforma E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:29 @ 05/06/26 07:02:39.69 (0s) > Enter [BeforeAll] test creating and signing an image and task - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:73 @ 05/06/26 07:02:39.691 Creating Pipeline "buildah-demo-ohfkxyrwwd" Waiting for pipeline "buildah-demo-ohfkxyrwwd" to finish The pipeline named "buildah-demo-ohfkxyrwwd" in namespace "chains-e2e-ioyw" succeeded The image signed by Tekton Chains is quay.io/redhat-appstudio-qe/test-images:buildah-demo-ohfkxyrwwd@sha256:c7ee23e9a9dfade19e9ee69e99de27d044b1dde095377e7868975a53ccfeeca9 < Exit [BeforeAll] test creating and signing an image and task - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:73 @ 05/06/26 07:07:33.096 (4m53.405s) > Enter [It] creates signature and attestation - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:115 @ 05/06/26 07:07:33.096 failed to get cosign result for image quay.io/redhat-appstudio-qe/test-images:buildah-demo-ohfkxyrwwd@sha256:c7ee23e9a9dfade19e9ee69e99de27d044b1dde095377e7868975a53ccfeeca9: failed to find cosign results for image quay.io/redhat-appstudio-qe/test-images:buildah-demo-ohfkxyrwwd@sha256:c7ee23e9a9dfade19e9ee69e99de27d044b1dde095377e7868975a53ccfeeca9: error when getting attestation tag: cannot get manifest digest from quay.io/redhat-appstudio-qe/test-images:sha256-c7ee23e9a9dfade19e9ee69e99de27d044b1dde095377e7868975a53ccfeeca9.att image. response body: {"tags": [], "page": 1, "has_additional": false} Cosign verify pass with .att and .sig ImageStreamTags found for quay.io/redhat-appstudio-qe/test-images:buildah-demo-ohfkxyrwwd@sha256:c7ee23e9a9dfade19e9ee69e99de27d044b1dde095377e7868975a53ccfeeca9 < Exit [It] creates signature and attestation - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:115 @ 05/06/26 07:07:34.649 (1.552s) > Enter [AfterEach] [enterprise-contract-suite Conforma E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:29 @ 05/06/26 07:07:34.649 < Exit [AfterEach] [enterprise-contract-suite Conforma E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:29 @ 05/06/26 07:07:34.649 (0s) > Enter [BeforeAll] verify-enterprise-contract task - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:133 @ 05/06/26 07:07:34.65 Copy public key from openshift-pipelines/signing-secrets to a new secret Configured Rekor host: https://rekor.sigstore.dev Using verify EC task bundle: quay.io/conforma/tekton-task:kf-b345847182602d9a5ce9e957fa76fe02575c8018@sha256:7df8d121c09999d0376e189c1eb8a8263078aab697aa5ee966512f581427a6ce < Exit [BeforeAll] verify-enterprise-contract task - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:133 @ 05/06/26 07:07:34.694 (45ms) > Enter [BeforeEach] verify-enterprise-contract task - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:154 @ 05/06/26 07:07:34.694 < Exit [BeforeEach] verify-enterprise-contract task - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:154 @ 05/06/26 07:07:34.715 (21ms) > Enter [It] succeeds when policy is met - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:177 @ 05/06/26 07:07:34.716 Creating Pipeline "verify-enterprise-contract-run-hkslt" Waiting for pipeline "verify-enterprise-contract-run-hkslt" to finish *** TaskRun status: artifacts: {} completionTime: "2026-05-06T07:11:36Z" conditions: - lastTransitionTime: "2026-05-06T07:11:36Z" message: All Steps have completed executing reason: Succeeded status: "True" type: Succeeded podName: verify-enterprise-contract-eec15bf6ae576b907ec1f6e893d3c7ea-pod provenance: featureFlags: awaitSidecarReadiness: true coschedule: workspaces enableAPIFields: alpha enableParamEnum: true enableProvenanceInStatus: true enforceNonfalsifiability: none maxResultSize: 4096 resultExtractionMethod: termination-message runningInEnvWithInjectedSidecars: true verificationNoMatchPolicy: ignore refSource: digest: sha256: 7df8d121c09999d0376e189c1eb8a8263078aab697aa5ee966512f581427a6ce entryPoint: verify-enterprise-contract uri: quay.io/conforma/tekton-task results: - name: TEST_OUTPUT type: string value: | {"timestamp":"1778051495","namespace":"","successes":5,"failures":0,"warnings":0,"result":"SUCCESS"} spanContext: traceparent: 00-ecfa629d3c4173f43a64b6fa4f668dd1-8130184e7b2f4d96-01 startTime: "2026-05-06T07:07:35Z" steps: - container: step-initialize-tuf imageID: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: initialize-tuf provenance: {} terminated: containerID: cri-o://72473723f715446ab37015d2c12493081034293bbee7ccd1f028d9f995a4dae3 exitCode: 0 finishedAt: "2026-05-06T07:11:29Z" reason: Completed startedAt: "2026-05-06T07:11:29Z" terminationReason: Skipped - container: step-reduce imageID: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: reduce provenance: {} terminated: containerID: cri-o://4ab49572d1288d164cc1be737cbedc78c663f0d1a91737473a2d65de19608a0f exitCode: 0 finishedAt: "2026-05-06T07:11:29Z" reason: Completed startedAt: "2026-05-06T07:11:29Z" terminationReason: Completed - container: step-validate imageID: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: validate provenance: {} terminated: containerID: cri-o://08577362ff9f0d4bc8533b3503f9e44d4ae4bac35ef512098222936042431c1c exitCode: 0 finishedAt: "2026-05-06T07:11:35Z" message: '[{"key":"TEST_OUTPUT","value":"{\"timestamp\":\"1778051495\",\"namespace\":\"\",\"successes\":5,\"failures\":0,\"warnings\":0,\"result\":\"SUCCESS\"}\n","type":1}]' reason: Completed startedAt: "2026-05-06T07:11:29Z" terminationReason: Completed - container: step-report-json imageID: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: report-json provenance: {} terminated: containerID: cri-o://5025f38e310bd99fcb12f247ad91b8da370e82b26fa695371a56086318a3b413 exitCode: 0 finishedAt: "2026-05-06T07:11:35Z" message: '[{"key":"TEST_OUTPUT","value":"{\"timestamp\":\"1778051495\",\"namespace\":\"\",\"successes\":5,\"failures\":0,\"warnings\":0,\"result\":\"SUCCESS\"}\n","type":1}]' reason: Completed startedAt: "2026-05-06T07:11:35Z" terminationReason: Completed - container: step-summary imageID: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: summary provenance: {} terminated: containerID: cri-o://87f5ee81259326e5d271e82f646d311c105b59730c8b06e2e1424813d8af8665 exitCode: 0 finishedAt: "2026-05-06T07:11:35Z" message: '[{"key":"TEST_OUTPUT","value":"{\"timestamp\":\"1778051495\",\"namespace\":\"\",\"successes\":5,\"failures\":0,\"warnings\":0,\"result\":\"SUCCESS\"}\n","type":1}]' reason: Completed startedAt: "2026-05-06T07:11:35Z" terminationReason: Completed - container: step-version imageID: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: version provenance: {} terminated: containerID: cri-o://fa8af80bf4ae4b7d0f3b9fde20910a543756dfc2dac2b397eca08b3665cdf141 exitCode: 0 finishedAt: "2026-05-06T07:11:35Z" message: '[{"key":"TEST_OUTPUT","value":"{\"timestamp\":\"1778051495\",\"namespace\":\"\",\"successes\":5,\"failures\":0,\"warnings\":0,\"result\":\"SUCCESS\"}\n","type":1}]' reason: Completed startedAt: "2026-05-06T07:11:35Z" terminationReason: Completed - container: step-show-config imageID: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: show-config provenance: {} terminated: containerID: cri-o://d1b92c32a9d7bf4dd9604dcb0eafa8343651d96f69a3fc38499fa73e8888aac7 exitCode: 0 finishedAt: "2026-05-06T07:11:35Z" message: '[{"key":"TEST_OUTPUT","value":"{\"timestamp\":\"1778051495\",\"namespace\":\"\",\"successes\":5,\"failures\":0,\"warnings\":0,\"result\":\"SUCCESS\"}\n","type":1}]' reason: Completed startedAt: "2026-05-06T07:11:35Z" terminationReason: Completed - container: step-detailed-report imageID: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: detailed-report provenance: {} terminated: containerID: cri-o://26ddf791bd8d1a5530cd691a298ed6874a12395b92fcf2f5f06686bea68986fe exitCode: 0 finishedAt: "2026-05-06T07:11:35Z" message: '[{"key":"TEST_OUTPUT","value":"{\"timestamp\":\"1778051495\",\"namespace\":\"\",\"successes\":5,\"failures\":0,\"warnings\":0,\"result\":\"SUCCESS\"}\n","type":1}]' reason: Completed startedAt: "2026-05-06T07:11:35Z" terminationReason: Completed - container: step-assert imageID: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: assert provenance: {} terminated: containerID: cri-o://b7f868354be477aa85e68e39da856de20a1871386fd44bc79818daa3f47d0745 exitCode: 0 finishedAt: "2026-05-06T07:11:35Z" message: '[{"key":"TEST_OUTPUT","value":"{\"timestamp\":\"1778051495\",\"namespace\":\"\",\"successes\":5,\"failures\":0,\"warnings\":0,\"result\":\"SUCCESS\"}\n","type":1}]' reason: Completed startedAt: "2026-05-06T07:11:35Z" terminationReason: Completed taskSpec: description: Verify the enterprise contract is met params: - description: | Spec section of an ApplicationSnapshot resource. Not all fields of the resource are required. A minimal example: ```json { "components": [ { "containerImage": "quay.io/example/repo:latest" } ] } ``` Each `containerImage` in the `components` array is validated. name: IMAGES type: string - default: enterprise-contract-service/default description: | Name of the policy configuration (EnterpriseContractPolicy resource) to use. `namespace/name` or `name` syntax supported. If namespace is omitted the namespace where the task runs is used. You can also specify a policy configuration using a git url, e.g. `github.com/conforma/config//slsa3`. name: POLICY_CONFIGURATION type: string - default: "" description: Public key used to verify traditional long-lived signatures. Must be a valid k8s cosign reference, e.g. k8s://my-space/my-secret where my-secret contains the expected cosign.pub attribute. Required for traditional signing key verification. Will be ignored if any of CERTIFICATE_IDENTITY, CERTIFICATE_IDENTITY_REGEXP, CERTIFICATE_OIDC_ISSUER, or CERTIFICATE_OIDC_ISSUER_REGEXP are provided. name: PUBLIC_KEY type: string - default: "" description: Rekor host for transparency log lookups name: REKOR_HOST type: string - default: "" description: Expected identity in the signing certificate for keyless verification. This should be the email or URI that was used when signing. You should provide both CERTIFICATE_OIDC_ISSUER and CERTIFICATE_IDENTITY for keyless verification. The PUBLIC_KEY param will be ignored if this is provided. name: CERTIFICATE_IDENTITY type: string - default: "" description: Expected OIDC issuer in the signing certificate for keyless verification. This should match the issuer that provided the identity token used for signing. You should provide both CERTIFICATE_OIDC_ISSUER and CERTIFICATE_IDENTITY for keyless verification. The PUBLIC_KEY param will be ignored if this is provided. name: CERTIFICATE_OIDC_ISSUER type: string - default: "" description: Similar to CERTIFICATE_IDENTITY but the value is a regexp that will be matched. Note that CERTIFICATE_IDENTITY takes precedence over this if both are present. name: CERTIFICATE_IDENTITY_REGEXP type: string - default: "" description: Similar to CERTIFICATE_OIDC_ISSUER but a regexp that will be matched. Note that CERTIFICATE_OIDC_ISSUER takes precedence over this if both are present. name: CERTIFICATE_OIDC_ISSUER_REGEXP type: string - default: "false" description: Skip Rekor transparency log checks during validation. Compatible with traditional signing secret signature checks only. If any of the CERTIFICATE_* keyless verification params are present, this value is disregarded and Rekor transparency log checks are included. name: IGNORE_REKOR type: string - default: "" description: TUF mirror URL. Provide a value when NOT using public sigstore deployment. name: TUF_MIRROR type: string - default: "" description: | Path to a directory containing SSL certs to be used when communicating with external services. This is useful when using the integrated registry and a local instance of Rekor on a development cluster which may use certificates issued by a not-commonly trusted root CA. In such cases, `/var/run/secrets/kubernetes.io/serviceaccount` is a good value. Multiple paths can be provided by using the `:` separator. name: SSL_CERT_DIR type: string - default: trusted-ca description: The name of the ConfigMap to read CA bundle data from. name: CA_TRUST_CONFIGMAP_NAME type: string - default: ca-bundle.crt description: The name of the key in the ConfigMap that contains the CA bundle data. name: CA_TRUST_CONFIG_MAP_KEY type: string - default: "true" description: Include rule titles and descriptions in the output. Set to `"false"` to disable it. name: INFO type: string - default: "true" description: Fail the task if policy fails. Set to `"false"` to disable it. name: STRICT type: string - default: /tekton/home description: Value for the HOME environment variable. name: HOMEDIR type: string - default: now description: Run policy checks with the provided time. name: EFFECTIVE_TIME type: string - default: "" description: Merge additional Rego variables into the policy data. Use syntax "key=value,key2=value2..." name: EXTRA_RULE_DATA type: string - default: "1" description: Number of parallel workers to use for policy evaluation. name: WORKERS type: string - default: "false" description: Reduce the Snapshot to only the component whose build caused the Snapshot to be created name: SINGLE_COMPONENT type: string - default: unknown description: | Name, including kind, of the Kubernetes resource to query for labels when single component mode is enabled, e.g. pr/somepipeline. name: SINGLE_COMPONENT_CUSTOM_RESOURCE type: string - default: "" description: | Kubernetes namespace where the SINGLE_COMPONENT_NAME is found. Only used when single component mode is enabled. name: SINGLE_COMPONENT_CUSTOM_RESOURCE_NS type: string - default: 1s description: Base duration for exponential backoff calculation (e.g., "1s", "500ms") name: RETRY_DURATION type: string - default: "2.0" description: Exponential backoff multiplier (e.g., "2.0", "1.5") name: RETRY_FACTOR type: string - default: "0.1" description: Randomness factor for backoff calculation (0.0-1.0, e.g., "0.1", "0.2") name: RETRY_JITTER type: string - default: "3" description: Maximum number of retry attempts name: RETRY_MAX_RETRY type: string - default: 3s description: Maximum wait time between retries (e.g., "3s", "10s") name: RETRY_MAX_WAIT type: string results: - description: Short summary of the policy evaluation for each image name: TEST_OUTPUT type: string stepTemplate: computeResources: {} env: - name: HOME value: /tekton/home steps: - args: - sigstore - initialize - --mirror - "" - --root - /root.json command: - ec computeResources: limits: memory: 256Mi requests: cpu: 100m memory: 256Mi image: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: initialize-tuf when: - operator: notin values: - "" - command: - reduce-snapshot.sh computeResources: limits: memory: 256Mi requests: cpu: 100m memory: 256Mi env: - name: SNAPSHOT value: '{"components":[{"name":"","containerImage":"quay.io/redhat-appstudio-qe/test-images:buildah-demo-ohfkxyrwwd@sha256:c7ee23e9a9dfade19e9ee69e99de27d044b1dde095377e7868975a53ccfeeca9","source":{}}],"artifacts":{}}' - name: SINGLE_COMPONENT value: "false" - name: CUSTOM_RESOURCE value: unknown - name: CUSTOM_RESOURCE_NAMESPACE - name: SNAPSHOT_PATH value: /tekton/home/snapshot.json image: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: reduce onError: continue - computeResources: limits: memory: 2Gi requests: cpu: 1800m memory: 2Gi env: - name: POLICY_CONFIGURATION value: ec-policy - name: PUBLIC_KEY value: k8s://chains-e2e-ioyw/cosign-public-key - name: CERTIFICATE_IDENTITY - name: CERTIFICATE_OIDC_ISSUER - name: CERTIFICATE_IDENTITY_REGEXP - name: CERTIFICATE_OIDC_ISSUER_REGEXP - name: REKOR_HOST - name: IGNORE_REKOR value: "true" - name: WORKERS value: "1" - name: INFO value: "true" - name: EFFECTIVE_TIME value: now - name: EXTRA_RULE_DATA - name: RETRY_MAX_WAIT value: 3s - name: RETRY_MAX_RETRY value: "3" - name: RETRY_DURATION value: 1s - name: RETRY_FACTOR value: "2.0" - name: RETRY_JITTER value: "0.1" - name: HOMEDIR value: /tekton/home - name: SSL_CERT_DIR value: /tekton-custom-certs:/etc/ssl/certs:/etc/pki/tls/certs:/system/etc/security/cacerts:/var/run/secrets/kubernetes.io/serviceaccount image: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: validate onError: continue script: | #!/bin/bash set -euo pipefail cmd_args=( validate image --images="${HOMEDIR}/snapshot.json" --policy="${POLICY_CONFIGURATION}" ) # To keep bash logic as thin as possible we deliberately don't sanitize # these params. If something is wrong or missing let Conforma handle it. if [ -n "${CERTIFICATE_IDENTITY}" ] || \ [ -n "${CERTIFICATE_OIDC_ISSUER}" ] || \ [ -n "${CERTIFICATE_IDENTITY_REGEXP}" ] || \ [ -n "${CERTIFICATE_OIDC_ISSUER_REGEXP}" ]; then # If *any* of the above are non-empty assume the intention is to # try keyless verification if [ -n "${CERTIFICATE_IDENTITY}" ]; then cmd_args+=( --certificate-identity="${CERTIFICATE_IDENTITY}" ) elif [ -n "${CERTIFICATE_IDENTITY_REGEXP}" ]; then cmd_args+=( --certificate-identity-regexp="${CERTIFICATE_IDENTITY_REGEXP}" ) fi if [ -n "${CERTIFICATE_OIDC_ISSUER}" ]; then cmd_args+=( --certificate-oidc-issuer="${CERTIFICATE_OIDC_ISSUER}" ) elif [ -n "${CERTIFICATE_OIDC_ISSUER_REGEXP}" ]; then cmd_args+=( --certificate-oidc-issuer-regexp="${CERTIFICATE_OIDC_ISSUER_REGEXP}" ) fi # Force --ignore-rekor to false since we need rekor cmd_args+=( --ignore-rekor=false ) else # Assume traditional signing secret verification cmd_args+=( --public-key="${PUBLIC_KEY}" --ignore-rekor="${IGNORE_REKOR}" ) fi cmd_args+=( --rekor-url="${REKOR_HOST}" --workers="${WORKERS}" --info="${INFO}" --timeout=0 --strict=false --show-successes=true --show-policy-docs-link=true --effective-time="${EFFECTIVE_TIME}" --extra-rule-data="${EXTRA_RULE_DATA}" --retry-max-wait="${RETRY_MAX_WAIT}" --retry-max-retry="${RETRY_MAX_RETRY}" --retry-duration="${RETRY_DURATION}" --retry-factor="${RETRY_FACTOR}" --retry-jitter="${RETRY_JITTER}" --output="text=${HOMEDIR}/text-report.txt?show-successes=false" --output="json=${HOMEDIR}/report-json.json" --output="appstudio=/tekton/results/TEST_OUTPUT" ) # Execute Conforma with constructed arguments exec ec "${cmd_args[@]}" volumeMounts: - mountPath: /etc/pki/tls/certs/ca-custom-bundle.crt name: trusted-ca readOnly: true subPath: ca-bundle.crt - args: - jq . /tekton/home/report-json.json | awk '{gsub(/^ +/, ""); acc += length; if (acc >= 8000) { printf "\n"; acc=length } printf $0 }' command: - sh - -c computeResources: limits: memory: 256Mi requests: cpu: 100m memory: 256Mi image: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: report-json onError: continue - args: - . - /tekton/results/TEST_OUTPUT command: - jq computeResources: limits: memory: 256Mi requests: cpu: 100m memory: 256Mi image: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: summary onError: continue - args: - version command: - ec computeResources: limits: memory: 256Mi requests: cpu: 100m memory: 256Mi image: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: version - args: - '{policy: .policy, key: .key, "effective-time": .["effective-time"]}' - /tekton/home/report-json.json command: - jq computeResources: limits: memory: 256Mi requests: cpu: 100m memory: 256Mi image: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: show-config - args: - /tekton/home/text-report.txt command: - cat computeResources: {} image: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: detailed-report onError: continue - args: - --argjson - strict - "true" - -e - | .result == "SUCCESS" or .result == "WARNING" or ($strict | not) - /tekton/results/TEST_OUTPUT command: - jq computeResources: limits: memory: 256Mi requests: cpu: 100m memory: 256Mi image: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: assert volumes: - configMap: items: - key: ca-bundle.crt path: ca-bundle.crt name: trusted-ca optional: true name: trusted-ca workspaces: - description: The workspace where the snapshot spec json file resides name: data optional: true *** Logs from pod 'verify-enterprise-contract-eec15bf6ae576b907ec1f6e893d3c7ea-pod', container 'step-initialize-tuf': ----- START -----2026/05/06 07:11:29 INFO Step was skipped due to when expressions were evaluated to false. ----- END ----- *** Logs from pod 'verify-enterprise-contract-eec15bf6ae576b907ec1f6e893d3c7ea-pod', container 'step-reduce': ----- START -----Single Component mode? false { "components": [ { "name": "", "containerImage": "quay.io/redhat-appstudio-qe/test-images:buildah-demo-ohfkxyrwwd@sha256:c7ee23e9a9dfade19e9ee69e99de27d044b1dde095377e7868975a53ccfeeca9", "source": {} } ], "artifacts": {} } ----- END ----- *** Logs from pod 'verify-enterprise-contract-eec15bf6ae576b907ec1f6e893d3c7ea-pod', container 'step-validate': ----- START ---------- END ----- *** Logs from pod 'verify-enterprise-contract-eec15bf6ae576b907ec1f6e893d3c7ea-pod', container 'step-report-json': ----- START -----{"success": true,"components": [{"name": "","containerImage": "quay.io/redhat-appstudio-qe/test-images@sha256:c7ee23e9a9dfade19e9ee69e99de27d044b1dde095377e7868975a53ccfeeca9","source": {},"successes": [{"msg": "Pass","metadata": {"code": "builtin.attestation.signature_check","description": "The attestation signature matches available signing materials.","title": "Attestation signature check passed"}},{"msg": "Pass","metadata": {"code": "builtin.attestation.syntax_check","description": "The attestation has correct syntax.","title": "Attestation syntax check passed"}},{"msg": "Pass","metadata": {"code": "builtin.image.signature_check","description": "The image signature matches available signing materials.","title": "Image signature check passed"}},{"msg": "Pass","metadata": {"code": "slsa_provenance_available.allowed_predicate_types_provided","collections": ["minimal","slsa3","redhat","redhat_rpms","policy_data"],"description": "Confirm the `allowed_predicate_types` rule data was provided, since it is required by the policy rules in this package.","title": "Allowed predicate types provided"}},{"msg": "Pass","metadata": {"code": "slsa_provenance_available.attestation_predicate_type_accepted","collections": ["minimal","slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify that the predicateType field of the attestation indicates the in-toto SLSA Provenance format was used to attest the PipelineRun.","title": "Expected attestation predicate type found"}}],"success": true,"signatures": [{"keyid": "","sig": "MEQCIHpThoeJopV8XLF2YuemXz4DR4hRN/vZvyQngkYPoXLYAiBqD0xaa9X1e/XtioW0Gl3/NnBA0fE9kcKeTwOGxzy6CA=="},{"keyid": "","sig": "MEUCIQDDSONR8Lny6UO7VwgOfhw8F6WJmm2/oOttApzOEimBFwIgHQWWPKKliBt/1HskjjUPptgRBMtqrndFaesyAF09GqQ="},{"keyid": "","sig": "MEQCIFS/iyOUt5n9cVhOzAWKMMkbvQYkrzkm0Z3doUhfTuTPAiAO3L5lGuZDGl68dhva0CT//ihJnixMt8+rZtJCwo03RQ=="}],"attestations": [{"type": "https://in-toto.io/Statement/v0.1","predicateType": "https://slsa.dev/provenance/v0.2","predicateBuildType": "tekton.dev/v1/PipelineRun","signatures": [{"keyid": "SHA256:fOgL1xsyIks4O0XWySo7iEds+F+o5nNbqZKqVlESoIw","sig": "MEQCIB4iVUsI/n1MKSqcuXD2CH6Z0jU1QdGaEeiEQSAjIswkAiAkwsGaw24EvO78rvpJVMw0CC2wzE2qX87Q8tFYsD3GwQ=="}]}]}],"key": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEF1KPrbmgPwizdb09V4Tx2cuolTkR\n7bvG0CNUnt8llVgeI3i8FwpJavDhEIhOOd+Ug62XZMEQJkhn0x9upJLjbw==\n-----END PUBLIC KEY-----\n","policy": {"name": "Default","description": "Includes rules for levels 1, 2 & 3 of SLSA v0.1. This is the default config used for new Konflux applications. Source: https://github.com/conforma/config/blob/main/default/policy.yaml","sources": [{"name": "Default","policy": ["oci::quay.io/enterprise-contract/ec-release-policy:konflux@sha256:59c6b95c02295edb7928ef187571d26d426993fd5aae0236a03c832afbd6072a"],"data": ["git::github.com/release-engineering/rhtap-ec-policy//data?ref=67018469815ee9f81e47cfb54dae39d71ed5f389","oci::quay.io/konflux-ci/tekton-catalog/data-acceptable-bundles:latest@sha256:c7303e2d586614e47d7340ff8d7059c98c6c68fc8ca938b3448179fb8009372e","oci::quay.io/konflux-ci/konflux-vanguard/data-acceptable-bundles:latest@sha256:0b31c7bc77a7463a1bc52f3d3625ef0e0e75443da7fd2de8005d7885282138ea","oci::quay.io/konflux-ci/integration-service-catalog/data-acceptable-bundles:latest@sha256:7b00455045ea3873a72caeb1e7ac7d036bd53963a26409891a4cc9d0d242b9fc"],"config": {"include": ["slsa_provenance_available"]}}],"publicKey": "k8s://chains-e2e-ioyw/cosign-public-key"},"ec-version": "v0.9.25","effective-time": "2026-05-06T07:11:29.770610109Z"}----- END ----- *** Logs from pod 'verify-enterprise-contract-eec15bf6ae576b907ec1f6e893d3c7ea-pod', container 'step-summary': ----- START -----{ "timestamp": "1778051495", "namespace": "", "successes": 5, "failures": 0, "warnings": 0, "result": "SUCCESS" } ----- END ----- *** Logs from pod 'verify-enterprise-contract-eec15bf6ae576b907ec1f6e893d3c7ea-pod', container 'step-version': ----- START -----Version v0.9.25 Source ID b345847182602d9a5ce9e957fa76fe02575c8018 Change date 2026-04-27 12:52:43 +0000 UTC (1 week ago) ECC v0.1.7 OPA v1.15.2 Conftest v0.68.2 Cosign v3.0.4 Sigstore v1.10.4 Rekor v1.5.0 Tekton Pipeline v1.9.2 Kubernetes Client v0.35.0 ----- END ----- *** Logs from pod 'verify-enterprise-contract-eec15bf6ae576b907ec1f6e893d3c7ea-pod', container 'step-show-config': ----- START -----{ "policy": { "name": "Default", "description": "Includes rules for levels 1, 2 & 3 of SLSA v0.1. This is the default config used for new Konflux applications. Source: https://github.com/conforma/config/blob/main/default/policy.yaml", "sources": [ { "name": "Default", "policy": [ "oci::quay.io/enterprise-contract/ec-release-policy:konflux@sha256:59c6b95c02295edb7928ef187571d26d426993fd5aae0236a03c832afbd6072a" ], "data": [ "git::github.com/release-engineering/rhtap-ec-policy//data?ref=67018469815ee9f81e47cfb54dae39d71ed5f389", "oci::quay.io/konflux-ci/tekton-catalog/data-acceptable-bundles:latest@sha256:c7303e2d586614e47d7340ff8d7059c98c6c68fc8ca938b3448179fb8009372e", "oci::quay.io/konflux-ci/konflux-vanguard/data-acceptable-bundles:latest@sha256:0b31c7bc77a7463a1bc52f3d3625ef0e0e75443da7fd2de8005d7885282138ea", "oci::quay.io/konflux-ci/integration-service-catalog/data-acceptable-bundles:latest@sha256:7b00455045ea3873a72caeb1e7ac7d036bd53963a26409891a4cc9d0d242b9fc" ], "config": { "include": [ "slsa_provenance_available" ] } } ], "publicKey": "k8s://chains-e2e-ioyw/cosign-public-key" }, "key": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEF1KPrbmgPwizdb09V4Tx2cuolTkR\n7bvG0CNUnt8llVgeI3i8FwpJavDhEIhOOd+Ug62XZMEQJkhn0x9upJLjbw==\n-----END PUBLIC KEY-----\n", "effective-time": "2026-05-06T07:11:29.770610109Z" } ----- END ----- *** Logs from pod 'verify-enterprise-contract-eec15bf6ae576b907ec1f6e893d3c7ea-pod', container 'step-detailed-report': ----- START -----Success: true Result: SUCCESS Violations: 0, Warnings: 0, Successes: 5 Component: ImageRef: quay.io/redhat-appstudio-qe/test-images@sha256:c7ee23e9a9dfade19e9ee69e99de27d044b1dde095377e7868975a53ccfeeca9 ----- END ----- *** Logs from pod 'verify-enterprise-contract-eec15bf6ae576b907ec1f6e893d3c7ea-pod', container 'step-assert': ----- START -----true ----- END ----- Make sure TaskRun verify-enterprise-contract of PipelineRun verify-enterprise-contract-run-hkslt succeeded Make sure result for TaskRun "verify-enterprise-contract" succeeded < Exit [It] succeeds when policy is met - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:177 @ 05/06/26 07:11:37.925 (4m3.209s) > Enter [AfterEach] [enterprise-contract-suite Conforma E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:29 @ 05/06/26 07:11:37.925 < Exit [AfterEach] [enterprise-contract-suite Conforma E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:29 @ 05/06/26 07:11:37.925 (0s) > Enter [BeforeEach] verify-enterprise-contract task - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:154 @ 05/06/26 07:11:37.926 < Exit [BeforeEach] verify-enterprise-contract task - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:154 @ 05/06/26 07:11:37.942 (17ms) > Enter [It] does not pass when tests are not satisfied on non-strict mode - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:197 @ 05/06/26 07:11:37.942 Creating Pipeline "verify-enterprise-contract-run-2djv6" Waiting for pipeline "verify-enterprise-contract-run-2djv6" to finish *** TaskRun status: artifacts: {} completionTime: "2026-05-06T07:11:51Z" conditions: - lastTransitionTime: "2026-05-06T07:11:51Z" message: All Steps have completed executing reason: Succeeded status: "True" type: Succeeded podName: verify-enterprise-contract-a853bf0901c38a3aed11dcef2c62eb63-pod provenance: featureFlags: awaitSidecarReadiness: true coschedule: workspaces enableAPIFields: alpha enableParamEnum: true enableProvenanceInStatus: true enforceNonfalsifiability: none maxResultSize: 4096 resultExtractionMethod: termination-message runningInEnvWithInjectedSidecars: true verificationNoMatchPolicy: ignore refSource: digest: sha256: 7df8d121c09999d0376e189c1eb8a8263078aab697aa5ee966512f581427a6ce entryPoint: verify-enterprise-contract uri: quay.io/conforma/tekton-task results: - name: TEST_OUTPUT type: string value: | {"timestamp":"1778051509","namespace":"","successes":5,"failures":1,"warnings":0,"result":"FAILURE"} spanContext: traceparent: 00-17d1f796e88db3c3dd21b64b3bc429ba-97130d7e2860f144-01 startTime: "2026-05-06T07:11:38Z" steps: - container: step-initialize-tuf imageID: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: initialize-tuf provenance: {} terminated: containerID: cri-o://f56f7f5c4c0e7d5090e4ebe00eb99fd77a95396c738a6db7c2ea23d21210b53f exitCode: 0 finishedAt: "2026-05-06T07:11:44Z" reason: Completed startedAt: "2026-05-06T07:11:44Z" terminationReason: Skipped - container: step-reduce imageID: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: reduce provenance: {} terminated: containerID: cri-o://0df7dd9ee6e817696d44acf4d5fc1d8662a357f3e9e96d1e00e8f074b65035ce exitCode: 0 finishedAt: "2026-05-06T07:11:44Z" reason: Completed startedAt: "2026-05-06T07:11:44Z" terminationReason: Completed - container: step-validate imageID: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: validate provenance: {} terminated: containerID: cri-o://2e1287edba1a071b5b11fc57289eb1dd9700defa0e17bb7e222d1062c31c9333 exitCode: 0 finishedAt: "2026-05-06T07:11:49Z" message: '[{"key":"TEST_OUTPUT","value":"{\"timestamp\":\"1778051509\",\"namespace\":\"\",\"successes\":5,\"failures\":1,\"warnings\":0,\"result\":\"FAILURE\"}\n","type":1}]' reason: Completed startedAt: "2026-05-06T07:11:44Z" terminationReason: Completed - container: step-report-json imageID: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: report-json provenance: {} terminated: containerID: cri-o://0f865841d5350ada10ed2c41af0778dd577034976ba353290f89d07b1e5f6dc8 exitCode: 0 finishedAt: "2026-05-06T07:11:50Z" message: '[{"key":"TEST_OUTPUT","value":"{\"timestamp\":\"1778051509\",\"namespace\":\"\",\"successes\":5,\"failures\":1,\"warnings\":0,\"result\":\"FAILURE\"}\n","type":1}]' reason: Completed startedAt: "2026-05-06T07:11:50Z" terminationReason: Completed - container: step-summary imageID: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: summary provenance: {} terminated: containerID: cri-o://15a8ceb293002856809cd8fecfc1608be0c7faedec1f506814ce795d9b4284f6 exitCode: 0 finishedAt: "2026-05-06T07:11:50Z" message: '[{"key":"TEST_OUTPUT","value":"{\"timestamp\":\"1778051509\",\"namespace\":\"\",\"successes\":5,\"failures\":1,\"warnings\":0,\"result\":\"FAILURE\"}\n","type":1}]' reason: Completed startedAt: "2026-05-06T07:11:50Z" terminationReason: Completed - container: step-version imageID: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: version provenance: {} terminated: containerID: cri-o://3a367f349d6355ba4793fb8a5f6d585d52ca2c9e82d8010ba6bd35e297824ea8 exitCode: 0 finishedAt: "2026-05-06T07:11:50Z" message: '[{"key":"TEST_OUTPUT","value":"{\"timestamp\":\"1778051509\",\"namespace\":\"\",\"successes\":5,\"failures\":1,\"warnings\":0,\"result\":\"FAILURE\"}\n","type":1}]' reason: Completed startedAt: "2026-05-06T07:11:50Z" terminationReason: Completed - container: step-show-config imageID: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: show-config provenance: {} terminated: containerID: cri-o://89364bc8d207f784df0bc361216b7e3ab48422529cf5260c74b08a05d113c66f exitCode: 0 finishedAt: "2026-05-06T07:11:50Z" message: '[{"key":"TEST_OUTPUT","value":"{\"timestamp\":\"1778051509\",\"namespace\":\"\",\"successes\":5,\"failures\":1,\"warnings\":0,\"result\":\"FAILURE\"}\n","type":1}]' reason: Completed startedAt: "2026-05-06T07:11:50Z" terminationReason: Completed - container: step-detailed-report imageID: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: detailed-report provenance: {} terminated: containerID: cri-o://50d054445dc80c677ce125fa2c3084c35b6157d41363879907a1d761a8725c7f exitCode: 0 finishedAt: "2026-05-06T07:11:50Z" message: '[{"key":"TEST_OUTPUT","value":"{\"timestamp\":\"1778051509\",\"namespace\":\"\",\"successes\":5,\"failures\":1,\"warnings\":0,\"result\":\"FAILURE\"}\n","type":1}]' reason: Completed startedAt: "2026-05-06T07:11:50Z" terminationReason: Completed - container: step-assert imageID: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: assert provenance: {} terminated: containerID: cri-o://9529576a62321d01c2aa430cb7fd1d9bda97bb73199259c069dd94c3ebc3c8ec exitCode: 0 finishedAt: "2026-05-06T07:11:50Z" message: '[{"key":"TEST_OUTPUT","value":"{\"timestamp\":\"1778051509\",\"namespace\":\"\",\"successes\":5,\"failures\":1,\"warnings\":0,\"result\":\"FAILURE\"}\n","type":1}]' reason: Completed startedAt: "2026-05-06T07:11:50Z" terminationReason: Completed taskSpec: description: Verify the enterprise contract is met params: - description: | Spec section of an ApplicationSnapshot resource. Not all fields of the resource are required. A minimal example: ```json { "components": [ { "containerImage": "quay.io/example/repo:latest" } ] } ``` Each `containerImage` in the `components` array is validated. name: IMAGES type: string - default: enterprise-contract-service/default description: | Name of the policy configuration (EnterpriseContractPolicy resource) to use. `namespace/name` or `name` syntax supported. If namespace is omitted the namespace where the task runs is used. You can also specify a policy configuration using a git url, e.g. `github.com/conforma/config//slsa3`. name: POLICY_CONFIGURATION type: string - default: "" description: Public key used to verify traditional long-lived signatures. Must be a valid k8s cosign reference, e.g. k8s://my-space/my-secret where my-secret contains the expected cosign.pub attribute. Required for traditional signing key verification. Will be ignored if any of CERTIFICATE_IDENTITY, CERTIFICATE_IDENTITY_REGEXP, CERTIFICATE_OIDC_ISSUER, or CERTIFICATE_OIDC_ISSUER_REGEXP are provided. name: PUBLIC_KEY type: string - default: "" description: Rekor host for transparency log lookups name: REKOR_HOST type: string - default: "" description: Expected identity in the signing certificate for keyless verification. This should be the email or URI that was used when signing. You should provide both CERTIFICATE_OIDC_ISSUER and CERTIFICATE_IDENTITY for keyless verification. The PUBLIC_KEY param will be ignored if this is provided. name: CERTIFICATE_IDENTITY type: string - default: "" description: Expected OIDC issuer in the signing certificate for keyless verification. This should match the issuer that provided the identity token used for signing. You should provide both CERTIFICATE_OIDC_ISSUER and CERTIFICATE_IDENTITY for keyless verification. The PUBLIC_KEY param will be ignored if this is provided. name: CERTIFICATE_OIDC_ISSUER type: string - default: "" description: Similar to CERTIFICATE_IDENTITY but the value is a regexp that will be matched. Note that CERTIFICATE_IDENTITY takes precedence over this if both are present. name: CERTIFICATE_IDENTITY_REGEXP type: string - default: "" description: Similar to CERTIFICATE_OIDC_ISSUER but a regexp that will be matched. Note that CERTIFICATE_OIDC_ISSUER takes precedence over this if both are present. name: CERTIFICATE_OIDC_ISSUER_REGEXP type: string - default: "false" description: Skip Rekor transparency log checks during validation. Compatible with traditional signing secret signature checks only. If any of the CERTIFICATE_* keyless verification params are present, this value is disregarded and Rekor transparency log checks are included. name: IGNORE_REKOR type: string - default: "" description: TUF mirror URL. Provide a value when NOT using public sigstore deployment. name: TUF_MIRROR type: string - default: "" description: | Path to a directory containing SSL certs to be used when communicating with external services. This is useful when using the integrated registry and a local instance of Rekor on a development cluster which may use certificates issued by a not-commonly trusted root CA. In such cases, `/var/run/secrets/kubernetes.io/serviceaccount` is a good value. Multiple paths can be provided by using the `:` separator. name: SSL_CERT_DIR type: string - default: trusted-ca description: The name of the ConfigMap to read CA bundle data from. name: CA_TRUST_CONFIGMAP_NAME type: string - default: ca-bundle.crt description: The name of the key in the ConfigMap that contains the CA bundle data. name: CA_TRUST_CONFIG_MAP_KEY type: string - default: "true" description: Include rule titles and descriptions in the output. Set to `"false"` to disable it. name: INFO type: string - default: "true" description: Fail the task if policy fails. Set to `"false"` to disable it. name: STRICT type: string - default: /tekton/home description: Value for the HOME environment variable. name: HOMEDIR type: string - default: now description: Run policy checks with the provided time. name: EFFECTIVE_TIME type: string - default: "" description: Merge additional Rego variables into the policy data. Use syntax "key=value,key2=value2..." name: EXTRA_RULE_DATA type: string - default: "1" description: Number of parallel workers to use for policy evaluation. name: WORKERS type: string - default: "false" description: Reduce the Snapshot to only the component whose build caused the Snapshot to be created name: SINGLE_COMPONENT type: string - default: unknown description: | Name, including kind, of the Kubernetes resource to query for labels when single component mode is enabled, e.g. pr/somepipeline. name: SINGLE_COMPONENT_CUSTOM_RESOURCE type: string - default: "" description: | Kubernetes namespace where the SINGLE_COMPONENT_NAME is found. Only used when single component mode is enabled. name: SINGLE_COMPONENT_CUSTOM_RESOURCE_NS type: string - default: 1s description: Base duration for exponential backoff calculation (e.g., "1s", "500ms") name: RETRY_DURATION type: string - default: "2.0" description: Exponential backoff multiplier (e.g., "2.0", "1.5") name: RETRY_FACTOR type: string - default: "0.1" description: Randomness factor for backoff calculation (0.0-1.0, e.g., "0.1", "0.2") name: RETRY_JITTER type: string - default: "3" description: Maximum number of retry attempts name: RETRY_MAX_RETRY type: string - default: 3s description: Maximum wait time between retries (e.g., "3s", "10s") name: RETRY_MAX_WAIT type: string results: - description: Short summary of the policy evaluation for each image name: TEST_OUTPUT type: string stepTemplate: computeResources: {} env: - name: HOME value: /tekton/home steps: - args: - sigstore - initialize - --mirror - "" - --root - /root.json command: - ec computeResources: limits: memory: 256Mi requests: cpu: 100m memory: 256Mi image: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: initialize-tuf when: - operator: notin values: - "" - command: - reduce-snapshot.sh computeResources: limits: memory: 256Mi requests: cpu: 100m memory: 256Mi env: - name: SNAPSHOT value: '{"components":[{"name":"","containerImage":"quay.io/redhat-appstudio-qe/test-images:buildah-demo-ohfkxyrwwd@sha256:c7ee23e9a9dfade19e9ee69e99de27d044b1dde095377e7868975a53ccfeeca9","source":{}}],"artifacts":{}}' - name: SINGLE_COMPONENT value: "false" - name: CUSTOM_RESOURCE value: unknown - name: CUSTOM_RESOURCE_NAMESPACE - name: SNAPSHOT_PATH value: /tekton/home/snapshot.json image: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: reduce onError: continue - computeResources: limits: memory: 2Gi requests: cpu: 1800m memory: 2Gi env: - name: POLICY_CONFIGURATION value: ec-policy - name: PUBLIC_KEY value: k8s://chains-e2e-ioyw/cosign-public-key - name: CERTIFICATE_IDENTITY - name: CERTIFICATE_OIDC_ISSUER - name: CERTIFICATE_IDENTITY_REGEXP - name: CERTIFICATE_OIDC_ISSUER_REGEXP - name: REKOR_HOST - name: IGNORE_REKOR value: "true" - name: WORKERS value: "1" - name: INFO value: "true" - name: EFFECTIVE_TIME value: now - name: EXTRA_RULE_DATA - name: RETRY_MAX_WAIT value: 3s - name: RETRY_MAX_RETRY value: "3" - name: RETRY_DURATION value: 1s - name: RETRY_FACTOR value: "2.0" - name: RETRY_JITTER value: "0.1" - name: HOMEDIR value: /tekton/home - name: SSL_CERT_DIR value: /tekton-custom-certs:/etc/ssl/certs:/etc/pki/tls/certs:/system/etc/security/cacerts:/var/run/secrets/kubernetes.io/serviceaccount image: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: validate onError: continue script: | #!/bin/bash set -euo pipefail cmd_args=( validate image --images="${HOMEDIR}/snapshot.json" --policy="${POLICY_CONFIGURATION}" ) # To keep bash logic as thin as possible we deliberately don't sanitize # these params. If something is wrong or missing let Conforma handle it. if [ -n "${CERTIFICATE_IDENTITY}" ] || \ [ -n "${CERTIFICATE_OIDC_ISSUER}" ] || \ [ -n "${CERTIFICATE_IDENTITY_REGEXP}" ] || \ [ -n "${CERTIFICATE_OIDC_ISSUER_REGEXP}" ]; then # If *any* of the above are non-empty assume the intention is to # try keyless verification if [ -n "${CERTIFICATE_IDENTITY}" ]; then cmd_args+=( --certificate-identity="${CERTIFICATE_IDENTITY}" ) elif [ -n "${CERTIFICATE_IDENTITY_REGEXP}" ]; then cmd_args+=( --certificate-identity-regexp="${CERTIFICATE_IDENTITY_REGEXP}" ) fi if [ -n "${CERTIFICATE_OIDC_ISSUER}" ]; then cmd_args+=( --certificate-oidc-issuer="${CERTIFICATE_OIDC_ISSUER}" ) elif [ -n "${CERTIFICATE_OIDC_ISSUER_REGEXP}" ]; then cmd_args+=( --certificate-oidc-issuer-regexp="${CERTIFICATE_OIDC_ISSUER_REGEXP}" ) fi # Force --ignore-rekor to false since we need rekor cmd_args+=( --ignore-rekor=false ) else # Assume traditional signing secret verification cmd_args+=( --public-key="${PUBLIC_KEY}" --ignore-rekor="${IGNORE_REKOR}" ) fi cmd_args+=( --rekor-url="${REKOR_HOST}" --workers="${WORKERS}" --info="${INFO}" --timeout=0 --strict=false --show-successes=true --show-policy-docs-link=true --effective-time="${EFFECTIVE_TIME}" --extra-rule-data="${EXTRA_RULE_DATA}" --retry-max-wait="${RETRY_MAX_WAIT}" --retry-max-retry="${RETRY_MAX_RETRY}" --retry-duration="${RETRY_DURATION}" --retry-factor="${RETRY_FACTOR}" --retry-jitter="${RETRY_JITTER}" --output="text=${HOMEDIR}/text-report.txt?show-successes=false" --output="json=${HOMEDIR}/report-json.json" --output="appstudio=/tekton/results/TEST_OUTPUT" ) # Execute Conforma with constructed arguments exec ec "${cmd_args[@]}" volumeMounts: - mountPath: /etc/pki/tls/certs/ca-custom-bundle.crt name: trusted-ca readOnly: true subPath: ca-bundle.crt - args: - jq . /tekton/home/report-json.json | awk '{gsub(/^ +/, ""); acc += length; if (acc >= 8000) { printf "\n"; acc=length } printf $0 }' command: - sh - -c computeResources: limits: memory: 256Mi requests: cpu: 100m memory: 256Mi image: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: report-json onError: continue - args: - . - /tekton/results/TEST_OUTPUT command: - jq computeResources: limits: memory: 256Mi requests: cpu: 100m memory: 256Mi image: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: summary onError: continue - args: - version command: - ec computeResources: limits: memory: 256Mi requests: cpu: 100m memory: 256Mi image: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: version - args: - '{policy: .policy, key: .key, "effective-time": .["effective-time"]}' - /tekton/home/report-json.json command: - jq computeResources: limits: memory: 256Mi requests: cpu: 100m memory: 256Mi image: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: show-config - args: - /tekton/home/text-report.txt command: - cat computeResources: {} image: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: detailed-report onError: continue - args: - --argjson - strict - "false" - -e - | .result == "SUCCESS" or .result == "WARNING" or ($strict | not) - /tekton/results/TEST_OUTPUT command: - jq computeResources: limits: memory: 256Mi requests: cpu: 100m memory: 256Mi image: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: assert volumes: - configMap: items: - key: ca-bundle.crt path: ca-bundle.crt name: trusted-ca optional: true name: trusted-ca workspaces: - description: The workspace where the snapshot spec json file resides name: data optional: true *** Logs from pod 'verify-enterprise-contract-a853bf0901c38a3aed11dcef2c62eb63-pod', container 'step-initialize-tuf': ----- START -----2026/05/06 07:11:44 INFO Step was skipped due to when expressions were evaluated to false. ----- END ----- *** Logs from pod 'verify-enterprise-contract-a853bf0901c38a3aed11dcef2c62eb63-pod', container 'step-reduce': ----- START -----Single Component mode? false { "components": [ { "name": "", "containerImage": "quay.io/redhat-appstudio-qe/test-images:buildah-demo-ohfkxyrwwd@sha256:c7ee23e9a9dfade19e9ee69e99de27d044b1dde095377e7868975a53ccfeeca9", "source": {} } ], "artifacts": {} } ----- END ----- *** Logs from pod 'verify-enterprise-contract-a853bf0901c38a3aed11dcef2c62eb63-pod', container 'step-validate': ----- START ---------- END ----- *** Logs from pod 'verify-enterprise-contract-a853bf0901c38a3aed11dcef2c62eb63-pod', container 'step-report-json': ----- START -----{"success": false,"components": [{"name": "","containerImage": "quay.io/redhat-appstudio-qe/test-images@sha256:c7ee23e9a9dfade19e9ee69e99de27d044b1dde095377e7868975a53ccfeeca9","source": {},"violations": [{"msg": "No test data found","metadata": {"code": "test.test_data_found","collections": ["redhat"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Ensure that at least one of the tasks in the pipeline includes a TEST_OUTPUT task result, which is where Conforma expects to find test result data. To exclude this rule add \"test.test_data_found\" to the `exclude` section of the policy configuration.","solution": "Confirm at least one task in the build pipeline contains a result named TEST_OUTPUT.","title": "Test data found in task results"}}],"successes": [{"msg": "Pass","metadata": {"code": "builtin.attestation.signature_check","description": "The attestation signature matches available signing materials.","title": "Attestation signature check passed"}},{"msg": "Pass","metadata": {"code": "builtin.attestation.syntax_check","description": "The attestation has correct syntax.","title": "Attestation syntax check passed"}},{"msg": "Pass","metadata": {"code": "builtin.image.signature_check","description": "The image signature matches available signing materials.","title": "Image signature check passed"}},{"msg": "Pass","metadata": {"code": "test.rule_data_provided","collections": ["redhat","policy_data"],"description": "Confirm the expected rule data keys have been provided in the expected format. The keys are `supported_tests_results`, `failed_tests_results`, `informative_tests`, `erred_tests_results`, `skipped_tests_results`, and `warned_tests_results`.","title": "Rule data provided"}},{"msg": "Pass","metadata": {"code": "test.test_all_images","collections": ["redhat"],"description": "Ensure that task producing the IMAGES_PROCESSED result contains the digests of the built image.","effective_on": "2024-05-29T00:00:00Z","title": "Image digest is present in IMAGES_PROCESSED result"}}],"success": false,"signatures": [{"keyid": "","sig": "MEQCIHpThoeJopV8XLF2YuemXz4DR4hRN/vZvyQngkYPoXLYAiBqD0xaa9X1e/XtioW0Gl3/NnBA0fE9kcKeTwOGxzy6CA=="},{"keyid": "","sig": "MEUCIQDDSONR8Lny6UO7VwgOfhw8F6WJmm2/oOttApzOEimBFwIgHQWWPKKliBt/1HskjjUPptgRBMtqrndFaesyAF09GqQ="},{"keyid": "","sig": "MEQCIFS/iyOUt5n9cVhOzAWKMMkbvQYkrzkm0Z3doUhfTuTPAiAO3L5lGuZDGl68dhva0CT//ihJnixMt8+rZtJCwo03RQ=="}],"attestations": [{"type": "https://in-toto.io/Statement/v0.1","predicateType": "https://slsa.dev/provenance/v0.2","predicateBuildType": "tekton.dev/v1/PipelineRun","signatures": [{"keyid": "SHA256:fOgL1xsyIks4O0XWySo7iEds+F+o5nNbqZKqVlESoIw","sig": "MEQCIB4iVUsI/n1MKSqcuXD2CH6Z0jU1QdGaEeiEQSAjIswkAiAkwsGaw24EvO78rvpJVMw0CC2wzE2qX87Q8tFYsD3GwQ=="}]}]}],"key": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEF1KPrbmgPwizdb09V4Tx2cuolTkR\n7bvG0CNUnt8llVgeI3i8FwpJavDhEIhOOd+Ug62XZMEQJkhn0x9upJLjbw==\n-----END PUBLIC KEY-----\n","policy": {"name": "Default","description": "Includes rules for levels 1, 2 & 3 of SLSA v0.1. This is the default config used for new Konflux applications. Source: https://github.com/conforma/config/blob/main/default/policy.yaml","sources": [{"name": "Default","policy": ["oci::quay.io/enterprise-contract/ec-release-policy:konflux@sha256:59c6b95c02295edb7928ef187571d26d426993fd5aae0236a03c832afbd6072a"],"data": ["git::github.com/release-engineering/rhtap-ec-policy//data?ref=67018469815ee9f81e47cfb54dae39d71ed5f389","oci::quay.io/konflux-ci/tekton-catalog/data-acceptable-bundles:latest@sha256:c7303e2d586614e47d7340ff8d7059c98c6c68fc8ca938b3448179fb8009372e","oci::quay.io/konflux-ci/konflux-vanguard/data-acceptable-bundles:latest@sha256:0b31c7bc77a7463a1bc52f3d3625ef0e0e75443da7fd2de8005d7885282138ea","oci::quay.io/konflux-ci/integration-service-catalog/data-acceptable-bundles:latest@sha256:7b00455045ea3873a72caeb1e7ac7d036bd53963a26409891a4cc9d0d242b9fc"],"config": {"include": ["test"]}}],"publicKey": "k8s://chains-e2e-ioyw/cosign-public-key"},"ec-version": "v0.9.25","effective-time": "2026-05-06T07:11:44.40641189Z"}----- END ----- *** Logs from pod 'verify-enterprise-contract-a853bf0901c38a3aed11dcef2c62eb63-pod', container 'step-summary': ----- START -----{ "timestamp": "1778051509", "namespace": "", "successes": 5, "failures": 1, "warnings": 0, "result": "FAILURE" } ----- END ----- *** Logs from pod 'verify-enterprise-contract-a853bf0901c38a3aed11dcef2c62eb63-pod', container 'step-version': ----- START -----Version v0.9.25 Source ID b345847182602d9a5ce9e957fa76fe02575c8018 Change date 2026-04-27 12:52:43 +0000 UTC (1 week ago) ECC v0.1.7 OPA v1.15.2 Conftest v0.68.2 Cosign v3.0.4 Sigstore v1.10.4 Rekor v1.5.0 Tekton Pipeline v1.9.2 Kubernetes Client v0.35.0 ----- END ----- *** Logs from pod 'verify-enterprise-contract-a853bf0901c38a3aed11dcef2c62eb63-pod', container 'step-show-config': ----- START -----{ "policy": { "name": "Default", "description": "Includes rules for levels 1, 2 & 3 of SLSA v0.1. This is the default config used for new Konflux applications. Source: https://github.com/conforma/config/blob/main/default/policy.yaml", "sources": [ { "name": "Default", "policy": [ "oci::quay.io/enterprise-contract/ec-release-policy:konflux@sha256:59c6b95c02295edb7928ef187571d26d426993fd5aae0236a03c832afbd6072a" ], "data": [ "git::github.com/release-engineering/rhtap-ec-policy//data?ref=67018469815ee9f81e47cfb54dae39d71ed5f389", "oci::quay.io/konflux-ci/tekton-catalog/data-acceptable-bundles:latest@sha256:c7303e2d586614e47d7340ff8d7059c98c6c68fc8ca938b3448179fb8009372e", "oci::quay.io/konflux-ci/konflux-vanguard/data-acceptable-bundles:latest@sha256:0b31c7bc77a7463a1bc52f3d3625ef0e0e75443da7fd2de8005d7885282138ea", "oci::quay.io/konflux-ci/integration-service-catalog/data-acceptable-bundles:latest@sha256:7b00455045ea3873a72caeb1e7ac7d036bd53963a26409891a4cc9d0d242b9fc" ], "config": { "include": [ "test" ] } } ], "publicKey": "k8s://chains-e2e-ioyw/cosign-public-key" }, "key": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEF1KPrbmgPwizdb09V4Tx2cuolTkR\n7bvG0CNUnt8llVgeI3i8FwpJavDhEIhOOd+Ug62XZMEQJkhn0x9upJLjbw==\n-----END PUBLIC KEY-----\n", "effective-time": "2026-05-06T07:11:44.40641189Z" } ----- END ----- *** Logs from pod 'verify-enterprise-contract-a853bf0901c38a3aed11dcef2c62eb63-pod', container 'step-detailed-report': ----- START -----Success: false Result: FAILURE Violations: 1, Warnings: 0, Successes: 5 Component: ImageRef: quay.io/redhat-appstudio-qe/test-images@sha256:c7ee23e9a9dfade19e9ee69e99de27d044b1dde095377e7868975a53ccfeeca9 Results: ✕ [Violation] test.test_data_found ImageRef: quay.io/redhat-appstudio-qe/test-images@sha256:c7ee23e9a9dfade19e9ee69e99de27d044b1dde095377e7868975a53ccfeeca9 Reason: No test data found Title: Test data found in task results Description: Ensure that at least one of the tasks in the pipeline includes a TEST_OUTPUT task result, which is where Conforma expects to find test result data. To exclude this rule add "test.test_data_found" to the `exclude` section of the policy configuration. Solution: Confirm at least one task in the build pipeline contains a result named TEST_OUTPUT. For more information about policy issues, see the policy documentation: https://conforma.dev/docs/policy/ ----- END ----- *** Logs from pod 'verify-enterprise-contract-a853bf0901c38a3aed11dcef2c62eb63-pod', container 'step-assert': ----- START -----true ----- END ----- Make sure TaskRun verify-enterprise-contract of PipelineRun verify-enterprise-contract-run-2djv6 succeeded Make sure result for TaskRun "verify-enterprise-contract" succeeded < Exit [It] does not pass when tests are not satisfied on non-strict mode - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:197 @ 05/06/26 07:11:52.133 (14.191s) > Enter [AfterEach] [enterprise-contract-suite Conforma E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:29 @ 05/06/26 07:11:52.133 < Exit [AfterEach] [enterprise-contract-suite Conforma E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:29 @ 05/06/26 07:11:52.133 (0s) > Enter [BeforeEach] verify-enterprise-contract task - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:154 @ 05/06/26 07:11:52.134 < Exit [BeforeEach] verify-enterprise-contract task - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:154 @ 05/06/26 07:11:52.153 (19ms) > Enter [It] fails when tests are not satisfied on strict mode - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:225 @ 05/06/26 07:11:52.153 Creating Pipeline "verify-enterprise-contract-run-j9r7p" Waiting for pipeline "verify-enterprise-contract-run-j9r7p" to finish *** TaskRun status: artifacts: {} completionTime: "2026-05-06T07:12:08Z" conditions: - lastTransitionTime: "2026-05-06T07:12:08Z" message: '"step-assert" exited with code 1: Error' reason: Failed status: "False" type: Succeeded podName: verify-enterprise-contract-eeddd40397367cfe93c6fdf714d8aa94-pod provenance: featureFlags: awaitSidecarReadiness: true coschedule: workspaces enableAPIFields: alpha enableParamEnum: true enableProvenanceInStatus: true enforceNonfalsifiability: none maxResultSize: 4096 resultExtractionMethod: termination-message runningInEnvWithInjectedSidecars: true verificationNoMatchPolicy: ignore refSource: digest: sha256: 7df8d121c09999d0376e189c1eb8a8263078aab697aa5ee966512f581427a6ce entryPoint: verify-enterprise-contract uri: quay.io/conforma/tekton-task results: - name: TEST_OUTPUT type: string value: | {"timestamp":"1778051526","namespace":"","successes":5,"failures":1,"warnings":0,"result":"FAILURE"} spanContext: traceparent: 00-052e657e87c00ef0b85dec05d71641a0-5a9d3fe3ad43a7c2-01 startTime: "2026-05-06T07:11:53Z" steps: - container: step-initialize-tuf imageID: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: initialize-tuf provenance: {} terminated: containerID: cri-o://97409bc6077c2e0766c80119d76e2cf36968be99477f0552a4d66069759f7237 exitCode: 0 finishedAt: "2026-05-06T07:11:59Z" reason: Completed startedAt: "2026-05-06T07:11:59Z" terminationReason: Skipped - container: step-reduce imageID: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: reduce provenance: {} terminated: containerID: cri-o://3032662df58e4a3a94aa589bfe4883037c10760ceb0aaac9c240a24b0c078eb5 exitCode: 0 finishedAt: "2026-05-06T07:11:59Z" reason: Completed startedAt: "2026-05-06T07:11:59Z" terminationReason: Completed - container: step-validate imageID: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: validate provenance: {} terminated: containerID: cri-o://a644491bf5884353355f9e385811cc5546e36c316570b5c84703c995e3e5f64a exitCode: 0 finishedAt: "2026-05-06T07:12:06Z" message: '[{"key":"TEST_OUTPUT","value":"{\"timestamp\":\"1778051526\",\"namespace\":\"\",\"successes\":5,\"failures\":1,\"warnings\":0,\"result\":\"FAILURE\"}\n","type":1}]' reason: Completed startedAt: "2026-05-06T07:12:00Z" terminationReason: Completed - container: step-report-json imageID: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: report-json provenance: {} terminated: containerID: cri-o://56c6f19a3be9bb14e7e5a64ae1efd6ed308e0e704969201494d48a660dab0e75 exitCode: 0 finishedAt: "2026-05-06T07:12:07Z" message: '[{"key":"TEST_OUTPUT","value":"{\"timestamp\":\"1778051526\",\"namespace\":\"\",\"successes\":5,\"failures\":1,\"warnings\":0,\"result\":\"FAILURE\"}\n","type":1}]' reason: Completed startedAt: "2026-05-06T07:12:06Z" terminationReason: Completed - container: step-summary imageID: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: summary provenance: {} terminated: containerID: cri-o://5bbd9dd3da7c7bb43aab0bfdec066cad8347bc9c3561f2c6e66e3690d4ffd06a exitCode: 0 finishedAt: "2026-05-06T07:12:07Z" message: '[{"key":"TEST_OUTPUT","value":"{\"timestamp\":\"1778051526\",\"namespace\":\"\",\"successes\":5,\"failures\":1,\"warnings\":0,\"result\":\"FAILURE\"}\n","type":1}]' reason: Completed startedAt: "2026-05-06T07:12:07Z" terminationReason: Completed - container: step-version imageID: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: version provenance: {} terminated: containerID: cri-o://8eeddbee4ae14d66dad76bd5da71900f719e08f9ae65e0b839f4ec33d14976f6 exitCode: 0 finishedAt: "2026-05-06T07:12:07Z" message: '[{"key":"TEST_OUTPUT","value":"{\"timestamp\":\"1778051526\",\"namespace\":\"\",\"successes\":5,\"failures\":1,\"warnings\":0,\"result\":\"FAILURE\"}\n","type":1}]' reason: Completed startedAt: "2026-05-06T07:12:07Z" terminationReason: Completed - container: step-show-config imageID: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: show-config provenance: {} terminated: containerID: cri-o://ba9048d58205ece0b28bf4637485bf428f92f8d0ad705ee412b075d616b95597 exitCode: 0 finishedAt: "2026-05-06T07:12:07Z" message: '[{"key":"TEST_OUTPUT","value":"{\"timestamp\":\"1778051526\",\"namespace\":\"\",\"successes\":5,\"failures\":1,\"warnings\":0,\"result\":\"FAILURE\"}\n","type":1}]' reason: Completed startedAt: "2026-05-06T07:12:07Z" terminationReason: Completed - container: step-detailed-report imageID: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: detailed-report provenance: {} terminated: containerID: cri-o://d25d98206d1ed0955227897b970d4390a9a28562caf388635fdc0a0bd08f210c exitCode: 0 finishedAt: "2026-05-06T07:12:08Z" message: '[{"key":"TEST_OUTPUT","value":"{\"timestamp\":\"1778051526\",\"namespace\":\"\",\"successes\":5,\"failures\":1,\"warnings\":0,\"result\":\"FAILURE\"}\n","type":1}]' reason: Completed startedAt: "2026-05-06T07:12:07Z" terminationReason: Completed - container: step-assert imageID: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: assert provenance: {} terminated: containerID: cri-o://c01d314aa38578d60076668aa60fcac3a361a75ead5715f86a6ee2568f598d09 exitCode: 1 finishedAt: "2026-05-06T07:12:08Z" message: '[{"key":"TEST_OUTPUT","value":"{\"timestamp\":\"1778051526\",\"namespace\":\"\",\"successes\":5,\"failures\":1,\"warnings\":0,\"result\":\"FAILURE\"}\n","type":1}]' reason: Error startedAt: "2026-05-06T07:12:08Z" terminationReason: Error taskSpec: description: Verify the enterprise contract is met params: - description: | Spec section of an ApplicationSnapshot resource. Not all fields of the resource are required. A minimal example: ```json { "components": [ { "containerImage": "quay.io/example/repo:latest" } ] } ``` Each `containerImage` in the `components` array is validated. name: IMAGES type: string - default: enterprise-contract-service/default description: | Name of the policy configuration (EnterpriseContractPolicy resource) to use. `namespace/name` or `name` syntax supported. If namespace is omitted the namespace where the task runs is used. You can also specify a policy configuration using a git url, e.g. `github.com/conforma/config//slsa3`. name: POLICY_CONFIGURATION type: string - default: "" description: Public key used to verify traditional long-lived signatures. Must be a valid k8s cosign reference, e.g. k8s://my-space/my-secret where my-secret contains the expected cosign.pub attribute. Required for traditional signing key verification. Will be ignored if any of CERTIFICATE_IDENTITY, CERTIFICATE_IDENTITY_REGEXP, CERTIFICATE_OIDC_ISSUER, or CERTIFICATE_OIDC_ISSUER_REGEXP are provided. name: PUBLIC_KEY type: string - default: "" description: Rekor host for transparency log lookups name: REKOR_HOST type: string - default: "" description: Expected identity in the signing certificate for keyless verification. This should be the email or URI that was used when signing. You should provide both CERTIFICATE_OIDC_ISSUER and CERTIFICATE_IDENTITY for keyless verification. The PUBLIC_KEY param will be ignored if this is provided. name: CERTIFICATE_IDENTITY type: string - default: "" description: Expected OIDC issuer in the signing certificate for keyless verification. This should match the issuer that provided the identity token used for signing. You should provide both CERTIFICATE_OIDC_ISSUER and CERTIFICATE_IDENTITY for keyless verification. The PUBLIC_KEY param will be ignored if this is provided. name: CERTIFICATE_OIDC_ISSUER type: string - default: "" description: Similar to CERTIFICATE_IDENTITY but the value is a regexp that will be matched. Note that CERTIFICATE_IDENTITY takes precedence over this if both are present. name: CERTIFICATE_IDENTITY_REGEXP type: string - default: "" description: Similar to CERTIFICATE_OIDC_ISSUER but a regexp that will be matched. Note that CERTIFICATE_OIDC_ISSUER takes precedence over this if both are present. name: CERTIFICATE_OIDC_ISSUER_REGEXP type: string - default: "false" description: Skip Rekor transparency log checks during validation. Compatible with traditional signing secret signature checks only. If any of the CERTIFICATE_* keyless verification params are present, this value is disregarded and Rekor transparency log checks are included. name: IGNORE_REKOR type: string - default: "" description: TUF mirror URL. Provide a value when NOT using public sigstore deployment. name: TUF_MIRROR type: string - default: "" description: | Path to a directory containing SSL certs to be used when communicating with external services. This is useful when using the integrated registry and a local instance of Rekor on a development cluster which may use certificates issued by a not-commonly trusted root CA. In such cases, `/var/run/secrets/kubernetes.io/serviceaccount` is a good value. Multiple paths can be provided by using the `:` separator. name: SSL_CERT_DIR type: string - default: trusted-ca description: The name of the ConfigMap to read CA bundle data from. name: CA_TRUST_CONFIGMAP_NAME type: string - default: ca-bundle.crt description: The name of the key in the ConfigMap that contains the CA bundle data. name: CA_TRUST_CONFIG_MAP_KEY type: string - default: "true" description: Include rule titles and descriptions in the output. Set to `"false"` to disable it. name: INFO type: string - default: "true" description: Fail the task if policy fails. Set to `"false"` to disable it. name: STRICT type: string - default: /tekton/home description: Value for the HOME environment variable. name: HOMEDIR type: string - default: now description: Run policy checks with the provided time. name: EFFECTIVE_TIME type: string - default: "" description: Merge additional Rego variables into the policy data. Use syntax "key=value,key2=value2..." name: EXTRA_RULE_DATA type: string - default: "1" description: Number of parallel workers to use for policy evaluation. name: WORKERS type: string - default: "false" description: Reduce the Snapshot to only the component whose build caused the Snapshot to be created name: SINGLE_COMPONENT type: string - default: unknown description: | Name, including kind, of the Kubernetes resource to query for labels when single component mode is enabled, e.g. pr/somepipeline. name: SINGLE_COMPONENT_CUSTOM_RESOURCE type: string - default: "" description: | Kubernetes namespace where the SINGLE_COMPONENT_NAME is found. Only used when single component mode is enabled. name: SINGLE_COMPONENT_CUSTOM_RESOURCE_NS type: string - default: 1s description: Base duration for exponential backoff calculation (e.g., "1s", "500ms") name: RETRY_DURATION type: string - default: "2.0" description: Exponential backoff multiplier (e.g., "2.0", "1.5") name: RETRY_FACTOR type: string - default: "0.1" description: Randomness factor for backoff calculation (0.0-1.0, e.g., "0.1", "0.2") name: RETRY_JITTER type: string - default: "3" description: Maximum number of retry attempts name: RETRY_MAX_RETRY type: string - default: 3s description: Maximum wait time between retries (e.g., "3s", "10s") name: RETRY_MAX_WAIT type: string results: - description: Short summary of the policy evaluation for each image name: TEST_OUTPUT type: string stepTemplate: computeResources: {} env: - name: HOME value: /tekton/home steps: - args: - sigstore - initialize - --mirror - "" - --root - /root.json command: - ec computeResources: limits: memory: 256Mi requests: cpu: 100m memory: 256Mi image: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: initialize-tuf when: - operator: notin values: - "" - command: - reduce-snapshot.sh computeResources: limits: memory: 256Mi requests: cpu: 100m memory: 256Mi env: - name: SNAPSHOT value: '{"components":[{"name":"","containerImage":"quay.io/redhat-appstudio-qe/test-images:buildah-demo-ohfkxyrwwd@sha256:c7ee23e9a9dfade19e9ee69e99de27d044b1dde095377e7868975a53ccfeeca9","source":{}}],"artifacts":{}}' - name: SINGLE_COMPONENT value: "false" - name: CUSTOM_RESOURCE value: unknown - name: CUSTOM_RESOURCE_NAMESPACE - name: SNAPSHOT_PATH value: /tekton/home/snapshot.json image: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: reduce onError: continue - computeResources: limits: memory: 2Gi requests: cpu: 1800m memory: 2Gi env: - name: POLICY_CONFIGURATION value: ec-policy - name: PUBLIC_KEY value: k8s://chains-e2e-ioyw/cosign-public-key - name: CERTIFICATE_IDENTITY - name: CERTIFICATE_OIDC_ISSUER - name: CERTIFICATE_IDENTITY_REGEXP - name: CERTIFICATE_OIDC_ISSUER_REGEXP - name: REKOR_HOST - name: IGNORE_REKOR value: "true" - name: WORKERS value: "1" - name: INFO value: "true" - name: EFFECTIVE_TIME value: now - name: EXTRA_RULE_DATA - name: RETRY_MAX_WAIT value: 3s - name: RETRY_MAX_RETRY value: "3" - name: RETRY_DURATION value: 1s - name: RETRY_FACTOR value: "2.0" - name: RETRY_JITTER value: "0.1" - name: HOMEDIR value: /tekton/home - name: SSL_CERT_DIR value: /tekton-custom-certs:/etc/ssl/certs:/etc/pki/tls/certs:/system/etc/security/cacerts:/var/run/secrets/kubernetes.io/serviceaccount image: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: validate onError: continue script: | #!/bin/bash set -euo pipefail cmd_args=( validate image --images="${HOMEDIR}/snapshot.json" --policy="${POLICY_CONFIGURATION}" ) # To keep bash logic as thin as possible we deliberately don't sanitize # these params. If something is wrong or missing let Conforma handle it. if [ -n "${CERTIFICATE_IDENTITY}" ] || \ [ -n "${CERTIFICATE_OIDC_ISSUER}" ] || \ [ -n "${CERTIFICATE_IDENTITY_REGEXP}" ] || \ [ -n "${CERTIFICATE_OIDC_ISSUER_REGEXP}" ]; then # If *any* of the above are non-empty assume the intention is to # try keyless verification if [ -n "${CERTIFICATE_IDENTITY}" ]; then cmd_args+=( --certificate-identity="${CERTIFICATE_IDENTITY}" ) elif [ -n "${CERTIFICATE_IDENTITY_REGEXP}" ]; then cmd_args+=( --certificate-identity-regexp="${CERTIFICATE_IDENTITY_REGEXP}" ) fi if [ -n "${CERTIFICATE_OIDC_ISSUER}" ]; then cmd_args+=( --certificate-oidc-issuer="${CERTIFICATE_OIDC_ISSUER}" ) elif [ -n "${CERTIFICATE_OIDC_ISSUER_REGEXP}" ]; then cmd_args+=( --certificate-oidc-issuer-regexp="${CERTIFICATE_OIDC_ISSUER_REGEXP}" ) fi # Force --ignore-rekor to false since we need rekor cmd_args+=( --ignore-rekor=false ) else # Assume traditional signing secret verification cmd_args+=( --public-key="${PUBLIC_KEY}" --ignore-rekor="${IGNORE_REKOR}" ) fi cmd_args+=( --rekor-url="${REKOR_HOST}" --workers="${WORKERS}" --info="${INFO}" --timeout=0 --strict=false --show-successes=true --show-policy-docs-link=true --effective-time="${EFFECTIVE_TIME}" --extra-rule-data="${EXTRA_RULE_DATA}" --retry-max-wait="${RETRY_MAX_WAIT}" --retry-max-retry="${RETRY_MAX_RETRY}" --retry-duration="${RETRY_DURATION}" --retry-factor="${RETRY_FACTOR}" --retry-jitter="${RETRY_JITTER}" --output="text=${HOMEDIR}/text-report.txt?show-successes=false" --output="json=${HOMEDIR}/report-json.json" --output="appstudio=/tekton/results/TEST_OUTPUT" ) # Execute Conforma with constructed arguments exec ec "${cmd_args[@]}" volumeMounts: - mountPath: /etc/pki/tls/certs/ca-custom-bundle.crt name: trusted-ca readOnly: true subPath: ca-bundle.crt - args: - jq . /tekton/home/report-json.json | awk '{gsub(/^ +/, ""); acc += length; if (acc >= 8000) { printf "\n"; acc=length } printf $0 }' command: - sh - -c computeResources: limits: memory: 256Mi requests: cpu: 100m memory: 256Mi image: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: report-json onError: continue - args: - . - /tekton/results/TEST_OUTPUT command: - jq computeResources: limits: memory: 256Mi requests: cpu: 100m memory: 256Mi image: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: summary onError: continue - args: - version command: - ec computeResources: limits: memory: 256Mi requests: cpu: 100m memory: 256Mi image: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: version - args: - '{policy: .policy, key: .key, "effective-time": .["effective-time"]}' - /tekton/home/report-json.json command: - jq computeResources: limits: memory: 256Mi requests: cpu: 100m memory: 256Mi image: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: show-config - args: - /tekton/home/text-report.txt command: - cat computeResources: {} image: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: detailed-report onError: continue - args: - --argjson - strict - "true" - -e - | .result == "SUCCESS" or .result == "WARNING" or ($strict | not) - /tekton/results/TEST_OUTPUT command: - jq computeResources: limits: memory: 256Mi requests: cpu: 100m memory: 256Mi image: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: assert volumes: - configMap: items: - key: ca-bundle.crt path: ca-bundle.crt name: trusted-ca optional: true name: trusted-ca workspaces: - description: The workspace where the snapshot spec json file resides name: data optional: true *** Logs from pod 'verify-enterprise-contract-eeddd40397367cfe93c6fdf714d8aa94-pod', container 'step-initialize-tuf': ----- START -----2026/05/06 07:11:59 INFO Step was skipped due to when expressions were evaluated to false. ----- END ----- *** Logs from pod 'verify-enterprise-contract-eeddd40397367cfe93c6fdf714d8aa94-pod', container 'step-reduce': ----- START -----Single Component mode? false { "components": [ { "name": "", "containerImage": "quay.io/redhat-appstudio-qe/test-images:buildah-demo-ohfkxyrwwd@sha256:c7ee23e9a9dfade19e9ee69e99de27d044b1dde095377e7868975a53ccfeeca9", "source": {} } ], "artifacts": {} } ----- END ----- *** Logs from pod 'verify-enterprise-contract-eeddd40397367cfe93c6fdf714d8aa94-pod', container 'step-validate': ----- START ---------- END ----- *** Logs from pod 'verify-enterprise-contract-eeddd40397367cfe93c6fdf714d8aa94-pod', container 'step-report-json': ----- START -----{"success": false,"components": [{"name": "","containerImage": "quay.io/redhat-appstudio-qe/test-images@sha256:c7ee23e9a9dfade19e9ee69e99de27d044b1dde095377e7868975a53ccfeeca9","source": {},"violations": [{"msg": "No test data found","metadata": {"code": "test.test_data_found","collections": ["redhat"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Ensure that at least one of the tasks in the pipeline includes a TEST_OUTPUT task result, which is where Conforma expects to find test result data. To exclude this rule add \"test.test_data_found\" to the `exclude` section of the policy configuration.","solution": "Confirm at least one task in the build pipeline contains a result named TEST_OUTPUT.","title": "Test data found in task results"}}],"successes": [{"msg": "Pass","metadata": {"code": "builtin.attestation.signature_check","description": "The attestation signature matches available signing materials.","title": "Attestation signature check passed"}},{"msg": "Pass","metadata": {"code": "builtin.attestation.syntax_check","description": "The attestation has correct syntax.","title": "Attestation syntax check passed"}},{"msg": "Pass","metadata": {"code": "builtin.image.signature_check","description": "The image signature matches available signing materials.","title": "Image signature check passed"}},{"msg": "Pass","metadata": {"code": "test.rule_data_provided","collections": ["redhat","policy_data"],"description": "Confirm the expected rule data keys have been provided in the expected format. The keys are `supported_tests_results`, `failed_tests_results`, `informative_tests`, `erred_tests_results`, `skipped_tests_results`, and `warned_tests_results`.","title": "Rule data provided"}},{"msg": "Pass","metadata": {"code": "test.test_all_images","collections": ["redhat"],"description": "Ensure that task producing the IMAGES_PROCESSED result contains the digests of the built image.","effective_on": "2024-05-29T00:00:00Z","title": "Image digest is present in IMAGES_PROCESSED result"}}],"success": false,"signatures": [{"keyid": "","sig": "MEQCIHpThoeJopV8XLF2YuemXz4DR4hRN/vZvyQngkYPoXLYAiBqD0xaa9X1e/XtioW0Gl3/NnBA0fE9kcKeTwOGxzy6CA=="},{"keyid": "","sig": "MEUCIQDDSONR8Lny6UO7VwgOfhw8F6WJmm2/oOttApzOEimBFwIgHQWWPKKliBt/1HskjjUPptgRBMtqrndFaesyAF09GqQ="},{"keyid": "","sig": "MEQCIFS/iyOUt5n9cVhOzAWKMMkbvQYkrzkm0Z3doUhfTuTPAiAO3L5lGuZDGl68dhva0CT//ihJnixMt8+rZtJCwo03RQ=="}],"attestations": [{"type": "https://in-toto.io/Statement/v0.1","predicateType": "https://slsa.dev/provenance/v0.2","predicateBuildType": "tekton.dev/v1/PipelineRun","signatures": [{"keyid": "SHA256:fOgL1xsyIks4O0XWySo7iEds+F+o5nNbqZKqVlESoIw","sig": "MEQCIB4iVUsI/n1MKSqcuXD2CH6Z0jU1QdGaEeiEQSAjIswkAiAkwsGaw24EvO78rvpJVMw0CC2wzE2qX87Q8tFYsD3GwQ=="}]}]}],"key": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEF1KPrbmgPwizdb09V4Tx2cuolTkR\n7bvG0CNUnt8llVgeI3i8FwpJavDhEIhOOd+Ug62XZMEQJkhn0x9upJLjbw==\n-----END PUBLIC KEY-----\n","policy": {"name": "Default","description": "Includes rules for levels 1, 2 & 3 of SLSA v0.1. This is the default config used for new Konflux applications. Source: https://github.com/conforma/config/blob/main/default/policy.yaml","sources": [{"name": "Default","policy": ["oci::quay.io/enterprise-contract/ec-release-policy:konflux@sha256:59c6b95c02295edb7928ef187571d26d426993fd5aae0236a03c832afbd6072a"],"data": ["git::github.com/release-engineering/rhtap-ec-policy//data?ref=67018469815ee9f81e47cfb54dae39d71ed5f389","oci::quay.io/konflux-ci/tekton-catalog/data-acceptable-bundles:latest@sha256:c7303e2d586614e47d7340ff8d7059c98c6c68fc8ca938b3448179fb8009372e","oci::quay.io/konflux-ci/konflux-vanguard/data-acceptable-bundles:latest@sha256:0b31c7bc77a7463a1bc52f3d3625ef0e0e75443da7fd2de8005d7885282138ea","oci::quay.io/konflux-ci/integration-service-catalog/data-acceptable-bundles:latest@sha256:7b00455045ea3873a72caeb1e7ac7d036bd53963a26409891a4cc9d0d242b9fc"],"config": {"include": ["test"]}}],"publicKey": "k8s://chains-e2e-ioyw/cosign-public-key"},"ec-version": "v0.9.25","effective-time": "2026-05-06T07:12:01.089464036Z"}----- END ----- *** Logs from pod 'verify-enterprise-contract-eeddd40397367cfe93c6fdf714d8aa94-pod', container 'step-summary': ----- START -----{ "timestamp": "1778051526", "namespace": "", "successes": 5, "failures": 1, "warnings": 0, "result": "FAILURE" } ----- END ----- *** Logs from pod 'verify-enterprise-contract-eeddd40397367cfe93c6fdf714d8aa94-pod', container 'step-version': ----- START -----Version v0.9.25 Source ID b345847182602d9a5ce9e957fa76fe02575c8018 Change date 2026-04-27 12:52:43 +0000 UTC (1 week ago) ECC v0.1.7 OPA v1.15.2 Conftest v0.68.2 Cosign v3.0.4 Sigstore v1.10.4 Rekor v1.5.0 Tekton Pipeline v1.9.2 Kubernetes Client v0.35.0 ----- END ----- *** Logs from pod 'verify-enterprise-contract-eeddd40397367cfe93c6fdf714d8aa94-pod', container 'step-show-config': ----- START -----{ "policy": { "name": "Default", "description": "Includes rules for levels 1, 2 & 3 of SLSA v0.1. This is the default config used for new Konflux applications. Source: https://github.com/conforma/config/blob/main/default/policy.yaml", "sources": [ { "name": "Default", "policy": [ "oci::quay.io/enterprise-contract/ec-release-policy:konflux@sha256:59c6b95c02295edb7928ef187571d26d426993fd5aae0236a03c832afbd6072a" ], "data": [ "git::github.com/release-engineering/rhtap-ec-policy//data?ref=67018469815ee9f81e47cfb54dae39d71ed5f389", "oci::quay.io/konflux-ci/tekton-catalog/data-acceptable-bundles:latest@sha256:c7303e2d586614e47d7340ff8d7059c98c6c68fc8ca938b3448179fb8009372e", "oci::quay.io/konflux-ci/konflux-vanguard/data-acceptable-bundles:latest@sha256:0b31c7bc77a7463a1bc52f3d3625ef0e0e75443da7fd2de8005d7885282138ea", "oci::quay.io/konflux-ci/integration-service-catalog/data-acceptable-bundles:latest@sha256:7b00455045ea3873a72caeb1e7ac7d036bd53963a26409891a4cc9d0d242b9fc" ], "config": { "include": [ "test" ] } } ], "publicKey": "k8s://chains-e2e-ioyw/cosign-public-key" }, "key": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEF1KPrbmgPwizdb09V4Tx2cuolTkR\n7bvG0CNUnt8llVgeI3i8FwpJavDhEIhOOd+Ug62XZMEQJkhn0x9upJLjbw==\n-----END PUBLIC KEY-----\n", "effective-time": "2026-05-06T07:12:01.089464036Z" } ----- END ----- *** Logs from pod 'verify-enterprise-contract-eeddd40397367cfe93c6fdf714d8aa94-pod', container 'step-detailed-report': ----- START -----Success: false Result: FAILURE Violations: 1, Warnings: 0, Successes: 5 Component: ImageRef: quay.io/redhat-appstudio-qe/test-images@sha256:c7ee23e9a9dfade19e9ee69e99de27d044b1dde095377e7868975a53ccfeeca9 Results: ✕ [Violation] test.test_data_found ImageRef: quay.io/redhat-appstudio-qe/test-images@sha256:c7ee23e9a9dfade19e9ee69e99de27d044b1dde095377e7868975a53ccfeeca9 Reason: No test data found Title: Test data found in task results Description: Ensure that at least one of the tasks in the pipeline includes a TEST_OUTPUT task result, which is where Conforma expects to find test result data. To exclude this rule add "test.test_data_found" to the `exclude` section of the policy configuration. Solution: Confirm at least one task in the build pipeline contains a result named TEST_OUTPUT. For more information about policy issues, see the policy documentation: https://conforma.dev/docs/policy/ ----- END ----- *** Logs from pod 'verify-enterprise-contract-eeddd40397367cfe93c6fdf714d8aa94-pod', container 'step-assert': ----- START -----false ----- END ----- Make sure TaskRun verify-enterprise-contract of PipelineRun verify-enterprise-contract-run-j9r7p failed < Exit [It] fails when tests are not satisfied on strict mode - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:225 @ 05/06/26 07:12:09.467 (17.314s) > Enter [AfterEach] [enterprise-contract-suite Conforma E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:29 @ 05/06/26 07:12:09.467 < Exit [AfterEach] [enterprise-contract-suite Conforma E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:29 @ 05/06/26 07:12:09.467 (0s) > Enter [BeforeEach] verify-enterprise-contract task - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:154 @ 05/06/26 07:12:09.468 < Exit [BeforeEach] verify-enterprise-contract task - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:154 @ 05/06/26 07:12:09.495 (27ms) > Enter [It] fails when unexpected signature is used - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:251 @ 05/06/26 07:12:09.495 Create an unexpected public signing key Creating Pipeline "verify-enterprise-contract-run-rqb9w" Waiting for pipeline "verify-enterprise-contract-run-rqb9w" to finish *** TaskRun status: artifacts: {} completionTime: "2026-05-06T07:12:26Z" conditions: - lastTransitionTime: "2026-05-06T07:12:26Z" message: '"step-assert" exited with code 1: Error' reason: Failed status: "False" type: Succeeded podName: verify-enterprise-contract-9de664babf1c709d7b136866f9afe440-pod provenance: featureFlags: awaitSidecarReadiness: true coschedule: workspaces enableAPIFields: alpha enableParamEnum: true enableProvenanceInStatus: true enforceNonfalsifiability: none maxResultSize: 4096 resultExtractionMethod: termination-message runningInEnvWithInjectedSidecars: true verificationNoMatchPolicy: ignore refSource: digest: sha256: 7df8d121c09999d0376e189c1eb8a8263078aab697aa5ee966512f581427a6ce entryPoint: verify-enterprise-contract uri: quay.io/conforma/tekton-task results: - name: TEST_OUTPUT type: string value: | {"timestamp":"1778051543","namespace":"","successes":0,"failures":2,"warnings":0,"result":"FAILURE"} spanContext: traceparent: 00-644703fa21ed380572ccc97d55671b95-a6aed42278b25138-01 startTime: "2026-05-06T07:12:10Z" steps: - container: step-initialize-tuf imageID: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: initialize-tuf provenance: {} terminated: containerID: cri-o://c20fe985cf7ddbf7accfe76f9cf08ab34cb9a53e24f3fd79df65925a1a4e0309 exitCode: 0 finishedAt: "2026-05-06T07:12:19Z" reason: Completed startedAt: "2026-05-06T07:12:19Z" terminationReason: Skipped - container: step-reduce imageID: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: reduce provenance: {} terminated: containerID: cri-o://a7ded30fc08ad19e15db9ca52f8ad57c2ef6aa1ec17481d503ca36dc19a7104b exitCode: 0 finishedAt: "2026-05-06T07:12:19Z" reason: Completed startedAt: "2026-05-06T07:12:19Z" terminationReason: Completed - container: step-validate imageID: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: validate provenance: {} terminated: containerID: cri-o://59fb265041ad6737e686add5d379ff636fac12e7fd935420a5f4ed7b8dae2772 exitCode: 0 finishedAt: "2026-05-06T07:12:23Z" message: '[{"key":"TEST_OUTPUT","value":"{\"timestamp\":\"1778051543\",\"namespace\":\"\",\"successes\":0,\"failures\":2,\"warnings\":0,\"result\":\"FAILURE\"}\n","type":1}]' reason: Completed startedAt: "2026-05-06T07:12:19Z" terminationReason: Completed - container: step-report-json imageID: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: report-json provenance: {} terminated: containerID: cri-o://db8aeef11b6b38b87651163495e26c2198753e4f32b9f8a468a0c3c916789c80 exitCode: 0 finishedAt: "2026-05-06T07:12:24Z" message: '[{"key":"TEST_OUTPUT","value":"{\"timestamp\":\"1778051543\",\"namespace\":\"\",\"successes\":0,\"failures\":2,\"warnings\":0,\"result\":\"FAILURE\"}\n","type":1}]' reason: Completed startedAt: "2026-05-06T07:12:24Z" terminationReason: Completed - container: step-summary imageID: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: summary provenance: {} terminated: containerID: cri-o://a8a9f4702227ad6a8a7205ec3bafadfa36911db9d93709b6e866bbdcaadfd869 exitCode: 0 finishedAt: "2026-05-06T07:12:24Z" message: '[{"key":"TEST_OUTPUT","value":"{\"timestamp\":\"1778051543\",\"namespace\":\"\",\"successes\":0,\"failures\":2,\"warnings\":0,\"result\":\"FAILURE\"}\n","type":1}]' reason: Completed startedAt: "2026-05-06T07:12:24Z" terminationReason: Completed - container: step-version imageID: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: version provenance: {} terminated: containerID: cri-o://619469b9d761cb8f90a04b90b03f597017a20dd5e0f7bc890951362238bd3e14 exitCode: 0 finishedAt: "2026-05-06T07:12:24Z" message: '[{"key":"TEST_OUTPUT","value":"{\"timestamp\":\"1778051543\",\"namespace\":\"\",\"successes\":0,\"failures\":2,\"warnings\":0,\"result\":\"FAILURE\"}\n","type":1}]' reason: Completed startedAt: "2026-05-06T07:12:24Z" terminationReason: Completed - container: step-show-config imageID: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: show-config provenance: {} terminated: containerID: cri-o://90d32bac6810f65e73870ecb169f013561acd140ea483699d6933746892eac30 exitCode: 0 finishedAt: "2026-05-06T07:12:24Z" message: '[{"key":"TEST_OUTPUT","value":"{\"timestamp\":\"1778051543\",\"namespace\":\"\",\"successes\":0,\"failures\":2,\"warnings\":0,\"result\":\"FAILURE\"}\n","type":1}]' reason: Completed startedAt: "2026-05-06T07:12:24Z" terminationReason: Completed - container: step-detailed-report imageID: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: detailed-report provenance: {} terminated: containerID: cri-o://34cd3004ab038bc89296f2daa55356017e6d6b315cabcddc5cb3eb5e06136fb0 exitCode: 0 finishedAt: "2026-05-06T07:12:24Z" message: '[{"key":"TEST_OUTPUT","value":"{\"timestamp\":\"1778051543\",\"namespace\":\"\",\"successes\":0,\"failures\":2,\"warnings\":0,\"result\":\"FAILURE\"}\n","type":1}]' reason: Completed startedAt: "2026-05-06T07:12:24Z" terminationReason: Completed - container: step-assert imageID: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: assert provenance: {} terminated: containerID: cri-o://857e19fada198f4a7fef81ea91a0d301a86ce9c7c6ba7f02923c2d64e5d634d3 exitCode: 1 finishedAt: "2026-05-06T07:12:25Z" message: '[{"key":"TEST_OUTPUT","value":"{\"timestamp\":\"1778051543\",\"namespace\":\"\",\"successes\":0,\"failures\":2,\"warnings\":0,\"result\":\"FAILURE\"}\n","type":1}]' reason: Error startedAt: "2026-05-06T07:12:25Z" terminationReason: Error taskSpec: description: Verify the enterprise contract is met params: - description: | Spec section of an ApplicationSnapshot resource. Not all fields of the resource are required. A minimal example: ```json { "components": [ { "containerImage": "quay.io/example/repo:latest" } ] } ``` Each `containerImage` in the `components` array is validated. name: IMAGES type: string - default: enterprise-contract-service/default description: | Name of the policy configuration (EnterpriseContractPolicy resource) to use. `namespace/name` or `name` syntax supported. If namespace is omitted the namespace where the task runs is used. You can also specify a policy configuration using a git url, e.g. `github.com/conforma/config//slsa3`. name: POLICY_CONFIGURATION type: string - default: "" description: Public key used to verify traditional long-lived signatures. Must be a valid k8s cosign reference, e.g. k8s://my-space/my-secret where my-secret contains the expected cosign.pub attribute. Required for traditional signing key verification. Will be ignored if any of CERTIFICATE_IDENTITY, CERTIFICATE_IDENTITY_REGEXP, CERTIFICATE_OIDC_ISSUER, or CERTIFICATE_OIDC_ISSUER_REGEXP are provided. name: PUBLIC_KEY type: string - default: "" description: Rekor host for transparency log lookups name: REKOR_HOST type: string - default: "" description: Expected identity in the signing certificate for keyless verification. This should be the email or URI that was used when signing. You should provide both CERTIFICATE_OIDC_ISSUER and CERTIFICATE_IDENTITY for keyless verification. The PUBLIC_KEY param will be ignored if this is provided. name: CERTIFICATE_IDENTITY type: string - default: "" description: Expected OIDC issuer in the signing certificate for keyless verification. This should match the issuer that provided the identity token used for signing. You should provide both CERTIFICATE_OIDC_ISSUER and CERTIFICATE_IDENTITY for keyless verification. The PUBLIC_KEY param will be ignored if this is provided. name: CERTIFICATE_OIDC_ISSUER type: string - default: "" description: Similar to CERTIFICATE_IDENTITY but the value is a regexp that will be matched. Note that CERTIFICATE_IDENTITY takes precedence over this if both are present. name: CERTIFICATE_IDENTITY_REGEXP type: string - default: "" description: Similar to CERTIFICATE_OIDC_ISSUER but a regexp that will be matched. Note that CERTIFICATE_OIDC_ISSUER takes precedence over this if both are present. name: CERTIFICATE_OIDC_ISSUER_REGEXP type: string - default: "false" description: Skip Rekor transparency log checks during validation. Compatible with traditional signing secret signature checks only. If any of the CERTIFICATE_* keyless verification params are present, this value is disregarded and Rekor transparency log checks are included. name: IGNORE_REKOR type: string - default: "" description: TUF mirror URL. Provide a value when NOT using public sigstore deployment. name: TUF_MIRROR type: string - default: "" description: | Path to a directory containing SSL certs to be used when communicating with external services. This is useful when using the integrated registry and a local instance of Rekor on a development cluster which may use certificates issued by a not-commonly trusted root CA. In such cases, `/var/run/secrets/kubernetes.io/serviceaccount` is a good value. Multiple paths can be provided by using the `:` separator. name: SSL_CERT_DIR type: string - default: trusted-ca description: The name of the ConfigMap to read CA bundle data from. name: CA_TRUST_CONFIGMAP_NAME type: string - default: ca-bundle.crt description: The name of the key in the ConfigMap that contains the CA bundle data. name: CA_TRUST_CONFIG_MAP_KEY type: string - default: "true" description: Include rule titles and descriptions in the output. Set to `"false"` to disable it. name: INFO type: string - default: "true" description: Fail the task if policy fails. Set to `"false"` to disable it. name: STRICT type: string - default: /tekton/home description: Value for the HOME environment variable. name: HOMEDIR type: string - default: now description: Run policy checks with the provided time. name: EFFECTIVE_TIME type: string - default: "" description: Merge additional Rego variables into the policy data. Use syntax "key=value,key2=value2..." name: EXTRA_RULE_DATA type: string - default: "1" description: Number of parallel workers to use for policy evaluation. name: WORKERS type: string - default: "false" description: Reduce the Snapshot to only the component whose build caused the Snapshot to be created name: SINGLE_COMPONENT type: string - default: unknown description: | Name, including kind, of the Kubernetes resource to query for labels when single component mode is enabled, e.g. pr/somepipeline. name: SINGLE_COMPONENT_CUSTOM_RESOURCE type: string - default: "" description: | Kubernetes namespace where the SINGLE_COMPONENT_NAME is found. Only used when single component mode is enabled. name: SINGLE_COMPONENT_CUSTOM_RESOURCE_NS type: string - default: 1s description: Base duration for exponential backoff calculation (e.g., "1s", "500ms") name: RETRY_DURATION type: string - default: "2.0" description: Exponential backoff multiplier (e.g., "2.0", "1.5") name: RETRY_FACTOR type: string - default: "0.1" description: Randomness factor for backoff calculation (0.0-1.0, e.g., "0.1", "0.2") name: RETRY_JITTER type: string - default: "3" description: Maximum number of retry attempts name: RETRY_MAX_RETRY type: string - default: 3s description: Maximum wait time between retries (e.g., "3s", "10s") name: RETRY_MAX_WAIT type: string results: - description: Short summary of the policy evaluation for each image name: TEST_OUTPUT type: string stepTemplate: computeResources: {} env: - name: HOME value: /tekton/home steps: - args: - sigstore - initialize - --mirror - "" - --root - /root.json command: - ec computeResources: limits: memory: 256Mi requests: cpu: 100m memory: 256Mi image: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: initialize-tuf when: - operator: notin values: - "" - command: - reduce-snapshot.sh computeResources: limits: memory: 256Mi requests: cpu: 100m memory: 256Mi env: - name: SNAPSHOT value: '{"components":[{"name":"","containerImage":"quay.io/redhat-appstudio-qe/test-images:buildah-demo-ohfkxyrwwd@sha256:c7ee23e9a9dfade19e9ee69e99de27d044b1dde095377e7868975a53ccfeeca9","source":{}}],"artifacts":{}}' - name: SINGLE_COMPONENT value: "false" - name: CUSTOM_RESOURCE value: unknown - name: CUSTOM_RESOURCE_NAMESPACE - name: SNAPSHOT_PATH value: /tekton/home/snapshot.json image: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: reduce onError: continue - computeResources: limits: memory: 2Gi requests: cpu: 1800m memory: 2Gi env: - name: POLICY_CONFIGURATION value: ec-policy - name: PUBLIC_KEY value: k8s://chains-e2e-ioyw/dummy-public-key-pzagsmzkkp - name: CERTIFICATE_IDENTITY - name: CERTIFICATE_OIDC_ISSUER - name: CERTIFICATE_IDENTITY_REGEXP - name: CERTIFICATE_OIDC_ISSUER_REGEXP - name: REKOR_HOST - name: IGNORE_REKOR value: "true" - name: WORKERS value: "1" - name: INFO value: "true" - name: EFFECTIVE_TIME value: now - name: EXTRA_RULE_DATA - name: RETRY_MAX_WAIT value: 3s - name: RETRY_MAX_RETRY value: "3" - name: RETRY_DURATION value: 1s - name: RETRY_FACTOR value: "2.0" - name: RETRY_JITTER value: "0.1" - name: HOMEDIR value: /tekton/home - name: SSL_CERT_DIR value: /tekton-custom-certs:/etc/ssl/certs:/etc/pki/tls/certs:/system/etc/security/cacerts:/var/run/secrets/kubernetes.io/serviceaccount image: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: validate onError: continue script: | #!/bin/bash set -euo pipefail cmd_args=( validate image --images="${HOMEDIR}/snapshot.json" --policy="${POLICY_CONFIGURATION}" ) # To keep bash logic as thin as possible we deliberately don't sanitize # these params. If something is wrong or missing let Conforma handle it. if [ -n "${CERTIFICATE_IDENTITY}" ] || \ [ -n "${CERTIFICATE_OIDC_ISSUER}" ] || \ [ -n "${CERTIFICATE_IDENTITY_REGEXP}" ] || \ [ -n "${CERTIFICATE_OIDC_ISSUER_REGEXP}" ]; then # If *any* of the above are non-empty assume the intention is to # try keyless verification if [ -n "${CERTIFICATE_IDENTITY}" ]; then cmd_args+=( --certificate-identity="${CERTIFICATE_IDENTITY}" ) elif [ -n "${CERTIFICATE_IDENTITY_REGEXP}" ]; then cmd_args+=( --certificate-identity-regexp="${CERTIFICATE_IDENTITY_REGEXP}" ) fi if [ -n "${CERTIFICATE_OIDC_ISSUER}" ]; then cmd_args+=( --certificate-oidc-issuer="${CERTIFICATE_OIDC_ISSUER}" ) elif [ -n "${CERTIFICATE_OIDC_ISSUER_REGEXP}" ]; then cmd_args+=( --certificate-oidc-issuer-regexp="${CERTIFICATE_OIDC_ISSUER_REGEXP}" ) fi # Force --ignore-rekor to false since we need rekor cmd_args+=( --ignore-rekor=false ) else # Assume traditional signing secret verification cmd_args+=( --public-key="${PUBLIC_KEY}" --ignore-rekor="${IGNORE_REKOR}" ) fi cmd_args+=( --rekor-url="${REKOR_HOST}" --workers="${WORKERS}" --info="${INFO}" --timeout=0 --strict=false --show-successes=true --show-policy-docs-link=true --effective-time="${EFFECTIVE_TIME}" --extra-rule-data="${EXTRA_RULE_DATA}" --retry-max-wait="${RETRY_MAX_WAIT}" --retry-max-retry="${RETRY_MAX_RETRY}" --retry-duration="${RETRY_DURATION}" --retry-factor="${RETRY_FACTOR}" --retry-jitter="${RETRY_JITTER}" --output="text=${HOMEDIR}/text-report.txt?show-successes=false" --output="json=${HOMEDIR}/report-json.json" --output="appstudio=/tekton/results/TEST_OUTPUT" ) # Execute Conforma with constructed arguments exec ec "${cmd_args[@]}" volumeMounts: - mountPath: /etc/pki/tls/certs/ca-custom-bundle.crt name: trusted-ca readOnly: true subPath: ca-bundle.crt - args: - jq . /tekton/home/report-json.json | awk '{gsub(/^ +/, ""); acc += length; if (acc >= 8000) { printf "\n"; acc=length } printf $0 }' command: - sh - -c computeResources: limits: memory: 256Mi requests: cpu: 100m memory: 256Mi image: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: report-json onError: continue - args: - . - /tekton/results/TEST_OUTPUT command: - jq computeResources: limits: memory: 256Mi requests: cpu: 100m memory: 256Mi image: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: summary onError: continue - args: - version command: - ec computeResources: limits: memory: 256Mi requests: cpu: 100m memory: 256Mi image: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: version - args: - '{policy: .policy, key: .key, "effective-time": .["effective-time"]}' - /tekton/home/report-json.json command: - jq computeResources: limits: memory: 256Mi requests: cpu: 100m memory: 256Mi image: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: show-config - args: - /tekton/home/text-report.txt command: - cat computeResources: {} image: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: detailed-report onError: continue - args: - --argjson - strict - "true" - -e - | .result == "SUCCESS" or .result == "WARNING" or ($strict | not) - /tekton/results/TEST_OUTPUT command: - jq computeResources: limits: memory: 256Mi requests: cpu: 100m memory: 256Mi image: quay.io/conforma/cli@sha256:2f5bed7fd51f678ea960aaf5bed033412b7d207a83bb1b02b108be5ca71a058d name: assert volumes: - configMap: items: - key: ca-bundle.crt path: ca-bundle.crt name: trusted-ca optional: true name: trusted-ca workspaces: - description: The workspace where the snapshot spec json file resides name: data optional: true *** Logs from pod 'verify-enterprise-contract-9de664babf1c709d7b136866f9afe440-pod', container 'step-initialize-tuf': ----- START -----2026/05/06 07:12:19 INFO Step was skipped due to when expressions were evaluated to false. ----- END ----- *** Logs from pod 'verify-enterprise-contract-9de664babf1c709d7b136866f9afe440-pod', container 'step-reduce': ----- START -----Single Component mode? false { "components": [ { "name": "", "containerImage": "quay.io/redhat-appstudio-qe/test-images:buildah-demo-ohfkxyrwwd@sha256:c7ee23e9a9dfade19e9ee69e99de27d044b1dde095377e7868975a53ccfeeca9", "source": {} } ], "artifacts": {} } ----- END ----- *** Logs from pod 'verify-enterprise-contract-9de664babf1c709d7b136866f9afe440-pod', container 'step-validate': ----- START ---------- END ----- *** Logs from pod 'verify-enterprise-contract-9de664babf1c709d7b136866f9afe440-pod', container 'step-report-json': ----- START -----{"success": false,"components": [{"name": "","containerImage": "quay.io/redhat-appstudio-qe/test-images@sha256:c7ee23e9a9dfade19e9ee69e99de27d044b1dde095377e7868975a53ccfeeca9","source": {},"violations": [{"msg": "No image attestations found matching the given public key. Verify the correct public key was provided, and one or more attestations were created. Error: no matching attestations: accepted signatures do not match threshold, Found: 0, Expected 1","metadata": {"code": "builtin.attestation.signature_check","description": "The attestation signature matches available signing materials.","title": "Attestation signature check passed"}},{"msg": "No image signatures found matching the given public key. Verify the correct public key was provided, and a signature was created. Error: no matching signatures: invalid signature when validating ASN.1 encoded signature\n invalid signature when validating ASN.1 encoded signature\n invalid signature when validating ASN.1 encoded signature","metadata": {"code": "builtin.image.signature_check","description": "The image signature matches available signing materials.","title": "Image signature check passed"}}],"success": false}],"key": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENZxkE/d0fKvJ51dXHQmxXaRMTtVz\nBQWcmJD/7pcMDEmBcmk8O1yUPIiFj5TMZqabjS9CQQN+jKHG+Bfi0BYlHg==\n-----END PUBLIC KEY-----\n","policy": {"name": "Default","description": "Includes rules for levels 1, 2 & 3 of SLSA v0.1. This is the default config used for new Konflux applications. Source: https://github.com/conforma/config/blob/main/default/policy.yaml","sources": [{"name": "Default","policy": ["oci::quay.io/enterprise-contract/ec-release-policy:konflux@sha256:59c6b95c02295edb7928ef187571d26d426993fd5aae0236a03c832afbd6072a"],"data": ["git::github.com/release-engineering/rhtap-ec-policy//data?ref=67018469815ee9f81e47cfb54dae39d71ed5f389","oci::quay.io/konflux-ci/tekton-catalog/data-acceptable-bundles:latest@sha256:c7303e2d586614e47d7340ff8d7059c98c6c68fc8ca938b3448179fb8009372e","oci::quay.io/konflux-ci/konflux-vanguard/data-acceptable-bundles:latest@sha256:0b31c7bc77a7463a1bc52f3d3625ef0e0e75443da7fd2de8005d7885282138ea","oci::quay.io/konflux-ci/integration-service-catalog/data-acceptable-bundles:latest@sha256:7b00455045ea3873a72caeb1e7ac7d036bd53963a26409891a4cc9d0d242b9fc"],"config": {"include": ["slsa_provenance_available"]}}],"publicKey": "k8s://chains-e2e-ioyw/dummy-public-key-pzagsmzkkp"},"ec-version": "v0.9.25","effective-time": "2026-05-06T07:12:20.293962361Z"}----- END ----- *** Logs from pod 'verify-enterprise-contract-9de664babf1c709d7b136866f9afe440-pod', container 'step-summary': ----- START -----{ "timestamp": "1778051543", "namespace": "", "successes": 0, "failures": 2, "warnings": 0, "result": "FAILURE" } ----- END ----- *** Logs from pod 'verify-enterprise-contract-9de664babf1c709d7b136866f9afe440-pod', container 'step-version': ----- START -----Version v0.9.25 Source ID b345847182602d9a5ce9e957fa76fe02575c8018 Change date 2026-04-27 12:52:43 +0000 UTC (1 week ago) ECC v0.1.7 OPA v1.15.2 Conftest v0.68.2 Cosign v3.0.4 Sigstore v1.10.4 Rekor v1.5.0 Tekton Pipeline v1.9.2 Kubernetes Client v0.35.0 ----- END ----- *** Logs from pod 'verify-enterprise-contract-9de664babf1c709d7b136866f9afe440-pod', container 'step-show-config': ----- START -----{ "policy": { "name": "Default", "description": "Includes rules for levels 1, 2 & 3 of SLSA v0.1. This is the default config used for new Konflux applications. Source: https://github.com/conforma/config/blob/main/default/policy.yaml", "sources": [ { "name": "Default", "policy": [ "oci::quay.io/enterprise-contract/ec-release-policy:konflux@sha256:59c6b95c02295edb7928ef187571d26d426993fd5aae0236a03c832afbd6072a" ], "data": [ "git::github.com/release-engineering/rhtap-ec-policy//data?ref=67018469815ee9f81e47cfb54dae39d71ed5f389", "oci::quay.io/konflux-ci/tekton-catalog/data-acceptable-bundles:latest@sha256:c7303e2d586614e47d7340ff8d7059c98c6c68fc8ca938b3448179fb8009372e", "oci::quay.io/konflux-ci/konflux-vanguard/data-acceptable-bundles:latest@sha256:0b31c7bc77a7463a1bc52f3d3625ef0e0e75443da7fd2de8005d7885282138ea", "oci::quay.io/konflux-ci/integration-service-catalog/data-acceptable-bundles:latest@sha256:7b00455045ea3873a72caeb1e7ac7d036bd53963a26409891a4cc9d0d242b9fc" ], "config": { "include": [ "slsa_provenance_available" ] } } ], "publicKey": "k8s://chains-e2e-ioyw/dummy-public-key-pzagsmzkkp" }, "key": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENZxkE/d0fKvJ51dXHQmxXaRMTtVz\nBQWcmJD/7pcMDEmBcmk8O1yUPIiFj5TMZqabjS9CQQN+jKHG+Bfi0BYlHg==\n-----END PUBLIC KEY-----\n", "effective-time": "2026-05-06T07:12:20.293962361Z" } ----- END ----- *** Logs from pod 'verify-enterprise-contract-9de664babf1c709d7b136866f9afe440-pod', container 'step-detailed-report': ----- START -----Success: false Result: FAILURE Violations: 2, Warnings: 0, Successes: 0 Component: ImageRef: quay.io/redhat-appstudio-qe/test-images@sha256:c7ee23e9a9dfade19e9ee69e99de27d044b1dde095377e7868975a53ccfeeca9 Results: ✕ [Violation] builtin.attestation.signature_check ImageRef: quay.io/redhat-appstudio-qe/test-images@sha256:c7ee23e9a9dfade19e9ee69e99de27d044b1dde095377e7868975a53ccfeeca9 Reason: No image attestations found matching the given public key. Verify the correct public key was provided, and one or more attestations were created. Error: no matching attestations: accepted signatures do not match threshold, Found: 0, Expected 1 Title: Attestation signature check passed Description: The attestation signature matches available signing materials. ✕ [Violation] builtin.image.signature_check ImageRef: quay.io/redhat-appstudio-qe/test-images@sha256:c7ee23e9a9dfade19e9ee69e99de27d044b1dde095377e7868975a53ccfeeca9 Reason: No image signatures found matching the given public key. Verify the correct public key was provided, and a signature was created. Error: no matching signatures: invalid signature when validating ASN.1 encoded signature invalid signature when validating ASN.1 encoded signature invalid signature when validating ASN.1 encoded signature Title: Image signature check passed Description: The image signature matches available signing materials. For more information about policy issues, see the policy documentation: https://conforma.dev/docs/policy/ ----- END ----- *** Logs from pod 'verify-enterprise-contract-9de664babf1c709d7b136866f9afe440-pod', container 'step-assert': ----- START -----false ----- END ----- Make sure TaskRun verify-enterprise-contract of PipelineRun verify-enterprise-contract-run-rqb9w failed < Exit [It] fails when unexpected signature is used - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:251 @ 05/06/26 07:12:27.745 (18.251s) > Enter [AfterEach] [enterprise-contract-suite Conforma E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:29 @ 05/06/26 07:12:27.746 < Exit [AfterEach] [enterprise-contract-suite Conforma E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:29 @ 05/06/26 07:12:27.746 (0s) > Enter [BeforeEach] verify-enterprise-contract task - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:154 @ 05/06/26 07:12:27.747 < Exit [BeforeEach] verify-enterprise-contract task - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:154 @ 05/06/26 07:12:27.768 (21ms) > Enter [It] verifies ec cli has error handling - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:279 @ 05/06/26 07:12:27.768 Creating Pipeline "verify-enterprise-contract-run-lmzq4" Waiting for pipeline "verify-enterprise-contract-run-lmzq4" to finish *** Logs from pod 'verify-enterprise-contract-0b6ca3de2eb7dc95c0cfbcd03889b758-pod', container 'step-report-json': ----- START -----{"success": false,"components": [{"name": "","containerImage": "quay.io/konflux-ci/ec-golden-image@sha256:f1f3150e87adfcf44f0ea5fa468d4fe93b80e2c0d49ee31580407a5f1208d0a2","source": {},"violations": [{"msg": "No image attestations found matching the given public key. Verify the correct public key was provided, and one or more attestations were created. Error: no matching attestations: accepted signatures do not match threshold, Found: 0, Expected 1","metadata": {"code": "builtin.attestation.signature_check","description": "The attestation signature matches available signing materials.","title": "Attestation signature check passed"}},{"msg": "No image signatures found matching the given public key. Verify the correct public key was provided, and a signature was created. Error: no matching signatures: invalid signature when validating ASN.1 encoded signature","metadata": {"code": "builtin.image.signature_check","description": "The image signature matches available signing materials.","title": "Image signature check passed"}}],"success": false},{"name": "-sha256:c100497badd3edd2f02b294411b511396e71caf701f4df45db448e6cdbc686b0-amd64","containerImage": "quay.io/konflux-ci/ec-golden-image@sha256:c100497badd3edd2f02b294411b511396e71caf701f4df45db448e6cdbc686b0","source": {},"violations": [{"msg": "No image attestations found matching the given public key. Verify the correct public key was provided, and one or more attestations were created. Error: no matching attestations: accepted signatures do not match threshold, Found: 0, Expected 1","metadata": {"code": "builtin.attestation.signature_check","description": "The attestation signature matches available signing materials.","title": "Attestation signature check passed"}},{"msg": "No image signatures found matching the given public key. Verify the correct public key was provided, and a signature was created. Error: no matching signatures: invalid signature when validating ASN.1 encoded signature\n invalid signature when validating ASN.1 encoded signature","metadata": {"code": "builtin.image.signature_check","description": "The image signature matches available signing materials.","title": "Image signature check passed"}}],"success": false},{"name": "-sha256:9024c5db8db1fa036f7c56020829f0e239db7b660d5e5f6439af84ab66489d63-arm64","containerImage": "quay.io/konflux-ci/ec-golden-image@sha256:9024c5db8db1fa036f7c56020829f0e239db7b660d5e5f6439af84ab66489d63","source": {},"violations": [{"msg": "No image attestations found matching the given public key. Verify the correct public key was provided, and one or more attestations were created. Error: no matching attestations: accepted signatures do not match threshold, Found: 0, Expected 1","metadata": {"code": "builtin.attestation.signature_check","description": "The attestation signature matches available signing materials.","title": "Attestation signature check passed"}},{"msg": "No image signatures found matching the given public key. Verify the correct public key was provided, and a signature was created. Error: no matching signatures: invalid signature when validating ASN.1 encoded signature\n invalid signature when validating ASN.1 encoded signature","metadata": {"code": "builtin.image.signature_check","description": "The image signature matches available signing materials.","title": "Image signature check passed"}}],"success": false}],"key": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEF1KPrbmgPwizdb09V4Tx2cuolTkR\n7bvG0CNUnt8llVgeI3i8FwpJavDhEIhOOd+Ug62XZMEQJkhn0x9upJLjbw==\n-----END PUBLIC KEY-----\n","policy": {"name": "Default","description": "Includes rules for levels 1, 2 & 3 of SLSA v0.1. This is the default config used for new Konflux applications. Source: https://github.com/conforma/config/blob/main/default/policy.yaml","sources": [{"name": "Default","policy": ["oci::quay.io/enterprise-contract/ec-release-policy:konflux@sha256:59c6b95c02295edb7928ef187571d26d426993fd5aae0236a03c832afbd6072a"],"data": ["git::github.com/release-engineering/rhtap-ec-policy//data?ref=67018469815ee9f81e47cfb54dae39d71ed5f389","oci::quay.io/konflux-ci/tekton-catalog/data-acceptable-bundles:latest@sha256:c7303e2d586614e47d7340ff8d7059c98c6c68fc8ca938b3448179fb8009372e","oci::quay.io/konflux-ci/konflux-vanguard/data-acceptable-bundles:latest@sha256:0b31c7bc77a7463a1bc52f3d3625ef0e0e75443da7fd2de8005d7885282138ea","oci::quay.io/konflux-ci/integration-service-catalog/data-acceptable-bundles:latest@sha256:7b00455045ea3873a72caeb1e7ac7d036bd53963a26409891a4cc9d0d242b9fc"],"config": {"include": ["slsa_provenance_available"]}}],"publicKey": "k8s://chains-e2e-ioyw/cosign-public-key"},"ec-version": "v0.9.25","effective-time": "2026-05-06T07:12:37.516295268Z"}----- END ----- < Exit [It] verifies ec cli has error handling - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:279 @ 05/06/26 07:12:44.927 (17.159s) > Enter [AfterEach] [enterprise-contract-suite Conforma E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:29 @ 05/06/26 07:12:44.927 < Exit [AfterEach] [enterprise-contract-suite Conforma E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:29 @ 05/06/26 07:12:44.927 (0s) > Enter [BeforeEach] verify-enterprise-contract task - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:154 @ 05/06/26 07:12:44.928 < Exit [BeforeEach] verify-enterprise-contract task - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:154 @ 05/06/26 07:12:44.96 (33ms) > Enter [It] verifies ec validate accepts a list of image references - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:301 @ 05/06/26 07:12:44.961 Update public key to verify golden images Creating Pipeline "verify-enterprise-contract-run-b6sfp" Waiting for pipeline "verify-enterprise-contract-run-b6sfp" to finish *** Logs from pod 'verify-enterprise-contract-03562da93b75aafc862450e925d99e09-pod', container 'step-report-json': ----- START -----{"success": true,"components": [{"name": "","containerImage": "quay.io/konflux-ci/ec-golden-image@sha256:f1f3150e87adfcf44f0ea5fa468d4fe93b80e2c0d49ee31580407a5f1208d0a2","source": {},"successes": [{"msg": "Pass","metadata": {"code": "attestation_type.known_attestation_type","collections": ["minimal","redhat","redhat_rpms","slsa3"],"depends_on": ["attestation_type.pipelinerun_attestation_found"],"description": "Confirm the attestation found for the image has a known attestation type.","title": "Known attestation type found"}},{"msg": "Pass","metadata": {"code": "attestation_type.pipelinerun_attestation_found","collections": ["minimal","redhat","redhat_rpms","slsa3"],"description": "Confirm at least one PipelineRun attestation is present.","title": "PipelineRun attestation found"}},{"msg": "Pass","metadata": {"code": "builtin.attestation.signature_check","description": "The attestation signature matches available signing materials.","title": "Attestation signature check passed"}},{"msg": "Pass","metadata": {"code": "builtin.attestation.syntax_check","description": "The attestation has correct syntax.","title": "Attestation syntax check passed"}},{"msg": "Pass","metadata": {"code": "builtin.image.signature_check","description": "The image signature matches available signing materials.","title": "Image signature check passed"}},{"msg": "Pass","metadata": {"code": "slsa_build_build_service.allowed_builder_ids_provided","collections": ["slsa3","redhat","redhat_rpms","policy_data"],"description": "Confirm the `allowed_builder_ids` rule data was provided, since it is required by the policy rules in this package.","title": "Allowed builder IDs provided"}},{"msg": "Pass","metadata": {"code": "slsa_build_build_service.slsa_builder_id_accepted","collections": ["slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify that the attestation attribute predicate.builder.id is set to one of the values in the `allowed_builder_ids` rule data, e.g. \"https://tekton.dev/chains/v2\".","title": "SLSA Builder ID is known and accepted"}},{"msg": "Pass","metadata": {"code": "slsa_build_build_service.slsa_builder_id_found","collections": ["slsa3","redhat"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify that the attestation attribute predicate.builder.id is set.","title": "SLSA Builder ID found"}},{"msg": "Pass","metadata": {"code": "slsa_build_scripted_build.build_script_used","collections": ["slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify that the predicate.buildConfig.tasks.steps attribute for the task responsible for building and pushing the image is not empty.","title": "Build task contains steps"}},{"msg": "Pass","metadata": {"code": "slsa_build_scripted_build.build_task_image_results_found","collections": ["slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Confirm that a build task exists and it has the expected IMAGE_DIGEST and IMAGE_URL task results.","title": "Build task set image digest and url task results"}},{"msg": "Pass","metadata": {"code": "slsa_build_scripted_build.subject_build_task_matches","collections": ["slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify the subject of the attestations matches the IMAGE_DIGEST and IMAGE_URL values from the build task.","title": "Provenance subject matches build task image result"}},{"msg": "Pass","metadata": {"code": "slsa_provenance_available.allowed_predicate_types_provided","collections": ["minimal","slsa3","redhat","redhat_rpms","policy_data"],"description": "Confirm the `allowed_predicate_types` rule data was provided, since it is required by the policy rules in this package.","title": "Allowed predicate types provided"}},{"msg": "Pass","metadata": {"code": "slsa_provenance_available.attestation_predicate_type_accepted","collections": ["minimal","slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify that the predicateType field of the attestation indicates the in-toto SLSA Provenance format was used to attest the PipelineRun.","title": "Expected attestation predicate type found"}},{"msg": "Pass","metadata": {"code": "slsa_source_correlated.attested_source_code_reference","collections": ["minimal","slsa3","redhat"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Attestation contains source reference.","title": "Source reference"}},{"msg": "Pass","metadata": {"code": "slsa_source_correlated.expected_source_code_reference","collections": ["minimal","slsa3","redhat"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify that the provided source code reference is the one being attested.","title": "Expected source code reference"}},{"msg": "Pass","metadata": {"code": "slsa_source_correlated.rule_data_provided","collections": ["minimal","slsa3","redhat","redhat_rpms","policy_data"],"description": "Confirm the expected rule data keys have been provided in the expected format. The keys are `supported_vcs` and `supported_digests`.","title": "Rule data provided"}},{"msg": "Pass","metadata": {"code": "slsa_source_version_controlled.materials_format_okay","collections": ["minimal","slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Confirm at least one entry in the predicate.materials array of the attestation contains the expected attributes: uri and digest.sha1.","title": "Materials have uri and digest"}},{"msg": "Pass","metadata": {"code": "slsa_source_version_controlled.materials_include_git_sha","collections": ["minimal","slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Ensure that each entry in the predicate.materials array with a SHA-1 digest includes a valid Git commit SHA.","title": "Materials include git commit shas"}},{"msg": "Pass","metadata": {"code": "slsa_source_version_controlled.materials_uri_is_git_repo","collections": ["minimal","slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Ensure each entry in the predicate.materials array with a SHA-1 digest includes a valid Git URI.","title": "Material uri is a git repo"}},{"msg": "Pass","metadata": {"code": "tasks.pipeline_has_tasks","collections": ["minimal","redhat","redhat_rpms","slsa3"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Ensure that at least one Task is present in the PipelineRun attestation.","title": "Pipeline run includes at least one task"}},{"msg": "Pass","metadata": {"code": "tasks.successful_pipeline_tasks","collections": ["minimal","redhat","redhat_rpms","slsa3"],"depends_on": ["tasks.pipeline_has_tasks"],"description": "Ensure that all of the Tasks in the Pipeline completed successfully. Note that skipped Tasks are not taken into account and do not influence the outcome.","title": "Successful pipeline tasks"}}],"success": true,"signatures": [{"keyid": "","sig": "MEQCIBq18yWVAorXyPPujnxOZ8mHF27hiJQ6EAno4Tjv33YSAiAcU67ZBZRjdijTh/A/83Fk9Ixw85yDTJBi/oDjYPGgMA=="}],"attestations": [{"type": "https://in-toto.io/Statement/v0.1","predicateType": "https://slsa.dev/provenance/v0.2","predicateBuildType": "tekton.dev/v1/PipelineRun","signatures": [{"keyid": "SHA256:IhiN7gY+Z3uSSd7tmj6w5Zfhqafzdhm3DZjIvGc6iYY","sig": "MEUCIB3dH/CuxExH77jGOhngRyCwsNeug1KyBLQKKWqW0qF/AiEAw8EQ0dR5hgbJ/tlxqAA33VypQMBitTw6kMhgcR8Z/kM="}]}]},{"name": "-sha256:c100497badd3edd2f02b294411b511396e71caf701f4df45db448e6cdbc686b0-amd64","containerImage": "quay.io/konflux-ci/ec-golden-image@sha256:c100497badd3edd2f02b294411b511396e71caf701f4df45db448e6cdbc686b0","source": {},"successes": [{"msg": "Pass","metadata": {"code": "attestation_type.known_attestation_type","collections": ["minimal","redhat","redhat_rpms","slsa3"], "depends_on": ["attestation_type.pipelinerun_attestation_found"],"description": "Confirm the attestation found for the image has a known attestation type.","title": "Known attestation type found"}},{"msg": "Pass","metadata": {"code": "attestation_type.pipelinerun_attestation_found","collections": ["minimal","redhat","redhat_rpms","slsa3"],"description": "Confirm at least one PipelineRun attestation is present.","title": "PipelineRun attestation found"}},{"msg": "Pass","metadata": {"code": "builtin.attestation.signature_check","description": "The attestation signature matches available signing materials.","title": "Attestation signature check passed"}},{"msg": "Pass","metadata": {"code": "builtin.attestation.syntax_check","description": "The attestation has correct syntax.","title": "Attestation syntax check passed"}},{"msg": "Pass","metadata": {"code": "builtin.image.signature_check","description": "The image signature matches available signing materials.","title": "Image signature check passed"}},{"msg": "Pass","metadata": {"code": "slsa_build_build_service.allowed_builder_ids_provided","collections": ["slsa3","redhat","redhat_rpms","policy_data"],"description": "Confirm the `allowed_builder_ids` rule data was provided, since it is required by the policy rules in this package.","title": "Allowed builder IDs provided"}},{"msg": "Pass","metadata": {"code": "slsa_build_build_service.slsa_builder_id_accepted","collections": ["slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify that the attestation attribute predicate.builder.id is set to one of the values in the `allowed_builder_ids` rule data, e.g. \"https://tekton.dev/chains/v2\".","title": "SLSA Builder ID is known and accepted"}},{"msg": "Pass","metadata": {"code": "slsa_build_build_service.slsa_builder_id_found","collections": ["slsa3","redhat"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify that the attestation attribute predicate.builder.id is set.","title": "SLSA Builder ID found"}},{"msg": "Pass","metadata": {"code": "slsa_build_scripted_build.build_script_used","collections": ["slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify that the predicate.buildConfig.tasks.steps attribute for the task responsible for building and pushing the image is not empty.","title": "Build task contains steps"}},{"msg": "Pass","metadata": {"code": "slsa_build_scripted_build.build_task_image_results_found","collections": ["slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Confirm that a build task exists and it has the expected IMAGE_DIGEST and IMAGE_URL task results.","title": "Build task set image digest and url task results"}},{"msg": "Pass","metadata": {"code": "slsa_build_scripted_build.subject_build_task_matches","collections": ["slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify the subject of the attestations matches the IMAGE_DIGEST and IMAGE_URL values from the build task.","title": "Provenance subject matches build task image result"}},{"msg": "Pass","metadata": {"code": "slsa_provenance_available.allowed_predicate_types_provided","collections": ["minimal","slsa3","redhat","redhat_rpms","policy_data"],"description": "Confirm the `allowed_predicate_types` rule data was provided, since it is required by the policy rules in this package.","title": "Allowed predicate types provided"}},{"msg": "Pass","metadata": {"code": "slsa_provenance_available.attestation_predicate_type_accepted","collections": ["minimal","slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify that the predicateType field of the attestation indicates the in-toto SLSA Provenance format was used to attest the PipelineRun.","title": "Expected attestation predicate type found"}},{"msg": "Pass","metadata": {"code": "slsa_source_correlated.attested_source_code_reference","collections": ["minimal","slsa3","redhat"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Attestation contains source reference.","title": "Source reference"}},{"msg": "Pass","metadata": {"code": "slsa_source_correlated.expected_source_code_reference","collections": ["minimal","slsa3","redhat"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify that the provided source code reference is the one being attested.","title": "Expected source code reference"}},{"msg": "Pass","metadata": {"code": "slsa_source_correlated.rule_data_provided","collections": ["minimal","slsa3","redhat","redhat_rpms","policy_data"],"description": "Confirm the expected rule data keys have been provided in the expected format. The keys are `supported_vcs` and `supported_digests`.","title": "Rule data provided"}},{"msg": "Pass","metadata": {"code": "slsa_source_version_controlled.materials_format_okay","collections": ["minimal","slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Confirm at least one entry in the predicate.materials array of the attestation contains the expected attributes: uri and digest.sha1.","title": "Materials have uri and digest"}},{"msg": "Pass","metadata": {"code": "slsa_source_version_controlled.materials_include_git_sha","collections": ["minimal","slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Ensure that each entry in the predicate.materials array with a SHA-1 digest includes a valid Git commit SHA.","title": "Materials include git commit shas"}},{"msg": "Pass","metadata": {"code": "slsa_source_version_controlled.materials_uri_is_git_repo","collections": ["minimal","slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Ensure each entry in the predicate.materials array with a SHA-1 digest includes a valid Git URI.","title": "Material uri is a git repo"}},{"msg": "Pass","metadata": {"code": "tasks.pipeline_has_tasks","collections": ["minimal","redhat","redhat_rpms","slsa3"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Ensure that at least one Task is present in the PipelineRun attestation.","title": "Pipeline run includes at least one task"}},{"msg": "Pass","metadata": {"code": "tasks.successful_pipeline_tasks","collections": ["minimal","redhat","redhat_rpms","slsa3"],"depends_on": ["tasks.pipeline_has_tasks"],"description": "Ensure that all of the Tasks in the Pipeline completed successfully. Note that skipped Tasks are not taken into account and do not influence the outcome.","title": "Successful pipeline tasks"}}],"success": true,"signatures": [{"keyid": "","sig": "MEQCIHxTtFk2bdTapnn7KctPkokRxcv93bMICQzKn39JKl0LAiBCxnJjATuj6BTcqLlA8wMoi6veCojTO4/4C5LttuGMHA=="},{"keyid": "","sig": "MEYCIQC+dYCC62hMKwiuaN96kH3W0IDnI3Q0dORmRturzbbB4wIhAMZtr0VklbfgVlU56eO49dlwq8pKtye2zerYiC8NazW4"}],"attestations": [{"type": "https://in-toto.io/Statement/v0.1","predicateType": "https://slsa.dev/provenance/v0.2","predicateBuildType": "tekton.dev/v1/PipelineRun","signatures": [{"keyid": "SHA256:IhiN7gY+Z3uSSd7tmj6w5Zfhqafzdhm3DZjIvGc6iYY","sig": "MEUCIB3dH/CuxExH77jGOhngRyCwsNeug1KyBLQKKWqW0qF/AiEAw8EQ0dR5hgbJ/tlxqAA33VypQMBitTw6kMhgcR8Z/kM="}]}]},{"name": "-sha256:9024c5db8db1fa036f7c56020829f0e239db7b660d5e5f6439af84ab66489d63-arm64","containerImage": "quay.io/konflux-ci/ec-golden-image@sha256:9024c5db8db1fa036f7c56020829f0e239db7b660d5e5f6439af84ab66489d63","source": {},"successes": [{"msg": "Pass","metadata": {"code": "attestation_type.known_attestation_type","collections": ["minimal","redhat","redhat_rpms","slsa3"],"depends_on": ["attestation_type.pipelinerun_attestation_found"],"description": "Confirm the attestation found for the image has a known attestation type.","title": "Known attestation type found"}},{"msg": "Pass", "metadata": {"code": "attestation_type.pipelinerun_attestation_found","collections": ["minimal","redhat","redhat_rpms","slsa3"],"description": "Confirm at least one PipelineRun attestation is present.","title": "PipelineRun attestation found"}},{"msg": "Pass","metadata": {"code": "builtin.attestation.signature_check","description": "The attestation signature matches available signing materials.","title": "Attestation signature check passed"}},{"msg": "Pass","metadata": {"code": "builtin.attestation.syntax_check","description": "The attestation has correct syntax.","title": "Attestation syntax check passed"}},{"msg": "Pass","metadata": {"code": "builtin.image.signature_check","description": "The image signature matches available signing materials.","title": "Image signature check passed"}},{"msg": "Pass","metadata": {"code": "slsa_build_build_service.allowed_builder_ids_provided","collections": ["slsa3","redhat","redhat_rpms","policy_data"],"description": "Confirm the `allowed_builder_ids` rule data was provided, since it is required by the policy rules in this package.","title": "Allowed builder IDs provided"}},{"msg": "Pass","metadata": {"code": "slsa_build_build_service.slsa_builder_id_accepted","collections": ["slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify that the attestation attribute predicate.builder.id is set to one of the values in the `allowed_builder_ids` rule data, e.g. \"https://tekton.dev/chains/v2\".","title": "SLSA Builder ID is known and accepted"}},{"msg": "Pass","metadata": {"code": "slsa_build_build_service.slsa_builder_id_found","collections": ["slsa3","redhat"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify that the attestation attribute predicate.builder.id is set.","title": "SLSA Builder ID found"}},{"msg": "Pass","metadata": {"code": "slsa_build_scripted_build.build_script_used","collections": ["slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify that the predicate.buildConfig.tasks.steps attribute for the task responsible for building and pushing the image is not empty.","title": "Build task contains steps"}},{"msg": "Pass","metadata": {"code": "slsa_build_scripted_build.build_task_image_results_found","collections": ["slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Confirm that a build task exists and it has the expected IMAGE_DIGEST and IMAGE_URL task results.","title": "Build task set image digest and url task results"}},{"msg": "Pass","metadata": {"code": "slsa_build_scripted_build.subject_build_task_matches","collections": ["slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify the subject of the attestations matches the IMAGE_DIGEST and IMAGE_URL values from the build task.","title": "Provenance subject matches build task image result"}},{"msg": "Pass","metadata": {"code": "slsa_provenance_available.allowed_predicate_types_provided","collections": ["minimal","slsa3","redhat","redhat_rpms","policy_data"],"description": "Confirm the `allowed_predicate_types` rule data was provided, since it is required by the policy rules in this package.","title": "Allowed predicate types provided"}},{"msg": "Pass","metadata": {"code": "slsa_provenance_available.attestation_predicate_type_accepted","collections": ["minimal","slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify that the predicateType field of the attestation indicates the in-toto SLSA Provenance format was used to attest the PipelineRun.","title": "Expected attestation predicate type found"}},{"msg": "Pass","metadata": {"code": "slsa_source_correlated.attested_source_code_reference","collections": ["minimal","slsa3","redhat"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Attestation contains source reference.","title": "Source reference"}},{"msg": "Pass","metadata": {"code": "slsa_source_correlated.expected_source_code_reference","collections": ["minimal","slsa3","redhat"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify that the provided source code reference is the one being attested.","title": "Expected source code reference"}},{"msg": "Pass","metadata": {"code": "slsa_source_correlated.rule_data_provided","collections": ["minimal","slsa3","redhat","redhat_rpms","policy_data"],"description": "Confirm the expected rule data keys have been provided in the expected format. The keys are `supported_vcs` and `supported_digests`.","title": "Rule data provided"}},{"msg": "Pass","metadata": {"code": "slsa_source_version_controlled.materials_format_okay","collections": ["minimal","slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Confirm at least one entry in the predicate.materials array of the attestation contains the expected attributes: uri and digest.sha1.","title": "Materials have uri and digest"}},{"msg": "Pass","metadata": {"code": "slsa_source_version_controlled.materials_include_git_sha","collections": ["minimal","slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Ensure that each entry in the predicate.materials array with a SHA-1 digest includes a valid Git commit SHA.","title": "Materials include git commit shas"}},{"msg": "Pass","metadata": {"code": "slsa_source_version_controlled.materials_uri_is_git_repo","collections": ["minimal","slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Ensure each entry in the predicate.materials array with a SHA-1 digest includes a valid Git URI.","title": "Material uri is a git repo"}},{"msg": "Pass","metadata": {"code": "tasks.pipeline_has_tasks","collections": ["minimal","redhat","redhat_rpms","slsa3"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Ensure that at least one Task is present in the PipelineRun attestation.","title": "Pipeline run includes at least one task"}},{"msg": "Pass","metadata": {"code": "tasks.successful_pipeline_tasks","collections": ["minimal","redhat","redhat_rpms","slsa3"],"depends_on": ["tasks.pipeline_has_tasks"],"description": "Ensure that all of the Tasks in the Pipeline completed successfully. Note that skipped Tasks are not taken into account and do not influence the outcome.","title": "Successful pipeline tasks"}}],"success": true,"signatures": [{"keyid": "","sig": "MEQCIFQ78YKKqW5FcHcpAdeQwKgDS/Mo7tWGNvEsIaFU+8gaAiBaGO5O2kkl2eEedoP4ZiBaS720B45IeoIObcy+IgqRyQ=="},{"keyid": "","sig": "MEQCIHYpELtYjBZyeFW0mhT81Ko6wYTTi+Kr1iwU+pPtxOxeAiB6BJKk+Tmh9gdvkDL2snwVXBsjmPwd0rUaPseGWVHzCQ=="}],"attestations": [{"type": "https://in-toto.io/Statement/v0.1","predicateType": "https://slsa.dev/provenance/v0.2","predicateBuildType": "tekton.dev/v1/PipelineRun","signatures": [{"keyid": "SHA256:IhiN7gY+Z3uSSd7tmj6w5Zfhqafzdhm3DZjIvGc6iYY","sig": "MEUCIB3dH/CuxExH77jGOhngRyCwsNeug1KyBLQKKWqW0qF/AiEAw8EQ0dR5hgbJ/tlxqAA33VypQMBitTw6kMhgcR8Z/kM="}]}]},{"name": "","containerImage": "quay.io/konflux-ci/ec-golden-image@sha256:304040ca1911aa4d911bd7c6d6d07193c57dc49dbc43e63828b42ab204fb1b25","source": {},"successes": [{"msg": "Pass","metadata": {"code": "attestation_type.known_attestation_type","collections": ["minimal","redhat","redhat_rpms","slsa3"],"depends_on": ["attestation_type.pipelinerun_attestation_found"],"description": "Confirm the attestation found for the image has a known attestation type.","title": "Known attestation type found"}},{"msg": "Pass","metadata": {"code": "attestation_type.pipelinerun_attestation_found","collections": ["minimal","redhat","redhat_rpms","slsa3"],"description": "Confirm at least one PipelineRun attestation is present.","title": "PipelineRun attestation found"}},{"msg": "Pass","metadata": { "code": "builtin.attestation.signature_check","description": "The attestation signature matches available signing materials.","title": "Attestation signature check passed"}},{"msg": "Pass","metadata": {"code": "builtin.attestation.syntax_check","description": "The attestation has correct syntax.","title": "Attestation syntax check passed"}},{"msg": "Pass","metadata": {"code": "builtin.image.signature_check","description": "The image signature matches available signing materials.","title": "Image signature check passed"}},{"msg": "Pass","metadata": {"code": "slsa_build_build_service.allowed_builder_ids_provided","collections": ["slsa3","redhat","redhat_rpms","policy_data"],"description": "Confirm the `allowed_builder_ids` rule data was provided, since it is required by the policy rules in this package.","title": "Allowed builder IDs provided"}},{"msg": "Pass","metadata": {"code": "slsa_build_build_service.slsa_builder_id_accepted","collections": ["slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify that the attestation attribute predicate.builder.id is set to one of the values in the `allowed_builder_ids` rule data, e.g. \"https://tekton.dev/chains/v2\".","title": "SLSA Builder ID is known and accepted"}},{"msg": "Pass","metadata": {"code": "slsa_build_build_service.slsa_builder_id_found","collections": ["slsa3","redhat"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify that the attestation attribute predicate.builder.id is set.","title": "SLSA Builder ID found"}},{"msg": "Pass","metadata": {"code": "slsa_build_scripted_build.build_script_used","collections": ["slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify that the predicate.buildConfig.tasks.steps attribute for the task responsible for building and pushing the image is not empty.","title": "Build task contains steps"}},{"msg": "Pass","metadata": {"code": "slsa_build_scripted_build.build_task_image_results_found","collections": ["slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Confirm that a build task exists and it has the expected IMAGE_DIGEST and IMAGE_URL task results.","title": "Build task set image digest and url task results"}},{"msg": "Pass","metadata": {"code": "slsa_build_scripted_build.subject_build_task_matches","collections": ["slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify the subject of the attestations matches the IMAGE_DIGEST and IMAGE_URL values from the build task.","title": "Provenance subject matches build task image result"}},{"msg": "Pass","metadata": {"code": "slsa_provenance_available.allowed_predicate_types_provided","collections": ["minimal","slsa3","redhat","redhat_rpms","policy_data"],"description": "Confirm the `allowed_predicate_types` rule data was provided, since it is required by the policy rules in this package.","title": "Allowed predicate types provided"}},{"msg": "Pass","metadata": {"code": "slsa_provenance_available.attestation_predicate_type_accepted","collections": ["minimal","slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify that the predicateType field of the attestation indicates the in-toto SLSA Provenance format was used to attest the PipelineRun.","title": "Expected attestation predicate type found"}},{"msg": "Pass","metadata": {"code": "slsa_source_correlated.attested_source_code_reference","collections": ["minimal","slsa3","redhat"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Attestation contains source reference.","title": "Source reference"}},{"msg": "Pass","metadata": {"code": "slsa_source_correlated.expected_source_code_reference","collections": ["minimal","slsa3","redhat"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Verify that the provided source code reference is the one being attested.","title": "Expected source code reference"}},{"msg": "Pass","metadata": {"code": "slsa_source_correlated.rule_data_provided","collections": ["minimal","slsa3","redhat","redhat_rpms","policy_data"],"description": "Confirm the expected rule data keys have been provided in the expected format. The keys are `supported_vcs` and `supported_digests`.","title": "Rule data provided"}},{"msg": "Pass","metadata": {"code": "slsa_source_version_controlled.materials_format_okay","collections": ["minimal","slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Confirm at least one entry in the predicate.materials array of the attestation contains the expected attributes: uri and digest.sha1.","title": "Materials have uri and digest"}},{"msg": "Pass","metadata": {"code": "slsa_source_version_controlled.materials_include_git_sha","collections": ["minimal","slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Ensure that each entry in the predicate.materials array with a SHA-1 digest includes a valid Git commit SHA.","title": "Materials include git commit shas"}},{"msg": "Pass","metadata": {"code": "slsa_source_version_controlled.materials_uri_is_git_repo","collections": ["minimal","slsa3","redhat","redhat_rpms"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Ensure each entry in the predicate.materials array with a SHA-1 digest includes a valid Git URI.","title": "Material uri is a git repo"}},{"msg": "Pass","metadata": {"code": "tasks.pipeline_has_tasks","collections": ["minimal","redhat","redhat_rpms","slsa3"],"depends_on": ["attestation_type.known_attestation_type"],"description": "Ensure that at least one Task is present in the PipelineRun attestation.","title": "Pipeline run includes at least one task"}},{"msg": "Pass","metadata": {"code": "tasks.successful_pipeline_tasks","collections": ["minimal","redhat","redhat_rpms","slsa3"],"depends_on": ["tasks.pipeline_has_tasks"],"description": "Ensure that all of the Tasks in the Pipeline completed successfully. Note that skipped Tasks are not taken into account and do not influence the outcome.","title": "Successful pipeline tasks"}}],"success": true,"signatures": [{"keyid": "","sig": "MEUCIQD86lmOqCovYZDPKm0XxxsLgDQcFIFAv+QZxrFSHmCvQAIgTd1I005ox8MfABqsAen6PZEyg2MCEQNBCx1NLS3V0JQ="}],"attestations": [{"type": "https://in-toto.io/Statement/v0.1","predicateType": "https://slsa.dev/provenance/v0.2","predicateBuildType": "tekton.dev/v1beta1/TaskRun","signatures": [{"keyid": "SHA256:IhiN7gY+Z3uSSd7tmj6w5Zfhqafzdhm3DZjIvGc6iYY","sig": "MEUCIQDcgZIwEkLFqD7U9HrobgEC8Jo7wm+xJ5AoyO3qg+aj8QIgb9xDpjYGRMmpVk+QATeVKlHonzBiu51HtT3J+lQXPXc="}]},{"type": "https://in-toto.io/Statement/v0.1","predicateType": "https://slsa.dev/provenance/v0.2","predicateBuildType": "tekton.dev/v1beta1/PipelineRun","signatures": [{"keyid": "SHA256:IhiN7gY+Z3uSSd7tmj6w5Zfhqafzdhm3DZjIvGc6iYY","sig": "MEYCIQDKSihaAR/zAhJhR5GCqleDvfUUtvRw61vk0YeTBAnOSQIhAKa09B4yEfaSJronmWBFbu5cVPNxm17CMl/PElEz1POa"}]}]}],"key": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZP/0htjhVt2y0ohjgtIIgICOtQtA\nnaYJRuLprwIv6FDhZ5yFjYUEtsmoNcW7rx2KM6FOXGsCX3BNc7qhHELT+g==\n-----END PUBLIC KEY-----\n","policy": {"name": "Default","description": "Includes rules for levels 1, 2 & 3 of SLSA v0.1. This is the default config used for new Konflux applications. Source: https://github.com/conforma/config/blob/main/default/policy.yaml","sources": [{"name": "Default","policy": ["oci::quay.io/enterprise-contract/ec-release-policy:konflux@sha256:59c6b95c02295edb7928ef187571d26d426993fd5aae0236a03c832afbd6072a"],"data": ["git::github.com/release-engineering/rhtap-ec-policy//data?ref=67018469815ee9f81e47cfb54dae39d71ed5f389","oci::quay.io/konflux-ci/tekton-catalog/data-acceptable-bundles:latest@sha256:c7303e2d586614e47d7340ff8d7059c98c6c68fc8ca938b3448179fb8009372e", "oci::quay.io/konflux-ci/konflux-vanguard/data-acceptable-bundles:latest@sha256:0b31c7bc77a7463a1bc52f3d3625ef0e0e75443da7fd2de8005d7885282138ea","oci::quay.io/konflux-ci/integration-service-catalog/data-acceptable-bundles:latest@sha256:7b00455045ea3873a72caeb1e7ac7d036bd53963a26409891a4cc9d0d242b9fc"],"config": {"exclude": ["slsa_source_correlated.source_code_reference_provided"],"include": ["@slsa3"]}}],"publicKey": "k8s://chains-e2e-ioyw/golden-image-public-keydhabltgfvn"},"ec-version": "v0.9.25","effective-time": "2026-05-06T07:12:51.867963036Z"}----- END ----- < Exit [It] verifies ec validate accepts a list of image references - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:301 @ 05/06/26 07:13:04.135 (19.174s) > Enter [AfterEach] [enterprise-contract-suite Conforma E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:29 @ 05/06/26 07:13:04.135 < Exit [AfterEach] [enterprise-contract-suite Conforma E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:29 @ 05/06/26 07:13:04.135 (0s) > Enter [BeforeEach] verify-enterprise-contract task - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:154 @ 05/06/26 07:13:04.136 < Exit [BeforeEach] verify-enterprise-contract task - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:154 @ 05/06/26 07:13:04.163 (27ms) > Enter [It] verifies redhat products pass the redhat policy rule collection before release - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:345 @ 05/06/26 07:13:04.163 Update public key to verify golden images Creating Pipeline "verify-enterprise-contract-run-rjr2l" Waiting for pipeline "verify-enterprise-contract-run-rjr2l" to finish < Exit [It] verifies redhat products pass the redhat policy rule collection before release - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:345 @ 05/06/26 07:13:33.306 (29.144s) > Enter [AfterEach] [enterprise-contract-suite Conforma E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:29 @ 05/06/26 07:13:33.307 < Exit [AfterEach] [enterprise-contract-suite Conforma E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:29 @ 05/06/26 07:13:33.307 (0s) > Enter [BeforeEach] verify-enterprise-contract task - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:154 @ 05/06/26 07:13:33.307 < Exit [BeforeEach] verify-enterprise-contract task - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:154 @ 05/06/26 07:13:33.333 (26ms) > Enter [It] verifies the release policy: Task are trusted - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:382 @ 05/06/26 07:13:33.333 Update public key to verify golden images Creating Pipeline "verify-enterprise-contract-run-58hcj" Waiting for pipeline "verify-enterprise-contract-run-58hcj" to finish *** Logs from pod 'verify-enterprise-contract-8cd5662171c10e664b18311acc110803-pod', container 'step-report-json': ----- START -----{"success": false,"components": [{"name": "","containerImage": "quay.io/konflux-ci/ec-golden-image@sha256:304040ca1911aa4d911bd7c6d6d07193c57dc49dbc43e63828b42ab204fb1b25","source": {},"violations": [{"msg": "PipelineTask \"build-container\" uses an untrusted task reference: oci://quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.1@sha256:c3712257615d206ef40013bf1c5c681670fc8f7fd6aac9fa4c86f7afeff627ef. Please upgrade the task version to: sha256:73628c0497b9d1fb068dffb997cf7bea57ed6dfa04e892abf1d6fc7f6828050a","metadata": {"code": "trusted_task.trusted","collections": ["redhat"],"description": "Check the trust of the Tekton Tasks used in the build Pipeline. There are two modes in which trust is verified. The first mode is used if Trusted Artifacts are enabled. In this case, a chain of trust is established for all the Tasks involved in creating an artifact. If the chain contains an untrusted Task, then a violation is emitted. The second mode is used as a fallback when Trusted Artifacts are not enabled. In this case, **all** Tasks in the build Pipeline must be trusted. To exclude this rule add \"trusted_task.trusted:buildah\" to the `exclude` section of the policy configuration.","solution": "If using Trusted Artifacts, be sure every Task in the build Pipeline responsible for producing a Trusted Artifact is trusted. Otherwise, ensure **all** Tasks in the build Pipeline are trusted. Note that trust is eventually revoked from Tasks when newer versions are made available.","term": "buildah","title": "Tasks are trusted"}},{"msg": "PipelineTask \"clair-scan\" uses an untrusted task reference: oci://quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.1@sha256:fba8170329ab00b864ee7d16e0358df4c4386880e10894fd7bbbb1457112477b. Please upgrade the task version to: sha256:d3af2290595378de7f8bc73b54aa7a5fac793090e2cef4f1822d31e18a64761f","metadata": {"code": "trusted_task.trusted","collections": ["redhat"],"description": "Check the trust of the Tekton Tasks used in the build Pipeline. There are two modes in which trust is verified. The first mode is used if Trusted Artifacts are enabled. In this case, a chain of trust is established for all the Tasks involved in creating an artifact. If the chain contains an untrusted Task, then a violation is emitted. The second mode is used as a fallback when Trusted Artifacts are not enabled. In this case, **all** Tasks in the build Pipeline must be trusted. To exclude this rule add \"trusted_task.trusted:clair-scan\" to the `exclude` section of the policy configuration.","solution": "If using Trusted Artifacts, be sure every Task in the build Pipeline responsible for producing a Trusted Artifact is trusted. Otherwise, ensure **all** Tasks in the build Pipeline are trusted. Note that trust is eventually revoked from Tasks when newer versions are made available.","term": "clair-scan","title": "Tasks are trusted"}},{"msg": "PipelineTask \"clamav-scan\" uses an untrusted task reference: oci://quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.1@sha256:28b425322aa84f988c6c4f8d503787b3fb301668b2ad6728846b8f8c45ba012b. Please upgrade the task version to: sha256:1b186d53eeab12f0ae1b7aa333e9cf2b2c9dcc9751f5e940ca935a168bba5a7d","metadata": {"code": "trusted_task.trusted","collections": ["redhat"],"description": "Check the trust of the Tekton Tasks used in the build Pipeline. There are two modes in which trust is verified. The first mode is used if Trusted Artifacts are enabled. In this case, a chain of trust is established for all the Tasks involved in creating an artifact. If the chain contains an untrusted Task, then a violation is emitted. The second mode is used as a fallback when Trusted Artifacts are not enabled. In this case, **all** Tasks in the build Pipeline must be trusted. To exclude this rule add \"trusted_task.trusted:clamav-scan\" to the `exclude` section of the policy configuration.","solution": "If using Trusted Artifacts, be sure every Task in the build Pipeline responsible for producing a Trusted Artifact is trusted. Otherwise, ensure **all** Tasks in the build Pipeline are trusted. Note that trust is eventually revoked from Tasks when newer versions are made available.","term": "clamav-scan","title": "Tasks are trusted"}},{"msg": "PipelineTask \"deprecated-base-image-check\" uses an untrusted task reference: oci://quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.1@sha256:28d724dd6f6c365b2a839d9e52baac91559fd78c160774769c1ec724301f78d4. Please upgrade the task version to: sha256:409efc4464663225f96518776b3811c31ea4e988a18493a3114eedf01e0a0a17","metadata": {"code": "trusted_task.trusted","collections": ["redhat"],"description": "Check the trust of the Tekton Tasks used in the build Pipeline. There are two modes in which trust is verified. The first mode is used if Trusted Artifacts are enabled. In this case, a chain of trust is established for all the Tasks involved in creating an artifact. If the chain contains an untrusted Task, then a violation is emitted. The second mode is used as a fallback when Trusted Artifacts are not enabled. In this case, **all** Tasks in the build Pipeline must be trusted. To exclude this rule add \"trusted_task.trusted:deprecated-image-check\" to the `exclude` section of the policy configuration.","solution": "If using Trusted Artifacts, be sure every Task in the build Pipeline responsible for producing a Trusted Artifact is trusted. Otherwise, ensure **all** Tasks in the build Pipeline are trusted. Note that trust is eventually revoked from Tasks when newer versions are made available.","term": "deprecated-image-check","title": "Tasks are trusted"}},{"msg": "PipelineTask \"clone-repository\" uses an untrusted task reference: oci://quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:f4e37778cba00296606ddfbc1c58181330899cafcaa1ee41c75a7cf8bed312f0. Please upgrade the task version to: sha256:2175fdd1ab932727d7a539ef260f32a127a004c61257f974ffaf23863763de9b","metadata": {"code": "trusted_task.trusted","collections": ["redhat"],"description": "Check the trust of the Tekton Tasks used in the build Pipeline. There are two modes in which trust is verified. The first mode is used if Trusted Artifacts are enabled. In this case, a chain of trust is established for all the Tasks involved in creating an artifact. If the chain contains an untrusted Task, then a violation is emitted. The second mode is used as a fallback when Trusted Artifacts are not enabled. In this case, **all** Tasks in the build Pipeline must be trusted. To exclude this rule add \"trusted_task.trusted:git-clone\" to the `exclude` section of the policy configuration.","solution": "If using Trusted Artifacts, be sure every Task in the build Pipeline responsible for producing a Trusted Artifact is trusted. Otherwise, ensure **all** Tasks in the build Pipeline are trusted. Note that trust is eventually revoked from Tasks when newer versions are made available.","term": "git-clone","title": "Tasks are trusted"}},{"msg": "PipelineTask \"init\" uses an untrusted task reference: oci://quay.io/redhat-appstudio-tekton-catalog/task-init:0.1@sha256:5ce77110e2a49407a69a7922042dc0859f7e8f5f75dc0cd0bcc2d17860469bdb. Please upgrade the task version to: sha256:60e0a74b7f4b1166cb62672d6b6f262b4284b20ade9157a387b4a52283ccada8","metadata": {"code": "trusted_task.trusted","collections": ["redhat"],"description": "Check the trust of the Tekton Tasks used in the build Pipeline. There are two modes in which trust is verified. The first mode is used if Trusted Artifacts are enabled. In this case, a chain of trust is established for all the Tasks involved in creating an artifact. If the chain contains an untrusted Task, then a violation is emitted. The second mode is used as a fallback when Trusted Artifacts are not enabled. In this case, **all** Tasks in the build Pipeline must be trusted. To exclude this rule add \"trusted_task.trusted:init\" to the `exclude` section of the policy configuration.", "solution": "If using Trusted Artifacts, be sure every Task in the build Pipeline responsible for producing a Trusted Artifact is trusted. Otherwise, ensure **all** Tasks in the build Pipeline are trusted. Note that trust is eventually revoked from Tasks when newer versions are made available.","term": "init","title": "Tasks are trusted"}},{"msg": "PipelineTask \"sanity-inspect-image\" uses an untrusted task reference: oci://quay.io/redhat-appstudio-tekton-catalog/task-sanity-inspect-image:0.1@sha256:fd4efd9d12eea3a8d47532c4226e685618845d0ba95abb98e008020243d96301. Please upgrade the task version to: sha256:b9ad0ed56be21c9e3c8e2e636275f92d887e57681c718cd36f117eb6fa547824","metadata": {"code": "trusted_task.trusted","collections": ["redhat"],"description": "Check the trust of the Tekton Tasks used in the build Pipeline. There are two modes in which trust is verified. The first mode is used if Trusted Artifacts are enabled. In this case, a chain of trust is established for all the Tasks involved in creating an artifact. If the chain contains an untrusted Task, then a violation is emitted. The second mode is used as a fallback when Trusted Artifacts are not enabled. In this case, **all** Tasks in the build Pipeline must be trusted. To exclude this rule add \"trusted_task.trusted:sanity-inspect-image\" to the `exclude` section of the policy configuration.","solution": "If using Trusted Artifacts, be sure every Task in the build Pipeline responsible for producing a Trusted Artifact is trusted. Otherwise, ensure **all** Tasks in the build Pipeline are trusted. Note that trust is eventually revoked from Tasks when newer versions are made available.","term": "sanity-inspect-image","title": "Tasks are trusted"}},{"msg": "PipelineTask \"sanity-label-check\" uses an untrusted task reference: oci://quay.io/redhat-appstudio-tekton-catalog/task-sanity-label-check:0.1@sha256:534770bf7a7c10277ab5f9c1e7b766abbffb343cc864dd9545aecc5278257dc3. Please upgrade the task version to: sha256:dd49667be76c81264a7fb28e3b43f72c527507e5691720c6262575255cb60689","metadata": {"code": "trusted_task.trusted","collections": ["redhat"],"description": "Check the trust of the Tekton Tasks used in the build Pipeline. There are two modes in which trust is verified. The first mode is used if Trusted Artifacts are enabled. In this case, a chain of trust is established for all the Tasks involved in creating an artifact. If the chain contains an untrusted Task, then a violation is emitted. The second mode is used as a fallback when Trusted Artifacts are not enabled. In this case, **all** Tasks in the build Pipeline must be trusted. To exclude this rule add \"trusted_task.trusted:sanity-label-check\" to the `exclude` section of the policy configuration.","solution": "If using Trusted Artifacts, be sure every Task in the build Pipeline responsible for producing a Trusted Artifact is trusted. Otherwise, ensure **all** Tasks in the build Pipeline are trusted. Note that trust is eventually revoked from Tasks when newer versions are made available.","term": "sanity-label-check","title": "Tasks are trusted"}},{"msg": "PipelineTask \"sanity-optional-label-check\" uses an untrusted task reference: oci://quay.io/redhat-appstudio-tekton-catalog/task-sanity-label-check:0.1@sha256:534770bf7a7c10277ab5f9c1e7b766abbffb343cc864dd9545aecc5278257dc3. Please upgrade the task version to: sha256:dd49667be76c81264a7fb28e3b43f72c527507e5691720c6262575255cb60689","metadata": {"code": "trusted_task.trusted","collections": ["redhat"],"description": "Check the trust of the Tekton Tasks used in the build Pipeline. There are two modes in which trust is verified. The first mode is used if Trusted Artifacts are enabled. In this case, a chain of trust is established for all the Tasks involved in creating an artifact. If the chain contains an untrusted Task, then a violation is emitted. The second mode is used as a fallback when Trusted Artifacts are not enabled. In this case, **all** Tasks in the build Pipeline must be trusted. To exclude this rule add \"trusted_task.trusted:sanity-label-check\" to the `exclude` section of the policy configuration.","solution": "If using Trusted Artifacts, be sure every Task in the build Pipeline responsible for producing a Trusted Artifact is trusted. Otherwise, ensure **all** Tasks in the build Pipeline are trusted. Note that trust is eventually revoked from Tasks when newer versions are made available.","term": "sanity-label-check","title": "Tasks are trusted"}},{"msg": "PipelineTask \"sbom-json-check\" uses an untrusted task reference: oci://quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.1@sha256:ce6a0932da9b41080108284d1366fc2de8374fca5137500138e16ad9e04610c6. Please upgrade the task version to: sha256:32a7b681f947179b4df11f2e9f05f27478001247e519fa0b1a211cbf9562a205","metadata": {"code": "trusted_task.trusted","collections": ["redhat"],"description": "Check the trust of the Tekton Tasks used in the build Pipeline. There are two modes in which trust is verified. The first mode is used if Trusted Artifacts are enabled. In this case, a chain of trust is established for all the Tasks involved in creating an artifact. If the chain contains an untrusted Task, then a violation is emitted. The second mode is used as a fallback when Trusted Artifacts are not enabled. In this case, **all** Tasks in the build Pipeline must be trusted. To exclude this rule add \"trusted_task.trusted:sbom-json-check\" to the `exclude` section of the policy configuration.","solution": "If using Trusted Artifacts, be sure every Task in the build Pipeline responsible for producing a Trusted Artifact is trusted. Otherwise, ensure **all** Tasks in the build Pipeline are trusted. Note that trust is eventually revoked from Tasks when newer versions are made available.","term": "sbom-json-check","title": "Tasks are trusted"}},{"msg": "PipelineTask \"show-summary\" uses an untrusted task reference: oci://quay.io/redhat-appstudio-tekton-catalog/task-summary:0.1@sha256:c0f66b28c338426774e34a8d4a00349fbab798b19df5841a95727148d5ef3c65. Please upgrade the task version to: sha256:4d7a2201ce4cb6dca8a48f4d9d4e02d5d3b57ef8eb99009675f1a34f2923ae49","metadata": {"code": "trusted_task.trusted","collections": ["redhat"],"description": "Check the trust of the Tekton Tasks used in the build Pipeline. There are two modes in which trust is verified. The first mode is used if Trusted Artifacts are enabled. In this case, a chain of trust is established for all the Tasks involved in creating an artifact. If the chain contains an untrusted Task, then a violation is emitted. The second mode is used as a fallback when Trusted Artifacts are not enabled. In this case, **all** Tasks in the build Pipeline must be trusted. To exclude this rule add \"trusted_task.trusted:summary\" to the `exclude` section of the policy configuration.","solution": "If using Trusted Artifacts, be sure every Task in the build Pipeline responsible for producing a Trusted Artifact is trusted. Otherwise, ensure **all** Tasks in the build Pipeline are trusted. Note that trust is eventually revoked from Tasks when newer versions are made available.","term": "summary","title": "Tasks are trusted"}}],"successes": [{"msg": "Pass","metadata": {"code": "builtin.attestation.signature_check","description": "The attestation signature matches available signing materials.","title": "Attestation signature check passed"}},{"msg": "Pass","metadata": {"code": "builtin.attestation.syntax_check","description": "The attestation has correct syntax.","title": "Attestation syntax check passed"}},{"msg": "Pass","metadata": {"code": "builtin.image.signature_check","description": "The image signature matches available signing materials.","title": "Image signature check passed"}}],"success": false,"signatures": [{"keyid": "","sig": "MEUCIQD86lmOqCovYZDPKm0XxxsLgDQcFIFAv+QZxrFSHmCvQAIgTd1I005ox8MfABqsAen6PZEyg2MCEQNBCx1NLS3V0JQ="}],"attestations": [{ "type": "https://in-toto.io/Statement/v0.1","predicateType": "https://slsa.dev/provenance/v0.2","predicateBuildType": "tekton.dev/v1beta1/TaskRun","signatures": [{"keyid": "SHA256:IhiN7gY+Z3uSSd7tmj6w5Zfhqafzdhm3DZjIvGc6iYY","sig": "MEUCIQDcgZIwEkLFqD7U9HrobgEC8Jo7wm+xJ5AoyO3qg+aj8QIgb9xDpjYGRMmpVk+QATeVKlHonzBiu51HtT3J+lQXPXc="}]},{"type": "https://in-toto.io/Statement/v0.1","predicateType": "https://slsa.dev/provenance/v0.2","predicateBuildType": "tekton.dev/v1beta1/PipelineRun","signatures": [{"keyid": "SHA256:IhiN7gY+Z3uSSd7tmj6w5Zfhqafzdhm3DZjIvGc6iYY","sig": "MEYCIQDKSihaAR/zAhJhR5GCqleDvfUUtvRw61vk0YeTBAnOSQIhAKa09B4yEfaSJronmWBFbu5cVPNxm17CMl/PElEz1POa"}]}]}],"key": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZP/0htjhVt2y0ohjgtIIgICOtQtA\nnaYJRuLprwIv6FDhZ5yFjYUEtsmoNcW7rx2KM6FOXGsCX3BNc7qhHELT+g==\n-----END PUBLIC KEY-----\n","policy": {"name": "Default","description": "Includes rules for levels 1, 2 & 3 of SLSA v0.1. This is the default config used for new Konflux applications. Source: https://github.com/conforma/config/blob/main/default/policy.yaml","sources": [{"name": "Default","policy": ["oci::quay.io/enterprise-contract/ec-release-policy:konflux@sha256:59c6b95c02295edb7928ef187571d26d426993fd5aae0236a03c832afbd6072a"],"data": ["git::github.com/release-engineering/rhtap-ec-policy//data?ref=67018469815ee9f81e47cfb54dae39d71ed5f389","oci::quay.io/konflux-ci/tekton-catalog/data-acceptable-bundles:latest@sha256:c7303e2d586614e47d7340ff8d7059c98c6c68fc8ca938b3448179fb8009372e","oci::quay.io/konflux-ci/konflux-vanguard/data-acceptable-bundles:latest@sha256:0b31c7bc77a7463a1bc52f3d3625ef0e0e75443da7fd2de8005d7885282138ea","oci::quay.io/konflux-ci/integration-service-catalog/data-acceptable-bundles:latest@sha256:7b00455045ea3873a72caeb1e7ac7d036bd53963a26409891a4cc9d0d242b9fc"],"config": {"include": ["trusted_task.trusted"]}}],"publicKey": "k8s://chains-e2e-ioyw/golden-image-public-keyqreitnosvj"},"ec-version": "v0.9.25","effective-time": "2026-05-06T07:13:38.887053918Z"}----- END ----- < Exit [It] verifies the release policy: Task are trusted - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:382 @ 05/06/26 07:13:47.475 (14.142s) > Enter [AfterEach] [enterprise-contract-suite Conforma E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:29 @ 05/06/26 07:13:47.475 < Exit [AfterEach] [enterprise-contract-suite Conforma E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:29 @ 05/06/26 07:13:47.475 (0s) > Enter [BeforeEach] verify-enterprise-contract task - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:154 @ 05/06/26 07:13:47.476 < Exit [BeforeEach] verify-enterprise-contract task - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:154 @ 05/06/26 07:13:47.492 (16ms) > Enter [It] verifies the release policy: Task references are pinned - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:422 @ 05/06/26 07:13:47.492 Update public <key to verify unpinned task image Creating Pipeline "verify-enterprise-contract-run-6sk95" Waiting for pipeline "verify-enterprise-contract-run-6sk95" to finish *** Logs from pod 'verify-enterprise-contract-5cc4ee65bc3048e09ee0c8ff77f3e8e3-pod', container 'step-report-json': ----- START -----{"success": true,"components": [{"name": "","containerImage": "quay.io/redhat-appstudio-qe/enterprise-contract-tests@sha256:c1a2330b0117c4ccd642ba95539a499ae54f0282b124f0514ee57b274d674f10","source": {},"warnings": [{"msg": "Pipeline task \"build-container\" uses an unpinned task reference, oci://quay.io/redhat-appstudio/appstudio-tasks:8be37c13984bc3f8af4d6314d87b1ec5e494b6ca-1@","metadata": {"code": "trusted_task.pinned","collections": ["redhat","redhat_rpms"],"description": "Check if all Tekton Tasks use a Task definition by a pinned reference. When using the git resolver, a commit ID is expected for the revision parameter. When using the bundles resolver, the bundle parameter is expected to include an image reference with a digest.","solution": "Update the Pipeline definition so that all Task references have a pinned value as mentioned in the description.","term": "buildah","title": "Task references are pinned"}},{"msg": "Pipeline task \"clamav-scan\" uses an unpinned task reference, oci://quay.io/redhat-appstudio/appstudio-tasks:8be37c13984bc3f8af4d6314d87b1ec5e494b6ca-1@","metadata": {"code": "trusted_task.pinned","collections": ["redhat","redhat_rpms"],"description": "Check if all Tekton Tasks use a Task definition by a pinned reference. When using the git resolver, a commit ID is expected for the revision parameter. When using the bundles resolver, the bundle parameter is expected to include an image reference with a digest.","solution": "Update the Pipeline definition so that all Task references have a pinned value as mentioned in the description.","term": "clamav-scan","title": "Task references are pinned"}},{"msg": "Pipeline task \"appstudio-configure-build\" uses an unpinned task reference, oci://quay.io/redhat-appstudio/appstudio-tasks:8be37c13984bc3f8af4d6314d87b1ec5e494b6ca-1@","metadata": {"code": "trusted_task.pinned","collections": ["redhat","redhat_rpms"],"description": "Check if all Tekton Tasks use a Task definition by a pinned reference. When using the git resolver, a commit ID is expected for the revision parameter. When using the bundles resolver, the bundle parameter is expected to include an image reference with a digest.","solution": "Update the Pipeline definition so that all Task references have a pinned value as mentioned in the description.","term": "configure-build","title": "Task references are pinned"}},{"msg": "Pipeline task \"conftest-clair\" uses an unpinned task reference, oci://quay.io/redhat-appstudio/appstudio-tasks:8be37c13984bc3f8af4d6314d87b1ec5e494b6ca-1@","metadata": {"code": "trusted_task.pinned","collections": ["redhat","redhat_rpms"],"description": "Check if all Tekton Tasks use a Task definition by a pinned reference. When using the git resolver, a commit ID is expected for the revision parameter. When using the bundles resolver, the bundle parameter is expected to include an image reference with a digest.","solution": "Update the Pipeline definition so that all Task references have a pinned value as mentioned in the description.","term": "conftest-clair","title": "Task references are pinned"}},{"msg": "Pipeline task \"deprecated-base-image-check\" uses an unpinned task reference, oci://quay.io/redhat-appstudio/appstudio-tasks:8be37c13984bc3f8af4d6314d87b1ec5e494b6ca-1@","metadata": {"code": "trusted_task.pinned","collections": ["redhat","redhat_rpms"],"description": "Check if all Tekton Tasks use a Task definition by a pinned reference. When using the git resolver, a commit ID is expected for the revision parameter. When using the bundles resolver, the bundle parameter is expected to include an image reference with a digest.","solution": "Update the Pipeline definition so that all Task references have a pinned value as mentioned in the description.","term": "deprecated-image-check","title": "Task references are pinned"}},{"msg": "Pipeline task \"get-clair-results\" uses an unpinned task reference, oci://quay.io/redhat-appstudio/appstudio-tasks:8be37c13984bc3f8af4d6314d87b1ec5e494b6ca-1@","metadata": {"code": "trusted_task.pinned","collections": ["redhat","redhat_rpms"],"description": "Check if all Tekton Tasks use a Task definition by a pinned reference. When using the git resolver, a commit ID is expected for the revision parameter. When using the bundles resolver, the bundle parameter is expected to include an image reference with a digest.","solution": "Update the Pipeline definition so that all Task references have a pinned value as mentioned in the description.","term": "get-clair-scan","title": "Task references are pinned"}},{"msg": "Pipeline task \"clone-repository\" uses an unpinned task reference, oci://quay.io/redhat-appstudio/appstudio-tasks:8be37c13984bc3f8af4d6314d87b1ec5e494b6ca-1@","metadata": {"code": "trusted_task.pinned","collections": ["redhat","redhat_rpms"],"description": "Check if all Tekton Tasks use a Task definition by a pinned reference. When using the git resolver, a commit ID is expected for the revision parameter. When using the bundles resolver, the bundle parameter is expected to include an image reference with a digest.","solution": "Update the Pipeline definition so that all Task references have a pinned value as mentioned in the description.","term": "git-clone","title": "Task references are pinned"}},{"msg": "Pipeline task \"hacbs-test-evaluation\" uses an unpinned task reference, oci://quay.io/redhat-appstudio/appstudio-tasks:8be37c13984bc3f8af4d6314d87b1ec5e494b6ca-1@","metadata": {"code": "trusted_task.pinned","collections": ["redhat","redhat_rpms"],"description": "Check if all Tekton Tasks use a Task definition by a pinned reference. When using the git resolver, a commit ID is expected for the revision parameter. When using the bundles resolver, the bundle parameter is expected to include an image reference with a digest.","solution": "Update the Pipeline definition so that all Task references have a pinned value as mentioned in the description.","term": "hacbs-test-evaluation","title": "Task references are pinned"}},{"msg": "Pipeline task \"appstudio-init\" uses an unpinned task reference, oci://quay.io/redhat-appstudio/appstudio-tasks:8be37c13984bc3f8af4d6314d87b1ec5e494b6ca-1@","metadata": {"code": "trusted_task.pinned","collections": ["redhat","redhat_rpms"],"description": "Check if all Tekton Tasks use a Task definition by a pinned reference. When using the git resolver, a commit ID is expected for the revision parameter. When using the bundles resolver, the bundle parameter is expected to include an image reference with a digest.","solution": "Update the Pipeline definition so that all Task references have a pinned value as mentioned in the description.","term": "init","title": "Task references are pinned"}},{"msg": "Pipeline task \"sanity-inspect-image\" uses an unpinned task reference, oci://quay.io/redhat-appstudio/appstudio-tasks:8be37c13984bc3f8af4d6314d87b1ec5e494b6ca-2@","metadata": {"code": "trusted_task.pinned","collections": ["redhat","redhat_rpms"],"description": "Check if all Tekton Tasks use a Task definition by a pinned reference. When using the git resolver, a commit ID is expected for the revision parameter. When using the bundles resolver, the bundle parameter is expected to include an image reference with a digest.","solution": "Update the Pipeline definition so that all Task references have a pinned value as mentioned in the description.","term": "sanity-inspect-image","title": "Task references are pinned"}},{"msg": "Pipeline task \"sanity-label-check\" uses an unpinned task reference, oci://quay.io/redhat-appstudio/appstudio-tasks:8be37c13984bc3f8af4d6314d87b1ec5e494b6ca-2@","metadata": {"code": "trusted_task.pinned","collections": ["redhat","redhat_rpms"],"description": "Check if all Tekton Tasks use a Task definition by a pinned reference. When using the git resolver, a commit ID is expected for the revision parameter. When using the bundles resolver, the bundle parameter is expected to include an image reference with a digest.", "solution": "Update the Pipeline definition so that all Task references have a pinned value as mentioned in the description.","term": "sanity-label-check","title": "Task references are pinned"}},{"msg": "Pipeline task \"sanity-optional-label-check\" uses an unpinned task reference, oci://quay.io/redhat-appstudio/appstudio-tasks:8be37c13984bc3f8af4d6314d87b1ec5e494b6ca-2@","metadata": {"code": "trusted_task.pinned","collections": ["redhat","redhat_rpms"],"description": "Check if all Tekton Tasks use a Task definition by a pinned reference. When using the git resolver, a commit ID is expected for the revision parameter. When using the bundles resolver, the bundle parameter is expected to include an image reference with a digest.","solution": "Update the Pipeline definition so that all Task references have a pinned value as mentioned in the description.","term": "sanity-label-check","title": "Task references are pinned"}},{"msg": "Pipeline task \"sast-go\" uses an unpinned task reference, oci://quay.io/redhat-appstudio/appstudio-tasks:8be37c13984bc3f8af4d6314d87b1ec5e494b6ca-2@","metadata": {"code": "trusted_task.pinned","collections": ["redhat","redhat_rpms"],"description": "Check if all Tekton Tasks use a Task definition by a pinned reference. When using the git resolver, a commit ID is expected for the revision parameter. When using the bundles resolver, the bundle parameter is expected to include an image reference with a digest.","solution": "Update the Pipeline definition so that all Task references have a pinned value as mentioned in the description.","term": "sast-go","title": "Task references are pinned"}},{"msg": "Pipeline task \"sast-java-sec-check\" uses an unpinned task reference, oci://quay.io/redhat-appstudio/appstudio-tasks:8be37c13984bc3f8af4d6314d87b1ec5e494b6ca-2@","metadata": {"code": "trusted_task.pinned","collections": ["redhat","redhat_rpms"],"description": "Check if all Tekton Tasks use a Task definition by a pinned reference. When using the git resolver, a commit ID is expected for the revision parameter. When using the bundles resolver, the bundle parameter is expected to include an image reference with a digest.","solution": "Update the Pipeline definition so that all Task references have a pinned value as mentioned in the description.","term": "sast-java-sec-check","title": "Task references are pinned"}},{"msg": "Pipeline task \"sast-snyk-check\" uses an unpinned task reference, oci://quay.io/redhat-appstudio/appstudio-tasks:8be37c13984bc3f8af4d6314d87b1ec5e494b6ca-2@","metadata": {"code": "trusted_task.pinned","collections": ["redhat","redhat_rpms"],"description": "Check if all Tekton Tasks use a Task definition by a pinned reference. When using the git resolver, a commit ID is expected for the revision parameter. When using the bundles resolver, the bundle parameter is expected to include an image reference with a digest.","solution": "Update the Pipeline definition so that all Task references have a pinned value as mentioned in the description.","term": "sast-snyk-check","title": "Task references are pinned"}},{"msg": "Pipeline task \"show-summary\" uses an unpinned task reference, oci://quay.io/redhat-appstudio/appstudio-tasks:8be37c13984bc3f8af4d6314d87b1ec5e494b6ca-2@","metadata": {"code": "trusted_task.pinned","collections": ["redhat","redhat_rpms"],"description": "Check if all Tekton Tasks use a Task definition by a pinned reference. When using the git resolver, a commit ID is expected for the revision parameter. When using the bundles resolver, the bundle parameter is expected to include an image reference with a digest.","solution": "Update the Pipeline definition so that all Task references have a pinned value as mentioned in the description.","term": "summary","title": "Task references are pinned"}}],"successes": [{"msg": "Pass","metadata": {"code": "builtin.attestation.signature_check","description": "The attestation signature matches available signing materials.","title": "Attestation signature check passed"}},{"msg": "Pass","metadata": {"code": "builtin.attestation.syntax_check","description": "The attestation has correct syntax.","title": "Attestation syntax check passed"}},{"msg": "Pass","metadata": {"code": "builtin.image.signature_check","description": "The image signature matches available signing materials.","title": "Image signature check passed"}}],"success": true,"signatures": [{"keyid": "","sig": "MEYCIQD0M+eFk8KPeOHvC6GNIQkaJGZvtOvvDqBvzi+qYgiS2gIhAP7stpq7Nl9vpF4tjqLC7/gr6t5yXc9Y353Btfe3DcEM"},{"keyid": "","sig": "MEUCIDkj9PKADlbayhD4DIUm5SRw2pCzSTeak1dJHAZOyQyQAiEApp4BQneeSKSbKbojFEzeJbVTPGBQrA7QnTzTblnU7nE="}],"attestations": [{"type": "https://in-toto.io/Statement/v0.1","predicateType": "https://slsa.dev/provenance/v0.2","predicateBuildType": "https://tekton.dev/attestations/chains@v2","signatures": [{"keyid": "SHA256:w1ABTR6Lt6NlJapY8sIR8F2BvXZ6qn2q+GrC+jWwpqE","sig": "MEQCICXkO7VwYxRHIYd+EbSeIvN+tKMyM4YSZkbUewMSefclAiBCoWnkdF5X4z6rY2YnOlwF5NrrPJh4f/tIvGJe1E3HIQ=="}]},{"type": "https://in-toto.io/Statement/v0.1","predicateType": "https://slsa.dev/provenance/v0.2","predicateBuildType": "https://tekton.dev/attestations/chains@v2","signatures": [{"keyid": "SHA256:w1ABTR6Lt6NlJapY8sIR8F2BvXZ6qn2q+GrC+jWwpqE","sig": "MEUCIQCmcnxF+boyOwR1RSLnZHUJgGtuQ5y0pm+hBjAhyb9TOwIgTtn/WYNIDWeW9WEALawsVBBtcsdeG91wuwIHpYo2zpc="}]},{"type": "https://in-toto.io/Statement/v0.1","predicateType": "https://slsa.dev/provenance/v0.2","predicateBuildType": "https://tekton.dev/attestations/chains/pipelinerun@v2","signatures": [{"keyid": "SHA256:w1ABTR6Lt6NlJapY8sIR8F2BvXZ6qn2q+GrC+jWwpqE","sig": "MEUCIQCrK8Zvo5I45A0j/gvxmsJV30nb6/iQxQVeOMhELH964AIgXm12BtB+JHO5YWoFZAAAR+yMrpgeNBvn5vvVLYoYpHA="}]}]}],"key": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEPfwkY/ru2JRd6FSqIp7lT3gzjaEC\nEAg+paWtlme2KNcostCsmIbwz+bc2aFV+AxCOpRjRpp3vYrbS5KhkmgC1Q==\n-----END PUBLIC KEY-----\n","policy": {"name": "Default","description": "Includes rules for levels 1, 2 & 3 of SLSA v0.1. This is the default config used for new Konflux applications. Source: https://github.com/conforma/config/blob/main/default/policy.yaml","sources": [{"name": "Default","policy": ["oci::quay.io/enterprise-contract/ec-release-policy:konflux@sha256:59c6b95c02295edb7928ef187571d26d426993fd5aae0236a03c832afbd6072a"],"data": ["git::github.com/release-engineering/rhtap-ec-policy//data?ref=67018469815ee9f81e47cfb54dae39d71ed5f389","oci::quay.io/konflux-ci/tekton-catalog/data-acceptable-bundles:latest@sha256:c7303e2d586614e47d7340ff8d7059c98c6c68fc8ca938b3448179fb8009372e","oci::quay.io/konflux-ci/konflux-vanguard/data-acceptable-bundles:latest@sha256:0b31c7bc77a7463a1bc52f3d3625ef0e0e75443da7fd2de8005d7885282138ea","oci::quay.io/konflux-ci/integration-service-catalog/data-acceptable-bundles:latest@sha256:7b00455045ea3873a72caeb1e7ac7d036bd53963a26409891a4cc9d0d242b9fc"],"config": {"include": ["trusted_task.pinned"]}}],"publicKey": "k8s://chains-e2e-ioyw/unpinned-task-bundle-public-keyurpdbswdja"},"ec-version": "v0.9.25","effective-time": "2026-05-06T07:13:54.002995241Z"}----- END ----- < Exit [It] verifies the release policy: Task references are pinned - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:422 @ 05/06/26 07:14:02.606 (15.114s) > Enter [AfterEach] [enterprise-contract-suite Conforma E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:29 @ 05/06/26 07:14:02.606 < Exit [AfterEach] [enterprise-contract-suite Conforma E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/enterprise-contract/contract.go:29 @ 05/06/26 07:14:02.606 (0s) > Enter [BeforeAll] Gitlab with status reporting of Integration tests in the assosiated merge request - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:45 @ 05/06/26 07:02:05.767 < Exit [BeforeAll] Gitlab with status reporting of Integration tests in the assosiated merge request - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:45 @ 05/06/26 07:02:46.917 (41.15s) > Enter [BeforeAll] when a new Component with specified custom branch is created - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:109 @ 05/06/26 07:02:46.917 Image repository for component test-comp-pac-gitlab-numpid in namespace gitlab-rep-bjaj do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. Image repository for component test-comp-pac-gitlab-numpid in namespace gitlab-rep-bjaj do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. < Exit [BeforeAll] when a new Component with specified custom branch is created - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:109 @ 05/06/26 07:03:07.055 (20.139s) > Enter [It] triggers a Build PipelineRun - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:130 @ 05/06/26 07:03:07.056 Build PipelineRun has not been created yet for the component gitlab-rep-bjaj/test-comp-pac-gitlab-numpid Build PipelineRun has not been created yet for the component gitlab-rep-bjaj/test-comp-pac-gitlab-numpid < Exit [It] triggers a Build PipelineRun - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:130 @ 05/06/26 07:03:47.153 (40.098s) > Enter [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:42 @ 05/06/26 07:03:47.154 < Exit [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:42 @ 05/06/26 07:03:47.154 (0s) > Enter [It] does not contain an annotation with a Snapshot Name - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:144 @ 05/06/26 07:03:47.154 < Exit [It] does not contain an annotation with a Snapshot Name - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:144 @ 05/06/26 07:03:47.154 (0s) > Enter [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:42 @ 05/06/26 07:03:47.155 < Exit [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:42 @ 05/06/26 07:03:47.155 (0s) > Enter [It] should lead to build PipelineRun finishing successfully - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:148 @ 05/06/26 07:03:47.155 PipelineRun test-comp-pac-gitlab-numpid-on-pull-request-gwrv6 found for Component gitlab-rep-bjaj/test-comp-pac-gitlab-numpid PipelineRun test-comp-pac-gitlab-numpid-on-pull-request-gwrv6 reason: ResolvingTaskRef PipelineRun test-comp-pac-gitlab-numpid-on-pull-request-gwrv6 reason: Cancelled an error happened during storing pipelineRun log gitlab-rep-bjaj:test-comp-pac-gitlab-numpid-on-pull-request-gwrv6: container "prepare" in pod "test-comp-pac-gitlab-numpid-on-pull-request-mvlcd-init-pod" is waiting to start: PodInitializing failed to get logs for PipelineRun gitlab-rep-bjaj:test-comp-pac-gitlab-numpid-on-pull-request-gwrv6: container "prepare" in pod "test-comp-pac-gitlab-numpid-on-pull-request-mvlcd-init-pod" is waiting to start: PodInitializing attempt 1/3: PipelineRun "test-comp-pac-gitlab-numpid-on-pull-request-gwrv6" failed: pod: test-comp-pac-gitlab-numpid-on-pull-request-mvlcd-init-pod | init container: prepare New PipelineRun test-comp-pac-gitlab-numpid-on-pull-request-mhqr8 found after retrigger for component gitlab-rep-bjaj/test-comp-pac-gitlab-numpid PipelineRun test-comp-pac-gitlab-numpid-on-pull-request-mhqr8 found for Component gitlab-rep-bjaj/test-comp-pac-gitlab-numpid PipelineRun test-comp-pac-gitlab-numpid-on-pull-request-mhqr8 reason: ResolvingTaskRef PipelineRun test-comp-pac-gitlab-numpid-on-pull-request-mhqr8 reason: Running PipelineRun test-comp-pac-gitlab-numpid-on-pull-request-mhqr8 reason: Running PipelineRun test-comp-pac-gitlab-numpid-on-pull-request-mhqr8 reason: Running PipelineRun test-comp-pac-gitlab-numpid-on-pull-request-mhqr8 reason: Running PipelineRun test-comp-pac-gitlab-numpid-on-pull-request-mhqr8 reason: Running PipelineRun test-comp-pac-gitlab-numpid-on-pull-request-mhqr8 reason: Running PipelineRun test-comp-pac-gitlab-numpid-on-pull-request-mhqr8 reason: Running PipelineRun test-comp-pac-gitlab-numpid-on-pull-request-mhqr8 reason: Running PipelineRun test-comp-pac-gitlab-numpid-on-pull-request-mhqr8 reason: Running PipelineRun test-comp-pac-gitlab-numpid-on-pull-request-mhqr8 reason: Running PipelineRun test-comp-pac-gitlab-numpid-on-pull-request-mhqr8 reason: Running PipelineRun test-comp-pac-gitlab-numpid-on-pull-request-mhqr8 reason: Running PipelineRun test-comp-pac-gitlab-numpid-on-pull-request-mhqr8 reason: Running PipelineRun test-comp-pac-gitlab-numpid-on-pull-request-mhqr8 reason: PipelineRunStopping PipelineRun test-comp-pac-gitlab-numpid-on-pull-request-mhqr8 reason: PipelineRunStopping PipelineRun test-comp-pac-gitlab-numpid-on-pull-request-mhqr8 reason: PipelineRunStopping PipelineRun test-comp-pac-gitlab-numpid-on-pull-request-mhqr8 reason: PipelineRunStopping PipelineRun test-comp-pac-gitlab-numpid-on-pull-request-mhqr8 reason: PipelineRunStopping PipelineRun test-comp-pac-gitlab-numpid-on-pull-request-mhqr8 reason: PipelineRunStopping PipelineRun test-comp-pac-gitlab-numpid-on-pull-request-mhqr8 reason: PipelineRunStopping PipelineRun test-comp-pac-gitlab-numpid-on-pull-request-mhqr8 reason: PipelineRunStopping PipelineRun test-comp-pac-gitlab-numpid-on-pull-request-mhqr8 reason: PipelineRunStopping PipelineRun test-comp-pac-gitlab-numpid-on-pull-request-mhqr8 reason: Failed attempt 2/3: PipelineRun "test-comp-pac-gitlab-numpid-on-pull-request-mhqr8" failed: pod: test-comp-pac-gitlab-numpid-on-pull-request-mhqr8-init-pod | init container: prepare 2026/05/06 07:04:34 Entrypoint initialization pod: test-comp-pac-gitlab-numpid-on-pull-request-mhqr8-init-pod | container step-init: time="2026-05-06T07:04:37Z" level=info msg="[param] enable: false" time="2026-05-06T07:04:37Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-05-06T07:04:37Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-05-06T07:04:37Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-05-06T07:04:37Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-05-06T07:04:37Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-05-06T07:04:37Z" level=info msg="Cache proxy is disabled via param" time="2026-05-06T07:04:37Z" level=info msg="[result] HTTP PROXY: " time="2026-05-06T07:04:37Z" level=info msg="[result] NO PROXY: " pod: test-comp-pac-gitlab-numpid-on-pull-request-mvlcd-init-pod | init container: prepare 2026/05/06 07:04:10 Entrypoint initialization pod: test-comp-pac-gitlab-numpid-on-pull-request-mvlcd-init-pod | container step-init: time="2026-05-06T07:04:12Z" level=info msg="[param] enable: false" time="2026-05-06T07:04:12Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-05-06T07:04:12Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-05-06T07:04:12Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-05-06T07:04:12Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-05-06T07:04:12Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-05-06T07:04:12Z" level=info msg="Cache proxy is disabled via param" time="2026-05-06T07:04:12Z" level=info msg="[result] HTTP PROXY: " time="2026-05-06T07:04:12Z" level=info msg="[result] NO PROXY: " pod: test-comp-pac-gitlab-numpid4c4a3706607d6e1d446c06fda6140309-pod | init container: prepare 2026/05/06 07:09:06 Entrypoint initialization pod: test-comp-pac-gitlab-numpid4c4a3706607d6e1d446c06fda6140309-pod | init container: place-scripts 2026/05/06 07:09:07 Decoded script /tekton/scripts/script-0-8ll5l 2026/05/06 07:09:07 Decoded script /tekton/scripts/script-1-4sdz2 2026/05/06 07:09:07 Decoded script /tekton/scripts/script-2-2jjc4 2026/05/06 07:09:07 Decoded script /tekton/scripts/script-3-mt7kh 2026/05/06 07:09:07 Decoded script /tekton/scripts/script-4-hlj6m 2026/05/06 07:09:07 Decoded script /tekton/scripts/script-5-2sbmw pod: test-comp-pac-gitlab-numpid4c4a3706607d6e1d446c06fda6140309-pod | container step-introspect: Artifact type will be determined by introspection. Checking the media type of the OCI artifact... [retry] executing: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/gitlab-rep-bjaj/test-comp-pac-gitlab-numpid:on-pr-3088a88a301aa20bd4aeaef2824009a65fb436be The media type of the OCI artifact is application/vnd.docker.distribution.manifest.v2+json. Looking for image labels that indicate this might be an operator bundle... [retry] executing: skopeo inspect --retry-times 3 docker://quay.io/redhat-appstudio-qe/gitlab-rep-bjaj/test-comp-pac-gitlab-numpid:on-pr-3088a88a301aa20bd4aeaef2824009a65fb436be Found 0 matching labels. Expecting 3 or more to identify this image as an operator bundle. Introspection concludes that this artifact is of type "application". pod: test-comp-pac-gitlab-numpid4c4a3706607d6e1d446c06fda6140309-pod | container step-generate-container-auth: Selecting auth for quay.io/redhat-appstudio-qe/gitlab-rep-bjaj/test-comp-pac-gitlab-numpid:on-pr-3088a88a301aa20bd4aeaef2824009a65fb436be Using token for quay.io/redhat-appstudio-qe/gitlab-rep-bjaj/test-comp-pac-gitlab-numpid Auth json written to "/auth/auth.json". pod: test-comp-pac-gitlab-numpid4c4a3706607d6e1d446c06fda6140309-pod | container step-set-skip-for-bundles: 2026/05/06 07:09:13 INFO Step was skipped due to when expressions were evaluated to false. pod: test-comp-pac-gitlab-numpid4c4a3706607d6e1d446c06fda6140309-pod | container step-app-check: time="2026-05-06T07:09:13Z" level=info msg="certification library version" version="1.17.2 <commit: eb87e5b2d67ad110a0afe8edfb16f445e0877c4e>" time="2026-05-06T07:09:13Z" level=info msg="running checks for quay.io/redhat-appstudio-qe/gitlab-rep-bjaj/test-comp-pac-gitlab-numpid:on-pr-3088a88a301aa20bd4aeaef2824009a65fb436be for platform amd64" time="2026-05-06T07:09:13Z" level=info msg="target image" image="quay.io/redhat-appstudio-qe/gitlab-rep-bjaj/test-comp-pac-gitlab-numpid:on-pr-3088a88a301aa20bd4aeaef2824009a65fb436be" time="2026-05-06T07:09:21Z" level=info msg="warning: licenses directory does not exist or all of its children are empty directories: error when checking for /licenses: stat /tmp/preflight-3110943014/fs/licenses: no such file or directory" check=HasLicense time="2026-05-06T07:09:21Z" level=info msg="check completed" check=HasLicense result=FAILED time="2026-05-06T07:09:21Z" level=info msg="check completed" check=HasUniqueTag result=PASSED time="2026-05-06T07:09:21Z" level=info msg="check completed" check=LayerCountAcceptable result=PASSED time="2026-05-06T07:09:21Z" level=info msg="check completed" check=HasNoProhibitedPackages result=PASSED time="2026-05-06T07:09:21Z" level=info msg="check completed" check=HasRequiredLabel result=PASSED time="2026-05-06T07:09:21Z" level=info msg="USER 185 specified that is non-root" check=RunAsNonRoot time="2026-05-06T07:09:21Z" level=info msg="check completed" check=RunAsNonRoot result=PASSED time="2026-05-06T07:09:30Z" level=info msg="check completed" check=HasModifiedFiles result=PASSED time="2026-05-06T07:09:30Z" level=info msg="check completed" check=BasedOnUbi result=PASSED time="2026-05-06T07:09:30Z" level=info msg="This image's tag on-pr-3088a88a301aa20bd4aeaef2824009a65fb436be will be paired with digest sha256:d43206831ebce8c74b49a5483ba53a9d22b3fdcfd89f75be787c566537d82558 once this image has been published in accordance with Red Hat Certification policy. You may then add or remove any supplemental tags through your Red Hat Connect portal as you see fit." { "image": "quay.io/redhat-appstudio-qe/gitlab-rep-bjaj/test-comp-pac-gitlab-numpid:on-pr-3088a88a301aa20bd4aeaef2824009a65fb436be", "passed": false, "test_library": { "name": "github.com/redhat-openshift-ecosystem/openshift-preflight", "version": "1.17.2", "commit": "eb87e5b2d67ad110a0afe8edfb16f445e0877c4e" }, "results": { "passed": [ { "name": "HasUniqueTag", "elapsed_time": 0, "description": "Checking if container has a tag other than 'latest', so that the image can be uniquely identified." }, { "name": "LayerCountAcceptable", "elapsed_time": 0, "description": "Checking if container has less than 40 layers. Too many layers within the container images can degrade container performance." }, { "name": "HasNoProhibitedPackages", "elapsed_time": 37, "description": "Checks to ensure that the image in use does not include prohibited packages, such as Red Hat Enterprise Linux (RHEL) kernel packages." }, { "name": "HasRequiredLabel", "elapsed_time": 0, "description": "Checking if the required labels (name, vendor, version, release, summary, description, maintainer) are present in the container metadata" }, { "name": "RunAsNonRoot", "elapsed_time": 0, "description": "Checking if container runs as the root user because a container that does not specify a non-root user will fail the automatic certification, and will be subject to a manual review before the container can be approved for publication" }, { "name": "HasModifiedFiles", "elapsed_time": 8762, "description": "Checks that no files installed via RPM in the base Red Hat layer have been modified" }, { "name": "BasedOnUbi", "elapsed_time": 151, "description": "Checking if the container's base image is based upon the Red Hat Universal Base Image (UBI)" } ], "failed": [ { "name": "HasLicense", "elapsed_time": 0, "description": "Checking if terms and conditions applicable to the software including open source licensing information are present. The license must be at /licenses", "help": "Check HasLicense encountered an error. Please review the preflight.log file for more information.", "suggestion": "Create a directory named /licenses and include all relevant licensing and/or terms and conditions as text file(s) in that directory.", "knowledgebase_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction", "check_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction" } ], "errors": [] } } time="2026-05-06T07:09:30Z" level=info msg="Preflight result: FAILED" pod: test-comp-pac-gitlab-numpid4c4a3706607d6e1d446c06fda6140309-pod | container step-app-set-outcome: {"result":"FAILURE","timestamp":"1778051370","note":"Task preflight is a FAILURE: Refer to Tekton task logs for more information","successes":7,"failures":1,"warnings":0}[retry] executing: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/gitlab-rep-bjaj/test-comp-pac-gitlab-numpid:on-pr-3088a88a301aa20bd4aeaef2824009a65fb436be pod: test-comp-pac-gitlab-numpid4c4a3706607d6e1d446c06fda6140309-pod | container step-final-outcome: + [[ ! -f /mount/konflux.results.json ]] + tee /tekton/steps/step-final-outcome/results/test-output {"result":"FAILURE","timestamp":"1778051370","note":"Task preflight is a FAILURE: Refer to Tekton task logs for more information","successes":7,"failures":1,"warnings":0} pod: test-comp-pac-gitlab-numpid5c407873bd66b517d517e1437f4ceabe-pod | init container: prepare 2026/05/06 07:08:43 Entrypoint initialization pod: test-comp-pac-gitlab-numpid5c407873bd66b517d517e1437f4ceabe-pod | init container: place-scripts 2026/05/06 07:09:05 Decoded script /tekton/scripts/script-0-sm7hw 2026/05/06 07:09:05 Decoded script /tekton/scripts/script-1-th44w pod: test-comp-pac-gitlab-numpid5c407873bd66b517d517e1437f4ceabe-pod | container step-extract-and-scan-image: Starting clamd ... clamd is ready! Detecting artifact type for quay.io/redhat-appstudio-qe/gitlab-rep-bjaj/test-comp-pac-gitlab-numpid@sha256:d43206831ebce8c74b49a5483ba53a9d22b3fdcfd89f75be787c566537d82558. Detected container image. Processing image manifests. Running "oc image extract" on image of arch amd64 Scanning image for arch amd64. This operation may take a while. ----------- SCAN SUMMARY ----------- Infected files: 0 Time: 52.026 sec (0 m 52 s) Start Date: 2026:05:06 07:09:24 End Date: 2026:05:06 07:10:16 Executed-on: Scan was executed on clamsdcan version - ClamAV 1.4.3/27992/Tue May 5 06:26:41 2026 Database version: 27992 [ { "filename": "/work/logs/clamscan-result-log-amd64.json", "namespace": "required_checks", "successes": 2 } ] {"timestamp":"1778051416","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1778051416","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1778051416","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/gitlab-rep-bjaj/test-comp-pac-gitlab-numpid:on-pr-3088a88a301aa20bd4aeaef2824009a65fb436be", "digests": ["sha256:d43206831ebce8c74b49a5483ba53a9d22b3fdcfd89f75be787c566537d82558"]}} pod: test-comp-pac-gitlab-numpid5c407873bd66b517d517e1437f4ceabe-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/gitlab-rep-bjaj/test-comp-pac-gitlab-numpid Attaching to quay.io/redhat-appstudio-qe/gitlab-rep-bjaj/test-comp-pac-gitlab-numpid:on-pr-3088a88a301aa20bd4aeaef2824009a65fb436be Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/vnd.clamav quay.io/redhat-appstudio-qe/gitlab-rep-bjaj/test-comp-pac-gitlab-numpid:on-pr-3088a88a301aa20bd4aeaef2824009a65fb436be@sha256:d43206831ebce8c74b49a5483ba53a9d22b3fdcfd89f75be787c566537d82558 clamscan-result-amd64.log:text/vnd.clamav clamscan-ec-test-amd64.json:application/vnd.konflux.test_output+json Preparing clamscan-result-amd64.log Preparing clamscan-ec-test-amd64.json Uploading 5970aef73ef5 clamscan-result-amd64.log Uploading bf10ea7901d8 clamscan-ec-test-amd64.json Exists 44136fa355b3 application/vnd.oci.empty.v1+json Uploaded bf10ea7901d8 clamscan-ec-test-amd64.json Uploaded 5970aef73ef5 clamscan-result-amd64.log Uploading 0c705502812f application/vnd.oci.image.manifest.v1+json Uploaded 0c705502812f application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/gitlab-rep-bjaj/test-comp-pac-gitlab-numpid:on-pr-3088a88a301aa20bd4aeaef2824009a65fb436be@sha256:d43206831ebce8c74b49a5483ba53a9d22b3fdcfd89f75be787c566537d82558 Digest: sha256:0c705502812f3aad717b91e26554c4c4007493ea98ef6fae5ad23e0528ee266f pod: test-comp-pac-gitlab-numpid97629d0c74bd490dfdc6bb5a889c6946-pod | init container: prepare 2026/05/06 07:08:27 Entrypoint initialization pod: test-comp-pac-gitlab-numpid97629d0c74bd490dfdc6bb5a889c6946-pod | container step-apply-additional-tags: time="2026-05-06T07:08:29Z" level=info msg="[param] image-url: quay.io/redhat-appstudio-qe/gitlab-rep-bjaj/test-comp-pac-gitlab-numpid:on-pr-3088a88a301aa20bd4aeaef2824009a65fb436be" time="2026-05-06T07:08:29Z" level=info msg="[param] digest: sha256:d43206831ebce8c74b49a5483ba53a9d22b3fdcfd89f75be787c566537d82558" time="2026-05-06T07:08:29Z" level=info msg="[param] tags-from-image-label: konflux.additional-tags" time="2026-05-06T07:08:30Z" level=warning msg="No tags given in 'konflux.additional-tags' image label" {"tags":[]}New PipelineRun test-comp-pac-gitlab-numpid-on-pull-request-dc8p8 found after retrigger for component gitlab-rep-bjaj/test-comp-pac-gitlab-numpid PipelineRun test-comp-pac-gitlab-numpid-on-pull-request-dc8p8 found for Component gitlab-rep-bjaj/test-comp-pac-gitlab-numpid PipelineRun test-comp-pac-gitlab-numpid-on-pull-request-dc8p8 reason: ResolvingTaskRef PipelineRun test-comp-pac-gitlab-numpid-on-pull-request-dc8p8 reason: Running PipelineRun test-comp-pac-gitlab-numpid-on-pull-request-dc8p8 reason: Running PipelineRun test-comp-pac-gitlab-numpid-on-pull-request-dc8p8 reason: Running PipelineRun test-comp-pac-gitlab-numpid-on-pull-request-dc8p8 reason: Running PipelineRun test-comp-pac-gitlab-numpid-on-pull-request-dc8p8 reason: Running PipelineRun test-comp-pac-gitlab-numpid-on-pull-request-dc8p8 reason: Running PipelineRun test-comp-pac-gitlab-numpid-on-pull-request-dc8p8 reason: Running PipelineRun test-comp-pac-gitlab-numpid-on-pull-request-dc8p8 reason: Running PipelineRun test-comp-pac-gitlab-numpid-on-pull-request-dc8p8 reason: Running PipelineRun test-comp-pac-gitlab-numpid-on-pull-request-dc8p8 reason: Running PipelineRun test-comp-pac-gitlab-numpid-on-pull-request-dc8p8 reason: Running PipelineRun test-comp-pac-gitlab-numpid-on-pull-request-dc8p8 reason: Completed < Exit [It] should lead to build PipelineRun finishing successfully - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:148 @ 05/06/26 07:16:11.132 (12m23.977s) > Enter [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:42 @ 05/06/26 07:16:11.133 < Exit [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:42 @ 05/06/26 07:16:11.133 (0s) > Enter [It] should have a related PaC init MR is created - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:153 @ 05/06/26 07:16:11.133 < Exit [It] should have a related PaC init MR is created - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:153 @ 05/06/26 07:16:11.794 (661ms) > Enter [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:42 @ 05/06/26 07:16:11.794 < Exit [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:42 @ 05/06/26 07:16:11.794 (0s) > Enter [It] the PipelineRun should eventually finish successfully for component - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:172 @ 05/06/26 07:16:11.795 PipelineRun my-integration-test-fvnu-knrwl found for Component gitlab-rep-bjaj/test-comp-pac-gitlab-numpid PipelineRun my-integration-test-fvnu-knrwl reason: Succeeded < Exit [It] the PipelineRun should eventually finish successfully for component - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:172 @ 05/06/26 07:16:11.894 (99ms) > Enter [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:42 @ 05/06/26 07:16:11.894 < Exit [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:42 @ 05/06/26 07:16:11.894 (0s) > Enter [It] checks if the BuildPipelineRun have the annotation of chains signed - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:179 @ 05/06/26 07:16:11.895 < Exit [It] checks if the BuildPipelineRun have the annotation of chains signed - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:179 @ 05/06/26 07:16:12.097 (202ms) > Enter [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:42 @ 05/06/26 07:16:12.097 < Exit [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:42 @ 05/06/26 07:16:12.097 (0s) > Enter [It] checks if the Snapshot is created - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:183 @ 05/06/26 07:16:12.098 < Exit [It] checks if the Snapshot is created - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:183 @ 05/06/26 07:16:12.11 (12ms) > Enter [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:42 @ 05/06/26 07:16:12.11 < Exit [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:42 @ 05/06/26 07:16:12.11 (0s) > Enter [It] checks if the Build PipelineRun got annotated with Snapshot name - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:188 @ 05/06/26 07:16:12.111 < Exit [It] checks if the Build PipelineRun got annotated with Snapshot name - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:188 @ 05/06/26 07:16:12.297 (186ms) > Enter [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:42 @ 05/06/26 07:16:12.297 < Exit [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:42 @ 05/06/26 07:16:12.297 (0s) > Enter [It] should find the Integration Test Scenario PipelineRun - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:194 @ 05/06/26 07:16:12.297 < Exit [It] should find the Integration Test Scenario PipelineRun - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:194 @ 05/06/26 07:16:12.304 (7ms) > Enter [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:42 @ 05/06/26 07:16:12.304 < Exit [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:42 @ 05/06/26 07:16:12.304 (0s) > Enter [It] should eventually complete successfully - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:207 @ 05/06/26 07:16:12.305 PipelineRun my-integration-test-fvnu-knrwl reason: Succeeded PipelineRun my-integration-test-qzke-rcdnb reason: Succeeded < Exit [It] should eventually complete successfully - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:207 @ 05/06/26 07:16:12.396 (91ms) > Enter [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:42 @ 05/06/26 07:16:12.396 < Exit [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:42 @ 05/06/26 07:16:12.396 (0s) > Enter [It] validates the Integration test scenario PipelineRun is reported to merge request CommitStatus, and it pass - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:212 @ 05/06/26 07:16:12.397 < Exit [It] validates the Integration test scenario PipelineRun is reported to merge request CommitStatus, and it pass - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:212 @ 05/06/26 07:16:12.549 (152ms) > Enter [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:42 @ 05/06/26 07:16:12.549 < Exit [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:42 @ 05/06/26 07:16:12.549 (0s) > Enter [It] eventually leads to the integration test PipelineRun's Pass status reported at MR commit status - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:229 @ 05/06/26 07:16:12.55 < Exit [It] eventually leads to the integration test PipelineRun's Pass status reported at MR commit status - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:229 @ 05/06/26 07:16:12.826 (277ms) > Enter [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:42 @ 05/06/26 07:16:12.826 < Exit [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:42 @ 05/06/26 07:16:12.827 (0s) > Enter [It] validates the Integration test scenario PipelineRun is reported to merge request CommitStatus, and it fails - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:233 @ 05/06/26 07:16:12.827 < Exit [It] validates the Integration test scenario PipelineRun is reported to merge request CommitStatus, and it fails - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:233 @ 05/06/26 07:16:12.977 (150ms) > Enter [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:42 @ 05/06/26 07:16:12.977 < Exit [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:42 @ 05/06/26 07:16:12.977 (0s) > Enter [It] eventually leads to the integration test PipelineRun's Fail status reported at MR commit status - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:250 @ 05/06/26 07:16:12.977 < Exit [It] eventually leads to the integration test PipelineRun's Fail status reported at MR commit status - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:250 @ 05/06/26 07:16:13.243 (265ms) > Enter [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:42 @ 05/06/26 07:16:13.243 < Exit [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:42 @ 05/06/26 07:16:13.243 (0s) > Enter [It] validates at least one MR note contains the final integration test result - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:254 @ 05/06/26 07:16:13.243 < Exit [It] validates at least one MR note contains the final integration test result - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:254 @ 05/06/26 07:16:13.388 (144ms) > Enter [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:42 @ 05/06/26 07:16:13.388 < Exit [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:42 @ 05/06/26 07:16:13.388 (0s) > Enter [It] merging the PR should be successful - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:278 @ 05/06/26 07:16:13.388 merged result sha: 0fccf00bc6542ab66815878d895546313b62afb7 for MR #17513 < Exit [It] merging the PR should be successful - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:278 @ 05/06/26 07:16:14.62 (1.231s) > Enter [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:42 @ 05/06/26 07:16:14.62 < Exit [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:42 @ 05/06/26 07:16:14.62 (0s) > Enter [It] leads to triggering on push PipelineRun - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:288 @ 05/06/26 07:16:14.621 < Exit [It] leads to triggering on push PipelineRun - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:288 @ 05/06/26 07:16:14.709 (88ms) > Enter [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:42 @ 05/06/26 07:16:14.709 < Exit [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:42 @ 05/06/26 07:16:14.709 (0s) > Enter [It] should eventually complete successfully - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:303 @ 05/06/26 07:16:14.709 PipelineRun my-integration-test-fvnu-knrwl reason: Succeeded PipelineRun my-integration-test-qzke-rcdnb reason: Succeeded < Exit [It] should eventually complete successfully - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:303 @ 05/06/26 07:16:14.809 (99ms) > Enter [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:42 @ 05/06/26 07:16:14.809 < Exit [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:42 @ 05/06/26 07:16:14.809 (0s) > Enter [It] validates the Integration test scenario PipelineRun is reported to merge request CommitStatus, and it pass - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:308 @ 05/06/26 07:16:14.809 < Exit [It] validates the Integration test scenario PipelineRun is reported to merge request CommitStatus, and it pass - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:308 @ 05/06/26 07:16:15.036 (226ms) > Enter [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:42 @ 05/06/26 07:16:15.036 < Exit [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:42 @ 05/06/26 07:16:15.036 (0s) > Enter [It] eventually leads to the integration test PipelineRun's Pass status reported at MR commit status - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:325 @ 05/06/26 07:16:15.037 < Exit [It] eventually leads to the integration test PipelineRun's Pass status reported at MR commit status - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:325 @ 05/06/26 07:16:15.385 (348ms) > Enter [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:42 @ 05/06/26 07:16:15.386 < Exit [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:42 @ 05/06/26 07:16:15.386 (0s) > Enter [It] validates the Integration test scenario PipelineRun is reported to merge request CommitStatus, and it fails - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:329 @ 05/06/26 07:16:15.386 < Exit [It] validates the Integration test scenario PipelineRun is reported to merge request CommitStatus, and it fails - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:329 @ 05/06/26 07:16:15.549 (163ms) > Enter [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:42 @ 05/06/26 07:16:15.549 < Exit [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:42 @ 05/06/26 07:16:15.549 (0s) > Enter [It] eventually leads to the integration test PipelineRun's Fail status reported at MR commit status - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:346 @ 05/06/26 07:16:15.55 < Exit [It] eventually leads to the integration test PipelineRun's Fail status reported at MR commit status - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:346 @ 05/06/26 07:16:15.876 (326ms) > Enter [AfterAll] Gitlab with status reporting of Integration tests in the assosiated merge request - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:94 @ 05/06/26 07:16:15.876 < Exit [AfterAll] Gitlab with status reporting of Integration tests in the assosiated merge request - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:94 @ 05/06/26 07:16:19.426 (3.551s) > Enter [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:42 @ 05/06/26 07:16:19.427 < Exit [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/gitlab-integration-reporting.go:42 @ 05/06/26 07:16:19.427 (0s) > Enter [BeforeAll] with happy path for general flow of Integration service - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:52 @ 05/06/26 07:02:05.762 Image repository for component test-component-pac-uxaxuy in namespace integration1-kgjp do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. Image repository for component test-component-pac-uxaxuy in namespace integration1-kgjp do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. Image repository for component test-component-pac-uxaxuy in namespace integration1-kgjp do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. < Exit [BeforeAll] with happy path for general flow of Integration service - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:52 @ 05/06/26 07:03:24.891 (1m19.13s) > Enter [It] triggers a build PipelineRun - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:85 @ 05/06/26 07:03:24.891 no pipelinerun found for component test-component-pac-uxaxuy (application: integ-app-jnmm, namespace: integration1-kgjp)no pipelinerun found for component test-component-pac-uxaxuy (application: integ-app-jnmm, namespace: integration1-kgjp) < Exit [It] triggers a build PipelineRun - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:85 @ 05/06/26 07:04:04.925 (40.034s) > Enter [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:04:04.926 < Exit [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:04:04.926 (0s) > Enter [It] verifies if the build PipelineRun contains the finalizer - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:90 @ 05/06/26 07:04:04.926 < Exit [It] verifies if the build PipelineRun contains the finalizer - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:90 @ 05/06/26 07:04:05.042 (115ms) > Enter [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:04:05.042 < Exit [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:04:05.042 (0s) > Enter [It] waits for build PipelineRun to succeed - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:101 @ 05/06/26 07:04:05.042 PipelineRun test-component-pac-uxaxuy-on-pull-request-p8pzw found for Component integration1-kgjp/test-component-pac-uxaxuy PipelineRun test-component-pac-uxaxuy-on-pull-request-p8pzw reason: ResolvingTaskRef PipelineRun test-component-pac-uxaxuy-on-pull-request-p8pzw reason: Running PipelineRun test-component-pac-uxaxuy-on-pull-request-p8pzw reason: Running PipelineRun test-component-pac-uxaxuy-on-pull-request-p8pzw reason: Running PipelineRun test-component-pac-uxaxuy-on-pull-request-p8pzw reason: Running PipelineRun test-component-pac-uxaxuy-on-pull-request-p8pzw reason: Running PipelineRun test-component-pac-uxaxuy-on-pull-request-p8pzw reason: Running PipelineRun test-component-pac-uxaxuy-on-pull-request-p8pzw reason: Running PipelineRun test-component-pac-uxaxuy-on-pull-request-p8pzw reason: Running PipelineRun test-component-pac-uxaxuy-on-pull-request-p8pzw reason: Running PipelineRun test-component-pac-uxaxuy-on-pull-request-p8pzw reason: Failed attempt 1/3: PipelineRun "test-component-pac-uxaxuy-on-pull-request-p8pzw" failed: pod: test-component-pac-uxaxuy-o8a358e57681445c9d96a3d8e46d441d6-pod | init container: prepare 2026/05/06 07:05:05 Entrypoint initialization pod: test-component-pac-uxaxuy-o8a358e57681445c9d96a3d8e46d441d6-pod | init container: place-scripts 2026/05/06 07:05:05 Decoded script /tekton/scripts/script-0-z5t9g 2026/05/06 07:05:05 Decoded script /tekton/scripts/script-1-wtgjf 2026/05/06 07:05:05 Decoded script /tekton/scripts/script-2-5rrx8 2026/05/06 07:05:06 Decoded script /tekton/scripts/script-3-4gdxl 2026/05/06 07:05:06 Decoded script /tekton/scripts/script-4-w7kg2 pod: test-component-pac-uxaxuy-o8a358e57681445c9d96a3d8e46d441d6-pod | init container: working-dir-initializer pod: test-component-pac-uxaxuy-o8a358e57681445c9d96a3d8e46d441d6-pod | container step-build: [2026-05-06T07:05:13,116397940+00:00] Validate context path [2026-05-06T07:05:13,119592851+00:00] Update CA trust [2026-05-06T07:05:13,120659490+00:00] Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-05-06T07:05:15,209676157+00:00] Prepare Dockerfile Checking if /var/workdir/cachi2/output/bom.json exists. Could not find prefetched sbom. No content_sets found for ICM [2026-05-06T07:05:15,215876790+00:00] Prepare system (architecture: x86_64) [2026-05-06T07:05:15,333545556+00:00] Setup prefetched Trying to pull registry.access.redhat.com/ubi8/openjdk-17-runtime:1.23... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc Copying blob sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e Copying config sha256:8979a2d87e9502962b699677c4df3cb444e670d02cddf2f83fd6da795feab96e Writing manifest to image destination Storing signatures [2026-05-06T07:05:41,516674880+00:00] Unsetting proxy { "architecture": "x86_64", "build-date": "2026-05-06T07:05:15Z", "com.redhat.component": "openjdk-17-runtime-ubi8-container", "com.redhat.license_terms": "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI", "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream", "description": "Image for Red Hat OpenShift providing OpenJDK 17 runtime", "distribution-scope": "public", "io.buildah.version": "1.42.2", "io.cekit.version": "4.13.0.dev0", "io.k8s.description": "Platform for running plain Java applications (fat-jar and flat classpath)", "io.k8s.display-name": "Java Applications", "io.openshift.expose-services": "", "io.openshift.tags": "java", "maintainer": "Red Hat OpenJDK <openjdk@redhat.com>", "name": "ubi8/openjdk-17-runtime", "org.jboss.product": "openjdk", "org.jboss.product.openjdk.version": "17", "org.jboss.product.version": "17", "org.opencontainers.image.created": "2026-05-06T07:05:15Z", "org.opencontainers.image.documentation": "https://rh-openjdk.github.io/redhat-openjdk-containers/", "org.opencontainers.image.revision": "6b9bd461df01d5c46c036b89582454398a302598", "release": "4.1777859697", "summary": "Image for Red Hat OpenShift providing OpenJDK 17 runtime", "url": "https://access.redhat.com/containers/#/registry.access.redhat.com/ubi8/openjdk-17-runtime/images/1.23-4.1777859697", "usage": "https://rh-openjdk.github.io/redhat-openjdk-containers/", "vcs-ref": "6b9bd461df01d5c46c036b89582454398a302598", "vcs-type": "git", "vendor": "Red Hat, Inc.", "version": "1.23", "org.opencontainers.image.source": "https://github.com/redhat-appstudio-qe/konflux-test-integration", "quay.expires-after": "6h" } [2026-05-06T07:05:41,564054141+00:00] Register sub-man Adding the entitlement to the build [2026-05-06T07:05:41,567286012+00:00] Add secrets [2026-05-06T07:05:41,574707615+00:00] Run buildah build [2026-05-06T07:05:41,575847880+00:00] buildah build --volume /tmp/entitlement:/etc/pki/entitlement --security-opt=unmask=/proc/interrupts --label architecture=x86_64 --label vcs-type=git --label vcs-ref=6b9bd461df01d5c46c036b89582454398a302598 --label org.opencontainers.image.revision=6b9bd461df01d5c46c036b89582454398a302598 --label org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/konflux-test-integration --label quay.expires-after=6h --label build-date=2026-05-06T07:05:15Z --label org.opencontainers.image.created=2026-05-06T07:05:15Z --annotation org.opencontainers.image.revision=6b9bd461df01d5c46c036b89582454398a302598 --annotation org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/konflux-test-integration --annotation org.opencontainers.image.created=2026-05-06T07:05:15Z --tls-verify=true --no-cache --ulimit nofile=4096:4096 --http-proxy=false -f /tmp/Dockerfile.3Ti7IU -t quay.io/redhat-appstudio-qe/integration1-kgjp/test-component-pac-uxaxuy:on-pr-6b9bd461df01d5c46c036b89582454398a302598 . [1/2] STEP 1/5: FROM registry.access.redhat.com/ubi8/openjdk-17:1.23 AS builder Trying to pull registry.access.redhat.com/ubi8/openjdk-17:1.23... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:a12a82751b6fcca1bc1b9cde9e1848176a23a409694729a4a814f963fc33fb81 Copying blob sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e Copying config sha256:575ea09fb2e3a7e2587a6187fc17be1a0a5da89bcb3f41e3dd33087a2ffc3bcb Writing manifest to image destination Storing signatures [1/2] STEP 2/5: WORKDIR /work [1/2] STEP 3/5: COPY . . [1/2] STEP 4/5: USER 0 [1/2] STEP 5/5: RUN mvn clean package -DskipTests -DskipDocsGen [INFO] Scanning for projects... [INFO] [INFO] ------------------< org.example:simple-java-project >------------------- [INFO] Building simple-java-project 1.0-SNAPSHOT [INFO] --------------------------------[ jar ]--------------------------------- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-shade-plugin/3.2.4/maven-shade-plugin-3.2.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-shade-plugin/3.2.4/maven-shade-plugin-3.2.4.pom (11 kB at 50 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/34/maven-plugins-34.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/34/maven-plugins-34.pom (11 kB at 237 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/34/maven-parent-34.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 43 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/34/maven-parent-34.pom (43 kB at 765 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/23/apache-23.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 18 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/23/apache-23.pom (18 kB at 354 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-shade-plugin/3.2.4/maven-shade-plugin-3.2.4.jar Progress (1): 2.3/134 kB Progress (1): 5.0/134 kB Progress (1): 7.7/134 kB Progress (1): 10/134 kB Progress (1): 13/134 kB Progress (1): 16/134 kB Progress (1): 19/134 kB Progress (1): 21/134 kB Progress (1): 24/134 kB Progress (1): 28/134 kB Progress (1): 32/134 kB Progress (1): 36/134 kB Progress (1): 41/134 kB Progress (1): 45/134 kB Progress (1): 49/134 kB Progress (1): 53/134 kB Progress (1): 57/134 kB Progress (1): 61/134 kB Progress (1): 65/134 kB Progress (1): 69/134 kB Progress (1): 73/134 kB Progress (1): 77/134 kB Progress (1): 80/134 kB Progress (1): 84/134 kB Progress (1): 88/134 kB Progress (1): 92/134 kB Progress (1): 96/134 kB Progress (1): 100/134 kB Progress (1): 104/134 kB Progress (1): 108/134 kB Progress (1): 112/134 kB Progress (1): 116/134 kB Progress (1): 121/134 kB Progress (1): 125/134 kB Progress (1): 129/134 kB Progress (1): 133/134 kB Progress (1): 134 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-shade-plugin/3.2.4/maven-shade-plugin-3.2.4.jar (134 kB at 2.0 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.5/maven-clean-plugin-2.5.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.5/maven-clean-plugin-2.5.pom (3.9 kB at 62 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/22/maven-plugins-22.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/22/maven-plugins-22.pom (13 kB at 251 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/21/maven-parent-21.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 26 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/21/maven-parent-21.pom (26 kB at 393 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/10/apache-10.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/10/apache-10.pom (15 kB at 269 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.5/maven-clean-plugin-2.5.jar Progress (1): 4.1/25 kB Progress (1): 7.7/25 kB Progress (1): 12/25 kB Progress (1): 16/25 kB Progress (1): 20/25 kB Progress (1): 24/25 kB Progress (1): 25 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.5/maven-clean-plugin-2.5.jar (25 kB at 425 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.pom Progress (1): 4.1 kB Progress (1): 8.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.pom (8.1 kB at 159 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/23/maven-plugins-23.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/23/maven-plugins-23.pom (9.2 kB at 180 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/22/maven-parent-22.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 30 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/22/maven-parent-22.pom (30 kB at 647 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/11/apache-11.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/11/apache-11.pom (15 kB at 296 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.jar Progress (1): 4.1/30 kB Progress (1): 7.7/30 kB Progress (1): 12/30 kB Progress (1): 16/30 kB Progress (1): 20/30 kB Progress (1): 24/30 kB Progress (1): 28/30 kB Progress (1): 30 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.jar (30 kB at 642 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.1/maven-compiler-plugin-3.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 10 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.1/maven-compiler-plugin-3.1.pom (10 kB at 227 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/24/maven-plugins-24.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/24/maven-plugins-24.pom (11 kB at 264 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/23/maven-parent-23.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/23/maven-parent-23.pom (33 kB at 679 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/13/apache-13.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/13/apache-13.pom (14 kB at 318 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.1/maven-compiler-plugin-3.1.jar Progress (1): 4.1/43 kB Progress (1): 7.7/43 kB Progress (1): 12/43 kB Progress (1): 16/43 kB Progress (1): 20/43 kB Progress (1): 24/43 kB Progress (1): 28/43 kB Progress (1): 32/43 kB Progress (1): 36/43 kB Progress (1): 40/43 kB Progress (1): 43 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.1/maven-compiler-plugin-3.1.jar (43 kB at 1.0 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-surefire-plugin/2.12.4/maven-surefire-plugin-2.12.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 10 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-surefire-plugin/2.12.4/maven-surefire-plugin-2.12.4.pom (10 kB at 244 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire/2.12.4/surefire-2.12.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire/2.12.4/surefire-2.12.4.pom (14 kB at 328 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-surefire-plugin/2.12.4/maven-surefire-plugin-2.12.4.jar Progress (1): 4.1/30 kB Progress (1): 7.7/30 kB Progress (1): 12/30 kB Progress (1): 16/30 kB Progress (1): 20/30 kB Progress (1): 24/30 kB Progress (1): 28/30 kB Progress (1): 30 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-surefire-plugin/2.12.4/maven-surefire-plugin-2.12.4.jar (30 kB at 725 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.3.0/maven-jar-plugin-3.3.0.pom Progress (1): 4.1 kB Progress (1): 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.3.0/maven-jar-plugin-3.3.0.pom (6.8 kB at 161 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/37/maven-plugins-37.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/37/maven-plugins-37.pom (9.9 kB at 206 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/37/maven-parent-37.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 46 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/37/maven-parent-37.pom (46 kB at 748 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/27/apache-27.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/27/apache-27.pom (20 kB at 497 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.3.0/maven-jar-plugin-3.3.0.jar Progress (1): 4.1/27 kB Progress (1): 7.7/27 kB Progress (1): 12/27 kB Progress (1): 15/27 kB Progress (1): 20/27 kB Progress (1): 24/27 kB Progress (1): 27 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.3.0/maven-jar-plugin-3.3.0.jar (27 kB at 636 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk17/0.1.2/simple-jdk17-0.1.2.pom Progress (1): 3.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk17/0.1.2/simple-jdk17-0.1.2.pom (3.6 kB at 67 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/shaded/shaded-jdk11/1.9/shaded-jdk11-1.9.pom Progress (1): 4.1 kB Progress (1): 5.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/shaded/shaded-jdk11/1.9/shaded-jdk11-1.9.pom (5.0 kB at 106 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk8/1.2.4/simple-jdk8-1.2.4.pom Progress (1): 3.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk8/1.2.4/simple-jdk8-1.2.4.pom (3.6 kB at 90 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/gradle/hacbs-test-simple-gradle-jdk8/1.1/hacbs-test-simple-gradle-jdk8-1.1.pom Progress (1): 1.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/gradle/hacbs-test-simple-gradle-jdk8/1.1/hacbs-test-simple-gradle-jdk8-1.1.pom (1.8 kB at 38 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk17/0.1.2/simple-jdk17-0.1.2.jar Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/shaded/shaded-jdk11/1.9/shaded-jdk11-1.9.jar Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk8/1.2.4/simple-jdk8-1.2.4.jar Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/gradle/hacbs-test-simple-gradle-jdk8/1.1/hacbs-test-simple-gradle-jdk8-1.1.jar Progress (1): 3.6 kB Progress (2): 3.6 kB | 2.3/7.1 kB Progress (2): 3.6 kB | 5.0/7.1 kB Progress (2): 3.6 kB | 7.1 kB Progress (3): 3.6 kB | 7.1 kB | 2.3/3.6 kB Progress (3): 3.6 kB | 7.1 kB | 3.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk17/0.1.2/simple-jdk17-0.1.2.jar (3.6 kB at 82 kB/s) Progress (3): 7.1 kB | 3.6 kB | 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk8/1.2.4/simple-jdk8-1.2.4.jar (3.6 kB at 66 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/gradle/hacbs-test-simple-gradle-jdk8/1.1/hacbs-test-simple-gradle-jdk8-1.1.jar (2.0 kB at 28 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/shaded/shaded-jdk11/1.9/shaded-jdk11-1.9.jar (7.1 kB at 50 kB/s) [INFO] [INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.6/maven-plugin-api-2.0.6.pom Progress (1): 1.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.6/maven-plugin-api-2.0.6.pom (1.5 kB at 44 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0.6/maven-2.0.6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0.6/maven-2.0.6.pom (9.0 kB at 274 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/5/maven-parent-5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/5/maven-parent-5.pom (15 kB at 412 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/3/apache-3.pom Progress (1): 3.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/3/apache-3.pom (3.4 kB at 111 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0/plexus-utils-3.0.pom Progress (1): 4.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0/plexus-utils-3.0.pom (4.1 kB at 107 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/16/spice-parent-16.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/16/spice-parent-16.pom (8.4 kB at 261 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/5/forge-parent-5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/5/forge-parent-5.pom (8.4 kB at 246 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.6/maven-plugin-api-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0/plexus-utils-3.0.jar Progress (1): 2.3/13 kB Progress (1): 5.0/13 kB Progress (1): 7.7/13 kB Progress (1): 10/13 kB Progress (1): 13 kB Progress (2): 13 kB | 2.3/226 kB Progress (2): 13 kB | 5.0/226 kB Progress (2): 13 kB | 7.7/226 kB Progress (2): 13 kB | 10/226 kB Progress (2): 13 kB | 13/226 kB Progress (2): 13 kB | 15/226 kB Progress (2): 13 kB | 18/226 kB Progress (2): 13 kB | 21/226 kB Progress (2): 13 kB | 24/226 kB Progress (2): 13 kB | 26/226 kB Progress (2): 13 kB | 29/226 kB Progress (2): 13 kB | 32/226 kB Progress (2): 13 kB | 35/226 kB Progress (2): 13 kB | 37/226 kB Progress (2): 13 kB | 40/226 kB Progress (2): 13 kB | 43/226 kB Progress (2): 13 kB | 46/226 kB Progress (2): 13 kB | 48/226 kB Progress (2): 13 kB | 52/226 kB Progress (2): 13 kB | 57/226 kB Progress (2): 13 kB | 61/226 kB Progress (2): 13 kB | 65/226 kB Progress (2): 13 kB | 69/226 kB Progress (2): 13 kB | 73/226 kB Progress (2): 13 kB | 75/226 kB Progress (2): 13 kB | 79/226 kB Progress (2): 13 kB | 83/226 kB Progress (2): 13 kB | 87/226 kB Progress (2): 13 kB | 91/226 kB Progress (2): 13 kB | 96/226 kB Progress (2): 13 kB | 100/226 kB Progress (2): 13 kB | 104/226 kB Progress (2): 13 kB | 108/226 kB Progress (2): 13 kB | 112/226 kB Progress (2): 13 kB | 116/226 kB Progress (2): 13 kB | 120/226 kB Progress (2): 13 kB | 124/226 kB Progress (2): 13 kB | 128/226 kB Progress (2): 13 kB | 132/226 kB Progress (2): 13 kB | 135/226 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.6/maven-plugin-api-2.0.6.jar (13 kB at 443 kB/s) Progress (1): 139/226 kB Progress (1): 143/226 kB Progress (1): 147/226 kB Progress (1): 151/226 kB Progress (1): 155/226 kB Progress (1): 159/226 kB Progress (1): 163/226 kB Progress (1): 167/226 kB Progress (1): 171/226 kB Progress (1): 175/226 kB Progress (1): 180/226 kB Progress (1): 184/226 kB Progress (1): 188/226 kB Progress (1): 192/226 kB Progress (1): 196/226 kB Progress (1): 200/226 kB Progress (1): 202/226 kB Progress (1): 206/226 kB Progress (1): 210/226 kB Progress (1): 214/226 kB Progress (1): 219/226 kB Progress (1): 223/226 kB Progress (1): 226 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0/plexus-utils-3.0.jar (226 kB at 4.7 MB/s) [INFO] [INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.6/maven-project-2.0.6.pom Progress (1): 2.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.6/maven-project-2.0.6.pom (2.6 kB at 82 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.pom (2.0 kB at 54 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.6/maven-model-2.0.6.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.6/maven-model-2.0.6.pom (3.0 kB at 98 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.4.1/plexus-utils-1.4.1.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.4.1/plexus-utils-1.4.1.pom (1.9 kB at 66 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.11/plexus-1.0.11.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.11/plexus-1.0.11.pom (9.0 kB at 320 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.pom (3.9 kB at 120 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.0.3/plexus-containers-1.0.3.pom Progress (1): 492 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.0.3/plexus-containers-1.0.3.pom (492 B at 15 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.4/plexus-1.0.4.pom Progress (1): 4.1 kB Progress (1): 5.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.4/plexus-1.0.4.pom (5.7 kB at 198 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.1/junit-3.8.1.pom Progress (1): 998 B Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.1/junit-3.8.1.pom (998 B at 36 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.0.4/plexus-utils-1.0.4.pom Progress (1): 4.1 kB Progress (1): 6.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.0.4/plexus-utils-1.0.4.pom (6.9 kB at 202 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1-alpha-2/classworlds-1.1-alpha-2.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1-alpha-2/classworlds-1.1-alpha-2.pom (3.1 kB at 95 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.6/maven-profile-2.0.6.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.6/maven-profile-2.0.6.pom (2.0 kB at 68 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.6/maven-artifact-manager-2.0.6.pom Progress (1): 2.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.6/maven-artifact-manager-2.0.6.pom (2.6 kB at 90 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.6/maven-repository-metadata-2.0.6.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.6/maven-repository-metadata-2.0.6.pom (1.9 kB at 56 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.6/maven-artifact-2.0.6.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.6/maven-artifact-2.0.6.pom (1.6 kB at 14 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.6/maven-plugin-registry-2.0.6.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.6/maven-plugin-registry-2.0.6.pom (1.9 kB at 63 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.6/maven-core-2.0.6.pom Progress (1): 4.1 kB Progress (1): 6.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.6/maven-core-2.0.6.pom (6.7 kB at 210 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.6/maven-plugin-parameter-documenter-2.0.6.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.6/maven-plugin-parameter-documenter-2.0.6.pom (1.9 kB at 66 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.6/maven-reporting-api-2.0.6.pom Progress (1): 1.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.6/maven-reporting-api-2.0.6.pom (1.8 kB at 57 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting/2.0.6/maven-reporting-2.0.6.pom Progress (1): 1.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting/2.0.6/maven-reporting-2.0.6.pom (1.4 kB at 53 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0-alpha-7/doxia-sink-api-1.0-alpha-7.pom Progress (1): 424 B Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0-alpha-7/doxia-sink-api-1.0-alpha-7.pom (424 B at 13 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia/1.0-alpha-7/doxia-1.0-alpha-7.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia/1.0-alpha-7/doxia-1.0-alpha-7.pom (3.9 kB at 130 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.6/maven-error-diagnostics-2.0.6.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.6/maven-error-diagnostics-2.0.6.pom (1.7 kB at 61 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-cli/commons-cli/1.0/commons-cli-1.0.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-cli/commons-cli/1.0/commons-cli-1.0.pom (2.1 kB at 78 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.6/maven-plugin-descriptor-2.0.6.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.6/maven-plugin-descriptor-2.0.6.pom (2.0 kB at 67 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.pom Progress (1): 4.1 kB Progress (1): 7.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.pom (7.1 kB at 197 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.6/maven-monitor-2.0.6.pom Progress (1): 1.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.6/maven-monitor-2.0.6.pom (1.3 kB at 45 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1/classworlds-1.1.pom Progress (1): 3.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1/classworlds-1.1.pom (3.3 kB at 95 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.5/plexus-utils-2.0.5.pom Progress (1): 3.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.5/plexus-utils-2.0.5.pom (3.3 kB at 111 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.6/plexus-2.0.6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 17 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.6/plexus-2.0.6.pom (17 kB at 541 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-filtering/1.1/maven-filtering-1.1.pom Progress (1): 4.1 kB Progress (1): 5.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-filtering/1.1/maven-filtering-1.1.pom (5.8 kB at 181 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/17/maven-shared-components-17.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/17/maven-shared-components-17.pom (8.7 kB at 311 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.15/plexus-utils-1.5.15.pom Progress (1): 4.1 kB Progress (1): 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.15/plexus-utils-1.5.15.pom (6.8 kB at 228 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.2/plexus-2.0.2.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.2/plexus-2.0.2.pom (12 kB at 430 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.12/plexus-interpolation-1.12.pom Progress (1): 889 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.12/plexus-interpolation-1.12.pom (889 B at 25 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.14/plexus-components-1.1.14.pom Progress (1): 4.1 kB Progress (1): 5.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.14/plexus-components-1.1.14.pom (5.8 kB at 201 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-build-api/0.0.4/plexus-build-api-0.0.4.pom Progress (1): 2.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-build-api/0.0.4/plexus-build-api-0.0.4.pom (2.9 kB at 102 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/10/spice-parent-10.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/10/spice-parent-10.pom (3.0 kB at 108 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/3/forge-parent-3.pom Progress (1): 4.1 kB Progress (1): 5.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/3/forge-parent-3.pom (5.0 kB at 168 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.8/plexus-utils-1.5.8.pom Progress (1): 4.1 kB Progress (1): 8.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.8/plexus-utils-1.5.8.pom (8.1 kB at 288 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.13/plexus-interpolation-1.13.pom Progress (1): 890 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.13/plexus-interpolation-1.13.pom (890 B at 30 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.15/plexus-components-1.1.15.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.15/plexus-components-1.1.15.pom (2.8 kB at 98 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.3/plexus-2.0.3.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.3/plexus-2.0.3.pom (15 kB at 499 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.6/maven-project-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.6/maven-profile-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.6/maven-artifact-manager-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.6/maven-plugin-registry-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.6/maven-core-2.0.6.jar Progress (1): 4.1/116 kB Progress (1): 7.7/116 kB Progress (1): 12/116 kB Progress (1): 16/116 kB Progress (1): 20/116 kB Progress (1): 24/116 kB Progress (2): 24/116 kB | 3.8/35 kB Progress (2): 28/116 kB | 3.8/35 kB Progress (2): 32/116 kB | 3.8/35 kB Progress (2): 36/116 kB | 3.8/35 kB Progress (2): 40/116 kB | 3.8/35 kB Progress (2): 40/116 kB | 7.8/35 kB Progress (2): 40/116 kB | 12/35 kB Progress (2): 40/116 kB | 16/35 kB Progress (2): 45/116 kB | 16/35 kB Progress (2): 49/116 kB | 16/35 kB Progress (2): 49/116 kB | 20/35 kB Progress (2): 53/116 kB | 20/35 kB Progress (2): 57/116 kB | 20/35 kB Progress (2): 61/116 kB | 20/35 kB Progress (2): 65/116 kB | 20/35 kB Progress (2): 69/116 kB | 20/35 kB Progress (2): 73/116 kB | 20/35 kB Progress (2): 77/116 kB | 20/35 kB Progress (2): 81/116 kB | 20/35 kB Progress (2): 86/116 kB | 20/35 kB Progress (2): 86/116 kB | 24/35 kB Progress (2): 90/116 kB | 24/35 kB Progress (2): 90/116 kB | 28/35 kB Progress (2): 90/116 kB | 32/35 kB Progress (2): 90/116 kB | 35 kB Progress (2): 94/116 kB | 35 kB Progress (2): 98/116 kB | 35 kB Progress (2): 102/116 kB | 35 kB Progress (2): 106/116 kB | 35 kB Progress (2): 110/116 kB | 35 kB Progress (2): 114/116 kB | 35 kB Progress (2): 116 kB | 35 kB Progress (3): 116 kB | 35 kB | 2.3/29 kB Progress (3): 116 kB | 35 kB | 4.5/29 kB Progress (3): 116 kB | 35 kB | 7.3/29 kB Progress (3): 116 kB | 35 kB | 10/29 kB Progress (3): 116 kB | 35 kB | 13/29 kB Progress (3): 116 kB | 35 kB | 15/29 kB Progress (3): 116 kB | 35 kB | 18/29 kB Progress (3): 116 kB | 35 kB | 21/29 kB Progress (3): 116 kB | 35 kB | 24/29 kB Progress (3): 116 kB | 35 kB | 26/29 kB Progress (4): 116 kB | 35 kB | 26/29 kB | 4.1/57 kB Progress (4): 116 kB | 35 kB | 29 kB | 4.1/57 kB Progress (4): 116 kB | 35 kB | 29 kB | 7.7/57 kB Progress (4): 116 kB | 35 kB | 29 kB | 12/57 kB Progress (4): 116 kB | 35 kB | 29 kB | 16/57 kB Progress (4): 116 kB | 35 kB | 29 kB | 20/57 kB Progress (4): 116 kB | 35 kB | 29 kB | 24/57 kB Progress (4): 116 kB | 35 kB | 29 kB | 28/57 kB Progress (4): 116 kB | 35 kB | 29 kB | 32/57 kB Progress (4): 116 kB | 35 kB | 29 kB | 36/57 kB Progress (4): 116 kB | 35 kB | 29 kB | 40/57 kB Progress (4): 116 kB | 35 kB | 29 kB | 44/57 kB Progress (4): 116 kB | 35 kB | 29 kB | 48/57 kB Progress (4): 116 kB | 35 kB | 29 kB | 52/57 kB Progress (4): 116 kB | 35 kB | 29 kB | 56/57 kB Progress (4): 116 kB | 35 kB | 29 kB | 57 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.6/maven-project-2.0.6.jar (116 kB at 3.6 MB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.6/maven-profile-2.0.6.jar (35 kB at 1.1 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.6/maven-plugin-parameter-documenter-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.6/maven-reporting-api-2.0.6.jar Progress (3): 29 kB | 57 kB | 2.3/152 kB Progress (3): 29 kB | 57 kB | 5.5/152 kB Progress (3): 29 kB | 57 kB | 8.2/152 kB Progress (3): 29 kB | 57 kB | 11/152 kB Progress (3): 29 kB | 57 kB | 14/152 kB Progress (3): 29 kB | 57 kB | 16/152 kB Progress (3): 29 kB | 57 kB | 19/152 kB Progress (3): 29 kB | 57 kB | 22/152 kB Progress (3): 29 kB | 57 kB | 25/152 kB Progress (3): 29 kB | 57 kB | 27/152 kB Progress (3): 29 kB | 57 kB | 30/152 kB Progress (3): 29 kB | 57 kB | 33/152 kB Progress (3): 29 kB | 57 kB | 36/152 kB Progress (3): 29 kB | 57 kB | 38/152 kB Progress (3): 29 kB | 57 kB | 41/152 kB Progress (3): 29 kB | 57 kB | 44/152 kB Progress (3): 29 kB | 57 kB | 46/152 kB Progress (3): 29 kB | 57 kB | 49/152 kB Progress (3): 29 kB | 57 kB | 52/152 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.6/maven-plugin-registry-2.0.6.jar (29 kB at 782 kB/s) Progress (2): 57 kB | 55/152 kB Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0-alpha-7/doxia-sink-api-1.0-alpha-7.jar Progress (2): 57 kB | 59/152 kB Progress (2): 57 kB | 63/152 kB Progress (2): 57 kB | 66/152 kB Progress (2): 57 kB | 70/152 kB Progress (2): 57 kB | 74/152 kB Progress (2): 57 kB | 78/152 kB Progress (2): 57 kB | 82/152 kB Progress (2): 57 kB | 86/152 kB Progress (2): 57 kB | 90/152 kB Progress (2): 57 kB | 94/152 kB Progress (2): 57 kB | 98/152 kB Progress (2): 57 kB | 102/152 kB Progress (2): 57 kB | 106/152 kB Progress (2): 57 kB | 111/152 kB Progress (2): 57 kB | 115/152 kB Progress (2): 57 kB | 119/152 kB Progress (2): 57 kB | 123/152 kB Progress (2): 57 kB | 127/152 kB Progress (2): 57 kB | 131/152 kB Progress (2): 57 kB | 135/152 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.6/maven-artifact-manager-2.0.6.jar (57 kB at 1.3 MB/s) Progress (1): 139/152 kB Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.6/maven-repository-metadata-2.0.6.jar Progress (1): 143/152 kB Progress (1): 147/152 kB Progress (1): 152/152 kB Progress (1): 152 kB Progress (2): 152 kB | 3.8/9.9 kB Progress (2): 152 kB | 7.8/9.9 kB Progress (2): 152 kB | 9.9 kB Progress (3): 152 kB | 9.9 kB | 3.2/21 kB Progress (3): 152 kB | 9.9 kB | 7.3/21 kB Progress (3): 152 kB | 9.9 kB | 11/21 kB Progress (3): 152 kB | 9.9 kB | 15/21 kB Progress (3): 152 kB | 9.9 kB | 20/21 kB Progress (3): 152 kB | 9.9 kB | 21 kB Progress (4): 152 kB | 9.9 kB | 21 kB | 2.3/5.9 kB Progress (4): 152 kB | 9.9 kB | 21 kB | 5.0/5.9 kB Progress (4): 152 kB | 9.9 kB | 21 kB | 5.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.6/maven-core-2.0.6.jar (152 kB at 2.6 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.6/maven-error-diagnostics-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.6/maven-reporting-api-2.0.6.jar (9.9 kB at 166 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-cli/commons-cli/1.0/commons-cli-1.0.jar Progress (3): 21 kB | 5.9 kB | 4.1/24 kB Progress (3): 21 kB | 5.9 kB | 7.3/24 kB Progress (3): 21 kB | 5.9 kB | 11/24 kB Progress (3): 21 kB | 5.9 kB | 15/24 kB Progress (3): 21 kB | 5.9 kB | 20/24 kB Progress (3): 21 kB | 5.9 kB | 24/24 kB Progress (3): 21 kB | 5.9 kB | 24 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0-alpha-7/doxia-sink-api-1.0-alpha-7.jar (5.9 kB at 87 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.6/maven-plugin-descriptor-2.0.6.jar Progress (3): 21 kB | 24 kB | 3.8/14 kB Progress (3): 21 kB | 24 kB | 7.8/14 kB Progress (3): 21 kB | 24 kB | 12/14 kB Progress (3): 21 kB | 24 kB | 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.6/maven-plugin-parameter-documenter-2.0.6.jar (21 kB at 277 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.jar Progress (3): 24 kB | 14 kB | 3.2/30 kB Progress (3): 24 kB | 14 kB | 7.3/30 kB Progress (3): 24 kB | 14 kB | 11/30 kB Progress (3): 24 kB | 14 kB | 15/30 kB Progress (3): 24 kB | 14 kB | 20/30 kB Progress (3): 24 kB | 14 kB | 24/30 kB Progress (3): 24 kB | 14 kB | 28/30 kB Progress (3): 24 kB | 14 kB | 30 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.6/maven-repository-metadata-2.0.6.jar (24 kB at 298 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1/classworlds-1.1.jar Progress (3): 14 kB | 30 kB | 2.3/37 kB Progress (3): 14 kB | 30 kB | 5.0/37 kB Progress (3): 14 kB | 30 kB | 7.7/37 kB Progress (3): 14 kB | 30 kB | 11/37 kB Progress (3): 14 kB | 30 kB | 15/37 kB Progress (3): 14 kB | 30 kB | 20/37 kB Progress (3): 14 kB | 30 kB | 24/37 kB Progress (3): 14 kB | 30 kB | 28/37 kB Progress (3): 14 kB | 30 kB | 32/37 kB Progress (3): 14 kB | 30 kB | 36/37 kB Progress (3): 14 kB | 30 kB | 37 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.6/maven-error-diagnostics-2.0.6.jar (14 kB at 155 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.6/maven-artifact-2.0.6.jar Progress (3): 30 kB | 37 kB | 4.1/13 kB Progress (3): 30 kB | 37 kB | 7.7/13 kB Progress (3): 30 kB | 37 kB | 12/13 kB Progress (3): 30 kB | 37 kB | 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-cli/commons-cli/1.0/commons-cli-1.0.jar (30 kB at 331 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.6/maven-plugin-descriptor-2.0.6.jar (37 kB at 365 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.6/maven-model-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.jar (13 kB at 131 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.6/maven-monitor-2.0.6.jar Progress (1): 4.1/38 kB Progress (1): 7.7/38 kB Progress (1): 12/38 kB Progress (1): 16/38 kB Progress (1): 20/38 kB Progress (1): 24/38 kB Progress (1): 28/38 kB Progress (1): 32/38 kB Progress (1): 36/38 kB Progress (1): 38 kB Progress (2): 38 kB | 3.8/49 kB Progress (2): 38 kB | 7.8/49 kB Progress (2): 38 kB | 12/49 kB Progress (2): 38 kB | 16/49 kB Progress (3): 38 kB | 16/49 kB | 3.2/87 kB Progress (3): 38 kB | 20/49 kB | 3.2/87 kB Progress (3): 38 kB | 24/49 kB | 3.2/87 kB Progress (3): 38 kB | 24/49 kB | 7.3/87 kB Progress (3): 38 kB | 28/49 kB | 7.3/87 kB Progress (3): 38 kB | 28/49 kB | 11/87 kB Progress (3): 38 kB | 32/49 kB | 11/87 kB Progress (3): 38 kB | 37/49 kB | 11/87 kB Progress (3): 38 kB | 37/49 kB | 15/87 kB Progress (3): 38 kB | 41/49 kB | 15/87 kB Progress (3): 38 kB | 41/49 kB | 20/87 kB Progress (3): 38 kB | 45/49 kB | 20/87 kB Progress (3): 38 kB | 45/49 kB | 24/87 kB Progress (3): 38 kB | 49/49 kB | 24/87 kB Progress (3): 38 kB | 49 kB | 24/87 kB Progress (3): 38 kB | 49 kB | 28/87 kB Progress (3): 38 kB | 49 kB | 32/87 kB Progress (3): 38 kB | 49 kB | 36/87 kB Progress (3): 38 kB | 49 kB | 40/87 kB Progress (3): 38 kB | 49 kB | 44/87 kB Progress (3): 38 kB | 49 kB | 48/87 kB Progress (3): 38 kB | 49 kB | 52/87 kB Progress (3): 38 kB | 49 kB | 56/87 kB Progress (3): 38 kB | 49 kB | 61/87 kB Progress (3): 38 kB | 49 kB | 65/87 kB Progress (3): 38 kB | 49 kB | 69/87 kB Progress (3): 38 kB | 49 kB | 73/87 kB Progress (3): 38 kB | 49 kB | 77/87 kB Progress (3): 38 kB | 49 kB | 81/87 kB Progress (3): 38 kB | 49 kB | 85/87 kB Progress (3): 38 kB | 49 kB | 87 kB Progress (4): 38 kB | 49 kB | 87 kB | 3.8/86 kB Progress (4): 38 kB | 49 kB | 87 kB | 7.8/86 kB Progress (4): 38 kB | 49 kB | 87 kB | 12/86 kB Progress (4): 38 kB | 49 kB | 87 kB | 16/86 kB Progress (4): 38 kB | 49 kB | 87 kB | 20/86 kB Progress (4): 38 kB | 49 kB | 87 kB | 24/86 kB Progress (4): 38 kB | 49 kB | 87 kB | 28/86 kB Progress (4): 38 kB | 49 kB | 87 kB | 32/86 kB Progress (4): 38 kB | 49 kB | 87 kB | 37/86 kB Progress (4): 38 kB | 49 kB | 87 kB | 41/86 kB Progress (5): 38 kB | 49 kB | 87 kB | 41/86 kB | 4.1/10 kB Progress (5): 38 kB | 49 kB | 87 kB | 45/86 kB | 4.1/10 kB Progress (5): 38 kB | 49 kB | 87 kB | 45/86 kB | 7.7/10 kB Progress (5): 38 kB | 49 kB | 87 kB | 45/86 kB | 10 kB Progress (5): 38 kB | 49 kB | 87 kB | 49/86 kB | 10 kB Progress (5): 38 kB | 49 kB | 87 kB | 53/86 kB | 10 kB Progress (5): 38 kB | 49 kB | 87 kB | 57/86 kB | 10 kB Progress (5): 38 kB | 49 kB | 87 kB | 61/86 kB | 10 kB Progress (5): 38 kB | 49 kB | 87 kB | 65/86 kB | 10 kB Progress (5): 38 kB | 49 kB | 87 kB | 69/86 kB | 10 kB Progress (5): 38 kB | 49 kB | 87 kB | 73/86 kB | 10 kB Progress (5): 38 kB | 49 kB | 87 kB | 77/86 kB | 10 kB Progress (5): 38 kB | 49 kB | 87 kB | 81/86 kB | 10 kB Progress (5): 38 kB | 49 kB | 87 kB | 86/86 kB | 10 kB Progress (5): 38 kB | 49 kB | 87 kB | 86 kB | 10 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.6/maven-artifact-2.0.6.jar (87 kB at 699 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.jar Downloaded from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1/classworlds-1.1.jar (38 kB at 303 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.1/junit-3.8.1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.jar (49 kB at 372 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.5/plexus-utils-2.0.5.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.6/maven-monitor-2.0.6.jar (10 kB at 77 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-filtering/1.1/maven-filtering-1.1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.6/maven-model-2.0.6.jar (86 kB at 631 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-build-api/0.0.4/plexus-build-api-0.0.4.jar Progress (1): 4.1/194 kB Progress (1): 7.7/194 kB Progress (1): 12/194 kB Progress (1): 16/194 kB Progress (2): 16/194 kB | 4.1/121 kB Progress (2): 16/194 kB | 7.7/121 kB Progress (2): 16/194 kB | 12/121 kB Progress (2): 16/194 kB | 15/121 kB Progress (3): 16/194 kB | 15/121 kB | 3.8/223 kB Progress (3): 20/194 kB | 15/121 kB | 3.8/223 kB Progress (3): 24/194 kB | 15/121 kB | 3.8/223 kB Progress (3): 28/194 kB | 15/121 kB | 3.8/223 kB Progress (3): 32/194 kB | 15/121 kB | 3.8/223 kB Progress (3): 32/194 kB | 15/121 kB | 7.8/223 kB Progress (3): 32/194 kB | 20/121 kB | 7.8/223 kB Progress (3): 32/194 kB | 20/121 kB | 12/223 kB Progress (3): 32/194 kB | 24/121 kB | 12/223 kB Progress (3): 32/194 kB | 24/121 kB | 15/223 kB Progress (3): 32/194 kB | 28/121 kB | 15/223 kB Progress (3): 32/194 kB | 32/121 kB | 15/223 kB Progress (3): 36/194 kB | 32/121 kB | 15/223 kB Progress (3): 40/194 kB | 32/121 kB | 15/223 kB Progress (4): 40/194 kB | 32/121 kB | 15/223 kB | 4.1/43 kB Progress (4): 40/194 kB | 32/121 kB | 20/223 kB | 4.1/43 kB Progress (4): 45/194 kB | 32/121 kB | 20/223 kB | 4.1/43 kB Progress (4): 45/194 kB | 32/121 kB | 24/223 kB | 4.1/43 kB Progress (4): 49/194 kB | 32/121 kB | 24/223 kB | 4.1/43 kB Progress (4): 49/194 kB | 36/121 kB | 24/223 kB | 4.1/43 kB Progress (4): 49/194 kB | 36/121 kB | 28/223 kB | 4.1/43 kB Progress (4): 49/194 kB | 36/121 kB | 28/223 kB | 8.2/43 kB Progress (4): 49/194 kB | 40/121 kB | 28/223 kB | 8.2/43 kB Progress (4): 49/194 kB | 40/121 kB | 28/223 kB | 12/43 kB Progress (4): 49/194 kB | 40/121 kB | 32/223 kB | 12/43 kB Progress (4): 49/194 kB | 40/121 kB | 32/223 kB | 16/43 kB Progress (4): 49/194 kB | 44/121 kB | 32/223 kB | 16/43 kB Progress (4): 49/194 kB | 44/121 kB | 32/223 kB | 20/43 kB Progress (4): 49/194 kB | 48/121 kB | 32/223 kB | 20/43 kB Progress (4): 49/194 kB | 48/121 kB | 32/223 kB | 25/43 kB Progress (4): 49/194 kB | 48/121 kB | 32/223 kB | 29/43 kB Progress (4): 49/194 kB | 48/121 kB | 32/223 kB | 33/43 kB Progress (4): 49/194 kB | 48/121 kB | 36/223 kB | 33/43 kB Progress (4): 49/194 kB | 48/121 kB | 36/223 kB | 37/43 kB Progress (4): 49/194 kB | 52/121 kB | 36/223 kB | 37/43 kB Progress (4): 49/194 kB | 52/121 kB | 40/223 kB | 37/43 kB Progress (4): 49/194 kB | 56/121 kB | 40/223 kB | 37/43 kB Progress (4): 49/194 kB | 56/121 kB | 40/223 kB | 41/43 kB Progress (4): 49/194 kB | 56/121 kB | 44/223 kB | 41/43 kB Progress (4): 49/194 kB | 56/121 kB | 44/223 kB | 43 kB Progress (4): 49/194 kB | 61/121 kB | 44/223 kB | 43 kB Progress (4): 53/194 kB | 61/121 kB | 44/223 kB | 43 kB Progress (4): 53/194 kB | 61/121 kB | 48/223 kB | 43 kB Progress (4): 57/194 kB | 61/121 kB | 48/223 kB | 43 kB Progress (4): 57/194 kB | 65/121 kB | 48/223 kB | 43 kB Progress (4): 61/194 kB | 65/121 kB | 48/223 kB | 43 kB Progress (4): 65/194 kB | 65/121 kB | 48/223 kB | 43 kB Progress (4): 65/194 kB | 65/121 kB | 52/223 kB | 43 kB Progress (4): 65/194 kB | 69/121 kB | 52/223 kB | 43 kB Progress (4): 65/194 kB | 69/121 kB | 56/223 kB | 43 kB Progress (4): 69/194 kB | 69/121 kB | 56/223 kB | 43 kB Progress (4): 69/194 kB | 73/121 kB | 56/223 kB | 43 kB Progress (4): 73/194 kB | 73/121 kB | 56/223 kB | 43 kB Progress (4): 73/194 kB | 73/121 kB | 61/223 kB | 43 kB Progress (4): 77/194 kB | 73/121 kB | 61/223 kB | 43 kB Progress (4): 77/194 kB | 77/121 kB | 61/223 kB | 43 kB Progress (4): 81/194 kB | 77/121 kB | 61/223 kB | 43 kB Progress (4): 81/194 kB | 77/121 kB | 65/223 kB | 43 kB Progress (4): 81/194 kB | 81/121 kB | 65/223 kB | 43 kB Progress (4): 81/194 kB | 81/121 kB | 69/223 kB | 43 kB Progress (4): 81/194 kB | 85/121 kB | 69/223 kB | 43 kB Progress (4): 86/194 kB | 85/121 kB | 69/223 kB | 43 kB Progress (4): 86/194 kB | 85/121 kB | 73/223 kB | 43 kB Progress (4): 90/194 kB | 85/121 kB | 73/223 kB | 43 kB Progress (4): 90/194 kB | 89/121 kB | 73/223 kB | 43 kB Progress (4): 94/194 kB | 89/121 kB | 73/223 kB | 43 kB Progress (4): 94/194 kB | 89/121 kB | 77/223 kB | 43 kB Progress (4): 98/194 kB | 89/121 kB | 77/223 kB | 43 kB Progress (4): 98/194 kB | 93/121 kB | 77/223 kB | 43 kB Progress (4): 98/194 kB | 93/121 kB | 81/223 kB | 43 kB Progress (4): 98/194 kB | 97/121 kB | 81/223 kB | 43 kB Progress (5): 98/194 kB | 97/121 kB | 81/223 kB | 43 kB | 3.8/6.8 kB Progress (5): 102/194 kB | 97/121 kB | 81/223 kB | 43 kB | 3.8/6.8 kB Progress (5): 106/194 kB | 97/121 kB | 81/223 kB | 43 kB | 3.8/6.8 kB Progress (5): 106/194 kB | 97/121 kB | 85/223 kB | 43 kB | 3.8/6.8 kB Progress (5): 106/194 kB | 101/121 kB | 85/223 kB | 43 kB | 3.8/6.8 kB Progress (5): 106/194 kB | 101/121 kB | 85/223 kB | 43 kB | 6.8 kB Progress (5): 106/194 kB | 106/121 kB | 85/223 kB | 43 kB | 6.8 kB Progress (5): 106/194 kB | 106/121 kB | 89/223 kB | 43 kB | 6.8 kB Progress (5): 110/194 kB | 106/121 kB | 89/223 kB | 43 kB | 6.8 kB Progress (5): 110/194 kB | 106/121 kB | 93/223 kB | 43 kB | 6.8 kB Progress (5): 110/194 kB | 110/121 kB | 93/223 kB | 43 kB | 6.8 kB Progress (5): 110/194 kB | 110/121 kB | 97/223 kB | 43 kB | 6.8 kB Progress (5): 114/194 kB | 110/121 kB | 97/223 kB | 43 kB | 6.8 kB Progress (5): 114/194 kB | 114/121 kB | 97/223 kB | 43 kB | 6.8 kB Progress (5): 114/194 kB | 118/121 kB | 97/223 kB | 43 kB | 6.8 kB Progress (5): 114/194 kB | 121 kB | 97/223 kB | 43 kB | 6.8 kB Progress (5): 114/194 kB | 121 kB | 102/223 kB | 43 kB | 6.8 kB Progress (5): 114/194 kB | 121 kB | 106/223 kB | 43 kB | 6.8 kB Progress (5): 114/194 kB | 121 kB | 110/223 kB | 43 kB | 6.8 kB Progress (5): 118/194 kB | 121 kB | 110/223 kB | 43 kB | 6.8 kB Progress (5): 118/194 kB | 121 kB | 114/223 kB | 43 kB | 6.8 kB Progress (5): 122/194 kB | 121 kB | 114/223 kB | 43 kB | 6.8 kB Progress (5): 126/194 kB | 121 kB | 114/223 kB | 43 kB | 6.8 kB Progress (5): 131/194 kB | 121 kB | 114/223 kB | 43 kB | 6.8 kB Progress (5): 131/194 kB | 121 kB | 118/223 kB | 43 kB | 6.8 kB Progress (5): 131/194 kB | 121 kB | 122/223 kB | 43 kB | 6.8 kB Progress (5): 131/194 kB | 121 kB | 126/223 kB | 43 kB | 6.8 kB Progress (5): 131/194 kB | 121 kB | 130/223 kB | 43 kB | 6.8 kB Progress (5): 135/194 kB | 121 kB | 130/223 kB | 43 kB | 6.8 kB Progress (5): 135/194 kB | 121 kB | 134/223 kB | 43 kB | 6.8 kB Progress (5): 139/194 kB | 121 kB | 134/223 kB | 43 kB | 6.8 kB Progress (5): 139/194 kB | 121 kB | 138/223 kB | 43 kB | 6.8 kB Progress (5): 143/194 kB | 121 kB | 138/223 kB | 43 kB | 6.8 kB Progress (5): 143/194 kB | 121 kB | 142/223 kB | 43 kB | 6.8 kB Progress (5): 147/194 kB | 121 kB | 142/223 kB | 43 kB | 6.8 kB Progress (5): 147/194 kB | 121 kB | 147/223 kB | 43 kB | 6.8 kB Progress (5): 147/194 kB | 121 kB | 151/223 kB | 43 kB | 6.8 kB Progress (5): 147/194 kB | 121 kB | 155/223 kB | 43 kB | 6.8 kB Progress (5): 151/194 kB | 121 kB | 155/223 kB | 43 kB | 6.8 kB Progress (5): 151/194 kB | 121 kB | 159/223 kB | 43 kB | 6.8 kB Progress (5): 155/194 kB | 121 kB | 159/223 kB | 43 kB | 6.8 kB Progress (5): 155/194 kB | 121 kB | 163/223 kB | 43 kB | 6.8 kB Progress (5): 159/194 kB | 121 kB | 163/223 kB | 43 kB | 6.8 kB Progress (5): 163/194 kB | 121 kB | 163/223 kB | 43 kB | 6.8 kB Progress (5): 163/194 kB | 121 kB | 167/223 kB | 43 kB | 6.8 kB Progress (5): 163/194 kB | 121 kB | 171/223 kB | 43 kB | 6.8 kB Progress (5): 163/194 kB | 121 kB | 175/223 kB | 43 kB | 6.8 kB Progress (5): 167/194 kB | 121 kB | 175/223 kB | 43 kB | 6.8 kB Progress (5): 167/194 kB | 121 kB | 179/223 kB | 43 kB | 6.8 kB Progress (5): 172/194 kB | 121 kB | 179/223 kB | 43 kB | 6.8 kB Progress (5): 176/194 kB | 121 kB | 179/223 kB | 43 kB | 6.8 kB Progress (5): 180/194 kB | 121 kB | 179/223 kB | 43 kB | 6.8 kB Progress (5): 180/194 kB | 121 kB | 183/223 kB | 43 kB | 6.8 kB Progress (5): 180/194 kB | 121 kB | 188/223 kB | 43 kB | 6.8 kB Progress (5): 180/194 kB | 121 kB | 192/223 kB | 43 kB | 6.8 kB Progress (5): 184/194 kB | 121 kB | 192/223 kB | 43 kB | 6.8 kB Progress (5): 184/194 kB | 121 kB | 196/223 kB | 43 kB | 6.8 kB Progress (5): 188/194 kB | 121 kB | 196/223 kB | 43 kB | 6.8 kB Progress (5): 192/194 kB | 121 kB | 196/223 kB | 43 kB | 6.8 kB Progress (5): 194 kB | 121 kB | 196/223 kB | 43 kB | 6.8 kB Progress (5): 194 kB | 121 kB | 200/223 kB | 43 kB | 6.8 kB Progress (5): 194 kB | 121 kB | 204/223 kB | 43 kB | 6.8 kB Progress (5): 194 kB | 121 kB | 208/223 kB | 43 kB | 6.8 kB Progress (5): 194 kB | 121 kB | 212/223 kB | 43 kB | 6.8 kB Progress (5): 194 kB | 121 kB | 216/223 kB | 43 kB | 6.8 kB Progress (5): 194 kB | 121 kB | 220/223 kB | 43 kB | 6.8 kB Progress (5): 194 kB | 121 kB | 223 kB | 43 kB | 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-filtering/1.1/maven-filtering-1.1.jar (43 kB at 261 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.13/plexus-interpolation-1.13.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-build-api/0.0.4/plexus-build-api-0.0.4.jar (6.8 kB at 41 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.1/junit-3.8.1.jar (121 kB at 712 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.5/plexus-utils-2.0.5.jar (223 kB at 1.3 MB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.jar (194 kB at 1.1 MB/s) Progress (1): 4.1/61 kB Progress (1): 7.7/61 kB Progress (1): 11/61 kB Progress (1): 15/61 kB Progress (1): 20/61 kB Progress (1): 24/61 kB Progress (1): 28/61 kB Progress (1): 32/61 kB Progress (1): 36/61 kB Progress (1): 40/61 kB Progress (1): 44/61 kB Progress (1): 48/61 kB Progress (1): 52/61 kB Progress (1): 56/61 kB Progress (1): 61/61 kB Progress (1): 61 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.13/plexus-interpolation-1.13.jar (61 kB at 312 kB/s) [WARNING] Using platform encoding (UTF-8 actually) to copy filtered resources, i.e. build is platform dependent! [INFO] skip non existing resourceDirectory /work/src/main/resources [INFO] [INFO] --- maven-compiler-plugin:3.1:compile (default-compile) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.9/maven-plugin-api-2.0.9.pom Progress (1): 1.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.9/maven-plugin-api-2.0.9.pom (1.5 kB at 48 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0.9/maven-2.0.9.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 19 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0.9/maven-2.0.9.pom (19 kB at 630 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/8/maven-parent-8.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 24 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/8/maven-parent-8.pom (24 kB at 731 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/4/apache-4.pom Progress (1): 4.1 kB Progress (1): 4.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/4/apache-4.pom (4.5 kB at 166 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.9/maven-artifact-2.0.9.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.9/maven-artifact-2.0.9.pom (1.6 kB at 60 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.1/plexus-utils-1.5.1.pom Progress (1): 2.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.1/plexus-utils-1.5.1.pom (2.3 kB at 53 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.9/maven-core-2.0.9.pom Progress (1): 4.1 kB Progress (1): 7.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.9/maven-core-2.0.9.pom (7.8 kB at 195 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.9/maven-settings-2.0.9.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.9/maven-settings-2.0.9.pom (2.1 kB at 54 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.9/maven-model-2.0.9.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.9/maven-model-2.0.9.pom (3.1 kB at 101 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.9/maven-plugin-parameter-documenter-2.0.9.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.9/maven-plugin-parameter-documenter-2.0.9.pom (2.0 kB at 45 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.9/maven-profile-2.0.9.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.9/maven-profile-2.0.9.pom (2.0 kB at 57 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.9/maven-repository-metadata-2.0.9.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.9/maven-repository-metadata-2.0.9.pom (1.9 kB at 56 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.9/maven-error-diagnostics-2.0.9.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.9/maven-error-diagnostics-2.0.9.pom (1.7 kB at 54 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.9/maven-project-2.0.9.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.9/maven-project-2.0.9.pom (2.7 kB at 90 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.9/maven-artifact-manager-2.0.9.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.9/maven-artifact-manager-2.0.9.pom (2.7 kB at 84 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.9/maven-plugin-registry-2.0.9.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.9/maven-plugin-registry-2.0.9.pom (2.0 kB at 51 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.9/maven-plugin-descriptor-2.0.9.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.9/maven-plugin-descriptor-2.0.9.pom (2.1 kB at 67 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.9/maven-monitor-2.0.9.pom Progress (1): 1.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.9/maven-monitor-2.0.9.pom (1.3 kB at 48 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/1.0/maven-toolchain-1.0.pom Progress (1): 3.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/1.0/maven-toolchain-1.0.pom (3.4 kB at 110 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.1/maven-shared-utils-0.1.pom Progress (1): 4.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.1/maven-shared-utils-0.1.pom (4.0 kB at 123 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/18/maven-shared-components-18.pom Progress (1): 4.1 kB Progress (1): 4.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/18/maven-shared-components-18.pom (4.9 kB at 141 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.pom Progress (1): 965 B Downloaded from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.pom (965 B at 28 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.pom Progress (1): 4.1 kB Progress (1): 4.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.pom (4.7 kB at 153 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/19/maven-shared-components-19.pom Progress (1): 4.1 kB Progress (1): 6.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/19/maven-shared-components-19.pom (6.4 kB at 199 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.2.1/maven-plugin-api-2.2.1.pom Progress (1): 1.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.2.1/maven-plugin-api-2.2.1.pom (1.5 kB at 44 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.2.1/maven-2.2.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 22 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.2.1/maven-2.2.1.pom (22 kB at 723 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/11/maven-parent-11.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 32 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/11/maven-parent-11.pom (32 kB at 1.0 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/5/apache-5.pom Progress (1): 4.1 kB Progress (1): 4.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/5/apache-5.pom (4.1 kB at 137 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.2.1/maven-core-2.2.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.2.1/maven-core-2.2.1.pom (12 kB at 364 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.2.1/maven-settings-2.2.1.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.2.1/maven-settings-2.2.1.pom (2.2 kB at 57 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.2.1/maven-model-2.2.1.pom Progress (1): 3.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.2.1/maven-model-2.2.1.pom (3.2 kB at 98 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.11/plexus-interpolation-1.11.pom Progress (1): 889 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.11/plexus-interpolation-1.11.pom (889 B at 28 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.2.1/maven-plugin-parameter-documenter-2.2.1.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.2.1/maven-plugin-parameter-documenter-2.2.1.pom (2.0 kB at 61 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-jdk14/1.5.6/slf4j-jdk14-1.5.6.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-jdk14/1.5.6/slf4j-jdk14-1.5.6.pom (1.9 kB at 70 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.5.6/slf4j-parent-1.5.6.pom Progress (1): 4.1 kB Progress (1): 7.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.5.6/slf4j-parent-1.5.6.pom (7.9 kB at 283 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.5.6/slf4j-api-1.5.6.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.5.6/slf4j-api-1.5.6.pom (3.0 kB at 103 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/jcl-over-slf4j/1.5.6/jcl-over-slf4j-1.5.6.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/jcl-over-slf4j/1.5.6/jcl-over-slf4j-1.5.6.pom (2.2 kB at 72 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.2.1/maven-profile-2.2.1.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.2.1/maven-profile-2.2.1.pom (2.2 kB at 78 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.2.1/maven-artifact-2.2.1.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.2.1/maven-artifact-2.2.1.pom (1.6 kB at 61 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.2.1/maven-repository-metadata-2.2.1.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.2.1/maven-repository-metadata-2.2.1.pom (1.9 kB at 65 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.2.1/maven-error-diagnostics-2.2.1.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.2.1/maven-error-diagnostics-2.2.1.pom (1.7 kB at 59 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.2.1/maven-project-2.2.1.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.2.1/maven-project-2.2.1.pom (2.8 kB at 99 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.2.1/maven-artifact-manager-2.2.1.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.2.1/maven-artifact-manager-2.2.1.pom (3.1 kB at 111 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/backport-util-concurrent/backport-util-concurrent/3.1/backport-util-concurrent-3.1.pom Progress (1): 880 B Downloaded from central: https://repo.maven.apache.org/maven2/backport-util-concurrent/backport-util-concurrent/3.1/backport-util-concurrent-3.1.pom (880 B at 28 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.2.1/maven-plugin-registry-2.2.1.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.2.1/maven-plugin-registry-2.2.1.pom (1.9 kB at 69 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.2.1/maven-plugin-descriptor-2.2.1.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.2.1/maven-plugin-descriptor-2.2.1.pom (2.1 kB at 67 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.2.1/maven-monitor-2.2.1.pom Progress (1): 1.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.2.1/maven-monitor-2.2.1.pom (1.3 kB at 42 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.pom (3.0 kB at 90 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/12/spice-parent-12.pom Progress (1): 4.1 kB Progress (1): 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/12/spice-parent-12.pom (6.8 kB at 166 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/4/forge-parent-4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/4/forge-parent-4.pom (8.4 kB at 280 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.5/plexus-utils-1.5.5.pom Progress (1): 4.1 kB Progress (1): 5.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.5/plexus-utils-1.5.5.pom (5.1 kB at 166 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.pom (2.1 kB at 61 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.pom Progress (1): 815 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.pom (815 B at 26 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.5.5/plexus-containers-1.5.5.pom Progress (1): 4.1 kB Progress (1): 4.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.5.5/plexus-containers-1.5.5.pom (4.2 kB at 121 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.7/plexus-2.0.7.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 17 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.7/plexus-2.0.7.pom (17 kB at 540 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-api/2.2/plexus-compiler-api-2.2.pom Progress (1): 865 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-api/2.2/plexus-compiler-api-2.2.pom (865 B at 26 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler/2.2/plexus-compiler-2.2.pom Progress (1): 3.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler/2.2/plexus-compiler-2.2.pom (3.6 kB at 103 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.3.1/plexus-components-1.3.1.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.3.1/plexus-components-1.3.1.pom (3.1 kB at 106 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.3.1/plexus-3.3.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.3.1/plexus-3.3.1.pom (20 kB at 757 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/17/spice-parent-17.pom Progress (1): 4.1 kB Progress (1): 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/17/spice-parent-17.pom (6.8 kB at 218 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/10/forge-parent-10.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/10/forge-parent-10.pom (14 kB at 339 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.8/plexus-utils-3.0.8.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.8/plexus-utils-3.0.8.pom (3.1 kB at 105 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.2/plexus-3.2.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 19 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.2/plexus-3.2.pom (19 kB at 521 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-manager/2.2/plexus-compiler-manager-2.2.pom Progress (1): 690 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-manager/2.2/plexus-compiler-manager-2.2.pom (690 B at 23 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.2/plexus-compiler-javac-2.2.pom Progress (1): 769 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.2/plexus-compiler-javac-2.2.pom (769 B at 26 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compilers/2.2/plexus-compilers-2.2.pom Progress (1): 1.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compilers/2.2/plexus-compilers-2.2.pom (1.2 kB at 40 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.5.5/plexus-container-default-1.5.5.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.5.5/plexus-container-default-1.5.5.pom (2.8 kB at 92 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.4.5/plexus-utils-1.4.5.pom Progress (1): 2.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.4.5/plexus-utils-1.4.5.pom (2.3 kB at 76 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.2/plexus-classworlds-2.2.2.pom Progress (1): 4.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.2/plexus-classworlds-2.2.2.pom (4.0 kB at 130 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean-reflect/3.4/xbean-reflect-3.4.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean-reflect/3.4/xbean-reflect-3.4.pom (2.8 kB at 67 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean/3.4/xbean-3.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 19 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean/3.4/xbean-3.4.pom (19 kB at 618 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.pom Progress (1): 145 B Downloaded from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.pom (145 B at 4.5 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.pom Progress (1): 4.1 kB Progress (1): 5.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.pom (5.3 kB at 172 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/collections/google-collections/1.0/google-collections-1.0.pom Progress (1): 2.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/collections/google-collections/1.0/google-collections-1.0.pom (2.5 kB at 69 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/google/1/google-1.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/google/1/google-1.pom (1.6 kB at 50 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.2/junit-3.8.2.pom Progress (1): 747 B Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.2/junit-3.8.2.pom (747 B at 28 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.9/maven-plugin-api-2.0.9.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.9/maven-artifact-2.0.9.jar Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.1/plexus-utils-1.5.1.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.9/maven-core-2.0.9.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.9/maven-settings-2.0.9.jar Progress (1): 4.1/13 kB Progress (1): 7.7/13 kB Progress (1): 12/13 kB Progress (1): 13 kB Progress (2): 13 kB | 3.8/49 kB Progress (2): 13 kB | 7.7/49 kB Progress (2): 13 kB | 12/49 kB Progress (2): 13 kB | 16/49 kB Progress (2): 13 kB | 20/49 kB Progress (2): 13 kB | 24/49 kB Progress (2): 13 kB | 28/49 kB Progress (2): 13 kB | 32/49 kB Progress (2): 13 kB | 36/49 kB Progress (2): 13 kB | 40/49 kB Progress (2): 13 kB | 45/49 kB Progress (2): 13 kB | 49/49 kB Progress (2): 13 kB | 49 kB Progress (3): 13 kB | 49 kB | 4.1/211 kB Progress (3): 13 kB | 49 kB | 7.7/211 kB Progress (3): 13 kB | 49 kB | 12/211 kB Progress (3): 13 kB | 49 kB | 16/211 kB Progress (3): 13 kB | 49 kB | 20/211 kB Progress (3): 13 kB | 49 kB | 24/211 kB Progress (3): 13 kB | 49 kB | 28/211 kB Progress (3): 13 kB | 49 kB | 32/211 kB Progress (3): 13 kB | 49 kB | 36/211 kB Progress (3): 13 kB | 49 kB | 40/211 kB Progress (3): 13 kB | 49 kB | 45/211 kB Progress (3): 13 kB | 49 kB | 49/211 kB Progress (3): 13 kB | 49 kB | 53/211 kB Progress (3): 13 kB | 49 kB | 57/211 kB Progress (3): 13 kB | 49 kB | 61/211 kB Progress (3): 13 kB | 49 kB | 65/211 kB Progress (3): 13 kB | 49 kB | 69/211 kB Progress (3): 13 kB | 49 kB | 73/211 kB Progress (3): 13 kB | 49 kB | 77/211 kB Progress (3): 13 kB | 49 kB | 81/211 kB Progress (3): 13 kB | 49 kB | 86/211 kB Progress (3): 13 kB | 49 kB | 90/211 kB Progress (3): 13 kB | 49 kB | 94/211 kB Progress (3): 13 kB | 49 kB | 98/211 kB Progress (3): 13 kB | 49 kB | 102/211 kB Progress (3): 13 kB | 49 kB | 106/211 kB Progress (3): 13 kB | 49 kB | 110/211 kB Progress (3): 13 kB | 49 kB | 114/211 kB Progress (3): 13 kB | 49 kB | 118/211 kB Progress (3): 13 kB | 49 kB | 122/211 kB Progress (3): 13 kB | 49 kB | 126/211 kB Progress (3): 13 kB | 49 kB | 131/211 kB Progress (3): 13 kB | 49 kB | 135/211 kB Progress (3): 13 kB | 49 kB | 139/211 kB Progress (3): 13 kB | 49 kB | 143/211 kB Progress (3): 13 kB | 49 kB | 147/211 kB Progress (4): 13 kB | 49 kB | 147/211 kB | 4.1/160 kB Progress (4): 13 kB | 49 kB | 151/211 kB | 4.1/160 kB Progress (4): 13 kB | 49 kB | 155/211 kB | 4.1/160 kB Progress (4): 13 kB | 49 kB | 155/211 kB | 7.7/160 kB Progress (4): 13 kB | 49 kB | 159/211 kB | 7.7/160 kB Progress (4): 13 kB | 49 kB | 159/211 kB | 12/160 kB Progress (4): 13 kB | 49 kB | 159/211 kB | 16/160 kB Progress (4): 13 kB | 49 kB | 163/211 kB | 16/160 kB Progress (4): 13 kB | 49 kB | 167/211 kB | 16/160 kB Progress (4): 13 kB | 49 kB | 172/211 kB | 16/160 kB Progress (4): 13 kB | 49 kB | 172/211 kB | 20/160 kB Progress (4): 13 kB | 49 kB | 176/211 kB | 20/160 kB Progress (4): 13 kB | 49 kB | 176/211 kB | 24/160 kB Progress (4): 13 kB | 49 kB | 180/211 kB | 24/160 kB Progress (4): 13 kB | 49 kB | 184/211 kB | 24/160 kB Progress (4): 13 kB | 49 kB | 188/211 kB | 24/160 kB Progress (4): 13 kB | 49 kB | 188/211 kB | 28/160 kB Progress (4): 13 kB | 49 kB | 192/211 kB | 28/160 kB Progress (4): 13 kB | 49 kB | 192/211 kB | 32/160 kB Progress (4): 13 kB | 49 kB | 192/211 kB | 36/160 kB Progress (4): 13 kB | 49 kB | 196/211 kB | 36/160 kB Progress (4): 13 kB | 49 kB | 196/211 kB | 40/160 kB Progress (4): 13 kB | 49 kB | 200/211 kB | 40/160 kB Progress (4): 13 kB | 49 kB | 204/211 kB | 40/160 kB Progress (4): 13 kB | 49 kB | 208/211 kB | 40/160 kB Progress (4): 13 kB | 49 kB | 208/211 kB | 45/160 kB Progress (4): 13 kB | 49 kB | 211 kB | 45/160 kB Progress (4): 13 kB | 49 kB | 211 kB | 49/160 kB Progress (4): 13 kB | 49 kB | 211 kB | 53/160 kB Progress (4): 13 kB | 49 kB | 211 kB | 57/160 kB Progress (4): 13 kB | 49 kB | 211 kB | 61/160 kB Progress (4): 13 kB | 49 kB | 211 kB | 65/160 kB Progress (5): 13 kB | 49 kB | 211 kB | 65/160 kB | 4.1/89 kB Progress (5): 13 kB | 49 kB | 211 kB | 69/160 kB | 4.1/89 kB Progress (5): 13 kB | 49 kB | 211 kB | 73/160 kB | 4.1/89 kB Progress (5): 13 kB | 49 kB | 211 kB | 73/160 kB | 7.7/89 kB Progress (5): 13 kB | 49 kB | 211 kB | 73/160 kB | 12/89 kB Progress (5): 13 kB | 49 kB | 211 kB | 77/160 kB | 12/89 kB Progress (5): 13 kB | 49 kB | 211 kB | 77/160 kB | 16/89 kB Progress (5): 13 kB | 49 kB | 211 kB | 81/160 kB | 16/89 kB Progress (5): 13 kB | 49 kB | 211 kB | 86/160 kB | 16/89 kB Progress (5): 13 kB | 49 kB | 211 kB | 86/160 kB | 20/89 kB Progress (5): 13 kB | 49 kB | 211 kB | 90/160 kB | 20/89 kB Progress (5): 13 kB | 49 kB | 211 kB | 90/160 kB | 24/89 kB Progress (5): 13 kB | 49 kB | 211 kB | 90/160 kB | 28/89 kB Progress (5): 13 kB | 49 kB | 211 kB | 94/160 kB | 28/89 kB Progress (5): 13 kB | 49 kB | 211 kB | 98/160 kB | 28/89 kB Progress (5): 13 kB | 49 kB | 211 kB | 98/160 kB | 32/89 kB Progress (5): 13 kB | 49 kB | 211 kB | 102/160 kB | 32/89 kB Progress (5): 13 kB | 49 kB | 211 kB | 102/160 kB | 36/89 kB Progress (5): 13 kB | 49 kB | 211 kB | 106/160 kB | 36/89 kB Progress (5): 13 kB | 49 kB | 211 kB | 106/160 kB | 40/89 kB Progress (5): 13 kB | 49 kB | 211 kB | 106/160 kB | 44/89 kB Progress (5): 13 kB | 49 kB | 211 kB | 110/160 kB | 44/89 kB Progress (5): 13 kB | 49 kB | 211 kB | 114/160 kB | 44/89 kB Progress (5): 13 kB | 49 kB | 211 kB | 118/160 kB | 44/89 kB Progress (5): 13 kB | 49 kB | 211 kB | 122/160 kB | 44/89 kB Progress (5): 13 kB | 49 kB | 211 kB | 122/160 kB | 48/89 kB Progress (5): 13 kB | 49 kB | 211 kB | 126/160 kB | 48/89 kB Progress (5): 13 kB | 49 kB | 211 kB | 126/160 kB | 52/89 kB Progress (5): 13 kB | 49 kB | 211 kB | 131/160 kB | 52/89 kB Progress (5): 13 kB | 49 kB | 211 kB | 131/160 kB | 56/89 kB Progress (5): 13 kB | 49 kB | 211 kB | 131/160 kB | 61/89 kB Progress (5): 13 kB | 49 kB | 211 kB | 131/160 kB | 65/89 kB Progress (5): 13 kB | 49 kB | 211 kB | 131/160 kB | 69/89 kB Progress (5): 13 kB | 49 kB | 211 kB | 131/160 kB | 73/89 kB Progress (5): 13 kB | 49 kB | 211 kB | 131/160 kB | 77/89 kB Progress (5): 13 kB | 49 kB | 211 kB | 135/160 kB | 77/89 kB Progress (5): 13 kB | 49 kB | 211 kB | 139/160 kB | 77/89 kB Progress (5): 13 kB | 49 kB | 211 kB | 143/160 kB | 77/89 kB Progress (5): 13 kB | 49 kB | 211 kB | 147/160 kB | 77/89 kB Progress (5): 13 kB | 49 kB | 211 kB | 151/160 kB | 77/89 kB Progress (5): 13 kB | 49 kB | 211 kB | 155/160 kB | 77/89 kB Progress (5): 13 kB | 49 kB | 211 kB | 159/160 kB | 77/89 kB Progress (5): 13 kB | 49 kB | 211 kB | 160 kB | 77/89 kB Progress (5): 13 kB | 49 kB | 211 kB | 160 kB | 81/89 kB Progress (5): 13 kB | 49 kB | 211 kB | 160 kB | 85/89 kB Progress (5): 13 kB | 49 kB | 211 kB | 160 kB | 89 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.9/maven-plugin-api-2.0.9.jar (13 kB at 477 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.9/maven-plugin-parameter-documenter-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.9/maven-settings-2.0.9.jar (49 kB at 1.5 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.9/maven-profile-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.1/plexus-utils-1.5.1.jar (211 kB at 6.2 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.9/maven-model-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.9/maven-artifact-2.0.9.jar (89 kB at 2.3 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.9/maven-repository-metadata-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.9/maven-core-2.0.9.jar (160 kB at 3.9 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.9/maven-error-diagnostics-2.0.9.jar Progress (1): 4.1/21 kB Progress (1): 7.7/21 kB Progress (1): 12/21 kB Progress (1): 16/21 kB Progress (1): 20/21 kB Progress (1): 21 kB Progress (2): 21 kB | 4.1/35 kB Progress (2): 21 kB | 7.7/35 kB Progress (2): 21 kB | 12/35 kB Progress (2): 21 kB | 16/35 kB Progress (2): 21 kB | 20/35 kB Progress (2): 21 kB | 24/35 kB Progress (2): 21 kB | 28/35 kB Progress (2): 21 kB | 32/35 kB Progress (2): 21 kB | 35 kB Progress (3): 21 kB | 35 kB | 4.1/87 kB Progress (3): 21 kB | 35 kB | 7.7/87 kB Progress (3): 21 kB | 35 kB | 12/87 kB Progress (3): 21 kB | 35 kB | 16/87 kB Progress (3): 21 kB | 35 kB | 20/87 kB Progress (3): 21 kB | 35 kB | 24/87 kB Progress (3): 21 kB | 35 kB | 28/87 kB Progress (3): 21 kB | 35 kB | 32/87 kB Progress (3): 21 kB | 35 kB | 36/87 kB Progress (3): 21 kB | 35 kB | 40/87 kB Progress (3): 21 kB | 35 kB | 45/87 kB Progress (3): 21 kB | 35 kB | 49/87 kB Progress (3): 21 kB | 35 kB | 53/87 kB Progress (3): 21 kB | 35 kB | 57/87 kB Progress (3): 21 kB | 35 kB | 61/87 kB Progress (3): 21 kB | 35 kB | 65/87 kB Progress (3): 21 kB | 35 kB | 69/87 kB Progress (3): 21 kB | 35 kB | 73/87 kB Progress (3): 21 kB | 35 kB | 77/87 kB Progress (3): 21 kB | 35 kB | 81/87 kB Progress (3): 21 kB | 35 kB | 86/87 kB Progress (3): 21 kB | 35 kB | 87 kB Progress (4): 21 kB | 35 kB | 87 kB | 4.1/25 kB Progress (4): 21 kB | 35 kB | 87 kB | 7.7/25 kB Progress (4): 21 kB | 35 kB | 87 kB | 11/25 kB Progress (4): 21 kB | 35 kB | 87 kB | 15/25 kB Progress (4): 21 kB | 35 kB | 87 kB | 20/25 kB Progress (4): 21 kB | 35 kB | 87 kB | 24/25 kB Progress (4): 21 kB | 35 kB | 87 kB | 25 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.9/maven-plugin-parameter-documenter-2.0.9.jar (21 kB at 366 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.9/maven-project-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.9/maven-profile-2.0.9.jar (35 kB at 580 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.9/maven-plugin-registry-2.0.9.jar Progress (3): 87 kB | 25 kB | 4.1/14 kB Progress (3): 87 kB | 25 kB | 7.7/14 kB Progress (3): 87 kB | 25 kB | 11/14 kB Progress (3): 87 kB | 25 kB | 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.9/maven-model-2.0.9.jar (87 kB at 1.3 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.9/maven-plugin-descriptor-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.9/maven-repository-metadata-2.0.9.jar (25 kB at 351 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.9/maven-artifact-manager-2.0.9.jar Progress (2): 14 kB | 4.1/29 kB Progress (3): 14 kB | 4.1/29 kB | 4.1/122 kB Progress (3): 14 kB | 7.7/29 kB | 4.1/122 kB Progress (3): 14 kB | 7.7/29 kB | 7.7/122 kB Progress (3): 14 kB | 11/29 kB | 7.7/122 kB Progress (3): 14 kB | 11/29 kB | 12/122 kB Progress (3): 14 kB | 11/29 kB | 15/122 kB Progress (3): 14 kB | 15/29 kB | 15/122 kB Progress (3): 14 kB | 20/29 kB | 15/122 kB Progress (3): 14 kB | 24/29 kB | 15/122 kB Progress (3): 14 kB | 24/29 kB | 20/122 kB Progress (3): 14 kB | 28/29 kB | 20/122 kB Progress (3): 14 kB | 28/29 kB | 24/122 kB Progress (3): 14 kB | 29 kB | 24/122 kB Progress (3): 14 kB | 29 kB | 28/122 kB Progress (3): 14 kB | 29 kB | 32/122 kB Progress (3): 14 kB | 29 kB | 36/122 kB Progress (3): 14 kB | 29 kB | 40/122 kB Progress (3): 14 kB | 29 kB | 44/122 kB Progress (3): 14 kB | 29 kB | 48/122 kB Progress (3): 14 kB | 29 kB | 52/122 kB Progress (3): 14 kB | 29 kB | 56/122 kB Progress (3): 14 kB | 29 kB | 61/122 kB Progress (3): 14 kB | 29 kB | 65/122 kB Progress (3): 14 kB | 29 kB | 69/122 kB Progress (3): 14 kB | 29 kB | 73/122 kB Progress (3): 14 kB | 29 kB | 77/122 kB Progress (3): 14 kB | 29 kB | 81/122 kB Progress (3): 14 kB | 29 kB | 85/122 kB Progress (3): 14 kB | 29 kB | 89/122 kB Progress (3): 14 kB | 29 kB | 93/122 kB Progress (3): 14 kB | 29 kB | 97/122 kB Progress (3): 14 kB | 29 kB | 102/122 kB Progress (3): 14 kB | 29 kB | 106/122 kB Progress (3): 14 kB | 29 kB | 110/122 kB Progress (3): 14 kB | 29 kB | 114/122 kB Progress (3): 14 kB | 29 kB | 118/122 kB Progress (3): 14 kB | 29 kB | 122 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.9/maven-error-diagnostics-2.0.9.jar (14 kB at 175 kB/s) Progress (3): 29 kB | 122 kB | 4.1/37 kB Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.9/maven-monitor-2.0.9.jar Progress (3): 29 kB | 122 kB | 7.7/37 kB Progress (3): 29 kB | 122 kB | 12/37 kB Progress (3): 29 kB | 122 kB | 16/37 kB Progress (3): 29 kB | 122 kB | 20/37 kB Progress (3): 29 kB | 122 kB | 24/37 kB Progress (3): 29 kB | 122 kB | 28/37 kB Progress (3): 29 kB | 122 kB | 32/37 kB Progress (3): 29 kB | 122 kB | 36/37 kB Progress (3): 29 kB | 122 kB | 37 kB Progress (4): 29 kB | 122 kB | 37 kB | 4.1/58 kB Progress (4): 29 kB | 122 kB | 37 kB | 7.7/58 kB Progress (4): 29 kB | 122 kB | 37 kB | 12/58 kB Progress (4): 29 kB | 122 kB | 37 kB | 16/58 kB Progress (4): 29 kB | 122 kB | 37 kB | 20/58 kB Progress (4): 29 kB | 122 kB | 37 kB | 24/58 kB Progress (4): 29 kB | 122 kB | 37 kB | 28/58 kB Progress (4): 29 kB | 122 kB | 37 kB | 32/58 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.9/maven-plugin-registry-2.0.9.jar (29 kB at 338 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/1.0/maven-toolchain-1.0.jar Progress (3): 122 kB | 37 kB | 36/58 kB Progress (3): 122 kB | 37 kB | 40/58 kB Progress (3): 122 kB | 37 kB | 45/58 kB Progress (3): 122 kB | 37 kB | 49/58 kB Progress (3): 122 kB | 37 kB | 53/58 kB Progress (3): 122 kB | 37 kB | 57/58 kB Progress (3): 122 kB | 37 kB | 58 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.9/maven-plugin-descriptor-2.0.9.jar (37 kB at 398 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.1/maven-shared-utils-0.1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.9/maven-project-2.0.9.jar (122 kB at 1.3 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.jar Progress (2): 58 kB | 4.1/10 kB Progress (2): 58 kB | 7.7/10 kB Progress (2): 58 kB | 10 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.9/maven-artifact-manager-2.0.9.jar (58 kB at 573 kB/s) Progress (2): 10 kB | 4.1/33 kB Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.jar Progress (2): 10 kB | 7.7/33 kB Progress (2): 10 kB | 12/33 kB Progress (2): 10 kB | 16/33 kB Progress (2): 10 kB | 20/33 kB Progress (2): 10 kB | 24/33 kB Progress (2): 10 kB | 28/33 kB Progress (2): 10 kB | 32/33 kB Progress (2): 10 kB | 33 kB Progress (3): 10 kB | 33 kB | 4.1/155 kB Progress (3): 10 kB | 33 kB | 7.7/155 kB Progress (3): 10 kB | 33 kB | 12/155 kB Progress (3): 10 kB | 33 kB | 16/155 kB Progress (3): 10 kB | 33 kB | 20/155 kB Progress (3): 10 kB | 33 kB | 24/155 kB Progress (3): 10 kB | 33 kB | 28/155 kB Progress (3): 10 kB | 33 kB | 32/155 kB Progress (3): 10 kB | 33 kB | 36/155 kB Progress (3): 10 kB | 33 kB | 40/155 kB Progress (3): 10 kB | 33 kB | 45/155 kB Progress (3): 10 kB | 33 kB | 49/155 kB Progress (3): 10 kB | 33 kB | 53/155 kB Progress (3): 10 kB | 33 kB | 57/155 kB Progress (3): 10 kB | 33 kB | 61/155 kB Progress (3): 10 kB | 33 kB | 65/155 kB Progress (3): 10 kB | 33 kB | 69/155 kB Progress (3): 10 kB | 33 kB | 73/155 kB Progress (3): 10 kB | 33 kB | 77/155 kB Progress (3): 10 kB | 33 kB | 81/155 kB Progress (3): 10 kB | 33 kB | 86/155 kB Progress (3): 10 kB | 33 kB | 90/155 kB Progress (3): 10 kB | 33 kB | 94/155 kB Progress (3): 10 kB | 33 kB | 98/155 kB Progress (3): 10 kB | 33 kB | 102/155 kB Progress (3): 10 kB | 33 kB | 106/155 kB Progress (3): 10 kB | 33 kB | 110/155 kB Progress (3): 10 kB | 33 kB | 114/155 kB Progress (3): 10 kB | 33 kB | 118/155 kB Progress (3): 10 kB | 33 kB | 122/155 kB Progress (3): 10 kB | 33 kB | 126/155 kB Progress (3): 10 kB | 33 kB | 131/155 kB Progress (3): 10 kB | 33 kB | 135/155 kB Progress (3): 10 kB | 33 kB | 139/155 kB Progress (3): 10 kB | 33 kB | 143/155 kB Progress (3): 10 kB | 33 kB | 147/155 kB Progress (3): 10 kB | 33 kB | 151/155 kB Progress (3): 10 kB | 33 kB | 155 kB Progress (4): 10 kB | 33 kB | 155 kB | 4.1/32 kB Progress (4): 10 kB | 33 kB | 155 kB | 7.7/32 kB Progress (4): 10 kB | 33 kB | 155 kB | 12/32 kB Progress (4): 10 kB | 33 kB | 155 kB | 16/32 kB Progress (4): 10 kB | 33 kB | 155 kB | 20/32 kB Progress (4): 10 kB | 33 kB | 155 kB | 24/32 kB Progress (4): 10 kB | 33 kB | 155 kB | 28/32 kB Progress (4): 10 kB | 33 kB | 155 kB | 32 kB Progress (5): 10 kB | 33 kB | 155 kB | 32 kB | 4.1/14 kB Progress (5): 10 kB | 33 kB | 155 kB | 32 kB | 7.7/14 kB Progress (5): 10 kB | 33 kB | 155 kB | 32 kB | 12/14 kB Progress (5): 10 kB | 33 kB | 155 kB | 32 kB | 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.9/maven-monitor-2.0.9.jar (10 kB at 89 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/1.0/maven-toolchain-1.0.jar (33 kB at 279 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-api/2.2/plexus-compiler-api-2.2.jar Downloaded from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.jar (32 kB at 247 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-manager/2.2/plexus-compiler-manager-2.2.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.1/maven-shared-utils-0.1.jar (155 kB at 1.2 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.2/plexus-compiler-javac-2.2.jar Progress (2): 14 kB | 4.1/4.2 kB Progress (2): 14 kB | 4.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.jar (14 kB at 100 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.5.5/plexus-container-default-1.5.5.jar Progress (2): 4.2 kB | 4.1/25 kB Progress (2): 4.2 kB | 7.7/25 kB Progress (2): 4.2 kB | 12/25 kB Progress (2): 4.2 kB | 16/25 kB Progress (2): 4.2 kB | 20/25 kB Progress (2): 4.2 kB | 24/25 kB Progress (2): 4.2 kB | 25 kB Progress (3): 4.2 kB | 25 kB | 4.1/19 kB Progress (3): 4.2 kB | 25 kB | 7.7/19 kB Progress (3): 4.2 kB | 25 kB | 12/19 kB Progress (3): 4.2 kB | 25 kB | 16/19 kB Progress (3): 4.2 kB | 25 kB | 19 kB Progress (4): 4.2 kB | 25 kB | 19 kB | 4.1/4.6 kB Progress (4): 4.2 kB | 25 kB | 19 kB | 4.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.jar (4.2 kB at 28 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.2/plexus-classworlds-2.2.2.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-api/2.2/plexus-compiler-api-2.2.jar (25 kB at 168 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean-reflect/3.4/xbean-reflect-3.4.jar Progress (3): 19 kB | 4.6 kB | 4.1/217 kB Progress (3): 19 kB | 4.6 kB | 7.7/217 kB Progress (3): 19 kB | 4.6 kB | 12/217 kB Progress (3): 19 kB | 4.6 kB | 16/217 kB Progress (3): 19 kB | 4.6 kB | 20/217 kB Progress (3): 19 kB | 4.6 kB | 24/217 kB Progress (3): 19 kB | 4.6 kB | 28/217 kB Progress (3): 19 kB | 4.6 kB | 32/217 kB Progress (3): 19 kB | 4.6 kB | 36/217 kB Progress (3): 19 kB | 4.6 kB | 40/217 kB Progress (3): 19 kB | 4.6 kB | 44/217 kB Progress (3): 19 kB | 4.6 kB | 48/217 kB Progress (3): 19 kB | 4.6 kB | 52/217 kB Progress (3): 19 kB | 4.6 kB | 56/217 kB Progress (3): 19 kB | 4.6 kB | 61/217 kB Progress (3): 19 kB | 4.6 kB | 65/217 kB Progress (3): 19 kB | 4.6 kB | 69/217 kB Progress (3): 19 kB | 4.6 kB | 73/217 kB Progress (3): 19 kB | 4.6 kB | 77/217 kB Progress (3): 19 kB | 4.6 kB | 81/217 kB Progress (3): 19 kB | 4.6 kB | 85/217 kB Progress (3): 19 kB | 4.6 kB | 89/217 kB Progress (3): 19 kB | 4.6 kB | 93/217 kB Progress (3): 19 kB | 4.6 kB | 97/217 kB Progress (3): 19 kB | 4.6 kB | 101/217 kB Progress (3): 19 kB | 4.6 kB | 106/217 kB Progress (3): 19 kB | 4.6 kB | 110/217 kB Progress (3): 19 kB | 4.6 kB | 114/217 kB Progress (3): 19 kB | 4.6 kB | 118/217 kB Progress (3): 19 kB | 4.6 kB | 122/217 kB Progress (3): 19 kB | 4.6 kB | 126/217 kB Progress (3): 19 kB | 4.6 kB | 130/217 kB Progress (3): 19 kB | 4.6 kB | 134/217 kB Progress (3): 19 kB | 4.6 kB | 138/217 kB Progress (3): 19 kB | 4.6 kB | 142/217 kB Progress (3): 19 kB | 4.6 kB | 147/217 kB Progress (3): 19 kB | 4.6 kB | 151/217 kB Progress (3): 19 kB | 4.6 kB | 155/217 kB Progress (3): 19 kB | 4.6 kB | 159/217 kB Progress (3): 19 kB | 4.6 kB | 163/217 kB Progress (3): 19 kB | 4.6 kB | 167/217 kB Progress (3): 19 kB | 4.6 kB | 171/217 kB Progress (3): 19 kB | 4.6 kB | 175/217 kB Progress (3): 19 kB | 4.6 kB | 179/217 kB Progress (3): 19 kB | 4.6 kB | 183/217 kB Progress (3): 19 kB | 4.6 kB | 187/217 kB Progress (3): 19 kB | 4.6 kB | 192/217 kB Progress (3): 19 kB | 4.6 kB | 196/217 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-manager/2.2/plexus-compiler-manager-2.2.jar (4.6 kB at 28 kB/s) Progress (2): 19 kB | 200/217 kB Downloading from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.jar Progress (2): 19 kB | 204/217 kB Progress (2): 19 kB | 208/217 kB Progress (2): 19 kB | 212/217 kB Progress (2): 19 kB | 216/217 kB Progress (2): 19 kB | 217 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.2/plexus-compiler-javac-2.2.jar (19 kB at 118 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.jar Progress (2): 217 kB | 4.1/134 kB Progress (2): 217 kB | 7.7/134 kB Progress (2): 217 kB | 12/134 kB Progress (2): 217 kB | 16/134 kB Progress (2): 217 kB | 20/134 kB Progress (2): 217 kB | 24/134 kB Progress (2): 217 kB | 28/134 kB Progress (2): 217 kB | 32/134 kB Progress (2): 217 kB | 36/134 kB Progress (2): 217 kB | 40/134 kB Progress (2): 217 kB | 45/134 kB Progress (2): 217 kB | 49/134 kB Progress (2): 217 kB | 53/134 kB Progress (2): 217 kB | 57/134 kB Progress (2): 217 kB | 61/134 kB Progress (2): 217 kB | 65/134 kB Progress (2): 217 kB | 69/134 kB Progress (2): 217 kB | 73/134 kB Progress (2): 217 kB | 77/134 kB Progress (2): 217 kB | 81/134 kB Progress (2): 217 kB | 86/134 kB Progress (2): 217 kB | 90/134 kB Progress (2): 217 kB | 94/134 kB Progress (2): 217 kB | 98/134 kB Progress (2): 217 kB | 102/134 kB Progress (2): 217 kB | 106/134 kB Progress (3): 217 kB | 106/134 kB | 4.1/46 kB Progress (3): 217 kB | 106/134 kB | 7.7/46 kB Progress (3): 217 kB | 110/134 kB | 7.7/46 kB Progress (3): 217 kB | 110/134 kB | 12/46 kB Progress (3): 217 kB | 114/134 kB | 12/46 kB Progress (3): 217 kB | 114/134 kB | 16/46 kB Progress (3): 217 kB | 118/134 kB | 16/46 kB Progress (3): 217 kB | 122/134 kB | 16/46 kB Progress (3): 217 kB | 122/134 kB | 20/46 kB Progress (3): 217 kB | 126/134 kB | 20/46 kB Progress (3): 217 kB | 126/134 kB | 24/46 kB Progress (3): 217 kB | 131/134 kB | 24/46 kB Progress (3): 217 kB | 131/134 kB | 28/46 kB Progress (3): 217 kB | 134 kB | 28/46 kB Progress (3): 217 kB | 134 kB | 32/46 kB Progress (3): 217 kB | 134 kB | 36/46 kB Progress (3): 217 kB | 134 kB | 40/46 kB Progress (3): 217 kB | 134 kB | 44/46 kB Progress (3): 217 kB | 134 kB | 46 kB Progress (4): 217 kB | 134 kB | 46 kB | 4.1/45 kB Progress (4): 217 kB | 134 kB | 46 kB | 7.7/45 kB Progress (4): 217 kB | 134 kB | 46 kB | 12/45 kB Progress (4): 217 kB | 134 kB | 46 kB | 16/45 kB Progress (4): 217 kB | 134 kB | 46 kB | 20/45 kB Progress (4): 217 kB | 134 kB | 46 kB | 24/45 kB Progress (4): 217 kB | 134 kB | 46 kB | 28/45 kB Progress (4): 217 kB | 134 kB | 46 kB | 32/45 kB Progress (4): 217 kB | 134 kB | 46 kB | 36/45 kB Progress (4): 217 kB | 134 kB | 46 kB | 40/45 kB Progress (4): 217 kB | 134 kB | 46 kB | 45/45 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.5.5/plexus-container-default-1.5.5.jar (217 kB at 1.2 MB/s) Progress (3): 134 kB | 46 kB | 45 kB Downloading from central: https://repo.maven.apache.org/maven2/com/google/collections/google-collections/1.0/google-collections-1.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean-reflect/3.4/xbean-reflect-3.4.jar (134 kB at 748 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.2/junit-3.8.2.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.2/plexus-classworlds-2.2.2.jar (46 kB at 253 kB/s) Progress (2): 45 kB | 4.1/358 kB Progress (2): 45 kB | 7.7/358 kB Progress (2): 45 kB | 12/358 kB Progress (2): 45 kB | 16/358 kB Progress (2): 45 kB | 20/358 kB Progress (2): 45 kB | 24/358 kB Progress (2): 45 kB | 28/358 kB Progress (2): 45 kB | 32/358 kB Progress (2): 45 kB | 36/358 kB Progress (2): 45 kB | 40/358 kB Progress (2): 45 kB | 44/358 kB Progress (2): 45 kB | 48/358 kB Progress (2): 45 kB | 52/358 kB Progress (2): 45 kB | 56/358 kB Progress (2): 45 kB | 61/358 kB Progress (2): 45 kB | 65/358 kB Progress (2): 45 kB | 69/358 kB Progress (2): 45 kB | 73/358 kB Progress (2): 45 kB | 77/358 kB Progress (2): 45 kB | 81/358 kB Progress (2): 45 kB | 85/358 kB Progress (2): 45 kB | 89/358 kB Progress (2): 45 kB | 93/358 kB Progress (2): 45 kB | 97/358 kB Progress (2): 45 kB | 102/358 kB Progress (2): 45 kB | 106/358 kB Progress (2): 45 kB | 110/358 kB Progress (2): 45 kB | 114/358 kB Progress (2): 45 kB | 118/358 kB Progress (2): 45 kB | 122/358 kB Progress (2): 45 kB | 126/358 kB Progress (2): 45 kB | 130/358 kB Progress (2): 45 kB | 134/358 kB Progress (2): 45 kB | 138/358 kB Progress (2): 45 kB | 142/358 kB Progress (2): 45 kB | 147/358 kB Progress (2): 45 kB | 151/358 kB Progress (2): 45 kB | 155/358 kB Progress (2): 45 kB | 159/358 kB Progress (2): 45 kB | 163/358 kB Progress (2): 45 kB | 167/358 kB Progress (2): 45 kB | 171/358 kB Progress (2): 45 kB | 175/358 kB Progress (2): 45 kB | 179/358 kB Progress (2): 45 kB | 183/358 kB Progress (2): 45 kB | 188/358 kB Progress (2): 45 kB | 192/358 kB Progress (2): 45 kB | 196/358 kB Progress (2): 45 kB | 200/358 kB Progress (2): 45 kB | 204/358 kB Progress (2): 45 kB | 208/358 kB Progress (2): 45 kB | 212/358 kB Progress (2): 45 kB | 216/358 kB Progress (2): 45 kB | 220/358 kB Progress (2): 45 kB | 224/358 kB Progress (2): 45 kB | 228/358 kB Progress (2): 45 kB | 233/358 kB Progress (2): 45 kB | 237/358 kB Progress (2): 45 kB | 241/358 kB Progress (2): 45 kB | 245/358 kB Progress (2): 45 kB | 249/358 kB Progress (2): 45 kB | 253/358 kB Progress (2): 45 kB | 257/358 kB Progress (2): 45 kB | 261/358 kB Progress (2): 45 kB | 265/358 kB Progress (2): 45 kB | 269/358 kB Progress (2): 45 kB | 274/358 kB Progress (2): 45 kB | 278/358 kB Progress (2): 45 kB | 282/358 kB Progress (2): 45 kB | 286/358 kB Progress (2): 45 kB | 290/358 kB Progress (2): 45 kB | 294/358 kB Progress (2): 45 kB | 298/358 kB Progress (2): 45 kB | 302/358 kB Progress (2): 45 kB | 306/358 kB Progress (2): 45 kB | 310/358 kB Progress (2): 45 kB | 314/358 kB Progress (2): 45 kB | 319/358 kB Progress (2): 45 kB | 323/358 kB Progress (2): 45 kB | 327/358 kB Progress (2): 45 kB | 331/358 kB Progress (2): 45 kB | 335/358 kB Progress (2): 45 kB | 339/358 kB Progress (2): 45 kB | 343/358 kB Progress (2): 45 kB | 347/358 kB Progress (2): 45 kB | 351/358 kB Progress (2): 45 kB | 355/358 kB Progress (2): 45 kB | 358 kB Progress (3): 45 kB | 358 kB | 4.1/121 kB Progress (3): 45 kB | 358 kB | 7.7/121 kB Progress (3): 45 kB | 358 kB | 12/121 kB Progress (3): 45 kB | 358 kB | 16/121 kB Progress (3): 45 kB | 358 kB | 20/121 kB Progress (3): 45 kB | 358 kB | 24/121 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.jar (45 kB at 229 kB/s) Progress (2): 358 kB | 28/121 kB Progress (2): 358 kB | 32/121 kB Progress (2): 358 kB | 36/121 kB Progress (2): 358 kB | 40/121 kB Progress (2): 358 kB | 45/121 kB Progress (2): 358 kB | 49/121 kB Progress (2): 358 kB | 53/121 kB Progress (2): 358 kB | 57/121 kB Progress (3): 358 kB | 57/121 kB | 4.1/640 kB Progress (3): 358 kB | 61/121 kB | 4.1/640 kB Progress (3): 358 kB | 61/121 kB | 7.7/640 kB Progress (3): 358 kB | 65/121 kB | 7.7/640 kB Progress (3): 358 kB | 65/121 kB | 12/640 kB Progress (3): 358 kB | 69/121 kB | 12/640 kB Progress (3): 358 kB | 69/121 kB | 16/640 kB Progress (3): 358 kB | 73/121 kB | 16/640 kB Progress (3): 358 kB | 77/121 kB | 16/640 kB Progress (3): 358 kB | 77/121 kB | 20/640 kB Progress (3): 358 kB | 81/121 kB | 20/640 kB Progress (3): 358 kB | 81/121 kB | 24/640 kB Progress (3): 358 kB | 86/121 kB | 24/640 kB Progress (3): 358 kB | 86/121 kB | 28/640 kB Progress (3): 358 kB | 90/121 kB | 28/640 kB Progress (3): 358 kB | 90/121 kB | 32/640 kB Progress (3): 358 kB | 94/121 kB | 32/640 kB Progress (3): 358 kB | 98/121 kB | 32/640 kB Progress (3): 358 kB | 98/121 kB | 36/640 kB Progress (3): 358 kB | 102/121 kB | 36/640 kB Progress (3): 358 kB | 102/121 kB | 40/640 kB Progress (3): 358 kB | 106/121 kB | 40/640 kB Progress (3): 358 kB | 106/121 kB | 45/640 kB Progress (3): 358 kB | 106/121 kB | 49/640 kB Progress (3): 358 kB | 110/121 kB | 49/640 kB Progress (3): 358 kB | 114/121 kB | 49/640 kB Progress (3): 358 kB | 114/121 kB | 53/640 kB Progress (3): 358 kB | 118/121 kB | 53/640 kB Progress (3): 358 kB | 118/121 kB | 57/640 kB Progress (3): 358 kB | 121 kB | 57/640 kB Progress (3): 358 kB | 121 kB | 61/640 kB Progress (3): 358 kB | 121 kB | 65/640 kB Progress (3): 358 kB | 121 kB | 69/640 kB Progress (3): 358 kB | 121 kB | 73/640 kB Progress (3): 358 kB | 121 kB | 77/640 kB Progress (3): 358 kB | 121 kB | 81/640 kB Progress (3): 358 kB | 121 kB | 86/640 kB Progress (3): 358 kB | 121 kB | 90/640 kB Progress (3): 358 kB | 121 kB | 94/640 kB Progress (3): 358 kB | 121 kB | 98/640 kB Progress (3): 358 kB | 121 kB | 102/640 kB Progress (3): 358 kB | 121 kB | 106/640 kB Progress (3): 358 kB | 121 kB | 110/640 kB Progress (3): 358 kB | 121 kB | 114/640 kB Progress (3): 358 kB | 121 kB | 118/640 kB Progress (3): 358 kB | 121 kB | 122/640 kB Progress (3): 358 kB | 121 kB | 126/640 kB Progress (3): 358 kB | 121 kB | 131/640 kB Progress (3): 358 kB | 121 kB | 135/640 kB Progress (3): 358 kB | 121 kB | 139/640 kB Progress (3): 358 kB | 121 kB | 143/640 kB Progress (3): 358 kB | 121 kB | 147/640 kB Progress (3): 358 kB | 121 kB | 151/640 kB Progress (3): 358 kB | 121 kB | 155/640 kB Progress (3): 358 kB | 121 kB | 159/640 kB Progress (3): 358 kB | 121 kB | 163/640 kB Progress (3): 358 kB | 121 kB | 167/640 kB Progress (3): 358 kB | 121 kB | 172/640 kB Progress (3): 358 kB | 121 kB | 176/640 kB Progress (3): 358 kB | 121 kB | 180/640 kB Progress (3): 358 kB | 121 kB | 184/640 kB Progress (3): 358 kB | 121 kB | 188/640 kB Progress (3): 358 kB | 121 kB | 192/640 kB Progress (3): 358 kB | 121 kB | 196/640 kB Progress (3): 358 kB | 121 kB | 200/640 kB Progress (3): 358 kB | 121 kB | 204/640 kB Progress (3): 358 kB | 121 kB | 208/640 kB Progress (3): 358 kB | 121 kB | 213/640 kB Progress (3): 358 kB | 121 kB | 217/640 kB Progress (3): 358 kB | 121 kB | 221/640 kB Progress (3): 358 kB | 121 kB | 225/640 kB Progress (3): 358 kB | 121 kB | 229/640 kB Progress (3): 358 kB | 121 kB | 233/640 kB Progress (3): 358 kB | 121 kB | 237/640 kB Progress (3): 358 kB | 121 kB | 241/640 kB Progress (3): 358 kB | 121 kB | 245/640 kB Progress (3): 358 kB | 121 kB | 249/640 kB Progress (3): 358 kB | 121 kB | 253/640 kB Progress (3): 358 kB | 121 kB | 258/640 kB Progress (3): 358 kB | 121 kB | 262/640 kB Progress (3): 358 kB | 121 kB | 266/640 kB Progress (3): 358 kB | 121 kB | 270/640 kB Progress (3): 358 kB | 121 kB | 274/640 kB Progress (3): 358 kB | 121 kB | 278/640 kB Progress (3): 358 kB | 121 kB | 282/640 kB Progress (3): 358 kB | 121 kB | 286/640 kB Progress (3): 358 kB | 121 kB | 290/640 kB Progress (3): 358 kB | 121 kB | 294/640 kB Progress (3): 358 kB | 121 kB | 299/640 kB Progress (3): 358 kB | 121 kB | 303/640 kB Progress (3): 358 kB | 121 kB | 307/640 kB Progress (3): 358 kB | 121 kB | 311/640 kB Progress (3): 358 kB | 121 kB | 315/640 kB Progress (3): 358 kB | 121 kB | 319/640 kB Progress (3): 358 kB | 121 kB | 323/640 kB Progress (3): 358 kB | 121 kB | 327/640 kB Progress (3): 358 kB | 121 kB | 331/640 kB Progress (3): 358 kB | 121 kB | 335/640 kB Progress (3): 358 kB | 121 kB | 339/640 kB Progress (3): 358 kB | 121 kB | 344/640 kB Progress (3): 358 kB | 121 kB | 348/640 kB Progress (3): 358 kB | 121 kB | 352/640 kB Progress (3): 358 kB | 121 kB | 356/640 kB Progress (3): 358 kB | 121 kB | 360/640 kB Progress (3): 358 kB | 121 kB | 364/640 kB Progress (3): 358 kB | 121 kB | 368/640 kB Progress (3): 358 kB | 121 kB | 372/640 kB Progress (3): 358 kB | 121 kB | 376/640 kB Progress (3): 358 kB | 121 kB | 380/640 kB Progress (3): 358 kB | 121 kB | 385/640 kB Progress (3): 358 kB | 121 kB | 389/640 kB Progress (3): 358 kB | 121 kB | 393/640 kB Progress (3): 358 kB | 121 kB | 397/640 kB Progress (3): 358 kB | 121 kB | 401/640 kB Progress (3): 358 kB | 121 kB | 405/640 kB Progress (3): 358 kB | 121 kB | 409/640 kB Progress (3): 358 kB | 121 kB | 413/640 kB Progress (3): 358 kB | 121 kB | 417/640 kB Progress (3): 358 kB | 121 kB | 421/640 kB Progress (3): 358 kB | 121 kB | 426/640 kB Progress (3): 358 kB | 121 kB | 430/640 kB Progress (3): 358 kB | 121 kB | 434/640 kB Progress (3): 358 kB | 121 kB | 438/640 kB Progress (3): 358 kB | 121 kB | 442/640 kB Progress (3): 358 kB | 121 kB | 446/640 kB Progress (3): 358 kB | 121 kB | 450/640 kB Progress (3): 358 kB | 121 kB | 454/640 kB Progress (3): 358 kB | 121 kB | 458/640 kB Progress (3): 358 kB | 121 kB | 462/640 kB Progress (3): 358 kB | 121 kB | 466/640 kB Progress (3): 358 kB | 121 kB | 471/640 kB Progress (3): 358 kB | 121 kB | 475/640 kB Progress (3): 358 kB | 121 kB | 479/640 kB Progress (3): 358 kB | 121 kB | 483/640 kB Progress (3): 358 kB | 121 kB | 487/640 kB Progress (3): 358 kB | 121 kB | 491/640 kB Progress (3): 358 kB | 121 kB | 495/640 kB Progress (3): 358 kB | 121 kB | 499/640 kB Progress (3): 358 kB | 121 kB | 503/640 kB Progress (3): 358 kB | 121 kB | 507/640 kB Progress (3): 358 kB | 121 kB | 512/640 kB Progress (3): 358 kB | 121 kB | 516/640 kB Progress (3): 358 kB | 121 kB | 520/640 kB Progress (3): 358 kB | 121 kB | 524/640 kB Progress (3): 358 kB | 121 kB | 528/640 kB Progress (3): 358 kB | 121 kB | 532/640 kB Progress (3): 358 kB | 121 kB | 536/640 kB Progress (3): 358 kB | 121 kB | 540/640 kB Progress (3): 358 kB | 121 kB | 544/640 kB Progress (3): 358 kB | 121 kB | 548/640 kB Progress (3): 358 kB | 121 kB | 552/640 kB Progress (3): 358 kB | 121 kB | 557/640 kB Progress (3): 358 kB | 121 kB | 561/640 kB Progress (3): 358 kB | 121 kB | 565/640 kB Progress (3): 358 kB | 121 kB | 569/640 kB Progress (3): 358 kB | 121 kB | 573/640 kB Progress (3): 358 kB | 121 kB | 577/640 kB Progress (3): 358 kB | 121 kB | 581/640 kB Progress (3): 358 kB | 121 kB | 585/640 kB Progress (3): 358 kB | 121 kB | 589/640 kB Progress (3): 358 kB | 121 kB | 593/640 kB Progress (3): 358 kB | 121 kB | 598/640 kB Progress (3): 358 kB | 121 kB | 602/640 kB Progress (3): 358 kB | 121 kB | 606/640 kB Progress (3): 358 kB | 121 kB | 610/640 kB Progress (3): 358 kB | 121 kB | 614/640 kB Progress (3): 358 kB | 121 kB | 618/640 kB Progress (3): 358 kB | 121 kB | 622/640 kB Progress (3): 358 kB | 121 kB | 626/640 kB Progress (3): 358 kB | 121 kB | 630/640 kB Progress (3): 358 kB | 121 kB | 634/640 kB Progress (3): 358 kB | 121 kB | 638/640 kB Progress (3): 358 kB | 121 kB | 640 kB Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.2/junit-3.8.2.jar (121 kB at 574 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.jar (358 kB at 1.7 MB/s) Downloaded from central: https://repo.maven.apache.org/maven2/com/google/collections/google-collections/1.0/google-collections-1.0.jar (640 kB at 2.8 MB/s) [INFO] Changes detected - recompiling the module! [WARNING] File encoding has not been set, using platform encoding UTF-8, i.e. build is platform dependent! [INFO] Compiling 1 source file to /work/target/classes [INFO] [INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ simple-java-project --- [WARNING] Using platform encoding (UTF-8 actually) to copy filtered resources, i.e. build is platform dependent! [INFO] skip non existing resourceDirectory /work/src/test/resources [INFO] [INFO] --- maven-compiler-plugin:3.1:testCompile (default-testCompile) @ simple-java-project --- [INFO] No sources to compile [INFO] [INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-booter/2.12.4/surefire-booter-2.12.4.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-booter/2.12.4/surefire-booter-2.12.4.pom (3.0 kB at 98 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-api/2.12.4/surefire-api-2.12.4.pom Progress (1): 2.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-api/2.12.4/surefire-api-2.12.4.pom (2.5 kB at 78 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/maven-surefire-common/2.12.4/maven-surefire-common-2.12.4.pom Progress (1): 4.1 kB Progress (1): 5.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/maven-surefire-common/2.12.4/maven-surefire-common-2.12.4.pom (5.5 kB at 168 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-annotations/3.1/maven-plugin-annotations-3.1.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-annotations/3.1/maven-plugin-annotations-3.1.pom (1.6 kB at 48 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-tools/3.1/maven-plugin-tools-3.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-tools/3.1/maven-plugin-tools-3.1.pom (16 kB at 490 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.9/maven-reporting-api-2.0.9.pom Progress (1): 1.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.9/maven-reporting-api-2.0.9.pom (1.8 kB at 39 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting/2.0.9/maven-reporting-2.0.9.pom Progress (1): 1.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting/2.0.9/maven-reporting-2.0.9.pom (1.5 kB at 40 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/2.0.9/maven-toolchain-2.0.9.pom Progress (1): 3.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/2.0.9/maven-toolchain-2.0.9.pom (3.5 kB at 109 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.1/commons-lang3-3.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 17 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.1/commons-lang3-3.1.pom (17 kB at 408 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/22/commons-parent-22.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 42 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/22/commons-parent-22.pom (42 kB at 349 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/9/apache-9.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/9/apache-9.pom (15 kB at 523 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/1.3/maven-common-artifact-filters-1.3.pom Progress (1): 3.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/1.3/maven-common-artifact-filters-1.3.pom (3.7 kB at 123 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/12/maven-shared-components-12.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/12/maven-shared-components-12.pom (9.3 kB at 311 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/13/maven-parent-13.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 23 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/13/maven-parent-13.pom (23 kB at 780 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/6/apache-6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/6/apache-6.pom (13 kB at 355 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9/plexus-container-default-1.0-alpha-9.pom Progress (1): 1.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9/plexus-container-default-1.0-alpha-9.pom (1.2 kB at 41 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-booter/2.12.4/surefire-booter-2.12.4.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-api/2.12.4/surefire-api-2.12.4.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/maven-surefire-common/2.12.4/maven-surefire-common-2.12.4.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.1/commons-lang3-3.1.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/1.3/maven-common-artifact-filters-1.3.jar Progress (1): 4.1/35 kB Progress (1): 7.3/35 kB Progress (1): 11/35 kB Progress (1): 15/35 kB Progress (1): 20/35 kB Progress (1): 24/35 kB Progress (1): 28/35 kB Progress (1): 32/35 kB Progress (1): 35 kB Progress (2): 35 kB | 4.1/31 kB Progress (2): 35 kB | 7.7/31 kB Progress (2): 35 kB | 12/31 kB Progress (2): 35 kB | 16/31 kB Progress (2): 35 kB | 20/31 kB Progress (2): 35 kB | 24/31 kB Progress (2): 35 kB | 28/31 kB Progress (2): 35 kB | 31 kB Progress (3): 35 kB | 31 kB | 4.1/118 kB Progress (3): 35 kB | 31 kB | 7.7/118 kB Progress (3): 35 kB | 31 kB | 12/118 kB Progress (3): 35 kB | 31 kB | 15/118 kB Progress (3): 35 kB | 31 kB | 20/118 kB Progress (3): 35 kB | 31 kB | 24/118 kB Progress (3): 35 kB | 31 kB | 28/118 kB Progress (3): 35 kB | 31 kB | 32/118 kB Progress (3): 35 kB | 31 kB | 36/118 kB Progress (3): 35 kB | 31 kB | 40/118 kB Progress (3): 35 kB | 31 kB | 44/118 kB Progress (3): 35 kB | 31 kB | 48/118 kB Progress (4): 35 kB | 31 kB | 48/118 kB | 4.1/263 kB Progress (4): 35 kB | 31 kB | 52/118 kB | 4.1/263 kB Progress (4): 35 kB | 31 kB | 52/118 kB | 7.7/263 kB Progress (4): 35 kB | 31 kB | 56/118 kB | 7.7/263 kB Progress (4): 35 kB | 31 kB | 56/118 kB | 12/263 kB Progress (4): 35 kB | 31 kB | 61/118 kB | 12/263 kB Progress (4): 35 kB | 31 kB | 61/118 kB | 16/263 kB Progress (4): 35 kB | 31 kB | 65/118 kB | 16/263 kB Progress (4): 35 kB | 31 kB | 65/118 kB | 20/263 kB Progress (4): 35 kB | 31 kB | 65/118 kB | 24/263 kB Progress (4): 35 kB | 31 kB | 69/118 kB | 24/263 kB Progress (4): 35 kB | 31 kB | 73/118 kB | 24/263 kB Progress (4): 35 kB | 31 kB | 77/118 kB | 24/263 kB Progress (4): 35 kB | 31 kB | 77/118 kB | 28/263 kB Progress (4): 35 kB | 31 kB | 81/118 kB | 28/263 kB Progress (4): 35 kB | 31 kB | 81/118 kB | 32/263 kB Progress (4): 35 kB | 31 kB | 81/118 kB | 36/263 kB Progress (4): 35 kB | 31 kB | 81/118 kB | 40/263 kB Progress (4): 35 kB | 31 kB | 85/118 kB | 40/263 kB Progress (4): 35 kB | 31 kB | 89/118 kB | 40/263 kB Progress (4): 35 kB | 31 kB | 89/118 kB | 45/263 kB Progress (4): 35 kB | 31 kB | 93/118 kB | 45/263 kB Progress (4): 35 kB | 31 kB | 93/118 kB | 49/263 kB Progress (4): 35 kB | 31 kB | 97/118 kB | 49/263 kB Progress (4): 35 kB | 31 kB | 101/118 kB | 49/263 kB Progress (4): 35 kB | 31 kB | 106/118 kB | 49/263 kB Progress (4): 35 kB | 31 kB | 110/118 kB | 49/263 kB Progress (4): 35 kB | 31 kB | 114/118 kB | 49/263 kB Progress (4): 35 kB | 31 kB | 118 kB | 49/263 kB Progress (4): 35 kB | 31 kB | 118 kB | 53/263 kB Progress (4): 35 kB | 31 kB | 118 kB | 57/263 kB Progress (4): 35 kB | 31 kB | 118 kB | 61/263 kB Progress (4): 35 kB | 31 kB | 118 kB | 65/263 kB Progress (5): 35 kB | 31 kB | 118 kB | 65/263 kB | 4.1/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 65/263 kB | 7.7/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 69/263 kB | 7.7/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 73/263 kB | 7.7/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 77/263 kB | 7.7/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 81/263 kB | 7.7/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 81/263 kB | 12/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 81/263 kB | 16/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 81/263 kB | 20/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 81/263 kB | 24/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 86/263 kB | 24/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 90/263 kB | 24/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 94/263 kB | 24/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 94/263 kB | 28/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 98/263 kB | 28/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 98/263 kB | 32/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 98/263 kB | 36/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 98/263 kB | 40/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 102/263 kB | 40/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 106/263 kB | 40/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 110/263 kB | 40/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 114/263 kB | 40/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 114/263 kB | 45/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 114/263 kB | 49/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 114/263 kB | 53/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 114/263 kB | 57/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 114/263 kB | 61/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 114/263 kB | 65/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 118/263 kB | 65/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 122/263 kB | 65/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 122/263 kB | 69/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 126/263 kB | 69/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 126/263 kB | 73/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 131/263 kB | 73/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 131/263 kB | 77/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 131/263 kB | 81/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 135/263 kB | 81/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 135/263 kB | 86/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 139/263 kB | 86/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 139/263 kB | 90/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 143/263 kB | 90/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 147/263 kB | 90/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 147/263 kB | 94/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 151/263 kB | 94/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 151/263 kB | 98/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 155/263 kB | 98/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 155/263 kB | 102/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 159/263 kB | 102/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 159/263 kB | 106/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 163/263 kB | 106/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 163/263 kB | 110/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 167/263 kB | 110/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 167/263 kB | 114/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 172/263 kB | 114/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 172/263 kB | 118/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 176/263 kB | 118/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 176/263 kB | 122/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 180/263 kB | 122/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 180/263 kB | 126/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 180/263 kB | 131/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 184/263 kB | 131/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 184/263 kB | 135/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 188/263 kB | 135/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 192/263 kB | 135/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 192/263 kB | 139/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 196/263 kB | 139/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 196/263 kB | 143/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 196/263 kB | 147/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 200/263 kB | 147/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 200/263 kB | 151/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 204/263 kB | 151/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 204/263 kB | 155/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 208/263 kB | 155/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 213/263 kB | 155/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 213/263 kB | 159/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 213/263 kB | 163/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 217/263 kB | 163/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 217/263 kB | 167/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 221/263 kB | 167/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 221/263 kB | 172/316 kB Progress (5): 35 kB | 31 kB | 118 kB | 225/263 kB | 172/316 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-booter/2.12.4/surefire-booter-2.12.4.jar (35 kB at 1.1 MB/s) Progress (4): 31 kB | 118 kB | 229/263 kB | 172/316 kB Progress (4): 31 kB | 118 kB | 229/263 kB | 176/316 kB Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.8/plexus-utils-3.0.8.jar Progress (4): 31 kB | 118 kB | 229/263 kB | 180/316 kB Progress (4): 31 kB | 118 kB | 229/263 kB | 184/316 kB Progress (4): 31 kB | 118 kB | 233/263 kB | 184/316 kB Progress (4): 31 kB | 118 kB | 233/263 kB | 188/316 kB Progress (4): 31 kB | 118 kB | 237/263 kB | 188/316 kB Progress (4): 31 kB | 118 kB | 241/263 kB | 188/316 kB Progress (4): 31 kB | 118 kB | 245/263 kB | 188/316 kB Progress (4): 31 kB | 118 kB | 245/263 kB | 192/316 kB Progress (4): 31 kB | 118 kB | 245/263 kB | 196/316 kB Progress (4): 31 kB | 118 kB | 245/263 kB | 200/316 kB Progress (4): 31 kB | 118 kB | 249/263 kB | 200/316 kB Progress (4): 31 kB | 118 kB | 249/263 kB | 204/316 kB Progress (4): 31 kB | 118 kB | 253/263 kB | 204/316 kB Progress (4): 31 kB | 118 kB | 258/263 kB | 204/316 kB Progress (4): 31 kB | 118 kB | 262/263 kB | 204/316 kB Progress (4): 31 kB | 118 kB | 262/263 kB | 208/316 kB Progress (4): 31 kB | 118 kB | 263 kB | 208/316 kB Progress (4): 31 kB | 118 kB | 263 kB | 213/316 kB Progress (4): 31 kB | 118 kB | 263 kB | 217/316 kB Progress (4): 31 kB | 118 kB | 263 kB | 221/316 kB Progress (4): 31 kB | 118 kB | 263 kB | 225/316 kB Progress (4): 31 kB | 118 kB | 263 kB | 229/316 kB Progress (4): 31 kB | 118 kB | 263 kB | 233/316 kB Progress (4): 31 kB | 118 kB | 263 kB | 237/316 kB Progress (4): 31 kB | 118 kB | 263 kB | 241/316 kB Progress (4): 31 kB | 118 kB | 263 kB | 245/316 kB Progress (4): 31 kB | 118 kB | 263 kB | 249/316 kB Progress (4): 31 kB | 118 kB | 263 kB | 253/316 kB Progress (4): 31 kB | 118 kB | 263 kB | 258/316 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/1.3/maven-common-artifact-filters-1.3.jar (31 kB at 941 kB/s) Progress (3): 118 kB | 263 kB | 262/316 kB Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.9/maven-reporting-api-2.0.9.jar Progress (3): 118 kB | 263 kB | 266/316 kB Progress (3): 118 kB | 263 kB | 270/316 kB Progress (3): 118 kB | 263 kB | 274/316 kB Progress (3): 118 kB | 263 kB | 278/316 kB Progress (3): 118 kB | 263 kB | 282/316 kB Progress (3): 118 kB | 263 kB | 286/316 kB Progress (3): 118 kB | 263 kB | 290/316 kB Progress (3): 118 kB | 263 kB | 294/316 kB Progress (3): 118 kB | 263 kB | 299/316 kB Progress (3): 118 kB | 263 kB | 303/316 kB Progress (3): 118 kB | 263 kB | 307/316 kB Progress (3): 118 kB | 263 kB | 311/316 kB Progress (3): 118 kB | 263 kB | 315/316 kB Progress (3): 118 kB | 263 kB | 316 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-api/2.12.4/surefire-api-2.12.4.jar (118 kB at 2.7 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/2.0.9/maven-toolchain-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/maven-surefire-common/2.12.4/maven-surefire-common-2.12.4.jar (263 kB at 5.6 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-annotations/3.1/maven-plugin-annotations-3.1.jar Progress (2): 316 kB | 4.1/232 kB Progress (2): 316 kB | 7.7/232 kB Progress (2): 316 kB | 12/232 kB Progress (2): 316 kB | 16/232 kB Progress (2): 316 kB | 20/232 kB Progress (2): 316 kB | 24/232 kB Progress (2): 316 kB | 28/232 kB Progress (2): 316 kB | 32/232 kB Progress (2): 316 kB | 36/232 kB Progress (2): 316 kB | 40/232 kB Progress (2): 316 kB | 45/232 kB Progress (2): 316 kB | 49/232 kB Progress (2): 316 kB | 53/232 kB Progress (2): 316 kB | 57/232 kB Progress (2): 316 kB | 61/232 kB Progress (2): 316 kB | 65/232 kB Progress (2): 316 kB | 69/232 kB Progress (2): 316 kB | 73/232 kB Progress (2): 316 kB | 77/232 kB Progress (2): 316 kB | 81/232 kB Progress (2): 316 kB | 86/232 kB Progress (2): 316 kB | 90/232 kB Progress (2): 316 kB | 94/232 kB Progress (2): 316 kB | 98/232 kB Progress (2): 316 kB | 102/232 kB Progress (2): 316 kB | 106/232 kB Progress (2): 316 kB | 110/232 kB Progress (2): 316 kB | 114/232 kB Progress (2): 316 kB | 118/232 kB Progress (2): 316 kB | 122/232 kB Progress (2): 316 kB | 126/232 kB Progress (2): 316 kB | 131/232 kB Progress (2): 316 kB | 135/232 kB Progress (3): 316 kB | 135/232 kB | 3.2/10 kB Progress (3): 316 kB | 139/232 kB | 3.2/10 kB Progress (3): 316 kB | 139/232 kB | 7.3/10 kB Progress (3): 316 kB | 139/232 kB | 10 kB Progress (3): 316 kB | 143/232 kB | 10 kB Progress (3): 316 kB | 147/232 kB | 10 kB Progress (3): 316 kB | 151/232 kB | 10 kB Progress (3): 316 kB | 155/232 kB | 10 kB Progress (3): 316 kB | 159/232 kB | 10 kB Progress (3): 316 kB | 163/232 kB | 10 kB Progress (3): 316 kB | 167/232 kB | 10 kB Progress (3): 316 kB | 172/232 kB | 10 kB Progress (3): 316 kB | 176/232 kB | 10 kB Progress (3): 316 kB | 180/232 kB | 10 kB Progress (3): 316 kB | 184/232 kB | 10 kB Progress (3): 316 kB | 188/232 kB | 10 kB Progress (3): 316 kB | 192/232 kB | 10 kB Progress (3): 316 kB | 196/232 kB | 10 kB Progress (3): 316 kB | 200/232 kB | 10 kB Progress (3): 316 kB | 204/232 kB | 10 kB Progress (3): 316 kB | 208/232 kB | 10 kB Progress (3): 316 kB | 213/232 kB | 10 kB Progress (3): 316 kB | 217/232 kB | 10 kB Progress (3): 316 kB | 221/232 kB | 10 kB Progress (3): 316 kB | 225/232 kB | 10 kB Progress (3): 316 kB | 229/232 kB | 10 kB Progress (3): 316 kB | 232 kB | 10 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.1/commons-lang3-3.1.jar (316 kB at 5.4 MB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.9/maven-reporting-api-2.0.9.jar (10 kB at 161 kB/s) Progress (2): 232 kB | 4.1/14 kB Progress (2): 232 kB | 7.7/14 kB Progress (2): 232 kB | 12/14 kB Progress (2): 232 kB | 14 kB Progress (3): 232 kB | 14 kB | 4.1/38 kB Progress (3): 232 kB | 14 kB | 7.7/38 kB Progress (3): 232 kB | 14 kB | 12/38 kB Progress (3): 232 kB | 14 kB | 16/38 kB Progress (3): 232 kB | 14 kB | 20/38 kB Progress (3): 232 kB | 14 kB | 24/38 kB Progress (3): 232 kB | 14 kB | 28/38 kB Progress (3): 232 kB | 14 kB | 32/38 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.8/plexus-utils-3.0.8.jar (232 kB at 3.5 MB/s) Progress (2): 14 kB | 36/38 kB Progress (2): 14 kB | 38 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-annotations/3.1/maven-plugin-annotations-3.1.jar (14 kB at 180 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/2.0.9/maven-toolchain-2.0.9.jar (38 kB at 442 kB/s) [INFO] Tests are skipped. [INFO] [INFO] --- maven-jar-plugin:3.3.0:jar (default-jar) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/file-management/3.1.0/file-management-3.1.0.pom Progress (1): 4.1 kB Progress (1): 4.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/file-management/3.1.0/file-management-3.1.0.pom (4.5 kB at 109 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/36/maven-shared-components-36.pom Progress (1): 4.1 kB Progress (1): 4.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/36/maven-shared-components-36.pom (4.9 kB at 117 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/36/maven-parent-36.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 45 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/36/maven-parent-36.pom (45 kB at 989 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/26/apache-26.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 21 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/26/apache-26.pom (21 kB at 456 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.pom (2.7 kB at 52 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.36/slf4j-parent-1.7.36.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.36/slf4j-parent-1.7.36.pom (14 kB at 178 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.3.0/plexus-utils-3.3.0.pom Progress (1): 4.1 kB Progress (1): 5.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.3.0/plexus-utils-3.3.0.pom (5.2 kB at 89 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/5.1/plexus-5.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 23 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/5.1/plexus-5.1.pom (23 kB at 459 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.11.0/commons-io-2.11.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.11.0/commons-io-2.11.0.pom (20 kB at 403 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/52/commons-parent-52.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 49 kB Progress (1): 53 kB Progress (1): 57 kB Progress (1): 61 kB Progress (1): 66 kB Progress (1): 70 kB Progress (1): 74 kB Progress (1): 78 kB Progress (1): 79 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/52/commons-parent-52.pom (79 kB at 1.4 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/junit/junit-bom/5.7.2/junit-bom-5.7.2.pom Progress (1): 4.1 kB Progress (1): 5.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/junit/junit-bom/5.7.2/junit-bom-5.7.2.pom (5.1 kB at 111 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-archiver/3.6.0/maven-archiver-3.6.0.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-archiver/3.6.0/maven-archiver-3.6.0.pom (3.9 kB at 98 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/3.4.0/plexus-io-3.4.0.pom Progress (1): 4.1 kB Progress (1): 6.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/3.4.0/plexus-io-3.4.0.pom (6.0 kB at 134 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/10/plexus-10.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 25 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/10/plexus-10.pom (25 kB at 605 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/javax/inject/javax.inject/1/javax.inject-1.pom Progress (1): 612 B Downloaded from central: https://repo.maven.apache.org/maven2/javax/inject/javax.inject/1/javax.inject-1.pom (612 B at 12 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/4.4.0/plexus-archiver-4.4.0.pom Progress (1): 4.1 kB Progress (1): 6.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/4.4.0/plexus-archiver-4.4.0.pom (6.3 kB at 157 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.21/commons-compress-1.21.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.21/commons-compress-1.21.pom (20 kB at 492 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/iq80/snappy/snappy/0.4/snappy-0.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/iq80/snappy/snappy/0.4/snappy-0.4.pom (15 kB at 316 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.9/xz-1.9.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.9/xz-1.9.pom (2.0 kB at 51 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.pom (2.7 kB at 63 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.4.2/plexus-utils-3.4.2.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.4.2/plexus-utils-3.4.2.pom (8.2 kB at 205 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/8/plexus-8.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 25 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/8/plexus-8.pom (25 kB at 519 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/file-management/3.1.0/file-management-3.1.0.jar Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.jar Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.11.0/commons-io-2.11.0.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-archiver/3.6.0/maven-archiver-3.6.0.jar Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/3.4.0/plexus-io-3.4.0.jar Progress (1): 4.1/26 kB Progress (1): 7.7/26 kB Progress (1): 11/26 kB Progress (2): 11/26 kB | 4.1/41 kB Progress (2): 15/26 kB | 4.1/41 kB Progress (2): 20/26 kB | 4.1/41 kB Progress (2): 20/26 kB | 7.7/41 kB Progress (2): 24/26 kB | 7.7/41 kB Progress (2): 24/26 kB | 12/41 kB Progress (2): 26 kB | 12/41 kB Progress (2): 26 kB | 16/41 kB Progress (2): 26 kB | 20/41 kB Progress (2): 26 kB | 24/41 kB Progress (2): 26 kB | 28/41 kB Progress (2): 26 kB | 32/41 kB Progress (2): 26 kB | 36/41 kB Progress (2): 26 kB | 40/41 kB Progress (2): 26 kB | 41 kB Progress (3): 26 kB | 41 kB | 4.1/79 kB Progress (3): 26 kB | 41 kB | 7.3/79 kB Progress (3): 26 kB | 41 kB | 11/79 kB Progress (3): 26 kB | 41 kB | 15/79 kB Progress (3): 26 kB | 41 kB | 20/79 kB Progress (4): 26 kB | 41 kB | 20/79 kB | 4.1/327 kB Progress (4): 26 kB | 41 kB | 24/79 kB | 4.1/327 kB Progress (4): 26 kB | 41 kB | 24/79 kB | 7.7/327 kB Progress (4): 26 kB | 41 kB | 24/79 kB | 12/327 kB Progress (4): 26 kB | 41 kB | 24/79 kB | 15/327 kB Progress (4): 26 kB | 41 kB | 28/79 kB | 15/327 kB Progress (5): 26 kB | 41 kB | 28/79 kB | 15/327 kB | 4.1/36 kB Progress (5): 26 kB | 41 kB | 28/79 kB | 15/327 kB | 7.7/36 kB Progress (5): 26 kB | 41 kB | 28/79 kB | 15/327 kB | 12/36 kB Progress (5): 26 kB | 41 kB | 28/79 kB | 15/327 kB | 16/36 kB Progress (5): 26 kB | 41 kB | 28/79 kB | 15/327 kB | 20/36 kB Progress (5): 26 kB | 41 kB | 28/79 kB | 15/327 kB | 24/36 kB Progress (5): 26 kB | 41 kB | 28/79 kB | 15/327 kB | 28/36 kB Progress (5): 26 kB | 41 kB | 28/79 kB | 15/327 kB | 32/36 kB Progress (5): 26 kB | 41 kB | 28/79 kB | 15/327 kB | 36/36 kB Progress (5): 26 kB | 41 kB | 28/79 kB | 15/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 32/79 kB | 15/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 32/79 kB | 20/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 32/79 kB | 24/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 32/79 kB | 28/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 36/79 kB | 28/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 36/79 kB | 32/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 40/79 kB | 32/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 44/79 kB | 32/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 48/79 kB | 32/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 48/79 kB | 36/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 48/79 kB | 40/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 48/79 kB | 44/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 52/79 kB | 44/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 52/79 kB | 48/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 56/79 kB | 48/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 61/79 kB | 48/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 65/79 kB | 48/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 65/79 kB | 52/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 65/79 kB | 56/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 65/79 kB | 61/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 69/79 kB | 61/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 69/79 kB | 65/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 73/79 kB | 65/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 77/79 kB | 65/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 65/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 69/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 73/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 77/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 81/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 85/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 89/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 93/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 97/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 102/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 106/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 110/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 114/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 118/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 122/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 126/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 130/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 134/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 138/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 142/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 147/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 151/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 155/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 159/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 163/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 167/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 171/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 175/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 179/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 183/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 188/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 192/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 196/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 200/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 204/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 208/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 212/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 216/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 220/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 224/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 228/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 233/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 237/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 241/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 245/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 249/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 253/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 257/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 261/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 265/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 269/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 274/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 278/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 282/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 286/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 290/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 294/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 298/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 302/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 306/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 310/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 314/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 319/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 323/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 327/327 kB | 36 kB Progress (5): 26 kB | 41 kB | 79 kB | 327 kB | 36 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-archiver/3.6.0/maven-archiver-3.6.0.jar (26 kB at 820 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/javax/inject/javax.inject/1/javax.inject-1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.jar (41 kB at 1.2 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/4.4.0/plexus-archiver-4.4.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/3.4.0/plexus-io-3.4.0.jar (79 kB at 2.3 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.21/commons-compress-1.21.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/file-management/3.1.0/file-management-3.1.0.jar (36 kB at 1.0 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/iq80/snappy/snappy/0.4/snappy-0.4.jar Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.11.0/commons-io-2.11.0.jar (327 kB at 8.6 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.9/xz-1.9.jar Progress (1): 0/1.0 MB Progress (1): 0/1.0 MB Progress (1): 0/1.0 MB Progress (1): 0/1.0 MB Progress (1): 0/1.0 MB Progress (1): 0/1.0 MB Progress (2): 0/1.0 MB | 2.5 kB Progress (2): 0.1/1.0 MB | 2.5 kB Progress (2): 0.1/1.0 MB | 2.5 kB Progress (2): 0.1/1.0 MB | 2.5 kB Progress (3): 0.1/1.0 MB | 2.5 kB | 4.1/211 kB Progress (4): 0.1/1.0 MB | 2.5 kB | 4.1/211 kB | 4.1/58 kB Progress (4): 0.1/1.0 MB | 2.5 kB | 4.1/211 kB | 7.7/58 kB Progress (4): 0.1/1.0 MB | 2.5 kB | 4.1/211 kB | 12/58 kB Progress (4): 0.1/1.0 MB | 2.5 kB | 4.1/211 kB | 15/58 kB Progress (4): 0.1/1.0 MB | 2.5 kB | 4.1/211 kB | 20/58 kB Progress (4): 0.1/1.0 MB | 2.5 kB | 4.1/211 kB | 24/58 kB Progress (4): 0.1/1.0 MB | 2.5 kB | 4.1/211 kB | 28/58 kB Progress (4): 0.1/1.0 MB | 2.5 kB | 4.1/211 kB | 32/58 kB Progress (4): 0.1/1.0 MB | 2.5 kB | 4.1/211 kB | 36/58 kB Progress (4): 0.1/1.0 MB | 2.5 kB | 4.1/211 kB | 40/58 kB Progress (4): 0.1/1.0 MB | 2.5 kB | 4.1/211 kB | 44/58 kB Progress (4): 0.1/1.0 MB | 2.5 kB | 4.1/211 kB | 48/58 kB Progress (4): 0.1/1.0 MB | 2.5 kB | 4.1/211 kB | 52/58 kB Progress (4): 0.1/1.0 MB | 2.5 kB | 4.1/211 kB | 56/58 kB Progress (4): 0.1/1.0 MB | 2.5 kB | 4.1/211 kB | 58 kB Progress (4): 0.1/1.0 MB | 2.5 kB | 4.1/211 kB | 58 kB Progress (4): 0.1/1.0 MB | 2.5 kB | 7.7/211 kB | 58 kB Progress (5): 0.1/1.0 MB | 2.5 kB | 7.7/211 kB | 58 kB | 4.1/116 kB Progress (5): 0.1/1.0 MB | 2.5 kB | 7.7/211 kB | 58 kB | 7.7/116 kB Progress (5): 0.1/1.0 MB | 2.5 kB | 7.7/211 kB | 58 kB | 12/116 kB Progress (5): 0.1/1.0 MB | 2.5 kB | 7.7/211 kB | 58 kB | 15/116 kB Progress (5): 0.1/1.0 MB | 2.5 kB | 12/211 kB | 58 kB | 15/116 kB Progress (5): 0.1/1.0 MB | 2.5 kB | 16/211 kB | 58 kB | 15/116 kB Progress (5): 0.1/1.0 MB | 2.5 kB | 20/211 kB | 58 kB | 15/116 kB Progress (5): 0.1/1.0 MB | 2.5 kB | 24/211 kB | 58 kB | 15/116 kB Progress (5): 0.1/1.0 MB | 2.5 kB | 28/211 kB | 58 kB | 15/116 kB Progress (5): 0.1/1.0 MB | 2.5 kB | 32/211 kB | 58 kB | 15/116 kB Progress (5): 0.1/1.0 MB | 2.5 kB | 36/211 kB | 58 kB | 15/116 kB Progress (5): 0.1/1.0 MB | 2.5 kB | 40/211 kB | 58 kB | 15/116 kB Progress (5): 0.1/1.0 MB | 2.5 kB | 45/211 kB | 58 kB | 15/116 kB Progress (5): 0.1/1.0 MB | 2.5 kB | 49/211 kB | 58 kB | 15/116 kB Progress (5): 0.1/1.0 MB | 2.5 kB | 53/211 kB | 58 kB | 15/116 kB Progress (5): 0.1/1.0 MB | 2.5 kB | 57/211 kB | 58 kB | 15/116 kB Progress (5): 0.1/1.0 MB | 2.5 kB | 61/211 kB | 58 kB | 15/116 kB Progress (5): 0.1/1.0 MB | 2.5 kB | 65/211 kB | 58 kB | 15/116 kB Progress (5): 0.1/1.0 MB | 2.5 kB | 69/211 kB | 58 kB | 15/116 kB Progress (5): 0.1/1.0 MB | 2.5 kB | 73/211 kB | 58 kB | 15/116 kB Progress (5): 0.1/1.0 MB | 2.5 kB | 77/211 kB | 58 kB | 15/116 kB Progress (5): 0.1/1.0 MB | 2.5 kB | 77/211 kB | 58 kB | 15/116 kB Progress (5): 0.1/1.0 MB | 2.5 kB | 81/211 kB | 58 kB | 15/116 kB Progress (5): 0.1/1.0 MB | 2.5 kB | 81/211 kB | 58 kB | 20/116 kB Progress (5): 0.1/1.0 MB | 2.5 kB | 81/211 kB | 58 kB | 20/116 kB Progress (5): 0.1/1.0 MB | 2.5 kB | 86/211 kB | 58 kB | 20/116 kB Progress (5): 0.1/1.0 MB | 2.5 kB | 86/211 kB | 58 kB | 24/116 kB Progress (5): 0.1/1.0 MB | 2.5 kB | 86/211 kB | 58 kB | 28/116 kB Progress (5): 0.1/1.0 MB | 2.5 kB | 86/211 kB | 58 kB | 28/116 kB Progress (5): 0.1/1.0 MB | 2.5 kB | 86/211 kB | 58 kB | 32/116 kB Progress (5): 0.1/1.0 MB | 2.5 kB | 90/211 kB | 58 kB | 32/116 kB Progress (5): 0.1/1.0 MB | 2.5 kB | 90/211 kB | 58 kB | 32/116 kB Progress (5): 0.1/1.0 MB | 2.5 kB | 90/211 kB | 58 kB | 36/116 kB Progress (5): 0.1/1.0 MB | 2.5 kB | 94/211 kB | 58 kB | 36/116 kB Progress (5): 0.1/1.0 MB | 2.5 kB | 98/211 kB | 58 kB | 36/116 kB Progress (5): 0.1/1.0 MB | 2.5 kB | 98/211 kB | 58 kB | 36/116 kB Progress (5): 0.1/1.0 MB | 2.5 kB | 102/211 kB | 58 kB | 36/116 kB Progress (5): 0.1/1.0 MB | 2.5 kB | 102/211 kB | 58 kB | 40/116 kB Progress (5): 0.1/1.0 MB | 2.5 kB | 102/211 kB | 58 kB | 44/116 kB Progress (5): 0.1/1.0 MB | 2.5 kB | 102/211 kB | 58 kB | 48/116 kB Progress (5): 0.1/1.0 MB | 2.5 kB | 102/211 kB | 58 kB | 48/116 kB Progress (5): 0.1/1.0 MB | 2.5 kB | 102/211 kB | 58 kB | 48/116 kB Progress (5): 0.1/1.0 MB | 2.5 kB | 106/211 kB | 58 kB | 48/116 kB Progress (5): 0.1/1.0 MB | 2.5 kB | 106/211 kB | 58 kB | 52/116 kB Progress (5): 0.1/1.0 MB | 2.5 kB | 106/211 kB | 58 kB | 56/116 kB Progress (5): 0.1/1.0 MB | 2.5 kB | 106/211 kB | 58 kB | 61/116 kB Progress (5): 0.1/1.0 MB | 2.5 kB | 106/211 kB | 58 kB | 65/116 kB Progress (5): 0.1/1.0 MB | 2.5 kB | 106/211 kB | 58 kB | 65/116 kB Progress (5): 0.1/1.0 MB | 2.5 kB | 106/211 kB | 58 kB | 69/116 kB Progress (5): 0.1/1.0 MB | 2.5 kB | 106/211 kB | 58 kB | 73/116 kB Progress (5): 0.1/1.0 MB | 2.5 kB | 106/211 kB | 58 kB | 77/116 kB Progress (5): 0.1/1.0 MB | 2.5 kB | 106/211 kB | 58 kB | 81/116 kB Progress (5): 0.1/1.0 MB | 2.5 kB | 106/211 kB | 58 kB | 85/116 kB Progress (5): 0.1/1.0 MB | 2.5 kB | 106/211 kB | 58 kB | 89/116 kB Progress (5): 0.1/1.0 MB | 2.5 kB | 106/211 kB | 58 kB | 93/116 kB Progress (5): 0.1/1.0 MB | 2.5 kB | 106/211 kB | 58 kB | 97/116 kB Progress (5): 0.1/1.0 MB | 2.5 kB | 106/211 kB | 58 kB | 102/116 kB Progress (5): 0.1/1.0 MB | 2.5 kB | 106/211 kB | 58 kB | 106/116 kB Progress (5): 0.1/1.0 MB | 2.5 kB | 106/211 kB | 58 kB | 110/116 kB Progress (5): 0.1/1.0 MB | 2.5 kB | 106/211 kB | 58 kB | 114/116 kB Progress (5): 0.1/1.0 MB | 2.5 kB | 106/211 kB | 58 kB | 116 kB Progress (5): 0.1/1.0 MB | 2.5 kB | 110/211 kB | 58 kB | 116 kB Progress (5): 0.2/1.0 MB | 2.5 kB | 110/211 kB | 58 kB | 116 kB Progress (5): 0.2/1.0 MB | 2.5 kB | 114/211 kB | 58 kB | 116 kB Progress (5): 0.2/1.0 MB | 2.5 kB | 114/211 kB | 58 kB | 116 kB Progress (5): 0.2/1.0 MB | 2.5 kB | 114/211 kB | 58 kB | 116 kB Progress (5): 0.2/1.0 MB | 2.5 kB | 114/211 kB | 58 kB | 116 kB Progress (5): 0.2/1.0 MB | 2.5 kB | 114/211 kB | 58 kB | 116 kB Progress (5): 0.2/1.0 MB | 2.5 kB | 114/211 kB | 58 kB | 116 kB Progress (5): 0.2/1.0 MB | 2.5 kB | 114/211 kB | 58 kB | 116 kB Progress (5): 0.2/1.0 MB | 2.5 kB | 118/211 kB | 58 kB | 116 kB Progress (5): 0.2/1.0 MB | 2.5 kB | 122/211 kB | 58 kB | 116 kB Progress (5): 0.2/1.0 MB | 2.5 kB | 122/211 kB | 58 kB | 116 kB Progress (5): 0.2/1.0 MB | 2.5 kB | 126/211 kB | 58 kB | 116 kB Progress (5): 0.2/1.0 MB | 2.5 kB | 126/211 kB | 58 kB | 116 kB Progress (5): 0.2/1.0 MB | 2.5 kB | 126/211 kB | 58 kB | 116 kB Progress (5): 0.2/1.0 MB | 2.5 kB | 126/211 kB | 58 kB | 116 kB Progress (5): 0.2/1.0 MB | 2.5 kB | 131/211 kB | 58 kB | 116 kB Progress (5): 0.2/1.0 MB | 2.5 kB | 131/211 kB | 58 kB | 116 kB Progress (5): 0.3/1.0 MB | 2.5 kB | 131/211 kB | 58 kB | 116 kB Progress (5): 0.3/1.0 MB | 2.5 kB | 135/211 kB | 58 kB | 116 kB Progress (5): 0.3/1.0 MB | 2.5 kB | 139/211 kB | 58 kB | 116 kB Progress (5): 0.3/1.0 MB | 2.5 kB | 139/211 kB | 58 kB | 116 kB Progress (5): 0.3/1.0 MB | 2.5 kB | 139/211 kB | 58 kB | 116 kB Progress (5): 0.3/1.0 MB | 2.5 kB | 143/211 kB | 58 kB | 116 kB Progress (5): 0.3/1.0 MB | 2.5 kB | 147/211 kB | 58 kB | 116 kB Progress (5): 0.3/1.0 MB | 2.5 kB | 147/211 kB | 58 kB | 116 kB Progress (5): 0.3/1.0 MB | 2.5 kB | 147/211 kB | 58 kB | 116 kB Progress (5): 0.3/1.0 MB | 2.5 kB | 151/211 kB | 58 kB | 116 kB Progress (5): 0.3/1.0 MB | 2.5 kB | 155/211 kB | 58 kB | 116 kB Progress (5): 0.3/1.0 MB | 2.5 kB | 159/211 kB | 58 kB | 116 kB Progress (5): 0.3/1.0 MB | 2.5 kB | 159/211 kB | 58 kB | 116 kB Progress (5): 0.3/1.0 MB | 2.5 kB | 163/211 kB | 58 kB | 116 kB Progress (5): 0.3/1.0 MB | 2.5 kB | 163/211 kB | 58 kB | 116 kB Progress (5): 0.3/1.0 MB | 2.5 kB | 167/211 kB | 58 kB | 116 kB Progress (5): 0.3/1.0 MB | 2.5 kB | 172/211 kB | 58 kB | 116 kB Progress (5): 0.3/1.0 MB | 2.5 kB | 172/211 kB | 58 kB | 116 kB Progress (5): 0.3/1.0 MB | 2.5 kB | 176/211 kB | 58 kB | 116 kB Progress (5): 0.3/1.0 MB | 2.5 kB | 176/211 kB | 58 kB | 116 kB Progress (5): 0.3/1.0 MB | 2.5 kB | 180/211 kB | 58 kB | 116 kB Progress (5): 0.3/1.0 MB | 2.5 kB | 180/211 kB | 58 kB | 116 kB Progress (5): 0.3/1.0 MB | 2.5 kB | 184/211 kB | 58 kB | 116 kB Progress (5): 0.3/1.0 MB | 2.5 kB | 184/211 kB | 58 kB | 116 kB Progress (5): 0.3/1.0 MB | 2.5 kB | 188/211 kB | 58 kB | 116 kB Progress (5): 0.3/1.0 MB | 2.5 kB | 188/211 kB | 58 kB | 116 kB Progress (5): 0.4/1.0 MB | 2.5 kB | 188/211 kB | 58 kB | 116 kB Progress (5): 0.4/1.0 MB | 2.5 kB | 188/211 kB | 58 kB | 116 kB Progress (5): 0.4/1.0 MB | 2.5 kB | 192/211 kB | 58 kB | 116 kB Progress (5): 0.4/1.0 MB | 2.5 kB | 196/211 kB | 58 kB | 116 kB Progress (5): 0.4/1.0 MB | 2.5 kB | 196/211 kB | 58 kB | 116 kB Progress (5): 0.4/1.0 MB | 2.5 kB | 196/211 kB | 58 kB | 116 kB Progress (5): 0.4/1.0 MB | 2.5 kB | 200/211 kB | 58 kB | 116 kB Progress (5): 0.4/1.0 MB | 2.5 kB | 204/211 kB | 58 kB | 116 kB Progress (5): 0.4/1.0 MB | 2.5 kB | 208/211 kB | 58 kB | 116 kB Progress (5): 0.4/1.0 MB | 2.5 kB | 208/211 kB | 58 kB | 116 kB Progress (5): 0.4/1.0 MB | 2.5 kB | 211 kB | 58 kB | 116 kB Progress (5): 0.4/1.0 MB | 2.5 kB | 211 kB | 58 kB | 116 kB Progress (5): 0.4/1.0 MB | 2.5 kB | 211 kB | 58 kB | 116 kB Progress (5): 0.4/1.0 MB | 2.5 kB | 211 kB | 58 kB | 116 kB Progress (5): 0.4/1.0 MB | 2.5 kB | 211 kB | 58 kB | 116 kB Progress (5): 0.4/1.0 MB | 2.5 kB | 211 kB | 58 kB | 116 kB Progress (5): 0.4/1.0 MB | 2.5 kB | 211 kB | 58 kB | 116 kB Progress (5): 0.4/1.0 MB | 2.5 kB | 211 kB | 58 kB | 116 kB Progress (5): 0.4/1.0 MB | 2.5 kB | 211 kB | 58 kB | 116 kB Progress (5): 0.5/1.0 MB | 2.5 kB | 211 kB | 58 kB | 116 kB Progress (5): 0.5/1.0 MB | 2.5 kB | 211 kB | 58 kB | 116 kB Downloaded from central: https://repo.maven.apache.org/maven2/javax/inject/javax.inject/1/javax.inject-1.jar (2.5 kB at 37 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.jar Progress (4): 0.5/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 0.5/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 0.5/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 0.5/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 0.5/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 0.5/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 0.5/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 0.5/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 0.5/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 0.5/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 0.6/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 0.6/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 0.6/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 0.6/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 0.6/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 0.6/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 0.6/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 0.6/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 0.6/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 0.6/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 0.6/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 0.6/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 0.7/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 0.7/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 0.7/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 0.7/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 0.7/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 0.7/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 0.7/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 0.7/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 0.7/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 0.7/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 0.7/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 0.7/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 0.8/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 0.8/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 0.8/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 0.8/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 0.8/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 0.8/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 0.8/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 0.8/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 0.8/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 0.8/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 0.8/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 0.8/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 0.8/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 0.9/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 0.9/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 0.9/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 0.9/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 0.9/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 0.9/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 0.9/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 0.9/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 0.9/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 0.9/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 0.9/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 0.9/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 1.0/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 1.0/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 1.0/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 1.0/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 1.0/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 1.0/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 1.0/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 1.0/1.0 MB | 211 kB | 58 kB | 116 kB Progress (4): 1.0 MB | 211 kB | 58 kB | 116 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/iq80/snappy/snappy/0.4/snappy-0.4.jar (58 kB at 724 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.9/xz-1.9.jar (116 kB at 1.5 MB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/4.4.0/plexus-archiver-4.4.0.jar (211 kB at 2.6 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.4.2/plexus-utils-3.4.2.jar Progress (2): 1.0 MB | 4.1/85 kB Progress (2): 1.0 MB | 7.7/85 kB Progress (2): 1.0 MB | 12/85 kB Progress (2): 1.0 MB | 15/85 kB Progress (2): 1.0 MB | 20/85 kB Progress (2): 1.0 MB | 24/85 kB Progress (2): 1.0 MB | 28/85 kB Progress (2): 1.0 MB | 32/85 kB Progress (2): 1.0 MB | 36/85 kB Progress (2): 1.0 MB | 40/85 kB Progress (2): 1.0 MB | 44/85 kB Progress (2): 1.0 MB | 48/85 kB Progress (2): 1.0 MB | 52/85 kB Progress (2): 1.0 MB | 56/85 kB Progress (2): 1.0 MB | 61/85 kB Progress (2): 1.0 MB | 65/85 kB Progress (2): 1.0 MB | 69/85 kB Progress (2): 1.0 MB | 73/85 kB Progress (2): 1.0 MB | 77/85 kB Progress (2): 1.0 MB | 81/85 kB Progress (2): 1.0 MB | 85/85 kB Progress (2): 1.0 MB | 85 kB Progress (3): 1.0 MB | 85 kB | 4.1/267 kB Progress (3): 1.0 MB | 85 kB | 7.7/267 kB Progress (3): 1.0 MB | 85 kB | 12/267 kB Progress (3): 1.0 MB | 85 kB | 16/267 kB Progress (3): 1.0 MB | 85 kB | 20/267 kB Progress (3): 1.0 MB | 85 kB | 24/267 kB Progress (3): 1.0 MB | 85 kB | 28/267 kB Progress (3): 1.0 MB | 85 kB | 32/267 kB Progress (3): 1.0 MB | 85 kB | 36/267 kB Progress (3): 1.0 MB | 85 kB | 40/267 kB Progress (3): 1.0 MB | 85 kB | 45/267 kB Progress (3): 1.0 MB | 85 kB | 49/267 kB Progress (3): 1.0 MB | 85 kB | 53/267 kB Progress (3): 1.0 MB | 85 kB | 57/267 kB Progress (3): 1.0 MB | 85 kB | 61/267 kB Progress (3): 1.0 MB | 85 kB | 65/267 kB Progress (3): 1.0 MB | 85 kB | 69/267 kB Progress (3): 1.0 MB | 85 kB | 73/267 kB Progress (3): 1.0 MB | 85 kB | 77/267 kB Progress (3): 1.0 MB | 85 kB | 81/267 kB Progress (3): 1.0 MB | 85 kB | 86/267 kB Progress (3): 1.0 MB | 85 kB | 90/267 kB Progress (3): 1.0 MB | 85 kB | 94/267 kB Progress (3): 1.0 MB | 85 kB | 98/267 kB Progress (3): 1.0 MB | 85 kB | 102/267 kB Progress (3): 1.0 MB | 85 kB | 106/267 kB Progress (3): 1.0 MB | 85 kB | 110/267 kB Progress (3): 1.0 MB | 85 kB | 114/267 kB Progress (3): 1.0 MB | 85 kB | 118/267 kB Progress (3): 1.0 MB | 85 kB | 122/267 kB Progress (3): 1.0 MB | 85 kB | 126/267 kB Progress (3): 1.0 MB | 85 kB | 131/267 kB Progress (3): 1.0 MB | 85 kB | 135/267 kB Progress (3): 1.0 MB | 85 kB | 139/267 kB Progress (3): 1.0 MB | 85 kB | 143/267 kB Progress (3): 1.0 MB | 85 kB | 147/267 kB Progress (3): 1.0 MB | 85 kB | 151/267 kB Progress (3): 1.0 MB | 85 kB | 155/267 kB Progress (3): 1.0 MB | 85 kB | 159/267 kB Progress (3): 1.0 MB | 85 kB | 163/267 kB Progress (3): 1.0 MB | 85 kB | 167/267 kB Progress (3): 1.0 MB | 85 kB | 172/267 kB Progress (3): 1.0 MB | 85 kB | 176/267 kB Progress (3): 1.0 MB | 85 kB | 180/267 kB Progress (3): 1.0 MB | 85 kB | 184/267 kB Progress (3): 1.0 MB | 85 kB | 188/267 kB Progress (3): 1.0 MB | 85 kB | 192/267 kB Progress (3): 1.0 MB | 85 kB | 196/267 kB Progress (3): 1.0 MB | 85 kB | 200/267 kB Progress (3): 1.0 MB | 85 kB | 204/267 kB Progress (3): 1.0 MB | 85 kB | 208/267 kB Progress (3): 1.0 MB | 85 kB | 213/267 kB Progress (3): 1.0 MB | 85 kB | 217/267 kB Progress (3): 1.0 MB | 85 kB | 221/267 kB Progress (3): 1.0 MB | 85 kB | 225/267 kB Progress (3): 1.0 MB | 85 kB | 229/267 kB Progress (3): 1.0 MB | 85 kB | 233/267 kB Progress (3): 1.0 MB | 85 kB | 237/267 kB Progress (3): 1.0 MB | 85 kB | 241/267 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.jar (85 kB at 853 kB/s) Progress (2): 1.0 MB | 245/267 kB Progress (2): 1.0 MB | 249/267 kB Progress (2): 1.0 MB | 253/267 kB Progress (2): 1.0 MB | 258/267 kB Progress (2): 1.0 MB | 262/267 kB Progress (2): 1.0 MB | 266/267 kB Progress (2): 1.0 MB | 267 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.21/commons-compress-1.21.jar (1.0 MB at 10 MB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.4.2/plexus-utils-3.4.2.jar (267 kB at 2.2 MB/s) [INFO] Building jar: /work/target/hacbs-test.jar [INFO] [INFO] --- maven-shade-plugin:3.2.4:shade (default) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/3.0/maven-plugin-api-3.0.pom Progress (1): 2.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/3.0/maven-plugin-api-3.0.pom (2.3 kB at 60 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/3.0/maven-3.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 22 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/3.0/maven-3.0.pom (22 kB at 706 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/15/maven-parent-15.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 24 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/15/maven-parent-15.pom (24 kB at 667 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/3.0/maven-model-3.0.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/3.0/maven-model-3.0.pom (3.9 kB at 108 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.4/plexus-utils-2.0.4.pom Progress (1): 3.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.4/plexus-utils-2.0.4.pom (3.3 kB at 111 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.0/maven-artifact-3.0.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.0/maven-artifact-3.0.pom (1.9 kB at 66 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-plexus/1.4.2/sisu-inject-plexus-1.4.2.pom Progress (1): 4.1 kB Progress (1): 5.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-plexus/1.4.2/sisu-inject-plexus-1.4.2.pom (5.4 kB at 168 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/inject/guice-plexus/1.4.2/guice-plexus-1.4.2.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/inject/guice-plexus/1.4.2/guice-plexus-1.4.2.pom (3.1 kB at 95 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/inject/guice-bean/1.4.2/guice-bean-1.4.2.pom Progress (1): 2.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/inject/guice-bean/1.4.2/guice-bean-1.4.2.pom (2.6 kB at 47 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject/1.4.2/sisu-inject-1.4.2.pom Progress (1): 1.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject/1.4.2/sisu-inject-1.4.2.pom (1.2 kB at 30 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-parent/1.4.2/sisu-parent-1.4.2.pom Progress (1): 4.1 kB Progress (1): 7.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-parent/1.4.2/sisu-parent-1.4.2.pom (7.8 kB at 251 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/6/forge-parent-6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/6/forge-parent-6.pom (11 kB at 326 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.pom Progress (1): 750 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.pom (750 B at 18 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/2.0.0/plexus-containers-2.0.0.pom Progress (1): 4.1 kB Progress (1): 4.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/2.0.0/plexus-containers-2.0.0.pom (4.8 kB at 146 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.3/plexus-classworlds-2.2.3.pom Progress (1): 4.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.3/plexus-classworlds-2.2.3.pom (4.0 kB at 118 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-bean/1.4.2/sisu-inject-bean-1.4.2.pom Progress (1): 4.1 kB Progress (1): 5.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-bean/1.4.2/sisu-inject-bean-1.4.2.pom (5.5 kB at 156 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-guice/2.1.7/sisu-guice-2.1.7.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-guice/2.1.7/sisu-guice-2.1.7.pom (11 kB at 316 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/3.0/maven-core-3.0.pom Progress (1): 4.1 kB Progress (1): 6.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/3.0/maven-core-3.0.pom (6.6 kB at 207 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/3.0/maven-settings-3.0.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/3.0/maven-settings-3.0.pom (1.9 kB at 48 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings-builder/3.0/maven-settings-builder-3.0.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings-builder/3.0/maven-settings-builder-3.0.pom (2.2 kB at 69 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.pom Progress (1): 910 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.pom (910 B at 28 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.18/plexus-components-1.1.18.pom Progress (1): 4.1 kB Progress (1): 5.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.18/plexus-components-1.1.18.pom (5.4 kB at 178 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/3.0/maven-repository-metadata-3.0.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/3.0/maven-repository-metadata-3.0.pom (1.9 kB at 60 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model-builder/3.0/maven-model-builder-3.0.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model-builder/3.0/maven-model-builder-3.0.pom (2.2 kB at 59 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-aether-provider/3.0/maven-aether-provider-3.0.pom Progress (1): 2.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-aether-provider/3.0/maven-aether-provider-3.0.pom (2.5 kB at 77 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-api/1.7/aether-api-1.7.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-api/1.7/aether-api-1.7.pom (1.7 kB at 45 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-parent/1.7/aether-parent-1.7.pom Progress (1): 4.1 kB Progress (1): 7.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-parent/1.7/aether-parent-1.7.pom (7.7 kB at 198 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-util/1.7/aether-util-1.7.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-util/1.7/aether-util-1.7.pom (2.1 kB at 59 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-impl/1.7/aether-impl-1.7.pom Progress (1): 3.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-impl/1.7/aether-impl-1.7.pom (3.7 kB at 112 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-spi/1.7/aether-spi-1.7.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-spi/1.7/aether-spi-1.7.pom (1.7 kB at 54 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-artifact-transfer/0.12.0/maven-artifact-transfer-0.12.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-artifact-transfer/0.12.0/maven-artifact-transfer-0.12.0.pom (11 kB at 363 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/33/maven-shared-components-33.pom Progress (1): 4.1 kB Progress (1): 5.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/33/maven-shared-components-33.pom (5.1 kB at 150 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/33/maven-parent-33.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 44 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/33/maven-parent-33.pom (44 kB at 1.3 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/21/apache-21.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 17 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/21/apache-21.pom (17 kB at 611 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.0.1/maven-common-artifact-filters-3.0.1.pom Progress (1): 4.1 kB Progress (1): 4.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.0.1/maven-common-artifact-filters-3.0.1.pom (4.8 kB at 179 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/30/maven-shared-components-30.pom Progress (1): 4.1 kB Progress (1): 4.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/30/maven-shared-components-30.pom (4.6 kB at 115 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/30/maven-parent-30.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 41 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/30/maven-parent-30.pom (41 kB at 1.2 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/18/apache-18.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/18/apache-18.pom (16 kB at 505 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.1.0/maven-shared-utils-3.1.0.pom Progress (1): 4.1 kB Progress (1): 5.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.1.0/maven-shared-utils-3.1.0.pom (5.0 kB at 161 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.5/commons-io-2.5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.5/commons-io-2.5.pom (13 kB at 391 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/39/commons-parent-39.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 49 kB Progress (1): 53 kB Progress (1): 57 kB Progress (1): 61 kB Progress (1): 62 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/39/commons-parent-39.pom (62 kB at 2.0 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/16/apache-16.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/16/apache-16.pom (15 kB at 531 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.1.1/plexus-utils-3.1.1.pom Progress (1): 4.1 kB Progress (1): 5.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.1.1/plexus-utils-3.1.1.pom (5.1 kB at 169 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/4.0/plexus-4.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 22 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/4.0/plexus-4.0.pom (22 kB at 694 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.pom (14 kB at 499 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/42/commons-parent-42.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 49 kB Progress (1): 53 kB Progress (1): 57 kB Progress (1): 61 kB Progress (1): 66 kB Progress (1): 68 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/42/commons-parent-42.pom (68 kB at 2.0 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.5/slf4j-api-1.7.5.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.5/slf4j-api-1.7.5.pom (2.7 kB at 75 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.5/slf4j-parent-1.7.5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.5/slf4j-parent-1.7.5.pom (12 kB at 369 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/8.0/asm-8.0.pom Progress (1): 2.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/8.0/asm-8.0.pom (2.9 kB at 92 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/ow2/1.5/ow2-1.5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/ow2/1.5/ow2-1.5.pom (11 kB at 362 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-commons/8.0/asm-commons-8.0.pom Progress (1): 3.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-commons/8.0/asm-commons-8.0.pom (3.7 kB at 126 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-tree/8.0/asm-tree-8.0.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-tree/8.0/asm-tree-8.0.pom (3.1 kB at 98 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-analysis/8.0/asm-analysis-8.0.pom Progress (1): 3.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-analysis/8.0/asm-analysis-8.0.pom (3.2 kB at 96 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/jdom/jdom2/2.0.6/jdom2-2.0.6.pom Progress (1): 4.1 kB Progress (1): 4.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/jdom/jdom2/2.0.6/jdom2-2.0.6.pom (4.6 kB at 153 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-tree/3.0.1/maven-dependency-tree-3.0.1.pom Progress (1): 4.1 kB Progress (1): 7.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-tree/3.0.1/maven-dependency-tree-3.0.1.pom (7.5 kB at 227 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether-util/0.9.0.M2/aether-util-0.9.0.M2.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether-util/0.9.0.M2/aether-util-0.9.0.M2.pom (2.0 kB at 62 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether/0.9.0.M2/aether-0.9.0.M2.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 28 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether/0.9.0.M2/aether-0.9.0.M2.pom (28 kB at 753 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.6/commons-io-2.6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.6/commons-io-2.6.pom (14 kB at 339 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/vafer/jdependency/2.4.0/jdependency-2.4.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/vafer/jdependency/2.4.0/jdependency-2.4.0.pom (15 kB at 502 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-util/8.0/asm-util-8.0.pom Progress (1): 3.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-util/8.0/asm-util-8.0.pom (3.7 kB at 130 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/guava/28.2-android/guava-28.2-android.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/guava/28.2-android/guava-28.2-android.pom (11 kB at 364 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/guava-parent/28.2-android/guava-parent-28.2-android.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/guava-parent/28.2-android/guava-parent-28.2-android.pom (13 kB at 445 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.pom Progress (1): 2.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.pom (2.4 kB at 83 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/guava-parent/26.0-android/guava-parent-26.0-android.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 10 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/guava-parent/26.0-android/guava-parent-26.0-android.pom (10 kB at 328 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/9/oss-parent-9.pom Progress (1): 4.1 kB Progress (1): 6.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/9/oss-parent-9.pom (6.6 kB at 199 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.pom Progress (1): 2.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.pom (2.3 kB at 79 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.pom Progress (1): 4.1 kB Progress (1): 4.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.pom (4.3 kB at 143 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/7/oss-parent-7.pom Progress (1): 4.1 kB Progress (1): 4.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/7/oss-parent-7.pom (4.8 kB at 161 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.pom (2.7 kB at 95 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_annotations/2.3.4/error_prone_annotations-2.3.4.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_annotations/2.3.4/error_prone_annotations-2.3.4.pom (2.1 kB at 73 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_parent/2.3.4/error_prone_parent-2.3.4.pom Progress (1): 4.1 kB Progress (1): 5.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_parent/2.3.4/error_prone_parent-2.3.4.pom (5.4 kB at 155 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.pom (2.8 kB at 92 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.7/commons-lang3-3.7.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 28 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.7/commons-lang3-3.7.pom (28 kB at 949 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/3.0/maven-plugin-api-3.0.jar Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-plexus/1.4.2/sisu-inject-plexus-1.4.2.jar Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-bean/1.4.2/sisu-inject-bean-1.4.2.jar Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-guice/2.1.7/sisu-guice-2.1.7-noaop.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/3.0/maven-model-3.0.jar Progress (1): 4.1/49 kB Progress (1): 7.7/49 kB Progress (1): 12/49 kB Progress (1): 16/49 kB Progress (1): 20/49 kB Progress (1): 24/49 kB Progress (1): 28/49 kB Progress (1): 32/49 kB Progress (1): 36/49 kB Progress (1): 40/49 kB Progress (1): 45/49 kB Progress (1): 49/49 kB Progress (1): 49 kB Progress (2): 49 kB | 4.1/153 kB Progress (2): 49 kB | 7.7/153 kB Progress (2): 49 kB | 12/153 kB Progress (2): 49 kB | 16/153 kB Progress (2): 49 kB | 20/153 kB Progress (2): 49 kB | 24/153 kB Progress (2): 49 kB | 28/153 kB Progress (2): 49 kB | 32/153 kB Progress (2): 49 kB | 36/153 kB Progress (2): 49 kB | 40/153 kB Progress (2): 49 kB | 45/153 kB Progress (2): 49 kB | 49/153 kB Progress (2): 49 kB | 53/153 kB Progress (2): 49 kB | 57/153 kB Progress (2): 49 kB | 61/153 kB Progress (2): 49 kB | 65/153 kB Progress (2): 49 kB | 69/153 kB Progress (2): 49 kB | 73/153 kB Progress (2): 49 kB | 77/153 kB Progress (2): 49 kB | 81/153 kB Progress (2): 49 kB | 86/153 kB Progress (2): 49 kB | 90/153 kB Progress (2): 49 kB | 94/153 kB Progress (2): 49 kB | 98/153 kB Progress (2): 49 kB | 102/153 kB Progress (2): 49 kB | 106/153 kB Progress (2): 49 kB | 110/153 kB Progress (2): 49 kB | 114/153 kB Progress (2): 49 kB | 118/153 kB Progress (2): 49 kB | 122/153 kB Progress (2): 49 kB | 126/153 kB Progress (2): 49 kB | 131/153 kB Progress (2): 49 kB | 135/153 kB Progress (2): 49 kB | 139/153 kB Progress (2): 49 kB | 143/153 kB Progress (2): 49 kB | 147/153 kB Progress (2): 49 kB | 151/153 kB Progress (2): 49 kB | 153 kB Progress (3): 49 kB | 153 kB | 4.1/472 kB Progress (3): 49 kB | 153 kB | 7.7/472 kB Progress (3): 49 kB | 153 kB | 12/472 kB Progress (3): 49 kB | 153 kB | 16/472 kB Progress (3): 49 kB | 153 kB | 20/472 kB Progress (3): 49 kB | 153 kB | 24/472 kB Progress (3): 49 kB | 153 kB | 28/472 kB Progress (3): 49 kB | 153 kB | 32/472 kB Progress (3): 49 kB | 153 kB | 36/472 kB Progress (3): 49 kB | 153 kB | 40/472 kB Progress (3): 49 kB | 153 kB | 44/472 kB Progress (3): 49 kB | 153 kB | 48/472 kB Progress (3): 49 kB | 153 kB | 52/472 kB Progress (3): 49 kB | 153 kB | 56/472 kB Progress (3): 49 kB | 153 kB | 61/472 kB Progress (3): 49 kB | 153 kB | 65/472 kB Progress (3): 49 kB | 153 kB | 69/472 kB Progress (3): 49 kB | 153 kB | 73/472 kB Progress (3): 49 kB | 153 kB | 77/472 kB Progress (3): 49 kB | 153 kB | 81/472 kB Progress (3): 49 kB | 153 kB | 85/472 kB Progress (3): 49 kB | 153 kB | 89/472 kB Progress (3): 49 kB | 153 kB | 93/472 kB Progress (3): 49 kB | 153 kB | 97/472 kB Progress (3): 49 kB | 153 kB | 102/472 kB Progress (3): 49 kB | 153 kB | 106/472 kB Progress (3): 49 kB | 153 kB | 110/472 kB Progress (3): 49 kB | 153 kB | 114/472 kB Progress (3): 49 kB | 153 kB | 118/472 kB Progress (3): 49 kB | 153 kB | 122/472 kB Progress (3): 49 kB | 153 kB | 126/472 kB Progress (3): 49 kB | 153 kB | 130/472 kB Progress (4): 49 kB | 153 kB | 130/472 kB | 4.1/202 kB Progress (4): 49 kB | 153 kB | 134/472 kB | 4.1/202 kB Progress (4): 49 kB | 153 kB | 134/472 kB | 7.7/202 kB Progress (4): 49 kB | 153 kB | 134/472 kB | 12/202 kB Progress (4): 49 kB | 153 kB | 134/472 kB | 16/202 kB Progress (4): 49 kB | 153 kB | 138/472 kB | 16/202 kB Progress (4): 49 kB | 153 kB | 138/472 kB | 20/202 kB Progress (4): 49 kB | 153 kB | 142/472 kB | 20/202 kB Progress (4): 49 kB | 153 kB | 142/472 kB | 24/202 kB Progress (4): 49 kB | 153 kB | 142/472 kB | 28/202 kB Progress (4): 49 kB | 153 kB | 147/472 kB | 28/202 kB Progress (4): 49 kB | 153 kB | 151/472 kB | 28/202 kB Progress (4): 49 kB | 153 kB | 151/472 kB | 32/202 kB Progress (4): 49 kB | 153 kB | 155/472 kB | 32/202 kB Progress (4): 49 kB | 153 kB | 155/472 kB | 36/202 kB Progress (4): 49 kB | 153 kB | 159/472 kB | 36/202 kB Progress (4): 49 kB | 153 kB | 163/472 kB | 36/202 kB Progress (4): 49 kB | 153 kB | 167/472 kB | 36/202 kB Progress (4): 49 kB | 153 kB | 171/472 kB | 36/202 kB Progress (4): 49 kB | 153 kB | 171/472 kB | 40/202 kB Progress (4): 49 kB | 153 kB | 175/472 kB | 40/202 kB Progress (4): 49 kB | 153 kB | 175/472 kB | 45/202 kB Progress (4): 49 kB | 153 kB | 179/472 kB | 45/202 kB Progress (4): 49 kB | 153 kB | 179/472 kB | 49/202 kB Progress (4): 49 kB | 153 kB | 183/472 kB | 49/202 kB Progress (4): 49 kB | 153 kB | 183/472 kB | 53/202 kB Progress (4): 49 kB | 153 kB | 188/472 kB | 53/202 kB Progress (4): 49 kB | 153 kB | 188/472 kB | 57/202 kB Progress (4): 49 kB | 153 kB | 192/472 kB | 57/202 kB Progress (4): 49 kB | 153 kB | 192/472 kB | 61/202 kB Progress (4): 49 kB | 153 kB | 196/472 kB | 61/202 kB Progress (4): 49 kB | 153 kB | 196/472 kB | 65/202 kB Progress (4): 49 kB | 153 kB | 200/472 kB | 65/202 kB Progress (4): 49 kB | 153 kB | 200/472 kB | 69/202 kB Progress (4): 49 kB | 153 kB | 204/472 kB | 69/202 kB Progress (4): 49 kB | 153 kB | 204/472 kB | 73/202 kB Progress (4): 49 kB | 153 kB | 208/472 kB | 73/202 kB Progress (4): 49 kB | 153 kB | 208/472 kB | 77/202 kB Progress (4): 49 kB | 153 kB | 212/472 kB | 77/202 kB Progress (4): 49 kB | 153 kB | 212/472 kB | 81/202 kB Progress (4): 49 kB | 153 kB | 216/472 kB | 81/202 kB Progress (4): 49 kB | 153 kB | 216/472 kB | 86/202 kB Progress (4): 49 kB | 153 kB | 220/472 kB | 86/202 kB Progress (4): 49 kB | 153 kB | 220/472 kB | 90/202 kB Progress (4): 49 kB | 153 kB | 224/472 kB | 90/202 kB Progress (4): 49 kB | 153 kB | 224/472 kB | 94/202 kB Progress (4): 49 kB | 153 kB | 228/472 kB | 94/202 kB Progress (4): 49 kB | 153 kB | 228/472 kB | 98/202 kB Progress (4): 49 kB | 153 kB | 233/472 kB | 98/202 kB Progress (4): 49 kB | 153 kB | 233/472 kB | 102/202 kB Progress (4): 49 kB | 153 kB | 237/472 kB | 102/202 kB Progress (4): 49 kB | 153 kB | 237/472 kB | 106/202 kB Progress (4): 49 kB | 153 kB | 240/472 kB | 106/202 kB Progress (4): 49 kB | 153 kB | 240/472 kB | 110/202 kB Progress (4): 49 kB | 153 kB | 244/472 kB | 110/202 kB Progress (4): 49 kB | 153 kB | 244/472 kB | 114/202 kB Progress (4): 49 kB | 153 kB | 248/472 kB | 114/202 kB Progress (4): 49 kB | 153 kB | 248/472 kB | 118/202 kB Progress (4): 49 kB | 153 kB | 252/472 kB | 118/202 kB Progress (4): 49 kB | 153 kB | 252/472 kB | 122/202 kB Progress (4): 49 kB | 153 kB | 256/472 kB | 122/202 kB Progress (4): 49 kB | 153 kB | 256/472 kB | 126/202 kB Progress (4): 49 kB | 153 kB | 261/472 kB | 126/202 kB Progress (4): 49 kB | 153 kB | 261/472 kB | 131/202 kB Progress (4): 49 kB | 153 kB | 265/472 kB | 131/202 kB Progress (4): 49 kB | 153 kB | 265/472 kB | 135/202 kB Progress (4): 49 kB | 153 kB | 269/472 kB | 135/202 kB Progress (4): 49 kB | 153 kB | 273/472 kB | 135/202 kB Progress (4): 49 kB | 153 kB | 277/472 kB | 135/202 kB Progress (4): 49 kB | 153 kB | 277/472 kB | 139/202 kB Progress (4): 49 kB | 153 kB | 281/472 kB | 139/202 kB Progress (4): 49 kB | 153 kB | 281/472 kB | 143/202 kB Progress (4): 49 kB | 153 kB | 285/472 kB | 143/202 kB Progress (4): 49 kB | 153 kB | 285/472 kB | 147/202 kB Progress (4): 49 kB | 153 kB | 289/472 kB | 147/202 kB Progress (4): 49 kB | 153 kB | 289/472 kB | 151/202 kB Progress (4): 49 kB | 153 kB | 289/472 kB | 155/202 kB Progress (4): 49 kB | 153 kB | 293/472 kB | 155/202 kB Progress (4): 49 kB | 153 kB | 293/472 kB | 159/202 kB Progress (4): 49 kB | 153 kB | 297/472 kB | 159/202 kB Progress (4): 49 kB | 153 kB | 302/472 kB | 159/202 kB Progress (4): 49 kB | 153 kB | 302/472 kB | 163/202 kB Progress (4): 49 kB | 153 kB | 306/472 kB | 163/202 kB Progress (4): 49 kB | 153 kB | 306/472 kB | 167/202 kB Progress (4): 49 kB | 153 kB | 310/472 kB | 167/202 kB Progress (4): 49 kB | 153 kB | 310/472 kB | 172/202 kB Progress (4): 49 kB | 153 kB | 314/472 kB | 172/202 kB Progress (4): 49 kB | 153 kB | 314/472 kB | 176/202 kB Progress (4): 49 kB | 153 kB | 318/472 kB | 176/202 kB Progress (4): 49 kB | 153 kB | 322/472 kB | 176/202 kB Progress (4): 49 kB | 153 kB | 322/472 kB | 180/202 kB Progress (4): 49 kB | 153 kB | 326/472 kB | 180/202 kB Progress (4): 49 kB | 153 kB | 326/472 kB | 184/202 kB Progress (4): 49 kB | 153 kB | 330/472 kB | 184/202 kB Progress (4): 49 kB | 153 kB | 330/472 kB | 188/202 kB Progress (4): 49 kB | 153 kB | 334/472 kB | 188/202 kB Progress (4): 49 kB | 153 kB | 334/472 kB | 192/202 kB Progress (4): 49 kB | 153 kB | 338/472 kB | 192/202 kB Progress (4): 49 kB | 153 kB | 338/472 kB | 196/202 kB Progress (4): 49 kB | 153 kB | 342/472 kB | 196/202 kB Progress (4): 49 kB | 153 kB | 342/472 kB | 200/202 kB Progress (4): 49 kB | 153 kB | 347/472 kB | 200/202 kB Progress (4): 49 kB | 153 kB | 347/472 kB | 202 kB Progress (4): 49 kB | 153 kB | 351/472 kB | 202 kB Progress (4): 49 kB | 153 kB | 355/472 kB | 202 kB Progress (4): 49 kB | 153 kB | 359/472 kB | 202 kB Progress (4): 49 kB | 153 kB | 363/472 kB | 202 kB Progress (4): 49 kB | 153 kB | 367/472 kB | 202 kB Progress (4): 49 kB | 153 kB | 371/472 kB | 202 kB Progress (5): 49 kB | 153 kB | 371/472 kB | 202 kB | 4.1/165 kB Progress (5): 49 kB | 153 kB | 375/472 kB | 202 kB | 4.1/165 kB Progress (5): 49 kB | 153 kB | 375/472 kB | 202 kB | 7.7/165 kB Progress (5): 49 kB | 153 kB | 379/472 kB | 202 kB | 7.7/165 kB Progress (5): 49 kB | 153 kB | 379/472 kB | 202 kB | 11/165 kB Progress (5): 49 kB | 153 kB | 383/472 kB | 202 kB | 11/165 kB Progress (5): 49 kB | 153 kB | 388/472 kB | 202 kB | 11/165 kB Progress (5): 49 kB | 153 kB | 388/472 kB | 202 kB | 15/165 kB Progress (5): 49 kB | 153 kB | 392/472 kB | 202 kB | 15/165 kB Progress (5): 49 kB | 153 kB | 392/472 kB | 202 kB | 20/165 kB Progress (5): 49 kB | 153 kB | 396/472 kB | 202 kB | 20/165 kB Progress (5): 49 kB | 153 kB | 396/472 kB | 202 kB | 24/165 kB Progress (5): 49 kB | 153 kB | 400/472 kB | 202 kB | 24/165 kB Progress (5): 49 kB | 153 kB | 400/472 kB | 202 kB | 28/165 kB Progress (5): 49 kB | 153 kB | 404/472 kB | 202 kB | 28/165 kB Progress (5): 49 kB | 153 kB | 404/472 kB | 202 kB | 32/165 kB Progress (5): 49 kB | 153 kB | 408/472 kB | 202 kB | 32/165 kB Progress (5): 49 kB | 153 kB | 408/472 kB | 202 kB | 36/165 kB Progress (5): 49 kB | 153 kB | 412/472 kB | 202 kB | 36/165 kB Progress (5): 49 kB | 153 kB | 412/472 kB | 202 kB | 40/165 kB Progress (5): 49 kB | 153 kB | 416/472 kB | 202 kB | 40/165 kB Progress (5): 49 kB | 153 kB | 416/472 kB | 202 kB | 44/165 kB Progress (5): 49 kB | 153 kB | 420/472 kB | 202 kB | 44/165 kB Progress (5): 49 kB | 153 kB | 424/472 kB | 202 kB | 44/165 kB Progress (5): 49 kB | 153 kB | 424/472 kB | 202 kB | 48/165 kB Progress (5): 49 kB | 153 kB | 428/472 kB | 202 kB | 48/165 kB Progress (5): 49 kB | 153 kB | 428/472 kB | 202 kB | 52/165 kB Progress (5): 49 kB | 153 kB | 433/472 kB | 202 kB | 52/165 kB Progress (5): 49 kB | 153 kB | 433/472 kB | 202 kB | 56/165 kB Progress (5): 49 kB | 153 kB | 437/472 kB | 202 kB | 56/165 kB Progress (5): 49 kB | 153 kB | 437/472 kB | 202 kB | 61/165 kB Progress (5): 49 kB | 153 kB | 441/472 kB | 202 kB | 61/165 kB Progress (5): 49 kB | 153 kB | 441/472 kB | 202 kB | 65/165 kB Progress (5): 49 kB | 153 kB | 445/472 kB | 202 kB | 65/165 kB Progress (5): 49 kB | 153 kB | 445/472 kB | 202 kB | 69/165 kB Progress (5): 49 kB | 153 kB | 449/472 kB | 202 kB | 69/165 kB Progress (5): 49 kB | 153 kB | 449/472 kB | 202 kB | 73/165 kB Progress (5): 49 kB | 153 kB | 453/472 kB | 202 kB | 73/165 kB Progress (5): 49 kB | 153 kB | 453/472 kB | 202 kB | 77/165 kB Progress (5): 49 kB | 153 kB | 457/472 kB | 202 kB | 77/165 kB Progress (5): 49 kB | 153 kB | 459/472 kB | 202 kB | 77/165 kB Progress (5): 49 kB | 153 kB | 463/472 kB | 202 kB | 77/165 kB Progress (5): 49 kB | 153 kB | 468/472 kB | 202 kB | 77/165 kB Progress (5): 49 kB | 153 kB | 472/472 kB | 202 kB | 77/165 kB Progress (5): 49 kB | 153 kB | 472 kB | 202 kB | 77/165 kB Progress (5): 49 kB | 153 kB | 472 kB | 202 kB | 81/165 kB Progress (5): 49 kB | 153 kB | 472 kB | 202 kB | 85/165 kB Progress (5): 49 kB | 153 kB | 472 kB | 202 kB | 89/165 kB Progress (5): 49 kB | 153 kB | 472 kB | 202 kB | 93/165 kB Progress (5): 49 kB | 153 kB | 472 kB | 202 kB | 97/165 kB Progress (5): 49 kB | 153 kB | 472 kB | 202 kB | 101/165 kB Progress (5): 49 kB | 153 kB | 472 kB | 202 kB | 106/165 kB Progress (5): 49 kB | 153 kB | 472 kB | 202 kB | 110/165 kB Progress (5): 49 kB | 153 kB | 472 kB | 202 kB | 114/165 kB Progress (5): 49 kB | 153 kB | 472 kB | 202 kB | 118/165 kB Progress (5): 49 kB | 153 kB | 472 kB | 202 kB | 122/165 kB Progress (5): 49 kB | 153 kB | 472 kB | 202 kB | 126/165 kB Progress (5): 49 kB | 153 kB | 472 kB | 202 kB | 130/165 kB Progress (5): 49 kB | 153 kB | 472 kB | 202 kB | 134/165 kB Progress (5): 49 kB | 153 kB | 472 kB | 202 kB | 138/165 kB Progress (5): 49 kB | 153 kB | 472 kB | 202 kB | 142/165 kB Progress (5): 49 kB | 153 kB | 472 kB | 202 kB | 147/165 kB Progress (5): 49 kB | 153 kB | 472 kB | 202 kB | 151/165 kB Progress (5): 49 kB | 153 kB | 472 kB | 202 kB | 155/165 kB Progress (5): 49 kB | 153 kB | 472 kB | 202 kB | 159/165 kB Progress (5): 49 kB | 153 kB | 472 kB | 202 kB | 163/165 kB Progress (5): 49 kB | 153 kB | 472 kB | 202 kB | 165 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/3.0/maven-plugin-api-3.0.jar (49 kB at 1.7 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/3.0/maven-core-3.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-bean/1.4.2/sisu-inject-bean-1.4.2.jar (153 kB at 4.9 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/3.0/maven-settings-3.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-guice/2.1.7/sisu-guice-2.1.7-noaop.jar (472 kB at 12 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings-builder/3.0/maven-settings-builder-3.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-plexus/1.4.2/sisu-inject-plexus-1.4.2.jar (202 kB at 5.0 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/3.0/maven-repository-metadata-3.0.jar Progress (2): 165 kB | 4.1/527 kB Progress (2): 165 kB | 7.7/527 kB Progress (2): 165 kB | 12/527 kB Progress (2): 165 kB | 16/527 kB Progress (2): 165 kB | 20/527 kB Progress (2): 165 kB | 24/527 kB Progress (2): 165 kB | 28/527 kB Progress (2): 165 kB | 32/527 kB Progress (2): 165 kB | 36/527 kB Progress (2): 165 kB | 40/527 kB Progress (2): 165 kB | 45/527 kB Progress (2): 165 kB | 49/527 kB Progress (2): 165 kB | 53/527 kB Progress (2): 165 kB | 57/527 kB Progress (3): 165 kB | 57/527 kB | 4.1/47 kB Progress (3): 165 kB | 61/527 kB | 4.1/47 kB Progress (3): 165 kB | 61/527 kB | 7.7/47 kB Progress (3): 165 kB | 65/527 kB | 7.7/47 kB Progress (3): 165 kB | 69/527 kB | 7.7/47 kB Progress (3): 165 kB | 69/527 kB | 12/47 kB Progress (3): 165 kB | 73/527 kB | 12/47 kB Progress (3): 165 kB | 73/527 kB | 16/47 kB Progress (3): 165 kB | 77/527 kB | 16/47 kB Progress (3): 165 kB | 77/527 kB | 20/47 kB Progress (3): 165 kB | 81/527 kB | 20/47 kB Progress (3): 165 kB | 81/527 kB | 24/47 kB Progress (3): 165 kB | 81/527 kB | 28/47 kB Progress (3): 165 kB | 81/527 kB | 32/47 kB Progress (3): 165 kB | 81/527 kB | 36/47 kB Progress (3): 165 kB | 81/527 kB | 40/47 kB Progress (3): 165 kB | 81/527 kB | 45/47 kB Progress (3): 165 kB | 81/527 kB | 47 kB Progress (3): 165 kB | 86/527 kB | 47 kB Progress (3): 165 kB | 90/527 kB | 47 kB Progress (3): 165 kB | 94/527 kB | 47 kB Progress (3): 165 kB | 98/527 kB | 47 kB Progress (3): 165 kB | 102/527 kB | 47 kB Progress (3): 165 kB | 106/527 kB | 47 kB Progress (3): 165 kB | 110/527 kB | 47 kB Progress (3): 165 kB | 114/527 kB | 47 kB Progress (3): 165 kB | 118/527 kB | 47 kB Progress (3): 165 kB | 122/527 kB | 47 kB Progress (3): 165 kB | 126/527 kB | 47 kB Progress (3): 165 kB | 131/527 kB | 47 kB Progress (3): 165 kB | 135/527 kB | 47 kB Progress (3): 165 kB | 139/527 kB | 47 kB Progress (3): 165 kB | 143/527 kB | 47 kB Progress (3): 165 kB | 147/527 kB | 47 kB Progress (3): 165 kB | 151/527 kB | 47 kB Progress (3): 165 kB | 155/527 kB | 47 kB Progress (3): 165 kB | 159/527 kB | 47 kB Progress (3): 165 kB | 163/527 kB | 47 kB Progress (3): 165 kB | 167/527 kB | 47 kB Progress (3): 165 kB | 172/527 kB | 47 kB Progress (3): 165 kB | 176/527 kB | 47 kB Progress (3): 165 kB | 180/527 kB | 47 kB Progress (3): 165 kB | 184/527 kB | 47 kB Progress (3): 165 kB | 188/527 kB | 47 kB Progress (3): 165 kB | 192/527 kB | 47 kB Progress (3): 165 kB | 196/527 kB | 47 kB Progress (3): 165 kB | 200/527 kB | 47 kB Progress (3): 165 kB | 204/527 kB | 47 kB Progress (3): 165 kB | 208/527 kB | 47 kB Progress (3): 165 kB | 213/527 kB | 47 kB Progress (3): 165 kB | 217/527 kB | 47 kB Progress (3): 165 kB | 221/527 kB | 47 kB Progress (3): 165 kB | 225/527 kB | 47 kB Progress (3): 165 kB | 229/527 kB | 47 kB Progress (3): 165 kB | 233/527 kB | 47 kB Progress (3): 165 kB | 237/527 kB | 47 kB Progress (3): 165 kB | 241/527 kB | 47 kB Progress (3): 165 kB | 245/527 kB | 47 kB Progress (3): 165 kB | 249/527 kB | 47 kB Progress (3): 165 kB | 253/527 kB | 47 kB Progress (3): 165 kB | 258/527 kB | 47 kB Progress (3): 165 kB | 262/527 kB | 47 kB Progress (3): 165 kB | 266/527 kB | 47 kB Progress (3): 165 kB | 270/527 kB | 47 kB Progress (3): 165 kB | 274/527 kB | 47 kB Progress (3): 165 kB | 278/527 kB | 47 kB Progress (3): 165 kB | 282/527 kB | 47 kB Progress (3): 165 kB | 286/527 kB | 47 kB Progress (3): 165 kB | 290/527 kB | 47 kB Progress (3): 165 kB | 294/527 kB | 47 kB Progress (3): 165 kB | 299/527 kB | 47 kB Progress (3): 165 kB | 303/527 kB | 47 kB Progress (3): 165 kB | 307/527 kB | 47 kB Progress (3): 165 kB | 311/527 kB | 47 kB Progress (3): 165 kB | 315/527 kB | 47 kB Progress (3): 165 kB | 319/527 kB | 47 kB Progress (3): 165 kB | 323/527 kB | 47 kB Progress (3): 165 kB | 327/527 kB | 47 kB Progress (3): 165 kB | 331/527 kB | 47 kB Progress (3): 165 kB | 335/527 kB | 47 kB Progress (3): 165 kB | 339/527 kB | 47 kB Progress (3): 165 kB | 344/527 kB | 47 kB Progress (3): 165 kB | 348/527 kB | 47 kB Progress (3): 165 kB | 352/527 kB | 47 kB Progress (3): 165 kB | 356/527 kB | 47 kB Progress (3): 165 kB | 360/527 kB | 47 kB Progress (3): 165 kB | 364/527 kB | 47 kB Progress (3): 165 kB | 368/527 kB | 47 kB Progress (3): 165 kB | 372/527 kB | 47 kB Progress (3): 165 kB | 376/527 kB | 47 kB Progress (3): 165 kB | 380/527 kB | 47 kB Progress (3): 165 kB | 385/527 kB | 47 kB Progress (3): 165 kB | 389/527 kB | 47 kB Progress (3): 165 kB | 393/527 kB | 47 kB Progress (3): 165 kB | 397/527 kB | 47 kB Progress (3): 165 kB | 401/527 kB | 47 kB Progress (3): 165 kB | 405/527 kB | 47 kB Progress (3): 165 kB | 409/527 kB | 47 kB Progress (3): 165 kB | 413/527 kB | 47 kB Progress (3): 165 kB | 417/527 kB | 47 kB Progress (3): 165 kB | 421/527 kB | 47 kB Progress (3): 165 kB | 426/527 kB | 47 kB Progress (3): 165 kB | 430/527 kB | 47 kB Progress (3): 165 kB | 434/527 kB | 47 kB Progress (3): 165 kB | 438/527 kB | 47 kB Progress (3): 165 kB | 442/527 kB | 47 kB Progress (3): 165 kB | 446/527 kB | 47 kB Progress (3): 165 kB | 450/527 kB | 47 kB Progress (3): 165 kB | 454/527 kB | 47 kB Progress (3): 165 kB | 458/527 kB | 47 kB Progress (3): 165 kB | 462/527 kB | 47 kB Progress (3): 165 kB | 466/527 kB | 47 kB Progress (3): 165 kB | 471/527 kB | 47 kB Progress (3): 165 kB | 475/527 kB | 47 kB Progress (3): 165 kB | 479/527 kB | 47 kB Progress (3): 165 kB | 483/527 kB | 47 kB Progress (3): 165 kB | 487/527 kB | 47 kB Progress (3): 165 kB | 491/527 kB | 47 kB Progress (3): 165 kB | 495/527 kB | 47 kB Progress (3): 165 kB | 499/527 kB | 47 kB Progress (3): 165 kB | 503/527 kB | 47 kB Progress (3): 165 kB | 507/527 kB | 47 kB Progress (3): 165 kB | 512/527 kB | 47 kB Progress (3): 165 kB | 516/527 kB | 47 kB Progress (3): 165 kB | 520/527 kB | 47 kB Progress (3): 165 kB | 524/527 kB | 47 kB Progress (3): 165 kB | 527 kB | 47 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/3.0/maven-model-3.0.jar (165 kB at 3.2 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model-builder/3.0/maven-model-builder-3.0.jar Progress (3): 527 kB | 47 kB | 4.1/30 kB Progress (3): 527 kB | 47 kB | 7.7/30 kB Progress (3): 527 kB | 47 kB | 12/30 kB Progress (3): 527 kB | 47 kB | 15/30 kB Progress (3): 527 kB | 47 kB | 20/30 kB Progress (3): 527 kB | 47 kB | 24/30 kB Progress (3): 527 kB | 47 kB | 28/30 kB Progress (3): 527 kB | 47 kB | 30 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/3.0/maven-settings-3.0.jar (47 kB at 805 kB/s) Progress (3): 527 kB | 30 kB | 4.1/38 kB Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-aether-provider/3.0/maven-aether-provider-3.0.jar Progress (3): 527 kB | 30 kB | 7.7/38 kB Progress (3): 527 kB | 30 kB | 12/38 kB Progress (3): 527 kB | 30 kB | 16/38 kB Progress (3): 527 kB | 30 kB | 20/38 kB Progress (3): 527 kB | 30 kB | 24/38 kB Progress (3): 527 kB | 30 kB | 28/38 kB Progress (3): 527 kB | 30 kB | 32/38 kB Progress (3): 527 kB | 30 kB | 36/38 kB Progress (3): 527 kB | 30 kB | 38 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/3.0/maven-core-3.0.jar (527 kB at 8.5 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-impl/1.7/aether-impl-1.7.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/3.0/maven-repository-metadata-3.0.jar (30 kB at 418 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-spi/1.7/aether-spi-1.7.jar Progress (2): 38 kB | 4.1/148 kB Progress (2): 38 kB | 7.7/148 kB Progress (2): 38 kB | 12/148 kB Progress (2): 38 kB | 16/148 kB Progress (2): 38 kB | 20/148 kB Progress (2): 38 kB | 24/148 kB Progress (2): 38 kB | 28/148 kB Progress (2): 38 kB | 32/148 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings-builder/3.0/maven-settings-builder-3.0.jar (38 kB at 511 kB/s) Progress (1): 36/148 kB Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-api/1.7/aether-api-1.7.jar Progress (1): 40/148 kB Progress (1): 45/148 kB Progress (1): 49/148 kB Progress (1): 53/148 kB Progress (1): 57/148 kB Progress (1): 61/148 kB Progress (1): 65/148 kB Progress (1): 69/148 kB Progress (1): 73/148 kB Progress (1): 77/148 kB Progress (1): 81/148 kB Progress (1): 85/148 kB Progress (1): 89/148 kB Progress (1): 93/148 kB Progress (1): 97/148 kB Progress (2): 97/148 kB | 4.1/51 kB Progress (2): 102/148 kB | 4.1/51 kB Progress (2): 106/148 kB | 4.1/51 kB Progress (2): 110/148 kB | 4.1/51 kB Progress (2): 114/148 kB | 4.1/51 kB Progress (2): 114/148 kB | 7.7/51 kB Progress (2): 118/148 kB | 7.7/51 kB Progress (2): 122/148 kB | 7.7/51 kB Progress (2): 126/148 kB | 7.7/51 kB Progress (2): 130/148 kB | 7.7/51 kB Progress (2): 130/148 kB | 12/51 kB Progress (2): 130/148 kB | 15/51 kB Progress (2): 130/148 kB | 20/51 kB Progress (2): 130/148 kB | 24/51 kB Progress (2): 130/148 kB | 28/51 kB Progress (2): 130/148 kB | 32/51 kB Progress (2): 130/148 kB | 36/51 kB Progress (2): 130/148 kB | 40/51 kB Progress (2): 130/148 kB | 44/51 kB Progress (2): 130/148 kB | 48/51 kB Progress (2): 130/148 kB | 51 kB Progress (2): 134/148 kB | 51 kB Progress (2): 138/148 kB | 51 kB Progress (2): 142/148 kB | 51 kB Progress (2): 147/148 kB | 51 kB Progress (2): 148 kB | 51 kB Progress (3): 148 kB | 51 kB | 4.1/106 kB Progress (3): 148 kB | 51 kB | 7.7/106 kB Progress (3): 148 kB | 51 kB | 12/106 kB Progress (3): 148 kB | 51 kB | 15/106 kB Progress (3): 148 kB | 51 kB | 20/106 kB Progress (3): 148 kB | 51 kB | 24/106 kB Progress (3): 148 kB | 51 kB | 28/106 kB Progress (3): 148 kB | 51 kB | 32/106 kB Progress (3): 148 kB | 51 kB | 36/106 kB Progress (3): 148 kB | 51 kB | 40/106 kB Progress (3): 148 kB | 51 kB | 44/106 kB Progress (3): 148 kB | 51 kB | 48/106 kB Progress (3): 148 kB | 51 kB | 52/106 kB Progress (3): 148 kB | 51 kB | 56/106 kB Progress (3): 148 kB | 51 kB | 61/106 kB Progress (3): 148 kB | 51 kB | 65/106 kB Progress (3): 148 kB | 51 kB | 69/106 kB Progress (3): 148 kB | 51 kB | 73/106 kB Progress (3): 148 kB | 51 kB | 77/106 kB Progress (3): 148 kB | 51 kB | 81/106 kB Progress (3): 148 kB | 51 kB | 85/106 kB Progress (3): 148 kB | 51 kB | 89/106 kB Progress (3): 148 kB | 51 kB | 93/106 kB Progress (3): 148 kB | 51 kB | 97/106 kB Progress (3): 148 kB | 51 kB | 102/106 kB Progress (3): 148 kB | 51 kB | 106/106 kB Progress (3): 148 kB | 51 kB | 106 kB Progress (4): 148 kB | 51 kB | 106 kB | 4.1/14 kB Progress (4): 148 kB | 51 kB | 106 kB | 7.7/14 kB Progress (4): 148 kB | 51 kB | 106 kB | 12/14 kB Progress (4): 148 kB | 51 kB | 106 kB | 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-aether-provider/3.0/maven-aether-provider-3.0.jar (51 kB at 556 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-util/1.7/aether-util-1.7.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-impl/1.7/aether-impl-1.7.jar (106 kB at 1.1 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.jar Progress (3): 148 kB | 14 kB | 4.1/74 kB Progress (3): 148 kB | 14 kB | 7.7/74 kB Progress (3): 148 kB | 14 kB | 12/74 kB Progress (3): 148 kB | 14 kB | 16/74 kB Progress (3): 148 kB | 14 kB | 20/74 kB Progress (3): 148 kB | 14 kB | 24/74 kB Progress (3): 148 kB | 14 kB | 28/74 kB Progress (3): 148 kB | 14 kB | 32/74 kB Progress (3): 148 kB | 14 kB | 36/74 kB Progress (3): 148 kB | 14 kB | 40/74 kB Progress (3): 148 kB | 14 kB | 45/74 kB Progress (3): 148 kB | 14 kB | 49/74 kB Progress (3): 148 kB | 14 kB | 53/74 kB Progress (3): 148 kB | 14 kB | 57/74 kB Progress (3): 148 kB | 14 kB | 61/74 kB Progress (3): 148 kB | 14 kB | 65/74 kB Progress (3): 148 kB | 14 kB | 69/74 kB Progress (3): 148 kB | 14 kB | 73/74 kB Progress (3): 148 kB | 14 kB | 74 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model-builder/3.0/maven-model-builder-3.0.jar (148 kB at 1.5 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.3/plexus-classworlds-2.2.3.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-spi/1.7/aether-spi-1.7.jar (14 kB at 133 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.jar Progress (2): 74 kB | 4.1/61 kB Progress (2): 74 kB | 7.7/61 kB Progress (2): 74 kB | 12/61 kB Progress (2): 74 kB | 16/61 kB Progress (2): 74 kB | 20/61 kB Progress (2): 74 kB | 24/61 kB Progress (2): 74 kB | 28/61 kB Progress (2): 74 kB | 32/61 kB Progress (2): 74 kB | 36/61 kB Progress (2): 74 kB | 40/61 kB Progress (2): 74 kB | 45/61 kB Progress (2): 74 kB | 49/61 kB Progress (2): 74 kB | 53/61 kB Progress (2): 74 kB | 57/61 kB Progress (2): 74 kB | 61/61 kB Progress (2): 74 kB | 61 kB Progress (3): 74 kB | 61 kB | 4.1/108 kB Progress (3): 74 kB | 61 kB | 7.7/108 kB Progress (3): 74 kB | 61 kB | 12/108 kB Progress (3): 74 kB | 61 kB | 16/108 kB Progress (3): 74 kB | 61 kB | 20/108 kB Progress (3): 74 kB | 61 kB | 24/108 kB Progress (3): 74 kB | 61 kB | 28/108 kB Progress (3): 74 kB | 61 kB | 32/108 kB Progress (3): 74 kB | 61 kB | 36/108 kB Progress (3): 74 kB | 61 kB | 40/108 kB Progress (3): 74 kB | 61 kB | 45/108 kB Progress (3): 74 kB | 61 kB | 49/108 kB Progress (3): 74 kB | 61 kB | 53/108 kB Progress (3): 74 kB | 61 kB | 57/108 kB Progress (3): 74 kB | 61 kB | 61/108 kB Progress (3): 74 kB | 61 kB | 65/108 kB Progress (3): 74 kB | 61 kB | 69/108 kB Progress (3): 74 kB | 61 kB | 73/108 kB Progress (3): 74 kB | 61 kB | 77/108 kB Progress (3): 74 kB | 61 kB | 81/108 kB Progress (3): 74 kB | 61 kB | 86/108 kB Progress (3): 74 kB | 61 kB | 90/108 kB Progress (3): 74 kB | 61 kB | 94/108 kB Progress (3): 74 kB | 61 kB | 98/108 kB Progress (3): 74 kB | 61 kB | 102/108 kB Progress (3): 74 kB | 61 kB | 106/108 kB Progress (3): 74 kB | 61 kB | 108 kB Progress (4): 74 kB | 61 kB | 108 kB | 4.1/46 kB Progress (4): 74 kB | 61 kB | 108 kB | 7.7/46 kB Progress (4): 74 kB | 61 kB | 108 kB | 12/46 kB Progress (4): 74 kB | 61 kB | 108 kB | 16/46 kB Progress (4): 74 kB | 61 kB | 108 kB | 20/46 kB Progress (4): 74 kB | 61 kB | 108 kB | 24/46 kB Progress (4): 74 kB | 61 kB | 108 kB | 28/46 kB Progress (4): 74 kB | 61 kB | 108 kB | 32/46 kB Progress (4): 74 kB | 61 kB | 108 kB | 36/46 kB Progress (4): 74 kB | 61 kB | 108 kB | 40/46 kB Progress (4): 74 kB | 61 kB | 108 kB | 45/46 kB Progress (4): 74 kB | 61 kB | 108 kB | 46 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-api/1.7/aether-api-1.7.jar (74 kB at 623 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.jar (61 kB at 489 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.jar Progress (3): 108 kB | 46 kB | 4.1/4.2 kB Progress (3): 108 kB | 46 kB | 4.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-util/1.7/aether-util-1.7.jar (108 kB at 818 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.3/plexus-classworlds-2.2.3.jar (46 kB at 349 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.0/maven-artifact-3.0.jar Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.3.0/plexus-utils-3.3.0.jar Progress (2): 4.2 kB | 4.1/29 kB Progress (2): 4.2 kB | 7.3/29 kB Progress (2): 4.2 kB | 11/29 kB Progress (2): 4.2 kB | 15/29 kB Progress (2): 4.2 kB | 20/29 kB Progress (2): 4.2 kB | 24/29 kB Progress (2): 4.2 kB | 28/29 kB Progress (2): 4.2 kB | 29 kB Progress (3): 4.2 kB | 29 kB | 4.1/13 kB Progress (3): 4.2 kB | 29 kB | 7.7/13 kB Progress (3): 4.2 kB | 29 kB | 12/13 kB Progress (3): 4.2 kB | 29 kB | 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.jar (4.2 kB at 29 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-artifact-transfer/0.12.0/maven-artifact-transfer-0.12.0.jar Progress (3): 29 kB | 13 kB | 3.2/52 kB Progress (3): 29 kB | 13 kB | 7.3/52 kB Progress (3): 29 kB | 13 kB | 11/52 kB Progress (3): 29 kB | 13 kB | 15/52 kB Progress (3): 29 kB | 13 kB | 20/52 kB Progress (4): 29 kB | 13 kB | 20/52 kB | 4.1/263 kB Progress (4): 29 kB | 13 kB | 24/52 kB | 4.1/263 kB Progress (4): 29 kB | 13 kB | 24/52 kB | 7.7/263 kB Progress (4): 29 kB | 13 kB | 28/52 kB | 7.7/263 kB Progress (4): 29 kB | 13 kB | 32/52 kB | 7.7/263 kB Progress (4): 29 kB | 13 kB | 36/52 kB | 7.7/263 kB Progress (4): 29 kB | 13 kB | 36/52 kB | 12/263 kB Progress (4): 29 kB | 13 kB | 40/52 kB | 12/263 kB Progress (4): 29 kB | 13 kB | 44/52 kB | 12/263 kB Progress (4): 29 kB | 13 kB | 44/52 kB | 16/263 kB Progress (4): 29 kB | 13 kB | 48/52 kB | 16/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 16/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 20/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 24/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 28/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 32/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 36/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 40/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 44/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 48/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 52/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 56/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 61/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 65/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 69/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 73/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 77/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 81/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 85/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 89/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 93/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 97/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 102/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 106/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 110/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 114/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 118/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 122/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 126/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 130/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 134/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 138/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 142/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 147/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 151/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 155/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 159/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 163/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 167/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 171/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 175/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 179/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 183/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 188/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 192/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 196/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 200/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 204/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 208/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 212/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 216/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 220/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 224/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 228/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 233/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 237/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 241/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 245/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 249/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 253/263 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.jar (29 kB at 190 kB/s) Progress (3): 13 kB | 52 kB | 257/263 kB Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.0.1/maven-common-artifact-filters-3.0.1.jar Progress (3): 13 kB | 52 kB | 261/263 kB Progress (3): 13 kB | 52 kB | 263 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.jar (13 kB at 88 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.1.0/maven-shared-utils-3.1.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.3.0/plexus-utils-3.3.0.jar (263 kB at 1.6 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.jar Progress (2): 52 kB | 4.1/61 kB Progress (2): 52 kB | 7.7/61 kB Progress (2): 52 kB | 12/61 kB Progress (2): 52 kB | 16/61 kB Progress (2): 52 kB | 20/61 kB Progress (2): 52 kB | 24/61 kB Progress (2): 52 kB | 28/61 kB Progress (2): 52 kB | 32/61 kB Progress (2): 52 kB | 36/61 kB Progress (2): 52 kB | 40/61 kB Progress (2): 52 kB | 45/61 kB Progress (2): 52 kB | 49/61 kB Progress (2): 52 kB | 53/61 kB Progress (2): 52 kB | 57/61 kB Progress (2): 52 kB | 61/61 kB Progress (2): 52 kB | 61 kB Progress (3): 52 kB | 61 kB | 4.1/164 kB Progress (3): 52 kB | 61 kB | 7.7/164 kB Progress (3): 52 kB | 61 kB | 12/164 kB Progress (3): 52 kB | 61 kB | 16/164 kB Progress (3): 52 kB | 61 kB | 20/164 kB Progress (3): 52 kB | 61 kB | 24/164 kB Progress (3): 52 kB | 61 kB | 28/164 kB Progress (3): 52 kB | 61 kB | 32/164 kB Progress (3): 52 kB | 61 kB | 36/164 kB Progress (3): 52 kB | 61 kB | 40/164 kB Progress (3): 52 kB | 61 kB | 45/164 kB Progress (3): 52 kB | 61 kB | 49/164 kB Progress (3): 52 kB | 61 kB | 53/164 kB Progress (3): 52 kB | 61 kB | 57/164 kB Progress (3): 52 kB | 61 kB | 61/164 kB Progress (3): 52 kB | 61 kB | 65/164 kB Progress (3): 52 kB | 61 kB | 69/164 kB Progress (3): 52 kB | 61 kB | 73/164 kB Progress (3): 52 kB | 61 kB | 77/164 kB Progress (3): 52 kB | 61 kB | 81/164 kB Progress (3): 52 kB | 61 kB | 86/164 kB Progress (3): 52 kB | 61 kB | 90/164 kB Progress (3): 52 kB | 61 kB | 94/164 kB Progress (3): 52 kB | 61 kB | 98/164 kB Progress (3): 52 kB | 61 kB | 102/164 kB Progress (3): 52 kB | 61 kB | 106/164 kB Progress (3): 52 kB | 61 kB | 110/164 kB Progress (3): 52 kB | 61 kB | 114/164 kB Progress (3): 52 kB | 61 kB | 118/164 kB Progress (3): 52 kB | 61 kB | 122/164 kB Progress (3): 52 kB | 61 kB | 126/164 kB Progress (3): 52 kB | 61 kB | 131/164 kB Progress (4): 52 kB | 61 kB | 131/164 kB | 4.1/120 kB Progress (4): 52 kB | 61 kB | 135/164 kB | 4.1/120 kB Progress (4): 52 kB | 61 kB | 135/164 kB | 7.7/120 kB Progress (4): 52 kB | 61 kB | 139/164 kB | 7.7/120 kB Progress (4): 52 kB | 61 kB | 139/164 kB | 12/120 kB Progress (4): 52 kB | 61 kB | 143/164 kB | 12/120 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.0/maven-artifact-3.0.jar (52 kB at 309 kB/s) Progress (3): 61 kB | 143/164 kB | 16/120 kB Progress (3): 61 kB | 147/164 kB | 16/120 kB Progress (3): 61 kB | 147/164 kB | 20/120 kB Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.5/slf4j-api-1.7.5.jar Progress (3): 61 kB | 147/164 kB | 24/120 kB Progress (3): 61 kB | 151/164 kB | 24/120 kB Progress (3): 61 kB | 155/164 kB | 24/120 kB Progress (3): 61 kB | 155/164 kB | 28/120 kB Progress (3): 61 kB | 159/164 kB | 28/120 kB Progress (3): 61 kB | 163/164 kB | 28/120 kB Progress (3): 61 kB | 164 kB | 28/120 kB Progress (3): 61 kB | 164 kB | 32/120 kB Progress (3): 61 kB | 164 kB | 36/120 kB Progress (3): 61 kB | 164 kB | 40/120 kB Progress (3): 61 kB | 164 kB | 45/120 kB Progress (3): 61 kB | 164 kB | 49/120 kB Progress (3): 61 kB | 164 kB | 53/120 kB Progress (3): 61 kB | 164 kB | 57/120 kB Progress (3): 61 kB | 164 kB | 61/120 kB Progress (3): 61 kB | 164 kB | 65/120 kB Progress (3): 61 kB | 164 kB | 69/120 kB Progress (3): 61 kB | 164 kB | 73/120 kB Progress (3): 61 kB | 164 kB | 77/120 kB Progress (3): 61 kB | 164 kB | 81/120 kB Progress (3): 61 kB | 164 kB | 86/120 kB Progress (3): 61 kB | 164 kB | 90/120 kB Progress (3): 61 kB | 164 kB | 94/120 kB Progress (3): 61 kB | 164 kB | 98/120 kB Progress (3): 61 kB | 164 kB | 102/120 kB Progress (3): 61 kB | 164 kB | 106/120 kB Progress (3): 61 kB | 164 kB | 110/120 kB Progress (3): 61 kB | 164 kB | 114/120 kB Progress (3): 61 kB | 164 kB | 118/120 kB Progress (3): 61 kB | 164 kB | 120 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.0.1/maven-common-artifact-filters-3.0.1.jar (61 kB at 343 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/8.0/asm-8.0.jar Progress (3): 164 kB | 120 kB | 4.1/335 kB Progress (3): 164 kB | 120 kB | 7.7/335 kB Progress (3): 164 kB | 120 kB | 12/335 kB Progress (3): 164 kB | 120 kB | 15/335 kB Progress (3): 164 kB | 120 kB | 20/335 kB Progress (3): 164 kB | 120 kB | 24/335 kB Progress (3): 164 kB | 120 kB | 28/335 kB Progress (3): 164 kB | 120 kB | 32/335 kB Progress (3): 164 kB | 120 kB | 36/335 kB Progress (3): 164 kB | 120 kB | 40/335 kB Progress (3): 164 kB | 120 kB | 44/335 kB Progress (3): 164 kB | 120 kB | 48/335 kB Progress (3): 164 kB | 120 kB | 52/335 kB Progress (3): 164 kB | 120 kB | 56/335 kB Progress (3): 164 kB | 120 kB | 61/335 kB Progress (3): 164 kB | 120 kB | 65/335 kB Progress (3): 164 kB | 120 kB | 69/335 kB Progress (3): 164 kB | 120 kB | 73/335 kB Progress (3): 164 kB | 120 kB | 77/335 kB Progress (3): 164 kB | 120 kB | 81/335 kB Progress (3): 164 kB | 120 kB | 85/335 kB Progress (3): 164 kB | 120 kB | 89/335 kB Progress (3): 164 kB | 120 kB | 93/335 kB Progress (3): 164 kB | 120 kB | 97/335 kB Progress (3): 164 kB | 120 kB | 101/335 kB Progress (3): 164 kB | 120 kB | 106/335 kB Progress (3): 164 kB | 120 kB | 110/335 kB Progress (3): 164 kB | 120 kB | 114/335 kB Progress (3): 164 kB | 120 kB | 118/335 kB Progress (3): 164 kB | 120 kB | 122/335 kB Progress (3): 164 kB | 120 kB | 126/335 kB Progress (3): 164 kB | 120 kB | 130/335 kB Progress (3): 164 kB | 120 kB | 134/335 kB Progress (3): 164 kB | 120 kB | 138/335 kB Progress (4): 164 kB | 120 kB | 138/335 kB | 4.1/26 kB Progress (4): 164 kB | 120 kB | 142/335 kB | 4.1/26 kB Progress (4): 164 kB | 120 kB | 142/335 kB | 7.7/26 kB Progress (4): 164 kB | 120 kB | 147/335 kB | 7.7/26 kB Progress (4): 164 kB | 120 kB | 147/335 kB | 12/26 kB Progress (4): 164 kB | 120 kB | 151/335 kB | 12/26 kB Progress (4): 164 kB | 120 kB | 151/335 kB | 15/26 kB Progress (4): 164 kB | 120 kB | 155/335 kB | 15/26 kB Progress (4): 164 kB | 120 kB | 159/335 kB | 15/26 kB Progress (4): 164 kB | 120 kB | 163/335 kB | 15/26 kB Progress (4): 164 kB | 120 kB | 163/335 kB | 20/26 kB Progress (4): 164 kB | 120 kB | 167/335 kB | 20/26 kB Progress (4): 164 kB | 120 kB | 171/335 kB | 20/26 kB Progress (4): 164 kB | 120 kB | 175/335 kB | 20/26 kB Progress (4): 164 kB | 120 kB | 179/335 kB | 20/26 kB Progress (4): 164 kB | 120 kB | 183/335 kB | 20/26 kB Progress (4): 164 kB | 120 kB | 187/335 kB | 20/26 kB Progress (4): 164 kB | 120 kB | 192/335 kB | 20/26 kB Progress (4): 164 kB | 120 kB | 196/335 kB | 20/26 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.1.0/maven-shared-utils-3.1.0.jar (164 kB at 894 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-commons/8.0/asm-commons-8.0.jar Progress (3): 120 kB | 196/335 kB | 24/26 kB Progress (3): 120 kB | 200/335 kB | 24/26 kB Progress (3): 120 kB | 200/335 kB | 26 kB Progress (3): 120 kB | 204/335 kB | 26 kB Progress (3): 120 kB | 208/335 kB | 26 kB Progress (3): 120 kB | 212/335 kB | 26 kB Progress (3): 120 kB | 216/335 kB | 26 kB Progress (3): 120 kB | 220/335 kB | 26 kB Progress (3): 120 kB | 224/335 kB | 26 kB Progress (3): 120 kB | 228/335 kB | 26 kB Progress (3): 120 kB | 233/335 kB | 26 kB Progress (3): 120 kB | 237/335 kB | 26 kB Progress (3): 120 kB | 241/335 kB | 26 kB Progress (3): 120 kB | 245/335 kB | 26 kB Progress (3): 120 kB | 249/335 kB | 26 kB Progress (3): 120 kB | 253/335 kB | 26 kB Progress (3): 120 kB | 257/335 kB | 26 kB Progress (3): 120 kB | 261/335 kB | 26 kB Progress (3): 120 kB | 265/335 kB | 26 kB Progress (3): 120 kB | 269/335 kB | 26 kB Progress (3): 120 kB | 274/335 kB | 26 kB Progress (3): 120 kB | 278/335 kB | 26 kB Progress (3): 120 kB | 282/335 kB | 26 kB Progress (3): 120 kB | 286/335 kB | 26 kB Progress (3): 120 kB | 290/335 kB | 26 kB Progress (3): 120 kB | 294/335 kB | 26 kB Progress (3): 120 kB | 298/335 kB | 26 kB Progress (3): 120 kB | 302/335 kB | 26 kB Progress (3): 120 kB | 306/335 kB | 26 kB Progress (3): 120 kB | 310/335 kB | 26 kB Progress (3): 120 kB | 314/335 kB | 26 kB Progress (3): 120 kB | 319/335 kB | 26 kB Progress (3): 120 kB | 323/335 kB | 26 kB Progress (3): 120 kB | 327/335 kB | 26 kB Progress (3): 120 kB | 331/335 kB | 26 kB Progress (3): 120 kB | 335/335 kB | 26 kB Progress (3): 120 kB | 335 kB | 26 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-artifact-transfer/0.12.0/maven-artifact-transfer-0.12.0.jar (120 kB at 640 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-tree/8.0/asm-tree-8.0.jar Progress (3): 335 kB | 26 kB | 4.1/122 kB Progress (3): 335 kB | 26 kB | 7.7/122 kB Progress (3): 335 kB | 26 kB | 12/122 kB Progress (3): 335 kB | 26 kB | 16/122 kB Progress (3): 335 kB | 26 kB | 20/122 kB Progress (3): 335 kB | 26 kB | 24/122 kB Progress (3): 335 kB | 26 kB | 28/122 kB Progress (3): 335 kB | 26 kB | 32/122 kB Progress (3): 335 kB | 26 kB | 36/122 kB Progress (3): 335 kB | 26 kB | 40/122 kB Progress (3): 335 kB | 26 kB | 45/122 kB Progress (3): 335 kB | 26 kB | 49/122 kB Progress (3): 335 kB | 26 kB | 53/122 kB Progress (3): 335 kB | 26 kB | 57/122 kB Progress (3): 335 kB | 26 kB | 61/122 kB Progress (3): 335 kB | 26 kB | 65/122 kB Progress (3): 335 kB | 26 kB | 69/122 kB Progress (3): 335 kB | 26 kB | 73/122 kB Progress (3): 335 kB | 26 kB | 77/122 kB Progress (3): 335 kB | 26 kB | 81/122 kB Progress (3): 335 kB | 26 kB | 86/122 kB Progress (3): 335 kB | 26 kB | 90/122 kB Progress (3): 335 kB | 26 kB | 94/122 kB Progress (3): 335 kB | 26 kB | 98/122 kB Progress (3): 335 kB | 26 kB | 102/122 kB Progress (3): 335 kB | 26 kB | 106/122 kB Progress (3): 335 kB | 26 kB | 110/122 kB Progress (3): 335 kB | 26 kB | 114/122 kB Progress (3): 335 kB | 26 kB | 118/122 kB Progress (3): 335 kB | 26 kB | 122 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.5/slf4j-api-1.7.5.jar (26 kB at 132 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-analysis/8.0/asm-analysis-8.0.jar Progress (3): 335 kB | 122 kB | 4.1/72 kB Progress (3): 335 kB | 122 kB | 7.7/72 kB Progress (3): 335 kB | 122 kB | 12/72 kB Progress (3): 335 kB | 122 kB | 15/72 kB Progress (3): 335 kB | 122 kB | 20/72 kB Progress (3): 335 kB | 122 kB | 24/72 kB Progress (3): 335 kB | 122 kB | 28/72 kB Progress (3): 335 kB | 122 kB | 32/72 kB Progress (3): 335 kB | 122 kB | 36/72 kB Progress (3): 335 kB | 122 kB | 40/72 kB Progress (3): 335 kB | 122 kB | 44/72 kB Progress (3): 335 kB | 122 kB | 48/72 kB Progress (3): 335 kB | 122 kB | 52/72 kB Progress (3): 335 kB | 122 kB | 56/72 kB Progress (3): 335 kB | 122 kB | 61/72 kB Progress (3): 335 kB | 122 kB | 65/72 kB Progress (3): 335 kB | 122 kB | 69/72 kB Progress (3): 335 kB | 122 kB | 72 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.jar (335 kB at 1.7 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/jdom/jdom2/2.0.6/jdom2-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/8.0/asm-8.0.jar (122 kB at 582 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-tree/3.0.1/maven-dependency-tree-3.0.1.jar Progress (2): 72 kB | 4.1/53 kB Progress (2): 72 kB | 7.7/53 kB Progress (2): 72 kB | 12/53 kB Progress (2): 72 kB | 16/53 kB Progress (2): 72 kB | 20/53 kB Progress (2): 72 kB | 24/53 kB Progress (2): 72 kB | 28/53 kB Progress (2): 72 kB | 32/53 kB Progress (2): 72 kB | 36/53 kB Progress (2): 72 kB | 40/53 kB Progress (2): 72 kB | 45/53 kB Progress (2): 72 kB | 49/53 kB Progress (2): 72 kB | 53 kB Progress (3): 72 kB | 53 kB | 4.1/305 kB Progress (3): 72 kB | 53 kB | 7.7/305 kB Progress (3): 72 kB | 53 kB | 12/305 kB Progress (3): 72 kB | 53 kB | 16/305 kB Progress (3): 72 kB | 53 kB | 20/305 kB Progress (3): 72 kB | 53 kB | 24/305 kB Progress (3): 72 kB | 53 kB | 28/305 kB Progress (3): 72 kB | 53 kB | 32/305 kB Progress (3): 72 kB | 53 kB | 36/305 kB Progress (3): 72 kB | 53 kB | 40/305 kB Progress (3): 72 kB | 53 kB | 45/305 kB Progress (3): 72 kB | 53 kB | 49/305 kB Progress (3): 72 kB | 53 kB | 53/305 kB Progress (3): 72 kB | 53 kB | 57/305 kB Progress (3): 72 kB | 53 kB | 61/305 kB Progress (3): 72 kB | 53 kB | 65/305 kB Progress (3): 72 kB | 53 kB | 69/305 kB Progress (3): 72 kB | 53 kB | 73/305 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-commons/8.0/asm-commons-8.0.jar (72 kB at 330 kB/s) Progress (2): 53 kB | 77/305 kB Progress (2): 53 kB | 81/305 kB Progress (2): 53 kB | 86/305 kB Progress (3): 53 kB | 86/305 kB | 4.1/33 kB Downloading from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether-util/0.9.0.M2/aether-util-0.9.0.M2.jar Progress (3): 53 kB | 90/305 kB | 4.1/33 kB Progress (3): 53 kB | 90/305 kB | 7.7/33 kB Progress (3): 53 kB | 94/305 kB | 7.7/33 kB Progress (3): 53 kB | 94/305 kB | 12/33 kB Progress (3): 53 kB | 98/305 kB | 12/33 kB Progress (3): 53 kB | 98/305 kB | 15/33 kB Progress (3): 53 kB | 102/305 kB | 15/33 kB Progress (3): 53 kB | 106/305 kB | 15/33 kB Progress (3): 53 kB | 106/305 kB | 20/33 kB Progress (3): 53 kB | 110/305 kB | 20/33 kB Progress (3): 53 kB | 110/305 kB | 24/33 kB Progress (3): 53 kB | 114/305 kB | 24/33 kB Progress (3): 53 kB | 114/305 kB | 28/33 kB Progress (3): 53 kB | 118/305 kB | 28/33 kB Progress (3): 53 kB | 118/305 kB | 32/33 kB Progress (3): 53 kB | 122/305 kB | 32/33 kB Progress (3): 53 kB | 122/305 kB | 33 kB Progress (3): 53 kB | 126/305 kB | 33 kB Progress (3): 53 kB | 131/305 kB | 33 kB Progress (3): 53 kB | 135/305 kB | 33 kB Progress (3): 53 kB | 139/305 kB | 33 kB Progress (3): 53 kB | 143/305 kB | 33 kB Progress (3): 53 kB | 147/305 kB | 33 kB Progress (3): 53 kB | 151/305 kB | 33 kB Progress (3): 53 kB | 155/305 kB | 33 kB Progress (3): 53 kB | 159/305 kB | 33 kB Progress (3): 53 kB | 163/305 kB | 33 kB Progress (3): 53 kB | 167/305 kB | 33 kB Progress (3): 53 kB | 172/305 kB | 33 kB Progress (3): 53 kB | 176/305 kB | 33 kB Progress (3): 53 kB | 180/305 kB | 33 kB Progress (3): 53 kB | 184/305 kB | 33 kB Progress (3): 53 kB | 188/305 kB | 33 kB Progress (3): 53 kB | 192/305 kB | 33 kB Progress (3): 53 kB | 196/305 kB | 33 kB Progress (3): 53 kB | 200/305 kB | 33 kB Progress (3): 53 kB | 204/305 kB | 33 kB Progress (3): 53 kB | 208/305 kB | 33 kB Progress (3): 53 kB | 213/305 kB | 33 kB Progress (3): 53 kB | 217/305 kB | 33 kB Progress (3): 53 kB | 221/305 kB | 33 kB Progress (3): 53 kB | 225/305 kB | 33 kB Progress (3): 53 kB | 229/305 kB | 33 kB Progress (3): 53 kB | 233/305 kB | 33 kB Progress (3): 53 kB | 237/305 kB | 33 kB Progress (3): 53 kB | 241/305 kB | 33 kB Progress (3): 53 kB | 245/305 kB | 33 kB Progress (3): 53 kB | 249/305 kB | 33 kB Progress (3): 53 kB | 253/305 kB | 33 kB Progress (3): 53 kB | 258/305 kB | 33 kB Progress (3): 53 kB | 262/305 kB | 33 kB Progress (3): 53 kB | 266/305 kB | 33 kB Progress (3): 53 kB | 270/305 kB | 33 kB Progress (3): 53 kB | 274/305 kB | 33 kB Progress (3): 53 kB | 278/305 kB | 33 kB Progress (3): 53 kB | 282/305 kB | 33 kB Progress (3): 53 kB | 286/305 kB | 33 kB Progress (3): 53 kB | 290/305 kB | 33 kB Progress (3): 53 kB | 294/305 kB | 33 kB Progress (3): 53 kB | 299/305 kB | 33 kB Progress (3): 53 kB | 303/305 kB | 33 kB Progress (3): 53 kB | 305 kB | 33 kB Progress (4): 53 kB | 305 kB | 33 kB | 4.1/37 kB Progress (4): 53 kB | 305 kB | 33 kB | 7.7/37 kB Progress (4): 53 kB | 305 kB | 33 kB | 11/37 kB Progress (4): 53 kB | 305 kB | 33 kB | 15/37 kB Progress (4): 53 kB | 305 kB | 33 kB | 20/37 kB Progress (4): 53 kB | 305 kB | 33 kB | 24/37 kB Progress (4): 53 kB | 305 kB | 33 kB | 28/37 kB Progress (4): 53 kB | 305 kB | 33 kB | 32/37 kB Progress (4): 53 kB | 305 kB | 33 kB | 36/37 kB Progress (4): 53 kB | 305 kB | 33 kB | 37 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-analysis/8.0/asm-analysis-8.0.jar (33 kB at 145 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.6/commons-io-2.6.jar Progress (4): 53 kB | 305 kB | 37 kB | 4.1/134 kB Progress (4): 53 kB | 305 kB | 37 kB | 7.7/134 kB Progress (4): 53 kB | 305 kB | 37 kB | 12/134 kB Progress (4): 53 kB | 305 kB | 37 kB | 16/134 kB Progress (4): 53 kB | 305 kB | 37 kB | 20/134 kB Progress (4): 53 kB | 305 kB | 37 kB | 24/134 kB Progress (4): 53 kB | 305 kB | 37 kB | 28/134 kB Progress (4): 53 kB | 305 kB | 37 kB | 32/134 kB Progress (4): 53 kB | 305 kB | 37 kB | 36/134 kB Progress (4): 53 kB | 305 kB | 37 kB | 40/134 kB Progress (4): 53 kB | 305 kB | 37 kB | 45/134 kB Progress (4): 53 kB | 305 kB | 37 kB | 49/134 kB Progress (4): 53 kB | 305 kB | 37 kB | 53/134 kB Progress (4): 53 kB | 305 kB | 37 kB | 57/134 kB Progress (4): 53 kB | 305 kB | 37 kB | 61/134 kB Progress (4): 53 kB | 305 kB | 37 kB | 65/134 kB Progress (4): 53 kB | 305 kB | 37 kB | 69/134 kB Progress (4): 53 kB | 305 kB | 37 kB | 73/134 kB Progress (4): 53 kB | 305 kB | 37 kB | 77/134 kB Progress (4): 53 kB | 305 kB | 37 kB | 81/134 kB Progress (4): 53 kB | 305 kB | 37 kB | 86/134 kB Progress (4): 53 kB | 305 kB | 37 kB | 90/134 kB Progress (4): 53 kB | 305 kB | 37 kB | 94/134 kB Progress (4): 53 kB | 305 kB | 37 kB | 98/134 kB Progress (4): 53 kB | 305 kB | 37 kB | 102/134 kB Progress (4): 53 kB | 305 kB | 37 kB | 106/134 kB Progress (4): 53 kB | 305 kB | 37 kB | 110/134 kB Progress (4): 53 kB | 305 kB | 37 kB | 114/134 kB Progress (4): 53 kB | 305 kB | 37 kB | 118/134 kB Progress (4): 53 kB | 305 kB | 37 kB | 122/134 kB Progress (4): 53 kB | 305 kB | 37 kB | 126/134 kB Progress (4): 53 kB | 305 kB | 37 kB | 131/134 kB Progress (4): 53 kB | 305 kB | 37 kB | 134 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/jdom/jdom2/2.0.6/jdom2-2.0.6.jar (305 kB at 1.3 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/vafer/jdependency/2.4.0/jdependency-2.4.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-tree/8.0/asm-tree-8.0.jar (53 kB at 225 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-util/8.0/asm-util-8.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-tree/3.0.1/maven-dependency-tree-3.0.1.jar (37 kB at 153 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/guava/28.2-android/guava-28.2-android.jar Progress (2): 134 kB | 4.1/215 kB Progress (2): 134 kB | 7.7/215 kB Progress (2): 134 kB | 12/215 kB Progress (2): 134 kB | 16/215 kB Progress (2): 134 kB | 20/215 kB Progress (2): 134 kB | 24/215 kB Progress (2): 134 kB | 28/215 kB Progress (2): 134 kB | 32/215 kB Progress (2): 134 kB | 36/215 kB Progress (2): 134 kB | 40/215 kB Progress (2): 134 kB | 45/215 kB Progress (2): 134 kB | 49/215 kB Progress (2): 134 kB | 53/215 kB Progress (2): 134 kB | 57/215 kB Progress (2): 134 kB | 61/215 kB Progress (2): 134 kB | 65/215 kB Progress (2): 134 kB | 69/215 kB Progress (2): 134 kB | 73/215 kB Progress (2): 134 kB | 77/215 kB Progress (2): 134 kB | 81/215 kB Progress (2): 134 kB | 86/215 kB Progress (2): 134 kB | 90/215 kB Progress (2): 134 kB | 94/215 kB Progress (2): 134 kB | 98/215 kB Progress (2): 134 kB | 102/215 kB Progress (2): 134 kB | 106/215 kB Progress (2): 134 kB | 110/215 kB Progress (2): 134 kB | 114/215 kB Progress (2): 134 kB | 118/215 kB Progress (2): 134 kB | 122/215 kB Progress (2): 134 kB | 126/215 kB Progress (2): 134 kB | 131/215 kB Progress (2): 134 kB | 135/215 kB Progress (2): 134 kB | 139/215 kB Progress (2): 134 kB | 143/215 kB Progress (2): 134 kB | 147/215 kB Progress (2): 134 kB | 151/215 kB Progress (2): 134 kB | 155/215 kB Progress (2): 134 kB | 159/215 kB Progress (2): 134 kB | 163/215 kB Progress (2): 134 kB | 167/215 kB Progress (2): 134 kB | 172/215 kB Progress (2): 134 kB | 176/215 kB Progress (2): 134 kB | 180/215 kB Progress (2): 134 kB | 184/215 kB Progress (2): 134 kB | 188/215 kB Progress (2): 134 kB | 192/215 kB Progress (2): 134 kB | 196/215 kB Progress (2): 134 kB | 200/215 kB Progress (2): 134 kB | 204/215 kB Progress (2): 134 kB | 208/215 kB Progress (2): 134 kB | 213/215 kB Progress (2): 134 kB | 215 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether-util/0.9.0.M2/aether-util-0.9.0.M2.jar (134 kB at 532 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar Progress (2): 215 kB | 4.1/180 kB Progress (2): 215 kB | 7.7/180 kB Progress (2): 215 kB | 12/180 kB Progress (2): 215 kB | 16/180 kB Progress (2): 215 kB | 20/180 kB Progress (2): 215 kB | 24/180 kB Progress (2): 215 kB | 28/180 kB Progress (2): 215 kB | 32/180 kB Progress (2): 215 kB | 36/180 kB Progress (2): 215 kB | 40/180 kB Progress (2): 215 kB | 45/180 kB Progress (2): 215 kB | 49/180 kB Progress (2): 215 kB | 53/180 kB Progress (2): 215 kB | 57/180 kB Progress (2): 215 kB | 61/180 kB Progress (2): 215 kB | 65/180 kB Progress (2): 215 kB | 69/180 kB Progress (2): 215 kB | 73/180 kB Progress (2): 215 kB | 77/180 kB Progress (2): 215 kB | 81/180 kB Progress (2): 215 kB | 85/180 kB Progress (2): 215 kB | 89/180 kB Progress (2): 215 kB | 93/180 kB Progress (2): 215 kB | 97/180 kB Progress (2): 215 kB | 102/180 kB Progress (2): 215 kB | 106/180 kB Progress (2): 215 kB | 110/180 kB Progress (2): 215 kB | 114/180 kB Progress (2): 215 kB | 118/180 kB Progress (2): 215 kB | 122/180 kB Progress (2): 215 kB | 126/180 kB Progress (3): 215 kB | 126/180 kB | 0/2.6 MB Progress (3): 215 kB | 130/180 kB | 0/2.6 MB Progress (3): 215 kB | 134/180 kB | 0/2.6 MB Progress (3): 215 kB | 138/180 kB | 0/2.6 MB Progress (3): 215 kB | 142/180 kB | 0/2.6 MB Progress (3): 215 kB | 147/180 kB | 0/2.6 MB Progress (3): 215 kB | 147/180 kB | 0/2.6 MB Progress (3): 215 kB | 151/180 kB | 0/2.6 MB Progress (3): 215 kB | 155/180 kB | 0/2.6 MB Progress (3): 215 kB | 159/180 kB | 0/2.6 MB Progress (3): 215 kB | 159/180 kB | 0/2.6 MB Progress (3): 215 kB | 163/180 kB | 0/2.6 MB Progress (3): 215 kB | 167/180 kB | 0/2.6 MB Progress (3): 215 kB | 171/180 kB | 0/2.6 MB Progress (3): 215 kB | 175/180 kB | 0/2.6 MB Progress (3): 215 kB | 179/180 kB | 0/2.6 MB Progress (3): 215 kB | 179/180 kB | 0.1/2.6 MB Progress (3): 215 kB | 180 kB | 0.1/2.6 MB Progress (3): 215 kB | 180 kB | 0.1/2.6 MB Progress (3): 215 kB | 180 kB | 0.1/2.6 MB Progress (3): 215 kB | 180 kB | 0.1/2.6 MB Progress (3): 215 kB | 180 kB | 0.1/2.6 MB Progress (3): 215 kB | 180 kB | 0.1/2.6 MB Progress (3): 215 kB | 180 kB | 0.2/2.6 MB Progress (3): 215 kB | 180 kB | 0.2/2.6 MB Progress (3): 215 kB | 180 kB | 0.2/2.6 MB Progress (3): 215 kB | 180 kB | 0.2/2.6 MB Progress (3): 215 kB | 180 kB | 0.2/2.6 MB Progress (3): 215 kB | 180 kB | 0.2/2.6 MB Progress (3): 215 kB | 180 kB | 0.3/2.6 MB Progress (3): 215 kB | 180 kB | 0.3/2.6 MB Progress (3): 215 kB | 180 kB | 0.3/2.6 MB Progress (3): 215 kB | 180 kB | 0.3/2.6 MB Progress (3): 215 kB | 180 kB | 0.3/2.6 MB Progress (3): 215 kB | 180 kB | 0.3/2.6 MB Progress (3): 215 kB | 180 kB | 0.4/2.6 MB Progress (4): 215 kB | 180 kB | 0.4/2.6 MB | 4.1/85 kB Progress (4): 215 kB | 180 kB | 0.4/2.6 MB | 7.7/85 kB Progress (4): 215 kB | 180 kB | 0.4/2.6 MB | 7.7/85 kB Progress (4): 215 kB | 180 kB | 0.4/2.6 MB | 12/85 kB Progress (4): 215 kB | 180 kB | 0.4/2.6 MB | 16/85 kB Progress (4): 215 kB | 180 kB | 0.4/2.6 MB | 20/85 kB Progress (4): 215 kB | 180 kB | 0.4/2.6 MB | 20/85 kB Progress (4): 215 kB | 180 kB | 0.4/2.6 MB | 24/85 kB Progress (4): 215 kB | 180 kB | 0.4/2.6 MB | 28/85 kB Progress (4): 215 kB | 180 kB | 0.4/2.6 MB | 32/85 kB Progress (4): 215 kB | 180 kB | 0.4/2.6 MB | 36/85 kB Progress (4): 215 kB | 180 kB | 0.4/2.6 MB | 40/85 kB Progress (4): 215 kB | 180 kB | 0.4/2.6 MB | 45/85 kB Progress (4): 215 kB | 180 kB | 0.4/2.6 MB | 45/85 kB Progress (4): 215 kB | 180 kB | 0.4/2.6 MB | 49/85 kB Progress (4): 215 kB | 180 kB | 0.4/2.6 MB | 53/85 kB Progress (4): 215 kB | 180 kB | 0.4/2.6 MB | 57/85 kB Progress (4): 215 kB | 180 kB | 0.4/2.6 MB | 61/85 kB Progress (4): 215 kB | 180 kB | 0.4/2.6 MB | 61/85 kB Progress (4): 215 kB | 180 kB | 0.4/2.6 MB | 65/85 kB Progress (4): 215 kB | 180 kB | 0.4/2.6 MB | 69/85 kB Progress (4): 215 kB | 180 kB | 0.4/2.6 MB | 73/85 kB Progress (4): 215 kB | 180 kB | 0.4/2.6 MB | 73/85 kB Progress (4): 215 kB | 180 kB | 0.4/2.6 MB | 77/85 kB Progress (4): 215 kB | 180 kB | 0.4/2.6 MB | 81/85 kB Progress (4): 215 kB | 180 kB | 0.4/2.6 MB | 85 kB Progress (4): 215 kB | 180 kB | 0.5/2.6 MB | 85 kB Progress (4): 215 kB | 180 kB | 0.5/2.6 MB | 85 kB Progress (4): 215 kB | 180 kB | 0.5/2.6 MB | 85 kB Progress (4): 215 kB | 180 kB | 0.5/2.6 MB | 85 kB Progress (4): 215 kB | 180 kB | 0.5/2.6 MB | 85 kB Progress (4): 215 kB | 180 kB | 0.5/2.6 MB | 85 kB Progress (4): 215 kB | 180 kB | 0.6/2.6 MB | 85 kB Progress (4): 215 kB | 180 kB | 0.6/2.6 MB | 85 kB Progress (4): 215 kB | 180 kB | 0.6/2.6 MB | 85 kB Progress (4): 215 kB | 180 kB | 0.6/2.6 MB | 85 kB Progress (4): 215 kB | 180 kB | 0.6/2.6 MB | 85 kB Progress (4): 215 kB | 180 kB | 0.6/2.6 MB | 85 kB Progress (4): 215 kB | 180 kB | 0.7/2.6 MB | 85 kB Progress (4): 215 kB | 180 kB | 0.7/2.6 MB | 85 kB Progress (4): 215 kB | 180 kB | 0.7/2.6 MB | 85 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.6/commons-io-2.6.jar (215 kB at 826 kB/s) Progress (3): 180 kB | 0.7/2.6 MB | 85 kB Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar Progress (3): 180 kB | 0.7/2.6 MB | 85 kB Progress (3): 180 kB | 0.7/2.6 MB | 85 kB Progress (3): 180 kB | 0.8/2.6 MB | 85 kB Progress (3): 180 kB | 0.8/2.6 MB | 85 kB Progress (3): 180 kB | 0.8/2.6 MB | 85 kB Progress (3): 180 kB | 0.8/2.6 MB | 85 kB Progress (3): 180 kB | 0.8/2.6 MB | 85 kB Progress (3): 180 kB | 0.8/2.6 MB | 85 kB Progress (3): 180 kB | 0.9/2.6 MB | 85 kB Progress (3): 180 kB | 0.9/2.6 MB | 85 kB Progress (3): 180 kB | 0.9/2.6 MB | 85 kB Progress (3): 180 kB | 0.9/2.6 MB | 85 kB Progress (3): 180 kB | 0.9/2.6 MB | 85 kB Progress (3): 180 kB | 0.9/2.6 MB | 85 kB Progress (3): 180 kB | 1.0/2.6 MB | 85 kB Progress (3): 180 kB | 1.0/2.6 MB | 85 kB Progress (3): 180 kB | 1.0/2.6 MB | 85 kB Progress (3): 180 kB | 1.0/2.6 MB | 85 kB Progress (3): 180 kB | 1.0/2.6 MB | 85 kB Progress (3): 180 kB | 1.0/2.6 MB | 85 kB Progress (3): 180 kB | 1.0/2.6 MB | 85 kB Progress (3): 180 kB | 1.1/2.6 MB | 85 kB Progress (3): 180 kB | 1.1/2.6 MB | 85 kB Progress (3): 180 kB | 1.1/2.6 MB | 85 kB Progress (3): 180 kB | 1.1/2.6 MB | 85 kB Progress (3): 180 kB | 1.1/2.6 MB | 85 kB Progress (3): 180 kB | 1.1/2.6 MB | 85 kB Progress (3): 180 kB | 1.2/2.6 MB | 85 kB Progress (3): 180 kB | 1.2/2.6 MB | 85 kB Progress (3): 180 kB | 1.2/2.6 MB | 85 kB Progress (3): 180 kB | 1.2/2.6 MB | 85 kB Progress (3): 180 kB | 1.2/2.6 MB | 85 kB Progress (3): 180 kB | 1.2/2.6 MB | 85 kB Progress (3): 180 kB | 1.3/2.6 MB | 85 kB Progress (3): 180 kB | 1.3/2.6 MB | 85 kB Progress (3): 180 kB | 1.3/2.6 MB | 85 kB Progress (3): 180 kB | 1.3/2.6 MB | 85 kB Progress (3): 180 kB | 1.3/2.6 MB | 85 kB Progress (3): 180 kB | 1.3/2.6 MB | 85 kB Progress (3): 180 kB | 1.4/2.6 MB | 85 kB Progress (3): 180 kB | 1.4/2.6 MB | 85 kB Progress (3): 180 kB | 1.4/2.6 MB | 85 kB Progress (3): 180 kB | 1.4/2.6 MB | 85 kB Progress (3): 180 kB | 1.4/2.6 MB | 85 kB Progress (3): 180 kB | 1.4/2.6 MB | 85 kB Progress (3): 180 kB | 1.5/2.6 MB | 85 kB Progress (3): 180 kB | 1.5/2.6 MB | 85 kB Progress (3): 180 kB | 1.5/2.6 MB | 85 kB Progress (3): 180 kB | 1.5/2.6 MB | 85 kB Progress (3): 180 kB | 1.5/2.6 MB | 85 kB Progress (3): 180 kB | 1.5/2.6 MB | 85 kB Progress (3): 180 kB | 1.6/2.6 MB | 85 kB Progress (4): 180 kB | 1.6/2.6 MB | 85 kB | 4.1/4.6 kB Progress (4): 180 kB | 1.6/2.6 MB | 85 kB | 4.1/4.6 kB Progress (4): 180 kB | 1.6/2.6 MB | 85 kB | 4.6 kB Progress (4): 180 kB | 1.6/2.6 MB | 85 kB | 4.6 kB Progress (4): 180 kB | 1.6/2.6 MB | 85 kB | 4.6 kB Progress (4): 180 kB | 1.6/2.6 MB | 85 kB | 4.6 kB Progress (4): 180 kB | 1.6/2.6 MB | 85 kB | 4.6 kB Progress (4): 180 kB | 1.7/2.6 MB | 85 kB | 4.6 kB Progress (4): 180 kB | 1.7/2.6 MB | 85 kB | 4.6 kB Progress (4): 180 kB | 1.7/2.6 MB | 85 kB | 4.6 kB Progress (4): 180 kB | 1.7/2.6 MB | 85 kB | 4.6 kB Progress (4): 180 kB | 1.7/2.6 MB | 85 kB | 4.6 kB Progress (4): 180 kB | 1.7/2.6 MB | 85 kB | 4.6 kB Progress (4): 180 kB | 1.8/2.6 MB | 85 kB | 4.6 kB Progress (4): 180 kB | 1.8/2.6 MB | 85 kB | 4.6 kB Progress (4): 180 kB | 1.8/2.6 MB | 85 kB | 4.6 kB Progress (4): 180 kB | 1.8/2.6 MB | 85 kB | 4.6 kB Progress (4): 180 kB | 1.8/2.6 MB | 85 kB | 4.6 kB Progress (4): 180 kB | 1.8/2.6 MB | 85 kB | 4.6 kB Progress (4): 180 kB | 1.9/2.6 MB | 85 kB | 4.6 kB Progress (4): 180 kB | 1.9/2.6 MB | 85 kB | 4.6 kB Progress (4): 180 kB | 1.9/2.6 MB | 85 kB | 4.6 kB Progress (4): 180 kB | 1.9/2.6 MB | 85 kB | 4.6 kB Progress (4): 180 kB | 1.9/2.6 MB | 85 kB | 4.6 kB Progress (4): 180 kB | 1.9/2.6 MB | 85 kB | 4.6 kB Progress (4): 180 kB | 1.9/2.6 MB | 85 kB | 4.6 kB Progress (4): 180 kB | 2.0/2.6 MB | 85 kB | 4.6 kB Progress (4): 180 kB | 2.0/2.6 MB | 85 kB | 4.6 kB Progress (4): 180 kB | 2.0/2.6 MB | 85 kB | 4.6 kB Progress (4): 180 kB | 2.0/2.6 MB | 85 kB | 4.6 kB Progress (4): 180 kB | 2.0/2.6 MB | 85 kB | 4.6 kB Progress (4): 180 kB | 2.0/2.6 MB | 85 kB | 4.6 kB Progress (4): 180 kB | 2.1/2.6 MB | 85 kB | 4.6 kB Progress (4): 180 kB | 2.1/2.6 MB | 85 kB | 4.6 kB Progress (4): 180 kB | 2.1/2.6 MB | 85 kB | 4.6 kB Progress (4): 180 kB | 2.1/2.6 MB | 85 kB | 4.6 kB Progress (4): 180 kB | 2.1/2.6 MB | 85 kB | 4.6 kB Progress (4): 180 kB | 2.1/2.6 MB | 85 kB | 4.6 kB Progress (4): 180 kB | 2.2/2.6 MB | 85 kB | 4.6 kB Progress (4): 180 kB | 2.2/2.6 MB | 85 kB | 4.6 kB Progress (4): 180 kB | 2.2/2.6 MB | 85 kB | 4.6 kB Progress (4): 180 kB | 2.2/2.6 MB | 85 kB | 4.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/vafer/jdependency/2.4.0/jdependency-2.4.0.jar (180 kB at 672 kB/s) Progress (3): 2.2/2.6 MB | 85 kB | 4.6 kB Downloading from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar Progress (3): 2.2/2.6 MB | 85 kB | 4.6 kB Progress (3): 2.3/2.6 MB | 85 kB | 4.6 kB Progress (3): 2.3/2.6 MB | 85 kB | 4.6 kB Progress (3): 2.3/2.6 MB | 85 kB | 4.6 kB Progress (3): 2.3/2.6 MB | 85 kB | 4.6 kB Progress (3): 2.3/2.6 MB | 85 kB | 4.6 kB Progress (3): 2.3/2.6 MB | 85 kB | 4.6 kB Progress (3): 2.4/2.6 MB | 85 kB | 4.6 kB Progress (3): 2.4/2.6 MB | 85 kB | 4.6 kB Progress (3): 2.4/2.6 MB | 85 kB | 4.6 kB Progress (3): 2.4/2.6 MB | 85 kB | 4.6 kB Progress (3): 2.4/2.6 MB | 85 kB | 4.6 kB Progress (3): 2.4/2.6 MB | 85 kB | 4.6 kB Progress (3): 2.5/2.6 MB | 85 kB | 4.6 kB Progress (3): 2.5/2.6 MB | 85 kB | 4.6 kB Progress (3): 2.5/2.6 MB | 85 kB | 4.6 kB Progress (3): 2.5/2.6 MB | 85 kB | 4.6 kB Progress (3): 2.5/2.6 MB | 85 kB | 4.6 kB Progress (3): 2.5/2.6 MB | 85 kB | 4.6 kB Progress (3): 2.6/2.6 MB | 85 kB | 4.6 kB Progress (3): 2.6/2.6 MB | 85 kB | 4.6 kB Progress (3): 2.6/2.6 MB | 85 kB | 4.6 kB Progress (3): 2.6/2.6 MB | 85 kB | 4.6 kB Progress (3): 2.6/2.6 MB | 85 kB | 4.6 kB Progress (3): 2.6 MB | 85 kB | 4.6 kB Progress (4): 2.6 MB | 85 kB | 4.6 kB | 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-util/8.0/asm-util-8.0.jar (85 kB at 304 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.jar Progress (4): 2.6 MB | 4.6 kB | 2.2 kB | 4.1/20 kB Progress (4): 2.6 MB | 4.6 kB | 2.2 kB | 7.7/20 kB Progress (4): 2.6 MB | 4.6 kB | 2.2 kB | 12/20 kB Progress (4): 2.6 MB | 4.6 kB | 2.2 kB | 16/20 kB Progress (4): 2.6 MB | 4.6 kB | 2.2 kB | 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar (4.6 kB at 16 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_annotations/2.3.4/error_prone_annotations-2.3.4.jar Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/guava/28.2-android/guava-28.2-android.jar (2.6 MB at 9.2 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.jar Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar (2.2 kB at 7.6 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.7/commons-lang3-3.7.jar Downloaded from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar (20 kB at 67 kB/s) Progress (1): 4.1/14 kB Progress (1): 7.7/14 kB Progress (1): 12/14 kB Progress (1): 14 kB Progress (2): 14 kB | 4.1/8.8 kB Progress (2): 14 kB | 7.7/8.8 kB Progress (2): 14 kB | 8.8 kB Progress (3): 14 kB | 8.8 kB | 4.1/5.9 kB Progress (3): 14 kB | 8.8 kB | 5.9 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 4.1/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 7.7/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 12/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 16/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 20/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 24/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 28/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 32/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 36/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 40/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 45/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 49/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 53/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 57/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 61/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 65/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 69/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 73/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 77/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 81/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 86/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 90/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 94/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 98/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 102/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 106/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 110/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 114/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 118/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 122/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 126/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 131/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 135/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 139/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 143/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 147/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 151/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 155/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 159/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 163/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 167/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 172/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 176/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 180/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 184/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 188/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 192/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 196/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 200/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 204/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 208/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 213/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 217/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 221/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 225/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 229/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 233/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 237/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 241/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 245/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 249/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 253/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 258/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 262/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 266/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 270/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 274/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 278/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 282/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 286/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 290/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 294/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 299/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 303/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 307/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 311/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 315/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 319/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 323/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 327/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 331/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 335/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 339/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 344/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 348/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 352/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 356/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 360/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 364/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 368/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 372/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 376/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 380/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 385/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 389/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 393/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 397/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 401/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 405/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 409/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 413/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 417/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 421/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 426/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 430/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 434/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 438/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 442/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 446/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 450/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 454/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 458/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 462/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 466/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 471/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 475/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 479/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 483/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 487/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 491/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 495/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 499/500 kB Progress (4): 14 kB | 8.8 kB | 5.9 kB | 500 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.jar (8.8 kB at 28 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_annotations/2.3.4/error_prone_annotations-2.3.4.jar (14 kB at 44 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.7/commons-lang3-3.7.jar (500 kB at 1.5 MB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.jar (5.9 kB at 18 kB/s) [INFO] Including io.github.stuartwdouglas.hacbs-test.simple:simple-jdk17:jar:0.1.2 in the shaded jar. [INFO] Including io.github.stuartwdouglas.hacbs-test.shaded:shaded-jdk11:jar:1.9 in the shaded jar. [INFO] Including io.github.stuartwdouglas.hacbs-test.simple:simple-jdk8:jar:1.2.4 in the shaded jar. [INFO] Including io.github.stuartwdouglas.hacbs-test.gradle:hacbs-test-simple-gradle-jdk8:jar:1.1 in the shaded jar. [WARNING] hacbs-test-simple-gradle-jdk8-1.1.jar, hacbs-test.jar, shaded-jdk11-1.9.jar, simple-jdk17-0.1.2.jar, simple-jdk8-1.2.4.jar define 1 overlapping resource: [WARNING] - META-INF/MANIFEST.MF [WARNING] shaded-jdk11-1.9.jar, simple-jdk8-1.2.4.jar define 3 overlapping classes and resources: [WARNING] - META-INF/maven/io.github.stuartwdouglas.hacbs-test.simple/simple-jdk8/pom.properties [WARNING] - META-INF/maven/io.github.stuartwdouglas.hacbs-test.simple/simple-jdk8/pom.xml [WARNING] - io.github.stuartwdouglas.hacbstest.simple.simplejdk8.Placeholder [WARNING] maven-shade-plugin has detected that some class files are [WARNING] present in two or more JARs. When this happens, only one [WARNING] single version of the class is copied to the uber jar. [WARNING] Usually this is not harmful and you can skip these warnings, [WARNING] otherwise try to manually exclude artifacts based on [WARNING] mvn dependency:tree -Ddetail=true and the above output. [WARNING] See http://maven.apache.org/plugins/maven-shade-plugin/ [INFO] Replacing original artifact with shaded artifact. [INFO] Replacing /work/target/hacbs-test.jar with /work/target/simple-java-project-1.0-SNAPSHOT-shaded.jar [INFO] ------------------------------------------------------------------------ [INFO] BUILD SUCCESS [INFO] ------------------------------------------------------------------------ [INFO] Total time: 16.719 s [INFO] Finished at: 2026-05-06T07:06:06Z [INFO] ------------------------------------------------------------------------ [2/2] STEP 1/10: FROM registry.access.redhat.com/ubi8/openjdk-17-runtime:1.23 [2/2] STEP 2/10: USER 185 [2/2] STEP 3/10: WORKDIR /work/ [2/2] STEP 4/10: COPY --from=builder /work/target/hacbs-test.jar /deployments [2/2] STEP 5/10: EXPOSE 8081 [2/2] STEP 6/10: ENV AB_JOLOKIA_OFF="" [2/2] STEP 7/10: ENV JAVA_APP_JAR="/deployments/hacbs-test.jar" [2/2] STEP 8/10: COPY labels.json /usr/share/buildinfo/labels.json [2/2] STEP 9/10: COPY labels.json /root/buildinfo/labels.json [2/2] STEP 10/10: LABEL "architecture"="x86_64" "vcs-type"="git" "vcs-ref"="6b9bd461df01d5c46c036b89582454398a302598" "org.opencontainers.image.revision"="6b9bd461df01d5c46c036b89582454398a302598" "org.opencontainers.image.source"="https://github.com/redhat-appstudio-qe/konflux-test-integration" "quay.expires-after"="6h" "build-date"="2026-05-06T07:05:15Z" "org.opencontainers.image.created"="2026-05-06T07:05:15Z" [2/2] COMMIT quay.io/redhat-appstudio-qe/integration1-kgjp/test-component-pac-uxaxuy:on-pr-6b9bd461df01d5c46c036b89582454398a302598 --> 7e51bb239d46 Successfully tagged quay.io/redhat-appstudio-qe/integration1-kgjp/test-component-pac-uxaxuy:on-pr-6b9bd461df01d5c46c036b89582454398a302598 7e51bb239d4654a2ab7dff60d088ab450ae47af76a00e24c20f7674495054d34 [2026-05-06T07:06:08,493440439+00:00] Unsetting proxy [2026-05-06T07:06:08,494816248+00:00] Add metadata Recording base image digests used registry.access.redhat.com/ubi8/openjdk-17:1.23 registry.access.redhat.com/ubi8/openjdk-17:1.23@sha256:6b594556530fc1f7e56ec1a798f27cfc87e328923d71a15b3a625cc0fc57618b registry.access.redhat.com/ubi8/openjdk-17-runtime:1.23 registry.access.redhat.com/ubi8/openjdk-17-runtime:1.23@sha256:d1c41a39da6dd219a2c002e604e9412ecc1d8635533da3aadfbcf4d2a6878e92 Getting image source signatures Copying blob sha256:a8c89bfd6f9d39f1c585bd9b733f85810225c91ddb4c6333c69fa70bc5d177ee Copying blob sha256:4fbd9e6ac35fac37ebf8cf165f41281d51056114cf97527414fa90b32b5d14d6 Copying blob sha256:5dbea8ad0b8fafeea55704769972b289a91254713435480168ce69a7d81ee19e Copying config sha256:7e51bb239d4654a2ab7dff60d088ab450ae47af76a00e24c20f7674495054d34 Writing manifest to image destination [2026-05-06T07:06:09,823144409+00:00] End build pod: test-component-pac-uxaxuy-o8a358e57681445c9d96a3d8e46d441d6-pod | container step-push: [2026-05-06T07:06:10,334791674+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-05-06T07:06:12,475600534+00:00] Convert image [2026-05-06T07:06:12,476641477+00:00] Push image with unique tag Pushing to quay.io/redhat-appstudio-qe/integration1-kgjp/test-component-pac-uxaxuy:test-component-pac-uxaxuy-on-pull-request-p8pzw-build-container [retry] executing: buildah push --format=docker --retry 3 --tls-verify=true quay.io/redhat-appstudio-qe/integration1-kgjp/test-component-pac-uxaxuy:on-pr-6b9bd461df01d5c46c036b89582454398a302598 docker://quay.io/redhat-appstudio-qe/integration1-kgjp/test-component-pac-uxaxuy:test-component-pac-uxaxuy-on-pull-request-p8pzw-build-container Getting image source signatures Copying blob sha256:a8c89bfd6f9d39f1c585bd9b733f85810225c91ddb4c6333c69fa70bc5d177ee Copying blob sha256:5dbea8ad0b8fafeea55704769972b289a91254713435480168ce69a7d81ee19e Copying blob sha256:4fbd9e6ac35fac37ebf8cf165f41281d51056114cf97527414fa90b32b5d14d6 Copying config sha256:7e51bb239d4654a2ab7dff60d088ab450ae47af76a00e24c20f7674495054d34 Writing manifest to image destination [2026-05-06T07:06:21,513872534+00:00] Push image with git revision Pushing to quay.io/redhat-appstudio-qe/integration1-kgjp/test-component-pac-uxaxuy:on-pr-6b9bd461df01d5c46c036b89582454398a302598 [retry] executing: buildah push --format=docker --retry 3 --tls-verify=true --digestfile /workspace/source/image-digest quay.io/redhat-appstudio-qe/integration1-kgjp/test-component-pac-uxaxuy:on-pr-6b9bd461df01d5c46c036b89582454398a302598 docker://quay.io/redhat-appstudio-qe/integration1-kgjp/test-component-pac-uxaxuy:on-pr-6b9bd461df01d5c46c036b89582454398a302598 Getting image source signatures Copying blob sha256:a8c89bfd6f9d39f1c585bd9b733f85810225c91ddb4c6333c69fa70bc5d177ee Copying blob sha256:4fbd9e6ac35fac37ebf8cf165f41281d51056114cf97527414fa90b32b5d14d6 Copying blob sha256:5dbea8ad0b8fafeea55704769972b289a91254713435480168ce69a7d81ee19e Copying config sha256:7e51bb239d4654a2ab7dff60d088ab450ae47af76a00e24c20f7674495054d34 Writing manifest to image destination sha256:5dd9fe4a956f91bba7732dc5acb7f1892f8806809220a88578a6beffa8a5f3a1quay.io/redhat-appstudio-qe/integration1-kgjp/test-component-pac-uxaxuy:on-pr-6b9bd461df01d5c46c036b89582454398a302598 [retry] executing: kubectl get configmap cluster-config -n konflux-info -o json Keyless signing is disabled (none of rekorInternalUrl, fulcioInternalUrl, defaultOIDCIssuer, tufInternalUrl are configured in the konflux-info/cluster-config configmap) [2026-05-06T07:06:22,383981012+00:00] End push pod: test-component-pac-uxaxuy-o8a358e57681445c9d96a3d8e46d441d6-pod | container step-sbom-syft-generate: [2026-05-06T07:06:22,532226425+00:00] Generate SBOM Running syft on the image Running syft on the source code [0000] WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal) [2026-05-06T07:06:32,919916640+00:00] End sbom-syft-generate pod: test-component-pac-uxaxuy-o8a358e57681445c9d96a3d8e46d441d6-pod | container step-prepare-sboms: [2026-05-06T07:06:33,717786398+00:00] Prepare SBOM [2026-05-06T07:06:33,721637699+00:00] Generate SBOM with mobster Skipping SBOM validation 2026-05-06 07:06:34,860 [INFO] mobster.log: Logging level set to 20 2026-05-06 07:06:34,958 [INFO] mobster.oci: Fetching manifest for registry.access.redhat.com/ubi8/openjdk-17-runtime@sha256:d1c41a39da6dd219a2c002e604e9412ecc1d8635533da3aadfbcf4d2a6878e92 2026-05-06 07:06:35,457 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type spdxjson failed for registry.access.redhat.com/ubi8/openjdk-17-runtime@sha256:afcb4b2ab317e980bff127ff13e046c2a485f3eaaee0e82896c66fdd5be54988 with output b"Error: no attestations with predicate type 'https://spdx.dev/Document' found\nerror during command execution: no attestations with predicate type 'https://spdx.dev/Document' found\n" 2026-05-06 07:06:35,701 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type cyclonedx failed for registry.access.redhat.com/ubi8/openjdk-17-runtime@sha256:afcb4b2ab317e980bff127ff13e046c2a485f3eaaee0e82896c66fdd5be54988 with output b"Error: no attestations with predicate type 'https://cyclonedx.org/bom' found\nerror during command execution: no attestations with predicate type 'https://cyclonedx.org/bom' found\n" 2026-05-06 07:06:36,133 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type spdxjson failed for registry.access.redhat.com/ubi8/openjdk-17-runtime@sha256:afcb4b2ab317e980bff127ff13e046c2a485f3eaaee0e82896c66fdd5be54988 with output b"Error: no attestations with predicate type 'https://spdx.dev/Document' found\nerror during command execution: no attestations with predicate type 'https://spdx.dev/Document' found\n" 2026-05-06 07:06:36,396 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type cyclonedx failed for registry.access.redhat.com/ubi8/openjdk-17-runtime@sha256:afcb4b2ab317e980bff127ff13e046c2a485f3eaaee0e82896c66fdd5be54988 with output b"Error: no attestations with predicate type 'https://cyclonedx.org/bom' found\nerror during command execution: no attestations with predicate type 'https://cyclonedx.org/bom' found\n" 2026-05-06 07:06:36,806 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type spdxjson failed for registry.access.redhat.com/ubi8/openjdk-17-runtime@sha256:afcb4b2ab317e980bff127ff13e046c2a485f3eaaee0e82896c66fdd5be54988 with output b"Error: no attestations with predicate type 'https://spdx.dev/Document' found\nerror during command execution: no attestations with predicate type 'https://spdx.dev/Document' found\n" 2026-05-06 07:06:37,073 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type cyclonedx failed for registry.access.redhat.com/ubi8/openjdk-17-runtime@sha256:afcb4b2ab317e980bff127ff13e046c2a485f3eaaee0e82896c66fdd5be54988 with output b"Error: no attestations with predicate type 'https://cyclonedx.org/bom' found\nerror during command execution: no attestations with predicate type 'https://cyclonedx.org/bom' found\n" 2026-05-06 07:06:37,480 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type spdxjson failed for registry.access.redhat.com/ubi8/openjdk-17-runtime@sha256:afcb4b2ab317e980bff127ff13e046c2a485f3eaaee0e82896c66fdd5be54988 with output b"Error: no attestations with predicate type 'https://spdx.dev/Document' found\nerror during command execution: no attestations with predicate type 'https://spdx.dev/Document' found\n" 2026-05-06 07:06:37,744 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type cyclonedx failed for registry.access.redhat.com/ubi8/openjdk-17-runtime@sha256:afcb4b2ab317e980bff127ff13e046c2a485f3eaaee0e82896c66fdd5be54988 with output b"Error: no attestations with predicate type 'https://cyclonedx.org/bom' found\nerror during command execution: no attestations with predicate type 'https://cyclonedx.org/bom' found\n" 2026-05-06 07:06:37,745 [INFO] mobster.cmd.generate.oci_image.contextual_sbom.contextualize: Contextual mechanism won't be used, there is no parent image SBOM. 2026-05-06 07:06:37,745 [INFO] mobster.cmd.generate.oci_image: Contextual SBOM workflow finished successfully. 2026-05-06 07:06:37,745 [INFO] mobster.log: Contextual workflow completed in 2.80s 2026-05-06 07:06:37,778 [INFO] mobster.main: Exiting with code 0. [2026-05-06T07:06:37,840185350+00:00] End prepare-sboms pod: test-component-pac-uxaxuy-o8a358e57681445c9d96a3d8e46d441d6-pod | container step-upload-sbom: [2026-05-06T07:06:37,845403438+00:00] Upload SBOM INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' Using token for quay.io/redhat-appstudio-qe/integration1-kgjp/test-component-pac-uxaxuy Pushing sbom to registry [retry] executing: cosign attach sbom --sbom sbom.json --type spdx quay.io/redhat-appstudio-qe/integration1-kgjp/test-component-pac-uxaxuy:on-pr-6b9bd461df01d5c46c036b89582454398a302598@sha256:5dd9fe4a956f91bba7732dc5acb7f1892f8806809220a88578a6beffa8a5f3a1 WARNING: SBOM attachments are deprecated and support will be removed in a Cosign release soon after 2024-02-22 (see https://github.com/sigstore/cosign/issues/2755). Instead, please use SBOM attestations. WARNING: Attaching SBOMs this way does not sign them. To sign them, use 'cosign attest --predicate sbom.json --key <key path>'. Uploading SBOM file for [quay.io/redhat-appstudio-qe/integration1-kgjp/test-component-pac-uxaxuy@sha256:5dd9fe4a956f91bba7732dc5acb7f1892f8806809220a88578a6beffa8a5f3a1] to [quay.io/redhat-appstudio-qe/integration1-kgjp/test-component-pac-uxaxuy:sha256-5dd9fe4a956f91bba7732dc5acb7f1892f8806809220a88578a6beffa8a5f3a1.sbom] with mediaType [text/spdx+json]. quay.io/redhat-appstudio-qe/integration1-kgjp/test-component-pac-uxaxuy@sha256:0066e1115433d041a03ca1c892ac55e50af94dfdc66f3327ba4c3f1cf9fcc6ca [2026-05-06T07:06:41,416021153+00:00] End upload-sbom pod: test-component-pac-uxaxuy-on-pull-request-p8pzw-init-pod | init container: prepare 2026/05/06 07:04:15 Entrypoint initialization pod: test-component-pac-uxaxuy-on-pull-request-p8pzw-init-pod | container step-init: time="2026-05-06T07:04:18Z" level=info msg="[param] enable: false" time="2026-05-06T07:04:18Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-05-06T07:04:18Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-05-06T07:04:18Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-05-06T07:04:18Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-05-06T07:04:18Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-05-06T07:04:18Z" level=info msg="Cache proxy is disabled via param" time="2026-05-06T07:04:18Z" level=info msg="[result] HTTP PROXY: " time="2026-05-06T07:04:18Z" level=info msg="[result] NO PROXY: " New PipelineRun test-component-pac-uxaxuy-on-pull-request-dtn66 found after retrigger for component integration1-kgjp/test-component-pac-uxaxuy PipelineRun test-component-pac-uxaxuy-on-pull-request-dtn66 found for Component integration1-kgjp/test-component-pac-uxaxuy PipelineRun test-component-pac-uxaxuy-on-pull-request-dtn66 reason: ResolvingTaskRef PipelineRun test-component-pac-uxaxuy-on-pull-request-dtn66 reason: Running PipelineRun test-component-pac-uxaxuy-on-pull-request-dtn66 reason: Running PipelineRun test-component-pac-uxaxuy-on-pull-request-dtn66 reason: Running PipelineRun test-component-pac-uxaxuy-on-pull-request-dtn66 reason: Running PipelineRun test-component-pac-uxaxuy-on-pull-request-dtn66 reason: Running PipelineRun test-component-pac-uxaxuy-on-pull-request-dtn66 reason: Running PipelineRun test-component-pac-uxaxuy-on-pull-request-dtn66 reason: Running PipelineRun test-component-pac-uxaxuy-on-pull-request-dtn66 reason: Running PipelineRun test-component-pac-uxaxuy-on-pull-request-dtn66 reason: Running PipelineRun test-component-pac-uxaxuy-on-pull-request-dtn66 reason: Running PipelineRun test-component-pac-uxaxuy-on-pull-request-dtn66 reason: Running PipelineRun test-component-pac-uxaxuy-on-pull-request-dtn66 reason: Running PipelineRun test-component-pac-uxaxuy-on-pull-request-dtn66 reason: Running PipelineRun test-component-pac-uxaxuy-on-pull-request-dtn66 reason: Running PipelineRun test-component-pac-uxaxuy-on-pull-request-dtn66 reason: Running PipelineRun test-component-pac-uxaxuy-on-pull-request-dtn66 reason: Running PipelineRun test-component-pac-uxaxuy-on-pull-request-dtn66 reason: Running PipelineRun test-component-pac-uxaxuy-on-pull-request-dtn66 reason: Completed < Exit [It] waits for build PipelineRun to succeed - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:101 @ 05/06/26 07:13:36.119 (9m31.077s) > Enter [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:13:36.119 < Exit [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:13:36.12 (0s) > Enter [It] should have a related PaC init PR created - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:107 @ 05/06/26 07:13:36.121 < Exit [It] should have a related PaC init PR created - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:107 @ 05/06/26 07:13:36.424 (303ms) > Enter [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:13:36.424 < Exit [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:13:36.424 (0s) > Enter [It] checks if the BuildPipelineRun have the annotation of chains signed - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:128 @ 05/06/26 07:13:36.425 < Exit [It] checks if the BuildPipelineRun have the annotation of chains signed - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:128 @ 05/06/26 07:13:36.526 (101ms) > Enter [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:13:36.526 < Exit [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:13:36.526 (0s) > Enter [It] checks if the Snapshot is created - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:132 @ 05/06/26 07:13:36.527 < Exit [It] checks if the Snapshot is created - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:132 @ 05/06/26 07:13:36.534 (7ms) > Enter [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:13:36.534 < Exit [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:13:36.534 (0s) > Enter [It] checks if the Build PipelineRun got annotated with Snapshot name - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:137 @ 05/06/26 07:13:36.535 < Exit [It] checks if the Build PipelineRun got annotated with Snapshot name - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:137 @ 05/06/26 07:13:36.723 (189ms) > Enter [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:13:36.723 < Exit [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:13:36.723 (0s) > Enter [It] verifies that the finalizer has been removed from the build pipelinerun - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:141 @ 05/06/26 07:13:36.724 < Exit [It] verifies that the finalizer has been removed from the build pipelinerun - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:141 @ 05/06/26 07:13:36.824 (101ms) > Enter [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:13:36.825 < Exit [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:13:36.825 (0s) > Enter [It] checks if all of the integrationPipelineRuns passed - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:154 @ 05/06/26 07:13:36.825 Integration test scenario my-integration-test-tdkz is found PipelineRun my-integration-test-tdkz-m9clk reason: Succeeded < Exit [It] checks if all of the integrationPipelineRuns passed - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:154 @ 05/06/26 07:13:36.922 (97ms) > Enter [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:13:36.923 < Exit [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:13:36.923 (0s) > Enter [It] checks if the passed status of integration test is reported in the Snapshot - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:158 @ 05/06/26 07:13:36.923 < Exit [It] checks if the passed status of integration test is reported in the Snapshot - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:158 @ 05/06/26 07:13:36.931 (8ms) > Enter [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:13:36.931 < Exit [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:13:36.931 (0s) > Enter [It] checks if the skipped integration test is absent from the Snapshot's status annotation - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:173 @ 05/06/26 07:13:36.932 < Exit [It] checks if the skipped integration test is absent from the Snapshot's status annotation - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:173 @ 05/06/26 07:13:36.94 (8ms) > Enter [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:13:36.94 < Exit [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:13:36.94 (0s) > Enter [It] checks if the finalizer was removed from all of the related Integration pipelineRuns - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:183 @ 05/06/26 07:13:36.94 Integration test scenario my-integration-test-tdkz is found build pipelineRun integration1-kgjp/my-integration-test-tdkz-m9clk still contains the finalizer: test.appstudio.openshift.io/pipelinerun < Exit [It] checks if the finalizer was removed from all of the related Integration pipelineRuns - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:183 @ 05/06/26 07:13:56.957 (20.017s) > Enter [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:13:56.957 < Exit [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:13:56.957 (0s) > Enter [It] creates a ReleasePlan - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:188 @ 05/06/26 07:13:56.958 IntegrationTestScenario my-integration-test-tdkz is found IntegrationTestScenario skipped-its is found < Exit [It] creates a ReleasePlan - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:188 @ 05/06/26 07:13:57.05 (92ms) > Enter [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:13:57.05 < Exit [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:13:57.05 (0s) > Enter [It] creates an snapshot of push event - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:198 @ 05/06/26 07:13:57.051 < Exit [It] creates an snapshot of push event - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:198 @ 05/06/26 07:13:57.1 (49ms) > Enter [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:13:57.1 < Exit [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:13:57.1 (0s) > Enter [It] checks if the global candidate is updated after push event - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:205 @ 05/06/26 07:13:57.1 < Exit [It] checks if the global candidate is updated after push event - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:205 @ 05/06/26 07:13:57.112 (11ms) > Enter [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:13:57.112 < Exit [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:13:57.112 (0s) > Enter [It] checks if all of the integrationPipelineRuns created by push event passed - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:218 @ 05/06/26 07:13:57.112 Integration test scenario my-integration-test-tdkz is found PipelineRun my-integration-test-tdkz-g9j6q reason: PipelineRun my-integration-test-tdkz-g9j6q reason: Succeeded < Exit [It] checks if all of the integrationPipelineRuns created by push event passed - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:218 @ 05/06/26 07:14:17.161 (20.048s) > Enter [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:14:17.161 < Exit [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:14:17.161 (0s) > Enter [It] checks if a Release is created successfully - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:222 @ 05/06/26 07:14:17.161 < Exit [It] checks if a Release is created successfully - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:222 @ 05/06/26 07:14:17.171 (10ms) > Enter [AfterAll] with happy path for general flow of Integration service - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:68 @ 05/06/26 07:14:17.171 < Exit [AfterAll] with happy path for general flow of Integration service - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:68 @ 05/06/26 07:14:22.158 (4.987s) > Enter [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:14:22.158 < Exit [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:14:22.158 (0s) > Enter [BeforeAll] with an integration test fail - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:234 @ 05/06/26 07:14:22.159 < Exit [BeforeAll] with an integration test fail - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:234 @ 05/06/26 07:14:36.301 (14.142s) > Enter [It] triggers a build PipelineRun - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:266 @ 05/06/26 07:14:36.301 no pipelinerun found for component test-component-pac-upezam (application: integ-app-pfqz, namespace: integration2-lzzr)PipelineRun test-component-pac-upezam-on-pull-request-hgl6s found for Component integration2-lzzr/test-component-pac-upezam PipelineRun test-component-pac-upezam-on-pull-request-hgl6s reason: Running PipelineRun test-component-pac-upezam-on-pull-request-hgl6s reason: Running PipelineRun test-component-pac-upezam-on-pull-request-hgl6s reason: Running PipelineRun test-component-pac-upezam-on-pull-request-hgl6s reason: Running PipelineRun test-component-pac-upezam-on-pull-request-hgl6s reason: Running PipelineRun test-component-pac-upezam-on-pull-request-hgl6s reason: Running PipelineRun test-component-pac-upezam-on-pull-request-hgl6s reason: Running PipelineRun test-component-pac-upezam-on-pull-request-hgl6s reason: Running PipelineRun test-component-pac-upezam-on-pull-request-hgl6s reason: Running PipelineRun test-component-pac-upezam-on-pull-request-hgl6s reason: Running PipelineRun my-integration-test-ddnk-7hqlm reason: Succeeded < Exit [It] triggers a build PipelineRun - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:266 @ 05/06/26 07:18:16.369 (3m40.068s) > Enter [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:18:16.369 < Exit [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:18:16.369 (0s) > Enter [It] should have a related PaC init PR created - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:273 @ 05/06/26 07:18:16.37 < Exit [It] should have a related PaC init PR created - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:273 @ 05/06/26 07:18:16.664 (294ms) > Enter [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:18:16.664 < Exit [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:18:16.664 (0s) > Enter [It] checks if the BuildPipelineRun have the annotation of chains signed - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:292 @ 05/06/26 07:18:16.664 < Exit [It] checks if the BuildPipelineRun have the annotation of chains signed - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:292 @ 05/06/26 07:18:16.769 (105ms) > Enter [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:18:16.77 < Exit [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:18:16.77 (0s) > Enter [It] checks if the Snapshot is created - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:296 @ 05/06/26 07:18:16.77 < Exit [It] checks if the Snapshot is created - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:296 @ 05/06/26 07:18:16.777 (7ms) > Enter [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:18:16.777 < Exit [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:18:16.777 (0s) > Enter [It] checks if the Build PipelineRun got annotated with Snapshot name - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:301 @ 05/06/26 07:18:16.777 < Exit [It] checks if the Build PipelineRun got annotated with Snapshot name - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:301 @ 05/06/26 07:18:16.792 (15ms) > Enter [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:18:16.792 < Exit [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:18:16.792 (0s) > Enter [It] checks if all of the integrationPipelineRuns finished - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:305 @ 05/06/26 07:18:16.793 Integration test scenario my-integration-test-ddnk is found PipelineRun my-integration-test-ddnk-7hqlm reason: Succeeded < Exit [It] checks if all of the integrationPipelineRuns finished - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:305 @ 05/06/26 07:18:16.855 (62ms) > Enter [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:18:16.855 < Exit [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:18:16.855 (0s) > Enter [It] checks if the failed status of integration test is reported in the Snapshot - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:309 @ 05/06/26 07:18:16.856 < Exit [It] checks if the failed status of integration test is reported in the Snapshot - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:309 @ 05/06/26 07:18:16.865 (10ms) > Enter [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:18:16.866 < Exit [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:18:16.866 (0s) > Enter [It] checks if the skipped integration test is absent from the Snapshot's status annotation - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:324 @ 05/06/26 07:18:16.866 < Exit [It] checks if the skipped integration test is absent from the Snapshot's status annotation - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:324 @ 05/06/26 07:18:16.873 (7ms) > Enter [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:18:16.874 < Exit [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:18:16.874 (0s) > Enter [It] checks if snapshot is marked as failed - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:334 @ 05/06/26 07:18:16.874 < Exit [It] checks if snapshot is marked as failed - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:334 @ 05/06/26 07:18:16.884 (10ms) > Enter [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:18:16.884 < Exit [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:18:16.884 (0s) > Enter [It] checks if the finalizer was removed from all of the related Integration pipelineRuns - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:340 @ 05/06/26 07:18:16.884 Integration test scenario my-integration-test-ddnk is found < Exit [It] checks if the finalizer was removed from all of the related Integration pipelineRuns - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:340 @ 05/06/26 07:18:16.956 (72ms) > Enter [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:18:16.956 < Exit [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:18:16.956 (0s) > Enter [It] creates a new IntegrationTestScenario - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:344 @ 05/06/26 07:18:16.956 < Exit [It] creates a new IntegrationTestScenario - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:344 @ 05/06/26 07:18:17.006 (50ms) > Enter [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:18:17.007 < Exit [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:18:17.007 (0s) > Enter [It] updates the Snapshot with the re-run label for the new scenario - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:349 @ 05/06/26 07:18:17.007 < Exit [It] updates the Snapshot with the re-run label for the new scenario - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:349 @ 05/06/26 07:18:17.115 (108ms) > Enter [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:18:17.116 < Exit [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:18:17.116 (0s) > Enter [It] checks if the new integration pipelineRun started - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:358 @ 05/06/26 07:18:17.116 pipelinerun %s/%s hasn't started yet integration2-lzzr my-integration-test-cyms-5lbjd < Exit [It] checks if the new integration pipelineRun started - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:358 @ 05/06/26 07:18:37.129 (20.013s) > Enter [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:18:37.129 < Exit [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:18:37.129 (0s) > Enter [It] checks if the re-run label was removed from the Snapshot - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:364 @ 05/06/26 07:18:37.13 < Exit [It] checks if the re-run label was removed from the Snapshot - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:364 @ 05/06/26 07:18:37.138 (9ms) > Enter [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:18:37.138 < Exit [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:18:37.138 (0s) > Enter [It] checks if all integration pipelineRuns finished successfully - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:378 @ 05/06/26 07:18:37.139 Integration test scenario my-integration-test-cyms is found PipelineRun my-integration-test-cyms-5lbjd reason: Succeeded Integration test scenario my-integration-test-ddnk is found PipelineRun my-integration-test-ddnk-7hqlm reason: Succeeded < Exit [It] checks if all integration pipelineRuns finished successfully - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:378 @ 05/06/26 07:18:37.159 (21ms) > Enter [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:18:37.159 < Exit [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:18:37.159 (0s) > Enter [It] checks if the name of the re-triggered pipelinerun is reported in the Snapshot - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:382 @ 05/06/26 07:18:37.16 < Exit [It] checks if the name of the re-triggered pipelinerun is reported in the Snapshot - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:382 @ 05/06/26 07:18:37.226 (66ms) > Enter [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:18:37.226 < Exit [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:18:37.226 (0s) > Enter [It] checks if snapshot is still marked as failed - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:399 @ 05/06/26 07:18:37.226 < Exit [It] checks if snapshot is still marked as failed - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:399 @ 05/06/26 07:18:37.232 (5ms) > Enter [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:18:37.232 < Exit [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:18:37.232 (0s) > Enter [It] creates an snapshot of push event - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:406 @ 05/06/26 07:18:37.232 < Exit [It] creates an snapshot of push event - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:406 @ 05/06/26 07:18:37.265 (33ms) > Enter [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:18:37.265 < Exit [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:18:37.265 (0s) > Enter [It] checks no Release CRs are created - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:413 @ 05/06/26 07:18:37.266 < Exit [It] checks no Release CRs are created - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:413 @ 05/06/26 07:18:37.271 (5ms) > Enter [AfterAll] with an integration test fail - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:250 @ 05/06/26 07:18:37.271 < Exit [AfterAll] with an integration test fail - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:250 @ 05/06/26 07:18:41.867 (4.596s) > Enter [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:18:41.867 < Exit [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/integration.go:49 @ 05/06/26 07:18:41.867 (0s) > Enter [BeforeAll] HACBS pipelines - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:237 @ 05/06/26 07:02:05.76 "level"=0 "msg"="found credentials for image ref quay.io/redhat-appstudio-qe/test-images:pipeline-bundle-1778050928-bsvt -> user: redhat-appstudio-qe+redhat_appstudio_quality" Image repository for component test-comp-jnrw in namespace build-e2e-fnei do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. Created component for scenario sample-python-basic-oci: component: test-comp-jnrw, repo: https://github.com/redhat-appstudio-qe/devfile-sample-python-basic, baseBranchName: base-fsjtiy, pacBranchName: konflux-test-comp-jnrw "level"=0 "msg"="found credentials for image ref quay.io/redhat-appstudio-qe/test-images:pipeline-bundle-1778050951-rvng -> user: redhat-appstudio-qe+redhat_appstudio_quality" Image repository for component test-comp-ewin in namespace build-e2e-fnei do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. Image repository for component test-comp-ewin in namespace build-e2e-fnei do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. Created component for scenario sample-python-basic-oci: component: test-comp-ewin, repo: https://github.com/redhat-appstudio-qe/devfile-sample-python-basic, baseBranchName: base-wajvyn, pacBranchName: konflux-test-comp-ewin "level"=0 "msg"="found credentials for image ref quay.io/redhat-appstudio-qe/test-images:pipeline-bundle-1778050983-fgan -> user: redhat-appstudio-qe+redhat_appstudio_quality" Image repository for component test-comp-jwrp in namespace build-e2e-fnei do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. Image repository for component test-comp-jwrp in namespace build-e2e-fnei do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. Created component for scenario sample-python-basic-oci: component: test-comp-jwrp, repo: https://github.com/redhat-appstudio-qe/devfile-sample-python-basic, baseBranchName: base-ajvtcw, pacBranchName: konflux-test-comp-jwrp Image repository for component test-symlink-comp-zxqf in namespace build-e2e-fnei do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. Image repository for component test-symlink-comp-zxqf in namespace build-e2e-fnei do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. Created component for scenario sample-python-basic-oci: component: test-symlink-comp-zxqf, repo: https://github.com/redhat-appstudio-qe/devfile-sample-python-basic, baseBranchName: base-ncdkld, pacBranchName: konflux-test-symlink-comp-zxqf < Exit [BeforeAll] HACBS pipelines - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:237 @ 05/06/26 07:04:06.586 (2m0.826s) > Enter [It] triggers PipelineRun for symlink component with source URL https://github.com/redhat-appstudio-qe/devfile-sample-python-basic with component name test-symlink-comp-zxqf - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:325 @ 05/06/26 07:04:06.586 PipelineRun has not been created yet for Component build-e2e-fnei/test-symlink-comp-zxqf PipelineRun has not been created yet for Component build-e2e-fnei/test-symlink-comp-zxqf < Exit [It] triggers PipelineRun for symlink component with source URL https://github.com/redhat-appstudio-qe/devfile-sample-python-basic with component name test-symlink-comp-zxqf - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:325 @ 05/06/26 07:04:46.704 (40.117s) > Enter [AfterEach] [build-service-suite Build templates E2E test] - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:207 @ 05/06/26 07:04:46.704 < Exit [AfterEach] [build-service-suite Build templates E2E test] - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:207 @ 05/06/26 07:04:46.704 (0s) > Enter [It] scenario sample-python-basic-oci triggers PipelineRun for component with source URL https://github.com/redhat-appstudio-qe/devfile-sample-python-basic and Pipeline docker-build-oci-ta - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:338 @ 05/06/26 07:04:46.705 < Exit [It] scenario sample-python-basic-oci triggers PipelineRun for component with source URL https://github.com/redhat-appstudio-qe/devfile-sample-python-basic and Pipeline docker-build-oci-ta - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:338 @ 05/06/26 07:04:46.863 (158ms) > Enter [AfterEach] [build-service-suite Build templates E2E test] - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:207 @ 05/06/26 07:04:46.863 < Exit [AfterEach] [build-service-suite Build templates E2E test] - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:207 @ 05/06/26 07:04:46.863 (0s) > Enter [It] scenario sample-python-basic-oci triggers PipelineRun for component with source URL https://github.com/redhat-appstudio-qe/devfile-sample-python-basic and Pipeline docker-build-oci-ta-min - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:338 @ 05/06/26 07:04:46.863 < Exit [It] scenario sample-python-basic-oci triggers PipelineRun for component with source URL https://github.com/redhat-appstudio-qe/devfile-sample-python-basic and Pipeline docker-build-oci-ta-min - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:338 @ 05/06/26 07:04:46.989 (126ms) > Enter [AfterEach] [build-service-suite Build templates E2E test] - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:207 @ 05/06/26 07:04:46.99 < Exit [AfterEach] [build-service-suite Build templates E2E test] - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:207 @ 05/06/26 07:04:46.99 (0s) > Enter [It] scenario sample-python-basic-oci triggers PipelineRun for component with source URL https://github.com/redhat-appstudio-qe/devfile-sample-python-basic and Pipeline docker-build - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:338 @ 05/06/26 07:04:46.99 < Exit [It] scenario sample-python-basic-oci triggers PipelineRun for component with source URL https://github.com/redhat-appstudio-qe/devfile-sample-python-basic and Pipeline docker-build - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:338 @ 05/06/26 07:04:47.103 (113ms) > Enter [AfterEach] [build-service-suite Build templates E2E test] - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:207 @ 05/06/26 07:04:47.103 < Exit [AfterEach] [build-service-suite Build templates E2E test] - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:207 @ 05/06/26 07:04:47.103 (0s) > Enter [It] should eventually finish successfully for component with Git source URL https://github.com/redhat-appstudio-qe/devfile-sample-python-basic and Pipeline docker-build - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:356 @ 05/06/26 07:04:47.104 PipelineRun test-comp-jnrw-on-pull-request-p8rhm found for Component build-e2e-fnei/test-comp-jnrw PipelineRun test-comp-jnrw-on-pull-request-p8rhm reason: Running PipelineRun test-comp-jnrw-on-pull-request-p8rhm reason: Running PipelineRun test-comp-jnrw-on-pull-request-p8rhm reason: Running PipelineRun test-comp-jnrw-on-pull-request-p8rhm reason: Running PipelineRun test-comp-jnrw-on-pull-request-p8rhm reason: Running PipelineRun test-comp-jnrw-on-pull-request-p8rhm reason: Running PipelineRun test-comp-jnrw-on-pull-request-p8rhm reason: Running PipelineRun test-comp-jnrw-on-pull-request-p8rhm reason: Running PipelineRun test-comp-jnrw-on-pull-request-p8rhm reason: Running PipelineRun test-comp-jnrw-on-pull-request-p8rhm reason: PipelineRunStopping PipelineRun test-comp-jnrw-on-pull-request-p8rhm reason: PipelineRunStopping PipelineRun test-comp-jnrw-on-pull-request-p8rhm reason: PipelineRunStopping PipelineRun test-comp-jnrw-on-pull-request-p8rhm reason: PipelineRunStopping PipelineRun test-comp-jnrw-on-pull-request-p8rhm reason: PipelineRunStopping PipelineRun test-comp-jnrw-on-pull-request-p8rhm reason: PipelineRunStopping PipelineRun test-comp-jnrw-on-pull-request-p8rhm reason: PipelineRunStopping PipelineRun test-comp-jnrw-on-pull-request-p8rhm reason: PipelineRunStopping PipelineRun test-comp-jnrw-on-pull-request-p8rhm reason: PipelineRunStopping PipelineRun test-comp-jnrw-on-pull-request-p8rhm reason: PipelineRunStopping PipelineRun test-comp-jnrw-on-pull-request-p8rhm reason: PipelineRunStopping PipelineRun test-comp-jnrw-on-pull-request-p8rhm reason: PipelineRunStopping PipelineRun test-comp-jnrw-on-pull-request-p8rhm reason: PipelineRunStopping PipelineRun test-comp-jnrw-on-pull-request-p8rhm reason: PipelineRunStopping PipelineRun test-comp-jnrw-on-pull-request-p8rhm reason: PipelineRunStopping PipelineRun test-comp-jnrw-on-pull-request-p8rhm reason: Failed attempt 1/3: PipelineRun "test-comp-jnrw-on-pull-request-p8rhm" failed: pod: test-comp-jnrw-on-pull-requ0304f96bd51fdf7341d70f6b0d87ba10-pod | init container: prepare 2026/05/06 07:06:31 Entrypoint initialization pod: test-comp-jnrw-on-pull-requ0304f96bd51fdf7341d70f6b0d87ba10-pod | init container: place-scripts 2026/05/06 07:06:32 Decoded script /tekton/scripts/script-0-g55b9 2026/05/06 07:06:32 Decoded script /tekton/scripts/script-1-s5g2q 2026/05/06 07:06:32 Decoded script /tekton/scripts/script-2-n8s2v 2026/05/06 07:06:32 Decoded script /tekton/scripts/script-3-ldn8x 2026/05/06 07:06:32 Decoded script /tekton/scripts/script-4-ql44t 2026/05/06 07:06:32 Decoded script /tekton/scripts/script-5-s5sr2 pod: test-comp-jnrw-on-pull-requ0304f96bd51fdf7341d70f6b0d87ba10-pod | container step-introspect: Artifact type will be determined by introspection. Checking the media type of the OCI artifact... [retry] executing: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-jnrw:on-pr-2d475b7ced7f2f9adb74a83b290655cff6ef2c07 The media type of the OCI artifact is application/vnd.oci.image.manifest.v1+json. Looking for image labels that indicate this might be an operator bundle... [retry] executing: skopeo inspect --retry-times 3 docker://quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-jnrw:on-pr-2d475b7ced7f2f9adb74a83b290655cff6ef2c07 Found 0 matching labels. Expecting 3 or more to identify this image as an operator bundle. Introspection concludes that this artifact is of type "application". pod: test-comp-jnrw-on-pull-requ0304f96bd51fdf7341d70f6b0d87ba10-pod | container step-generate-container-auth: Selecting auth for quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-jnrw:on-pr-2d475b7ced7f2f9adb74a83b290655cff6ef2c07 Using token for quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-jnrw Auth json written to "/auth/auth.json". pod: test-comp-jnrw-on-pull-requ0304f96bd51fdf7341d70f6b0d87ba10-pod | container step-set-skip-for-bundles: 2026/05/06 07:07:33 INFO Step was skipped due to when expressions were evaluated to false. pod: test-comp-jnrw-on-pull-requ0304f96bd51fdf7341d70f6b0d87ba10-pod | container step-app-check: time="2026-05-06T07:07:33Z" level=info msg="certification library version" version="1.17.2 <commit: eb87e5b2d67ad110a0afe8edfb16f445e0877c4e>" time="2026-05-06T07:07:33Z" level=info msg="running checks for quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-jnrw:on-pr-2d475b7ced7f2f9adb74a83b290655cff6ef2c07 for platform amd64" time="2026-05-06T07:07:33Z" level=info msg="target image" image="quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-jnrw:on-pr-2d475b7ced7f2f9adb74a83b290655cff6ef2c07" time="2026-05-06T07:07:38Z" level=error msg="could not get rpm list, continuing without it" error="could not find rpm db/packages: stat /tmp/preflight-2869470859/fs/usr/lib/sysimage/rpm/rpmdb.sqlite: no such file or directory\nstat /tmp/preflight-2869470859/fs/var/lib/rpm/rpmdb.sqlite: no such file or directory\nstat /tmp/preflight-2869470859/fs/var/lib/rpm/Packages: no such file or directory" time="2026-05-06T07:07:38Z" level=info msg="warning: licenses directory does not exist or all of its children are empty directories: error when checking for /licenses: stat /tmp/preflight-2869470859/fs/licenses: no such file or directory" check=HasLicense time="2026-05-06T07:07:38Z" level=info msg="check completed" check=HasLicense result=FAILED time="2026-05-06T07:07:38Z" level=info msg="check completed" check=HasUniqueTag result=PASSED time="2026-05-06T07:07:38Z" level=info msg="check completed" check=LayerCountAcceptable result=PASSED time="2026-05-06T07:07:38Z" level=info msg="check completed" check=HasNoProhibitedPackages err="unable to get a list of all packages in the image: could not get rpm list: could not find rpm db/packages: stat /tmp/preflight-2869470859/fs/usr/lib/sysimage/rpm/rpmdb.sqlite: no such file or directory\nstat /tmp/preflight-2869470859/fs/var/lib/rpm/rpmdb.sqlite: no such file or directory\nstat /tmp/preflight-2869470859/fs/var/lib/rpm/Packages: no such file or directory" result=ERROR time="2026-05-06T07:07:38Z" level=info msg="check completed" check=HasRequiredLabel result=FAILED time="2026-05-06T07:07:38Z" level=info msg="detected empty USER. Presumed to be running as root" check=RunAsNonRoot time="2026-05-06T07:07:38Z" level=info msg="USER value must be provided and be a non-root value for this check to pass" check=RunAsNonRoot time="2026-05-06T07:07:38Z" level=info msg="check completed" check=RunAsNonRoot result=FAILED time="2026-05-06T07:07:42Z" level=info msg="check completed" check=HasModifiedFiles result=PASSED time="2026-05-06T07:07:42Z" level=info msg="check completed" check=BasedOnUbi result=FAILED time="2026-05-06T07:07:42Z" level=info msg="This image's tag on-pr-2d475b7ced7f2f9adb74a83b290655cff6ef2c07 will be paired with digest sha256:37f25d7a43c381e79a2e46fe641d411d2d056ae66ef3382fda09340f833c5745 once this image has been published in accordance with Red Hat Certification policy. You may then add or remove any supplemental tags through your Red Hat Connect portal as you see fit." { "image": "quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-jnrw:on-pr-2d475b7ced7f2f9adb74a83b290655cff6ef2c07", "passed": false, "test_library": { "name": "github.com/redhat-openshift-ecosystem/openshift-preflight", "version": "1.17.2", "commit": "eb87e5b2d67ad110a0afe8edfb16f445e0877c4e" }, "results": { "passed": [ { "name": "HasUniqueTag", "elapsed_time": 0, "description": "Checking if container has a tag other than 'latest', so that the image can be uniquely identified." }, { "name": "LayerCountAcceptable", "elapsed_time": 0, "description": "Checking if container has less than 40 layers. Too many layers within the container images can degrade container performance." }, { "name": "HasModifiedFiles", "elapsed_time": 3819, "description": "Checks that no files installed via RPM in the base Red Hat layer have been modified" } ], "failed": [ { "name": "HasLicense", "elapsed_time": 0, "description": "Checking if terms and conditions applicable to the software including open source licensing information are present. The license must be at /licenses", "help": "Check HasLicense encountered an error. Please review the preflight.log file for more information.", "suggestion": "Create a directory named /licenses and include all relevant licensing and/or terms and conditions as text file(s) in that directory.", "knowledgebase_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction", "check_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction" }, { "name": "HasRequiredLabel", "elapsed_time": 0, "description": "Checking if the required labels (name, vendor, version, release, summary, description, maintainer) are present in the container metadata", "help": "Check HasRequiredLabel encountered an error. Please review the preflight.log file for more information.", "suggestion": "Add the following labels to your Dockerfile or Containerfile: name, vendor, version, release, summary, description, maintainer.", "knowledgebase_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction", "check_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction" }, { "name": "RunAsNonRoot", "elapsed_time": 0, "description": "Checking if container runs as the root user because a container that does not specify a non-root user will fail the automatic certification, and will be subject to a manual review before the container can be approved for publication", "help": "Check RunAsNonRoot encountered an error. Please review the preflight.log file for more information.", "suggestion": "Indicate a specific USER in the dockerfile or containerfile", "knowledgebase_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction", "check_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction" }, { "name": "BasedOnUbi", "elapsed_time": 146, "description": "Checking if the container's base image is based upon the Red Hat Universal Base Image (UBI)", "help": "Check BasedOnUbi encountered an error. Please review the preflight.log file for more information.", "suggestion": "Change the FROM directive in your Dockerfile or Containerfile, for the latest list of images and details refer to: https://catalog.redhat.com/software/base-images", "knowledgebase_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction", "check_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction" } ], "errors": [ { "name": "HasNoProhibitedPackages", "elapsed_time": 0, "description": "Checks to ensure that the image in use does not include prohibited packages, such as Red Hat Enterprise Linux (RHEL) kernel packages.", "help": "Check HasNoProhibitedPackages encountered an error. Please review the preflight.log file for more information." } ] } } time="2026-05-06T07:07:42Z" level=info msg="Preflight result: FAILED" pod: test-comp-jnrw-on-pull-requ0304f96bd51fdf7341d70f6b0d87ba10-pod | container step-app-set-outcome: {"result":"ERROR","timestamp":"1778051263","note":"Task preflight is a ERROR: Refer to Tekton task logs for more information","successes":3,"failures":4,"warnings":0}[retry] executing: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-jnrw:on-pr-2d475b7ced7f2f9adb74a83b290655cff6ef2c07 pod: test-comp-jnrw-on-pull-requ0304f96bd51fdf7341d70f6b0d87ba10-pod | container step-final-outcome: + [[ ! -f /mount/konflux.results.json ]] + tee /tekton/steps/step-final-outcome/results/test-output {"result":"ERROR","timestamp":"1778051263","note":"Task preflight is a ERROR: Refer to Tekton task logs for more information","successes":3,"failures":4,"warnings":0} pod: test-comp-jnrw-on-pull-request-p8rhm-apply-tags-pod | init container: prepare 2026/05/06 07:06:31 Entrypoint initialization pod: test-comp-jnrw-on-pull-request-p8rhm-apply-tags-pod | container step-apply-additional-tags: time="2026-05-06T07:06:34Z" level=info msg="[param] image-url: quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-jnrw:on-pr-2d475b7ced7f2f9adb74a83b290655cff6ef2c07" time="2026-05-06T07:06:34Z" level=info msg="[param] digest: sha256:37f25d7a43c381e79a2e46fe641d411d2d056ae66ef3382fda09340f833c5745" time="2026-05-06T07:06:34Z" level=info msg="[param] tags-from-image-label: konflux.additional-tags" time="2026-05-06T07:06:35Z" level=warning msg="No tags given in 'konflux.additional-tags' image label" {"tags":[]} pod: test-comp-jnrw-on-pull-request-p8rhm-build-container-pod | init container: prepare 2026/05/06 07:04:20 Entrypoint initialization pod: test-comp-jnrw-on-pull-request-p8rhm-build-container-pod | init container: place-scripts 2026/05/06 07:04:20 Decoded script /tekton/scripts/script-0-nb945 2026/05/06 07:04:20 Decoded script /tekton/scripts/script-1-c2sxz 2026/05/06 07:04:20 Decoded script /tekton/scripts/script-2-jz5cm 2026/05/06 07:04:20 Decoded script /tekton/scripts/script-3-jxf8t 2026/05/06 07:04:20 Decoded script /tekton/scripts/script-4-6tw49 pod: test-comp-jnrw-on-pull-request-p8rhm-build-container-pod | init container: working-dir-initializer pod: test-comp-jnrw-on-pull-request-p8rhm-build-container-pod | container step-build: [2026-05-06T07:04:57,191490062+00:00] Validate context path [2026-05-06T07:04:57,194964973+00:00] Update CA trust [2026-05-06T07:04:57,196103107+00:00] Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-05-06T07:04:59,497285176+00:00] Prepare Dockerfile Checking if /var/workdir/cachi2/output/bom.json exists. Could not find prefetched sbom. No content_sets found for ICM [2026-05-06T07:04:59,504380419+00:00] Prepare system (architecture: x86_64) [2026-05-06T07:04:59,517604978+00:00] Setup prefetched Trying to pull quay.io/devfile/python:slim... Getting image source signatures Copying blob sha256:0f372def914e585a52a46de64d0ed00b960c02f5f81a307d673e73b404203d61 Copying blob sha256:2f9c09f7c02f4403f9ec5313e53e63eafe6cd43993457b810ce1b9642812daec Copying blob sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb Copying blob sha256:30fb943195a7f7cee90a9c67461c338d1d76a7004d2f94792b774ef71d875a02 Copying blob sha256:778656c04542093db6d3b6e07bffbcf6ec4b24709276be7cdf177fcb3666663a Copying config sha256:04f51101c1b979fb8a45a5332bfa8ed2c60f613ea396c3edd40f3d91702b24ef Writing manifest to image destination [2026-05-06T07:05:34,336534847+00:00] Unsetting proxy { "architecture": "x86_64", "vcs-type": "git", "vcs-ref": "2d475b7ced7f2f9adb74a83b290655cff6ef2c07", "org.opencontainers.image.revision": "2d475b7ced7f2f9adb74a83b290655cff6ef2c07", "org.opencontainers.image.source": "https://github.com/redhat-appstudio-qe/devfile-sample-python-basic", "quay.expires-after": "6h", "build-date": "2026-05-06T07:04:59Z", "org.opencontainers.image.created": "2026-05-06T07:04:59Z", "io.buildah.version": "1.42.2" } [2026-05-06T07:05:34,389065414+00:00] Register sub-man Adding the entitlement to the build [2026-05-06T07:05:34,392885202+00:00] Add secrets [2026-05-06T07:05:34,402395706+00:00] Run buildah build [2026-05-06T07:05:34,403650728+00:00] buildah build --volume /tmp/entitlement:/etc/pki/entitlement --security-opt=unmask=/proc/interrupts --label architecture=x86_64 --label vcs-type=git --label vcs-ref=2d475b7ced7f2f9adb74a83b290655cff6ef2c07 --label org.opencontainers.image.revision=2d475b7ced7f2f9adb74a83b290655cff6ef2c07 --label org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/devfile-sample-python-basic --label quay.expires-after=6h --label build-date=2026-05-06T07:04:59Z --label org.opencontainers.image.created=2026-05-06T07:04:59Z --annotation org.opencontainers.image.revision=2d475b7ced7f2f9adb74a83b290655cff6ef2c07 --annotation org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/devfile-sample-python-basic --annotation org.opencontainers.image.created=2026-05-06T07:04:59Z --tls-verify=true --no-cache --ulimit nofile=4096:4096 --http-proxy=false -f /tmp/Dockerfile.8Bdwbz -t quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-jnrw:on-pr-2d475b7ced7f2f9adb74a83b290655cff6ef2c07 . STEP 1/11: FROM quay.io/devfile/python:slim STEP 2/11: EXPOSE 8081/tcp STEP 3/11: ENV FLASK_PORT=8081 STEP 4/11: WORKDIR /projects STEP 5/11: COPY requirements.txt . STEP 6/11: RUN pip install -r requirements.txt Collecting Flask==2.1.0 Downloading Flask-2.1.0-py3-none-any.whl (95 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 95.2/95.2 kB 28.1 MB/s eta 0:00:00 Collecting Werkzeug>=2.0 Downloading werkzeug-3.1.8-py3-none-any.whl (226 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 226.5/226.5 kB 106.3 MB/s eta 0:00:00 Collecting Jinja2>=3.0 Downloading jinja2-3.1.6-py3-none-any.whl (134 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 134.9/134.9 kB 99.2 MB/s eta 0:00:00 Collecting itsdangerous>=2.0 Downloading itsdangerous-2.2.0-py3-none-any.whl (16 kB) Collecting click>=8.0 Downloading click-8.3.3-py3-none-any.whl (110 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 110.5/110.5 kB 116.2 MB/s eta 0:00:00 Collecting MarkupSafe>=2.0 Downloading markupsafe-3.0.3-cp311-cp311-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl (22 kB) Installing collected packages: MarkupSafe, itsdangerous, click, Werkzeug, Jinja2, Flask Successfully installed Flask-2.1.0 Jinja2-3.1.6 MarkupSafe-3.0.3 Werkzeug-3.1.8 click-8.3.3 itsdangerous-2.2.0 WARNING: Running pip as the 'root' user can result in broken permissions and conflicting behaviour with the system package manager. It is recommended to use a virtual environment instead: https://pip.pypa.io/warnings/venv [notice] A new release of pip available: 22.3.1 -> 26.1.1 [notice] To update, run: pip install --upgrade pip STEP 7/11: COPY . . STEP 8/11: CMD [ "python", "./app.py" ] STEP 9/11: COPY labels.json /usr/share/buildinfo/labels.json STEP 10/11: COPY labels.json /root/buildinfo/labels.json STEP 11/11: LABEL "architecture"="x86_64" "vcs-type"="git" "vcs-ref"="2d475b7ced7f2f9adb74a83b290655cff6ef2c07" "org.opencontainers.image.revision"="2d475b7ced7f2f9adb74a83b290655cff6ef2c07" "org.opencontainers.image.source"="https://github.com/redhat-appstudio-qe/devfile-sample-python-basic" "quay.expires-after"="6h" "build-date"="2026-05-06T07:04:59Z" "org.opencontainers.image.created"="2026-05-06T07:04:59Z" COMMIT quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-jnrw:on-pr-2d475b7ced7f2f9adb74a83b290655cff6ef2c07 --> dd067b337d14 Successfully tagged quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-jnrw:on-pr-2d475b7ced7f2f9adb74a83b290655cff6ef2c07 dd067b337d14cc857a30c535b1d55d5a26d54cdf65861d83b420b1e0cfdfddf0 [2026-05-06T07:05:38,784273186+00:00] Unsetting proxy [2026-05-06T07:05:38,785696820+00:00] Add metadata Recording base image digests used quay.io/devfile/python:slim quay.io/devfile/python:slim@sha256:54924a2ee4a2ef17028ae076ce38e59b3f4054353a5c9f9318dfaee60377532c Getting image source signatures Copying blob sha256:d326469892d974408d96f1e02d64dce10d20f88613688af11e99e3e22523beeb Copying blob sha256:609bcd29c7943a6667e3204bfa5b86a07d255f78ebc26d4c4e8981b335ac3b9a Copying blob sha256:b5ebffba54d3e3f7fd80435fcdc34c4a96fdb2ecab0f0a298fe08f74c2f69d29 Copying blob sha256:0a7eaca7a2e7e116a5658c409ea2ceb98226b7481a3b0f90c8d94d9f230fe238 Copying blob sha256:d9892173749de078dfb702835e9e3858aff86e7447fb11c5a2f2c6bb10f882f6 Copying blob sha256:497e95f140dbf7042a80fdcabdb7473099fef4b897be7c0eee85c5d820d737dc Copying config sha256:dd067b337d14cc857a30c535b1d55d5a26d54cdf65861d83b420b1e0cfdfddf0 Writing manifest to image destination [2026-05-06T07:05:39,447545985+00:00] End build pod: test-comp-jnrw-on-pull-request-p8rhm-build-container-pod | container step-push: [2026-05-06T07:05:40,375033474+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-05-06T07:05:42,883416487+00:00] Convert image [2026-05-06T07:05:42,884466874+00:00] Push image with unique tag Pushing to quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-jnrw:test-comp-jnrw-on-pull-request-p8rhm-build-container [retry] executing: buildah push --format=oci --retry 3 --tls-verify=true quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-jnrw:on-pr-2d475b7ced7f2f9adb74a83b290655cff6ef2c07 docker://quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-jnrw:test-comp-jnrw-on-pull-request-p8rhm-build-container Getting image source signatures Copying blob sha256:497e95f140dbf7042a80fdcabdb7473099fef4b897be7c0eee85c5d820d737dc Copying blob sha256:b5ebffba54d3e3f7fd80435fcdc34c4a96fdb2ecab0f0a298fe08f74c2f69d29 Copying blob sha256:d326469892d974408d96f1e02d64dce10d20f88613688af11e99e3e22523beeb Copying blob sha256:609bcd29c7943a6667e3204bfa5b86a07d255f78ebc26d4c4e8981b335ac3b9a Copying blob sha256:d9892173749de078dfb702835e9e3858aff86e7447fb11c5a2f2c6bb10f882f6 Copying blob sha256:0a7eaca7a2e7e116a5658c409ea2ceb98226b7481a3b0f90c8d94d9f230fe238 Copying config sha256:dd067b337d14cc857a30c535b1d55d5a26d54cdf65861d83b420b1e0cfdfddf0 Writing manifest to image destination [2026-05-06T07:05:52,762264020+00:00] Push image with git revision Pushing to quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-jnrw:on-pr-2d475b7ced7f2f9adb74a83b290655cff6ef2c07 [retry] executing: buildah push --format=oci --retry 3 --tls-verify=true --digestfile /workspace/source/image-digest quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-jnrw:on-pr-2d475b7ced7f2f9adb74a83b290655cff6ef2c07 docker://quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-jnrw:on-pr-2d475b7ced7f2f9adb74a83b290655cff6ef2c07 Getting image source signatures Copying blob sha256:497e95f140dbf7042a80fdcabdb7473099fef4b897be7c0eee85c5d820d737dc Copying blob sha256:b5ebffba54d3e3f7fd80435fcdc34c4a96fdb2ecab0f0a298fe08f74c2f69d29 Copying blob sha256:d9892173749de078dfb702835e9e3858aff86e7447fb11c5a2f2c6bb10f882f6 Copying blob sha256:0a7eaca7a2e7e116a5658c409ea2ceb98226b7481a3b0f90c8d94d9f230fe238 Copying blob sha256:609bcd29c7943a6667e3204bfa5b86a07d255f78ebc26d4c4e8981b335ac3b9a Copying blob sha256:d326469892d974408d96f1e02d64dce10d20f88613688af11e99e3e22523beeb Copying config sha256:dd067b337d14cc857a30c535b1d55d5a26d54cdf65861d83b420b1e0cfdfddf0 Writing manifest to image destination sha256:37f25d7a43c381e79a2e46fe641d411d2d056ae66ef3382fda09340f833c5745quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-jnrw:on-pr-2d475b7ced7f2f9adb74a83b290655cff6ef2c07 [retry] executing: kubectl get configmap cluster-config -n konflux-info -o json Keyless signing is disabled (none of rekorInternalUrl, fulcioInternalUrl, defaultOIDCIssuer, tufInternalUrl are configured in the konflux-info/cluster-config configmap) [2026-05-06T07:05:53,688135643+00:00] End push pod: test-comp-jnrw-on-pull-request-p8rhm-build-container-pod | container step-sbom-syft-generate: [2026-05-06T07:05:54,035373973+00:00] Generate SBOM Running syft on the image Running syft on the source code [0000] WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal) [2026-05-06T07:05:58,850764800+00:00] End sbom-syft-generate pod: test-comp-jnrw-on-pull-request-p8rhm-build-container-pod | container step-prepare-sboms: [2026-05-06T07:05:59,237670071+00:00] Prepare SBOM [2026-05-06T07:05:59,241458219+00:00] Generate SBOM with mobster Skipping SBOM validation 2026-05-06 07:06:00,414 [INFO] mobster.log: Logging level set to 20 2026-05-06 07:06:00,504 [INFO] mobster.oci: Fetching manifest for quay.io/devfile/python@sha256:54924a2ee4a2ef17028ae076ce38e59b3f4054353a5c9f9318dfaee60377532c 2026-05-06 07:06:01,122 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type spdxjson failed for quay.io/devfile/python@sha256:54924a2ee4a2ef17028ae076ce38e59b3f4054353a5c9f9318dfaee60377532c with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-05-06 07:06:01,312 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type cyclonedx failed for quay.io/devfile/python@sha256:54924a2ee4a2ef17028ae076ce38e59b3f4054353a5c9f9318dfaee60377532c with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-05-06 07:06:01,735 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type spdxjson failed for quay.io/devfile/python@sha256:54924a2ee4a2ef17028ae076ce38e59b3f4054353a5c9f9318dfaee60377532c with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-05-06 07:06:01,931 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type cyclonedx failed for quay.io/devfile/python@sha256:54924a2ee4a2ef17028ae076ce38e59b3f4054353a5c9f9318dfaee60377532c with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-05-06 07:06:02,410 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type spdxjson failed for quay.io/devfile/python@sha256:54924a2ee4a2ef17028ae076ce38e59b3f4054353a5c9f9318dfaee60377532c with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-05-06 07:06:02,603 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type cyclonedx failed for quay.io/devfile/python@sha256:54924a2ee4a2ef17028ae076ce38e59b3f4054353a5c9f9318dfaee60377532c with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-05-06 07:06:03,098 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type spdxjson failed for quay.io/devfile/python@sha256:54924a2ee4a2ef17028ae076ce38e59b3f4054353a5c9f9318dfaee60377532c with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-05-06 07:06:03,495 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type cyclonedx failed for quay.io/devfile/python@sha256:54924a2ee4a2ef17028ae076ce38e59b3f4054353a5c9f9318dfaee60377532c with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-05-06 07:06:03,495 [INFO] mobster.cmd.generate.oci_image.contextual_sbom.contextualize: Contextual mechanism won't be used, there is no parent image SBOM. 2026-05-06 07:06:03,495 [INFO] mobster.cmd.generate.oci_image: Contextual SBOM workflow finished successfully. 2026-05-06 07:06:03,496 [INFO] mobster.log: Contextual workflow completed in 3.01s 2026-05-06 07:06:03,535 [INFO] mobster.main: Exiting with code 0. [2026-05-06T07:06:03,599431622+00:00] End prepare-sboms pod: test-comp-jnrw-on-pull-request-p8rhm-build-container-pod | container step-upload-sbom: [2026-05-06T07:06:04,331469830+00:00] Upload SBOM INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' Using token for quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-jnrw Pushing sbom to registry [retry] executing: cosign attach sbom --sbom sbom.json --type spdx quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-jnrw:on-pr-2d475b7ced7f2f9adb74a83b290655cff6ef2c07@sha256:37f25d7a43c381e79a2e46fe641d411d2d056ae66ef3382fda09340f833c5745 WARNING: SBOM attachments are deprecated and support will be removed in a Cosign release soon after 2024-02-22 (see https://github.com/sigstore/cosign/issues/2755). Instead, please use SBOM attestations. WARNING: Attaching SBOMs this way does not sign them. To sign them, use 'cosign attest --predicate sbom.json --key <key path>'. Uploading SBOM file for [quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-jnrw@sha256:37f25d7a43c381e79a2e46fe641d411d2d056ae66ef3382fda09340f833c5745] to [quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-jnrw:sha256-37f25d7a43c381e79a2e46fe641d411d2d056ae66ef3382fda09340f833c5745.sbom] with mediaType [text/spdx+json]. quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-jnrw@sha256:1b6aee55a4d2a6553187162d309c5c7fa3a84329d0e9f9d5060415fc88109db2 [2026-05-06T07:06:07,791569880+00:00] End upload-sbom pod: test-comp-jnrw-on-pull-request-p8rhm-build-image-index-pod | init container: prepare 2026/05/06 07:06:09 Entrypoint initialization pod: test-comp-jnrw-on-pull-request-p8rhm-build-image-index-pod | init container: place-scripts 2026/05/06 07:06:10 Decoded script /tekton/scripts/script-0-ckmhv 2026/05/06 07:06:10 Decoded script /tekton/scripts/script-1-sg9d6 2026/05/06 07:06:10 Decoded script /tekton/scripts/script-2-zx56z pod: test-comp-jnrw-on-pull-request-p8rhm-build-image-index-pod | container step-build: [2026-05-06T07:06:24,141306597+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' Running konflux-build-cli time="2026-05-06T07:06:26Z" level=info msg="[param] image: quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-jnrw:on-pr-2d475b7ced7f2f9adb74a83b290655cff6ef2c07" time="2026-05-06T07:06:26Z" level=info msg="[param] images: [quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-jnrw:on-pr-2d475b7ced7f2f9adb74a83b290655cff6ef2c07@sha256:37f25d7a43c381e79a2e46fe641d411d2d056ae66ef3382fda09340f833c5745]" time="2026-05-06T07:06:26Z" level=info msg="[param] buildah-format: oci" time="2026-05-06T07:06:26Z" level=info msg="[param] always-build-index: false" time="2026-05-06T07:06:26Z" level=info msg="[param] additional-tags: [test-comp-jnrw-on-pull-request-p8rhm-build-image-index]" time="2026-05-06T07:06:26Z" level=info msg="[param] output-manifest-path: /index-build-data/manifest_data.json" time="2026-05-06T07:06:26Z" level=info msg="[param] result-path-image-digest: /tekton/results/IMAGE_DIGEST" time="2026-05-06T07:06:26Z" level=info msg="[param] result-path-image-url: /tekton/results/IMAGE_URL" time="2026-05-06T07:06:26Z" level=info msg="[param] result-path-image-ref: /tekton/results/IMAGE_REF" time="2026-05-06T07:06:26Z" level=info msg="[param] result-path-images: /tekton/results/IMAGES" time="2026-05-06T07:06:26Z" level=info msg="Creating manifest list: quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-jnrw:on-pr-2d475b7ced7f2f9adb74a83b290655cff6ef2c07" time="2026-05-06T07:06:26Z" level=info msg="buildah [stdout] 2b2bd43ae2bb4c0867fb1e36c38862193ddd7bad08819b73973b6bcefbcda758" logger=CliExecutor time="2026-05-06T07:06:26Z" level=info msg="Skipping image index generation. Returning results for single image." {"image_digest":"sha256:37f25d7a43c381e79a2e46fe641d411d2d056ae66ef3382fda09340f833c5745","image_url":"quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-jnrw:on-pr-2d475b7ced7f2f9adb74a83b290655cff6ef2c07","image_ref":"quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-jnrw@sha256:37f25d7a43c381e79a2e46fe641d411d2d056ae66ef3382fda09340f833c5745","images":"quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-jnrw@sha256:37f25d7a43c381e79a2e46fe641d411d2d056ae66ef3382fda09340f833c5745"} pod: test-comp-jnrw-on-pull-request-p8rhm-build-image-index-pod | container step-create-sbom: The manifest_data.json file does not exist. Skipping the SBOM creation... pod: test-comp-jnrw-on-pull-request-p8rhm-build-image-index-pod | container step-upload-sbom: [2026-05-06T07:06:26,715699718+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' The index.spdx.json file does not exists. Skipping the SBOM upload... pod: test-comp-jnrw-on-pull-request-p8rhm-clair-scan-pod | init container: prepare 2026/05/06 07:06:31 Entrypoint initialization pod: test-comp-jnrw-on-pull-request-p8rhm-clair-scan-pod | init container: place-scripts 2026/05/06 07:06:31 Decoded script /tekton/scripts/script-0-zghrv 2026/05/06 07:06:31 Decoded script /tekton/scripts/script-1-6fz77 2026/05/06 07:06:31 Decoded script /tekton/scripts/script-2-h6q5n 2026/05/06 07:06:31 Decoded script /tekton/scripts/script-3-tqs2f pod: test-comp-jnrw-on-pull-request-p8rhm-clair-scan-pod | container step-get-image-manifests: Inspecting raw image manifest quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-jnrw@sha256:37f25d7a43c381e79a2e46fe641d411d2d056ae66ef3382fda09340f833c5745. pod: test-comp-jnrw-on-pull-request-p8rhm-clair-scan-pod | container step-get-vulnerabilities: Running clair-action on amd64 image manifest... �[90m2026-05-06T07:10:23Z�[0m �[32mINF�[0m �[1mmatchers created�[0m �[36mcomponent=�[0mlibvuln/New �[36mmatchers=�[0m[{"docs":"https://pkg.go.dev/github.com/quay/claircore/alpine","name":"alpine-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/java","name":"java-maven"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/photon","name":"photon"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ubuntu","name":"ubuntu-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/aws","name":"aws-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/gobin","name":"gobin"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel","name":"rhel"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/debian","name":"debian-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/oracle","name":"oracle"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel/rhcc","name":"rhel-container-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/python","name":"python"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ruby","name":"ruby-gem"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/suse","name":"suse"}] �[90m2026-05-06T07:10:23Z�[0m �[32mINF�[0m �[1mlibvuln initialized�[0m �[36mcomponent=�[0mlibvuln/New �[90m2026-05-06T07:10:25Z�[0m �[32mINF�[0m �[1mregistered configured scanners�[0m �[36mcomponent=�[0mlibindex/New �[90m2026-05-06T07:10:25Z�[0m �[32mINF�[0m �[1mNewLayerScanner: constructing a new layer-scanner�[0m �[36mcomponent=�[0mindexer.NewLayerScanner �[90m2026-05-06T07:10:25Z�[0m �[32mINF�[0m �[1mindex request start�[0m �[36mcomponent=�[0mlibindex/Libindex.Index �[36mmanifest=�[0msha256:37f25d7a43c381e79a2e46fe641d411d2d056ae66ef3382fda09340f833c5745 �[90m2026-05-06T07:10:25Z�[0m �[32mINF�[0m �[1mstarting scan�[0m �[36mcomponent=�[0mindexer/controller/Controller.Index �[36mmanifest=�[0msha256:37f25d7a43c381e79a2e46fe641d411d2d056ae66ef3382fda09340f833c5745 �[90m2026-05-06T07:10:25Z�[0m �[32mINF�[0m �[1mmanifest to be scanned�[0m �[36mcomponent=�[0mindexer/controller/Controller.Index �[36mmanifest=�[0msha256:37f25d7a43c381e79a2e46fe641d411d2d056ae66ef3382fda09340f833c5745 �[36mstate=�[0mCheckManifest �[90m2026-05-06T07:10:25Z�[0m �[32mINF�[0m �[1mlayers fetch start�[0m �[36mcomponent=�[0mindexer/controller/Controller.Index �[36mmanifest=�[0msha256:37f25d7a43c381e79a2e46fe641d411d2d056ae66ef3382fda09340f833c5745 �[36mstate=�[0mFetchLayers �[90m2026-05-06T07:10:26Z�[0m �[32mINF�[0m �[1mlayers fetch success�[0m �[36mcomponent=�[0mindexer/controller/Controller.Index �[36mmanifest=�[0msha256:37f25d7a43c381e79a2e46fe641d411d2d056ae66ef3382fda09340f833c5745 �[36mstate=�[0mFetchLayers �[90m2026-05-06T07:10:26Z�[0m �[32mINF�[0m �[1mlayers fetch done�[0m �[36mcomponent=�[0mindexer/controller/Controller.Index �[36mmanifest=�[0msha256:37f25d7a43c381e79a2e46fe641d411d2d056ae66ef3382fda09340f833c5745 �[36mstate=�[0mFetchLayers �[90m2026-05-06T07:10:26Z�[0m �[32mINF�[0m �[1mlayers scan start�[0m �[36mcomponent=�[0mindexer/controller/Controller.Index �[36mmanifest=�[0msha256:37f25d7a43c381e79a2e46fe641d411d2d056ae66ef3382fda09340f833c5745 �[36mstate=�[0mScanLayers �[90m2026-05-06T07:10:26Z�[0m �[32mINF�[0m �[1mlayers scan done�[0m �[36mcomponent=�[0mindexer/controller/Controller.Index �[36mmanifest=�[0msha256:37f25d7a43c381e79a2e46fe641d411d2d056ae66ef3382fda09340f833c5745 �[36mstate=�[0mScanLayers �[90m2026-05-06T07:10:26Z�[0m �[32mINF�[0m �[1mstarting index manifest�[0m �[36mcomponent=�[0mindexer/controller/Controller.Index �[36mmanifest=�[0msha256:37f25d7a43c381e79a2e46fe641d411d2d056ae66ef3382fda09340f833c5745 �[36mstate=�[0mIndexManifest �[90m2026-05-06T07:10:26Z�[0m �[32mINF�[0m �[1mfinishing scan�[0m �[36mcomponent=�[0mindexer/controller/Controller.Index �[36mmanifest=�[0msha256:37f25d7a43c381e79a2e46fe641d411d2d056ae66ef3382fda09340f833c5745 �[36mstate=�[0mIndexFinished �[90m2026-05-06T07:10:26Z�[0m �[32mINF�[0m �[1mmanifest successfully scanned�[0m �[36mcomponent=�[0mindexer/controller/Controller.Index �[36mmanifest=�[0msha256:37f25d7a43c381e79a2e46fe641d411d2d056ae66ef3382fda09340f833c5745 �[36mstate=�[0mIndexFinished �[90m2026-05-06T07:10:26Z�[0m �[32mINF�[0m �[1mindex request done�[0m �[36mcomponent=�[0mlibindex/Libindex.Index �[36mmanifest=�[0msha256:37f25d7a43c381e79a2e46fe641d411d2d056ae66ef3382fda09340f833c5745 { "manifest_hash": "sha256:37f25d7a43c381e79a2e46fe641d411d2d056ae66ef3382fda09340f833c5745", "packages": { "+GDQTbek1zYvATiVR/wBCA==": { "id": "+GDQTbek1zYvATiVR/wBCA==", "name": "gzip", "version": "1.10-4+deb11u1", "kind": "binary", "source": { "id": "", "name": "gzip", "version": "1.10-4+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "+aaqENN9U+Kuxcb1tQ8Utg==": { "id": "+aaqENN9U+Kuxcb1tQ8Utg==", "name": "netbase", "version": "6.3", "kind": "binary", "source": { "id": "", "name": "netbase", "version": "6.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "+ol9cHiNc+RWiD7Kw3TLCg==": { "id": "+ol9cHiNc+RWiD7Kw3TLCg==", "name": "libcom-err2", "version": "1.46.2-2", "kind": "binary", "source": { "id": "", "name": "e2fsprogs", "version": "1.46.2-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "05vApGRmP6ko1S0ji87IIQ==": { "id": "05vApGRmP6ko1S0ji87IIQ==", "name": "libunistring2", "version": "0.9.10-4", "kind": "binary", "source": { "id": "", "name": "libunistring", "version": "0.9.10-4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "0jMyX7UCIuSpntMN1r7Ofg==": { "id": "0jMyX7UCIuSpntMN1r7Ofg==", "name": "libzstd1", "version": "1.4.8+dfsg-2.1", "kind": "binary", "source": { "id": "", "name": "libzstd", "version": "1.4.8+dfsg-2.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "1jyJPCL93kiEbfmNKeyz3g==": { "id": "1jyJPCL93kiEbfmNKeyz3g==", "name": "jinja2", "version": "3.1.6", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.3.1.6.0.0.0.0.0.0", "cpe": "" }, "2MObxiEVNllmUEzdVZM5qw==": { "id": "2MObxiEVNllmUEzdVZM5qw==", "name": "apt", "version": "2.2.4", "kind": "binary", "source": { "id": "", "name": "apt", "version": "2.2.4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "3f992oeEQfSQxRA0nlq8Wg==": { "id": "3f992oeEQfSQxRA0nlq8Wg==", "name": "libgcrypt20", "version": "1.8.7-6", "kind": "binary", "source": { "id": "", "name": "libgcrypt20", "version": "1.8.7-6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "4672uZtn8TnHDEzWVyhfjw==": { "id": "4672uZtn8TnHDEzWVyhfjw==", "name": "base-files", "version": "11.1+deb11u5", "kind": "binary", "source": { "id": "", "name": "base-files", "version": "11.1+deb11u5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "4jCPzhS6OWt4agz9d/cfTw==": { "id": "4jCPzhS6OWt4agz9d/cfTw==", "name": "ncurses-base", "version": "6.2+20201114-2", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.2+20201114-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "5zxxTA220k9gPCegfDHkag==": { "id": "5zxxTA220k9gPCegfDHkag==", "name": "libgmp10", "version": "2:6.2.1+dfsg-1+deb11u1", "kind": "binary", "source": { "id": "", "name": "gmp", "version": "2:6.2.1+dfsg-1+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "7a3yla6TRFZrhmAreU7f8Q==": { "id": "7a3yla6TRFZrhmAreU7f8Q==", "name": "libexpat1", "version": "2.2.10-2+deb11u5", "kind": "binary", "source": { "id": "", "name": "expat", "version": "2.2.10-2+deb11u5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "8alfBYUr5uWbAyB5PrY8Hg==": { "id": "8alfBYUr5uWbAyB5PrY8Hg==", "name": "libudev1", "version": "247.3-7+deb11u1", "kind": "binary", "source": { "id": "", "name": "systemd", "version": "247.3-7+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "9snKXrH4dQy2IXHQ01Lg0A==": { "id": "9snKXrH4dQy2IXHQ01Lg0A==", "name": "libaudit1", "version": "1:3.0-2", "kind": "binary", "source": { "id": "", "name": "audit", "version": "1:3.0-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "Akbft1KN+9FKNhh1tM25eA==": { "id": "Akbft1KN+9FKNhh1tM25eA==", "name": "mount", "version": "2.36.1-8+deb11u1", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.36.1-8+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "BJL42acLPAR8bEnmM1Z3mg==": { "id": "BJL42acLPAR8bEnmM1Z3mg==", "name": "libblkid1", "version": "2.36.1-8+deb11u1", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.36.1-8+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "CBzoMmlXBcyP54HOnauO0g==": { "id": "CBzoMmlXBcyP54HOnauO0g==", "name": "libpam-runtime", "version": "1.4.0-9+deb11u1", "kind": "binary", "source": { "id": "", "name": "pam", "version": "1.4.0-9+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "CpILSbg3p6D7Gsp8sCW1Rg==": { "id": "CpILSbg3p6D7Gsp8sCW1Rg==", "name": "libsemanage1", "version": "3.1-1+b2", "kind": "binary", "source": { "id": "", "name": "libsemanage", "version": "3.1-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "D0G6c/ML9XX4eoGHgx1jeQ==": { "id": "D0G6c/ML9XX4eoGHgx1jeQ==", "name": "libc6", "version": "2.31-13+deb11u5", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.31-13+deb11u5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "DY5Co0gkGtbgwDlkjfJLWA==": { "id": "DY5Co0gkGtbgwDlkjfJLWA==", "name": "markupsafe", "version": "3.0.3", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.3.0.3.0.0.0.0.0.0", "cpe": "" }, "DtMxcnDA8Je9vAHjmzagaA==": { "id": "DtMxcnDA8Je9vAHjmzagaA==", "name": "e2fsprogs", "version": "1.46.2-2", "kind": "binary", "source": { "id": "", "name": "e2fsprogs", "version": "1.46.2-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "EVGnnBfWyiVHhoIR4vEpgg==": { "id": "EVGnnBfWyiVHhoIR4vEpgg==", "name": "libbz2-1.0", "version": "1.0.8-4", "kind": "binary", "source": { "id": "", "name": "bzip2", "version": "1.0.8-4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "ExYxXcgoIRjAjUObwDE4jA==": { "id": "ExYxXcgoIRjAjUObwDE4jA==", "name": "libk5crypto3", "version": "1.18.3-6+deb11u3", "kind": "binary", "source": { "id": "", "name": "krb5", "version": "1.18.3-6+deb11u3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "FJIijlwFNqvdoVBcfTF/pg==": { "id": "FJIijlwFNqvdoVBcfTF/pg==", "name": "login", "version": "1:4.8.1-1", "kind": "binary", "source": { "id": "", "name": "shadow", "version": "1:4.8.1-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "FOAAB3KiNsLyi03hQsjRTA==": { "id": "FOAAB3KiNsLyi03hQsjRTA==", "name": "libcrypt1", "version": "1:4.4.18-4", "kind": "binary", "source": { "id": "", "name": "libxcrypt", "version": "1:4.4.18-4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "FrUy4mOCaHm5aGT53as3JQ==": { "id": "FrUy4mOCaHm5aGT53as3JQ==", "name": "diffutils", "version": "1:3.7-5", "kind": "binary", "source": { "id": "", "name": "diffutils", "version": "1:3.7-5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "G/7q+D+DsqYAVnohcyuzgQ==": { "id": "G/7q+D+DsqYAVnohcyuzgQ==", "name": "libssl1.1", "version": "1.1.1n-0+deb11u3", "kind": "binary", "source": { "id": "", "name": "openssl", "version": "1.1.1n-0+deb11u3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "GGaavnLgXX31qx9chfhdOQ==": { "id": "GGaavnLgXX31qx9chfhdOQ==", "name": "libaudit-common", "version": "1:3.0-2", "kind": "binary", "source": { "id": "", "name": "audit", "version": "1:3.0-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "Gm6VA87iOnaQ0rWR6oO9eA==": { "id": "Gm6VA87iOnaQ0rWR6oO9eA==", "name": "libpcre2-8-0", "version": "10.36-2+deb11u1", "kind": "binary", "source": { "id": "", "name": "pcre2", "version": "10.36-2+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "HFwGHerHwgvY8vkjr3x1Pg==": { "id": "HFwGHerHwgvY8vkjr3x1Pg==", "name": "itsdangerous", "version": "2.2.0", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.2.2.0.0.0.0.0.0.0", "cpe": "" }, "IQfQp74RcAWE7jHtQsMLHg==": { "id": "IQfQp74RcAWE7jHtQsMLHg==", "name": "bsdutils", "version": "1:2.36.1-8+deb11u1", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.36.1-8+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "IiJKm8T4olfm6rhuKayFOw==": { "id": "IiJKm8T4olfm6rhuKayFOw==", "name": "lsb-base", "version": "11.1.0", "kind": "binary", "source": { "id": "", "name": "lsb", "version": "11.1.0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "Jg2vDvx1JxyPDIrUzzR9NQ==": { "id": "Jg2vDvx1JxyPDIrUzzR9NQ==", "name": "grep", "version": "3.6-1", "kind": "binary", "source": { "id": "", "name": "grep", "version": "3.6-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "LOfpAnA/2f7zE4SFJCrxVg==": { "id": "LOfpAnA/2f7zE4SFJCrxVg==", "name": "zlib1g", "version": "1:1.2.11.dfsg-2+deb11u2", "kind": "binary", "source": { "id": "", "name": "zlib", "version": "1:1.2.11.dfsg-2+deb11u2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "LVHVhWoZgWwWvOspyUwb1w==": { "id": "LVHVhWoZgWwWvOspyUwb1w==", "name": "libreadline8", "version": "8.1-1", "kind": "binary", "source": { "id": "", "name": "readline", "version": "8.1-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "MvKvHHnD0jaLaWpyHvkhgQ==": { "id": "MvKvHHnD0jaLaWpyHvkhgQ==", "name": "passwd", "version": "1:4.8.1-1", "kind": "binary", "source": { "id": "", "name": "shadow", "version": "1:4.8.1-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "NA4G2YrIZ73fsX7d5r5rGw==": { "id": "NA4G2YrIZ73fsX7d5r5rGw==", "name": "debconf", "version": "1.5.77", "kind": "binary", "source": { "id": "", "name": "debconf", "version": "1.5.77", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "NzkVb7F31E+Vxxz3PCS6tg==": { "id": "NzkVb7F31E+Vxxz3PCS6tg==", "name": "libkrb5support0", "version": "1.18.3-6+deb11u3", "kind": "binary", "source": { "id": "", "name": "krb5", "version": "1.18.3-6+deb11u3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "OgJFdUXRfF1Ls8u1+eOivw==": { "id": "OgJFdUXRfF1Ls8u1+eOivw==", "name": "libgpg-error0", "version": "1.38-2", "kind": "binary", "source": { "id": "", "name": "libgpg-error", "version": "1.38-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "PaaRbD/FkW3JARtSKQgRcQ==": { "id": "PaaRbD/FkW3JARtSKQgRcQ==", "name": "libattr1", "version": "1:2.4.48-6", "kind": "binary", "source": { "id": "", "name": "attr", "version": "1:2.4.48-6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "PgPY5hWnihXRN45byvzY0g==": { "id": "PgPY5hWnihXRN45byvzY0g==", "name": "libncursesw6", "version": "6.2+20201114-2", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.2+20201114-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "R1TkRM71ql+JWgz0VF5ESQ==": { "id": "R1TkRM71ql+JWgz0VF5ESQ==", "name": "libsepol1", "version": "3.1-1", "kind": "binary", "source": { "id": "", "name": "libsepol", "version": "3.1-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "RAMuXEdVU4AJ/z4aiK/NNg==": { "id": "RAMuXEdVU4AJ/z4aiK/NNg==", "name": "setuptools", "version": "65.5.0", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.65.5.0.0.0.0.0.0.0", "cpe": "" }, "RVoqRXLcdKU5LYfyLKdi3Q==": { "id": "RVoqRXLcdKU5LYfyLKdi3Q==", "name": "click", "version": "8.3.3", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.8.3.3.0.0.0.0.0.0", "cpe": "" }, "RYsqO4ROpGMzzCO5WaTrlw==": { "id": "RYsqO4ROpGMzzCO5WaTrlw==", "name": "dpkg", "version": "1.20.12", "kind": "binary", "source": { "id": "", "name": "dpkg", "version": "1.20.12", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "RgdwX+VC70nXZ2E527PXaA==": { "id": "RgdwX+VC70nXZ2E527PXaA==", "name": "logsave", "version": "1.46.2-2", "kind": "binary", "source": { "id": "", "name": "e2fsprogs", "version": "1.46.2-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "SWnjL4fWu+WMpxhSCWLhZQ==": { "id": "SWnjL4fWu+WMpxhSCWLhZQ==", "name": "base-passwd", "version": "3.5.51", "kind": "binary", "source": { "id": "", "name": "base-passwd", "version": "3.5.51", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "T5NuX1yinNyGoZNN2r9u4Q==": { "id": "T5NuX1yinNyGoZNN2r9u4Q==", "name": "ca-certificates", "version": "20210119", "kind": "binary", "source": { "id": "", "name": "ca-certificates", "version": "20210119", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "VVXsYlCxogg17Ti1iR03Mw==": { "id": "VVXsYlCxogg17Ti1iR03Mw==", "name": "libseccomp2", "version": "2.5.1-1+deb11u1", "kind": "binary", "source": { "id": "", "name": "libseccomp", "version": "2.5.1-1+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "VbNyM3GfR5vEmJdFAiKqrA==": { "id": "VbNyM3GfR5vEmJdFAiKqrA==", "name": "gcc-9-base", "version": "9.3.0-22", "kind": "binary", "source": { "id": "", "name": "gcc-9", "version": "9.3.0-22", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "Wi4oa03apqVdR6okNeZiNA==": { "id": "Wi4oa03apqVdR6okNeZiNA==", "name": "libgnutls30", "version": "3.7.1-5+deb11u2", "kind": "binary", "source": { "id": "", "name": "gnutls28", "version": "3.7.1-5+deb11u2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "ZPlAztePXX+uFLVDX2lgNQ==": { "id": "ZPlAztePXX+uFLVDX2lgNQ==", "name": "libsemanage-common", "version": "3.1-1", "kind": "binary", "source": { "id": "", "name": "libsemanage", "version": "3.1-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "ZWeYh81MRCu1nh3mOyptIA==": { "id": "ZWeYh81MRCu1nh3mOyptIA==", "name": "libmount1", "version": "2.36.1-8+deb11u1", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.36.1-8+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "bGWj1aSf0wvrecU/pdTv5A==": { "id": "bGWj1aSf0wvrecU/pdTv5A==", "name": "gcc-10-base", "version": "10.2.1-6", "kind": "binary", "source": { "id": "", "name": "gcc-10", "version": "10.2.1-6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "bHkSxcl6e1quNxLGb6uX8A==": { "id": "bHkSxcl6e1quNxLGb6uX8A==", "name": "coreutils", "version": "8.32-4+b1", "kind": "binary", "source": { "id": "", "name": "coreutils", "version": "8.32-4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "bTSLWiizipO2axtmvXFuVg==": { "id": "bTSLWiizipO2axtmvXFuVg==", "name": "libtasn1-6", "version": "4.16.0-2", "kind": "binary", "source": { "id": "", "name": "libtasn1-6", "version": "4.16.0-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "be3s5y0dx4bgsQboIoDduw==": { "id": "be3s5y0dx4bgsQboIoDduw==", "name": "libp11-kit0", "version": "0.23.22-1", "kind": "binary", "source": { "id": "", "name": "p11-kit", "version": "0.23.22-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "brvvAQ6V7yp7QbUuk+W5Hg==": { "id": "brvvAQ6V7yp7QbUuk+W5Hg==", "name": "libext2fs2", "version": "1.46.2-2", "kind": "binary", "source": { "id": "", "name": "e2fsprogs", "version": "1.46.2-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "d4b/e0nx+/vPWuPB7oDzPw==": { "id": "d4b/e0nx+/vPWuPB7oDzPw==", "name": "libc-bin", "version": "2.31-13+deb11u5", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.31-13+deb11u5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "dRfu6Up2F2Ze+gJ21oSeug==": { "id": "dRfu6Up2F2Ze+gJ21oSeug==", "name": "libgdbm6", "version": "1.19-2", "kind": "binary", "source": { "id": "", "name": "gdbm", "version": "1.19-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "dUT53gagQO5Ac9Bdlu5dAw==": { "id": "dUT53gagQO5Ac9Bdlu5dAw==", "name": "sysvinit-utils", "version": "2.96-7+deb11u1", "kind": "binary", "source": { "id": "", "name": "sysvinit", "version": "2.96-7+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "dXglURzzdbLnOf14mab1Hg==": { "id": "dXglURzzdbLnOf14mab1Hg==", "name": "tar", "version": "1.34+dfsg-1", "kind": "binary", "source": { "id": "", "name": "tar", "version": "1.34+dfsg-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "dobmrwm7aq9puvFHwNgXxw==": { "id": "dobmrwm7aq9puvFHwNgXxw==", "name": "libstdc++6", "version": "10.2.1-6", "kind": "binary", "source": { "id": "", "name": "gcc-10", "version": "10.2.1-6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "dv3AlW8tBL4D0mEPW7/Z2Q==": { "id": "dv3AlW8tBL4D0mEPW7/Z2Q==", "name": "libpam-modules-bin", "version": "1.4.0-9+deb11u1", "kind": "binary", "source": { "id": "", "name": "pam", "version": "1.4.0-9+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "eF2QIdrTmJlWmjQTkhntow==": { "id": "eF2QIdrTmJlWmjQTkhntow==", "name": "wheel", "version": "0.38.4", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.0.38.4.0.0.0.0.0.0", "cpe": "" }, "elSR7m8uLWd/kMl2jxTm/A==": { "id": "elSR7m8uLWd/kMl2jxTm/A==", "name": "libpam-modules", "version": "1.4.0-9+deb11u1", "kind": "binary", "source": { "id": "", "name": "pam", "version": "1.4.0-9+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "evNF5YpSAxyFV7iWv3lSVw==": { "id": "evNF5YpSAxyFV7iWv3lSVw==", "name": "openssl", "version": "1.1.1n-0+deb11u3", "kind": "binary", "source": { "id": "", "name": "openssl", "version": "1.1.1n-0+deb11u3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "fCmdLCR2Ix0ldnZL1Fa52A==": { "id": "fCmdLCR2Ix0ldnZL1Fa52A==", "name": "bash", "version": "5.1-2+deb11u1", "kind": "binary", "source": { "id": "", "name": "bash", "version": "5.1-2+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "fqwKjkzVNvsxh6040zt05g==": { "id": "fqwKjkzVNvsxh6040zt05g==", "name": "hostname", "version": "3.23", "kind": "binary", "source": { "id": "", "name": "hostname", "version": "3.23", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "fyM9Y65kt8cTfJv4LKF7bg==": { "id": "fyM9Y65kt8cTfJv4LKF7bg==", "name": "libcap-ng0", "version": "0.7.9-2.2+b1", "kind": "binary", "source": { "id": "", "name": "libcap-ng", "version": "0.7.9-2.2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "gP9HgvZWct50Kw/hM7BCKg==": { "id": "gP9HgvZWct50Kw/hM7BCKg==", "name": "libtirpc-common", "version": "1.3.1-1+deb11u1", "kind": "binary", "source": { "id": "", "name": "libtirpc", "version": "1.3.1-1+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "gv6x84VyNacZgvJrC59jbQ==": { "id": "gv6x84VyNacZgvJrC59jbQ==", "name": "libffi7", "version": "3.3-6", "kind": "binary", "source": { "id": "", "name": "libffi", "version": "3.3-6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "hdNUjYIlrdEAtBWAggakAw==": { "id": "hdNUjYIlrdEAtBWAggakAw==", "name": "perl-base", "version": "5.32.1-4+deb11u2", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-4+deb11u2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "i4JkQ9JgSpZVyPFWOY5Bxw==": { "id": "i4JkQ9JgSpZVyPFWOY5Bxw==", "name": "liblz4-1", "version": "1.9.3-2", "kind": "binary", "source": { "id": "", "name": "lz4", "version": "1.9.3-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "iWqdRZmp08/Tx22qEtmjJg==": { "id": "iWqdRZmp08/Tx22qEtmjJg==", "name": "libpcre3", "version": "2:8.39-13", "kind": "binary", "source": { "id": "", "name": "pcre3", "version": "2:8.39-13", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "jErhz6PtXvAy/EPWJ425rA==": { "id": "jErhz6PtXvAy/EPWJ425rA==", "name": "libuuid1", "version": "2.36.1-8+deb11u1", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.36.1-8+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "jKa8Us2cqGejhOc2/n5DDA==": { "id": "jKa8Us2cqGejhOc2/n5DDA==", "name": "libsmartcols1", "version": "2.36.1-8+deb11u1", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.36.1-8+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "kq4lGEwi4agkgAJAkDs9Ng==": { "id": "kq4lGEwi4agkgAJAkDs9Ng==", "name": "flask", "version": "2.1.0", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.2.1.0.0.0.0.0.0.0", "cpe": "" }, "krch6TQqNWzRi5F/dDkF+Q==": { "id": "krch6TQqNWzRi5F/dDkF+Q==", "name": "ncurses-bin", "version": "6.2+20201114-2", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.2+20201114-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "l5lCPjtOmPM8/LLh9+NjeQ==": { "id": "l5lCPjtOmPM8/LLh9+NjeQ==", "name": "gpgv", "version": "2.2.27-2+deb11u2", "kind": "binary", "source": { "id": "", "name": "gnupg2", "version": "2.2.27-2+deb11u2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "lCjIskl1HulEHShaXtgmwQ==": { "id": "lCjIskl1HulEHShaXtgmwQ==", "name": "libtinfo6", "version": "6.2+20201114-2", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.2+20201114-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "lvz5sq0NbU6sy/F1tg9uiQ==": { "id": "lvz5sq0NbU6sy/F1tg9uiQ==", "name": "libkeyutils1", "version": "1.6.1-2", "kind": "binary", "source": { "id": "", "name": "keyutils", "version": "1.6.1-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "mlFDx1iAC2OWpmYHut2JHw==": { "id": "mlFDx1iAC2OWpmYHut2JHw==", "name": "libnettle8", "version": "3.7.3-1", "kind": "binary", "source": { "id": "", "name": "nettle", "version": "3.7.3-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "nV87o429QBKIpM8DyOv4wg==": { "id": "nV87o429QBKIpM8DyOv4wg==", "name": "debian-archive-keyring", "version": "2021.1.1", "kind": "binary", "source": { "id": "", "name": "debian-archive-keyring", "version": "2021.1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "ngOu/a+sfrdDkZtETF1mgg==": { "id": "ngOu/a+sfrdDkZtETF1mgg==", "name": "libselinux1", "version": "3.1-3", "kind": "binary", "source": { "id": "", "name": "libselinux", "version": "3.1-3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "nmd/xrCD27AKRWAzA5JZCA==": { "id": "nmd/xrCD27AKRWAzA5JZCA==", "name": "mawk", "version": "1.3.4.20200120-2", "kind": "binary", "source": { "id": "", "name": "mawk", "version": "1.3.4.20200120-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "npX4tBmidkxp2QJN/c3Ktw==": { "id": "npX4tBmidkxp2QJN/c3Ktw==", "name": "libdebconfclient0", "version": "0.260", "kind": "binary", "source": { "id": "", "name": "cdebconf", "version": "0.260", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "nwapLKtbHTjy1u8+aA0X+Q==": { "id": "nwapLKtbHTjy1u8+aA0X+Q==", "name": "pip", "version": "22.3.1", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.22.3.1.0.0.0.0.0.0", "cpe": "" }, "oH9T0w9ZyXDCGJ6Np6n1Iw==": { "id": "oH9T0w9ZyXDCGJ6Np6n1Iw==", "name": "init-system-helpers", "version": "1.60", "kind": "binary", "source": { "id": "", "name": "init-system-helpers", "version": "1.60", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "ozJ983JkaV259+RUbqutzw==": { "id": "ozJ983JkaV259+RUbqutzw==", "name": "dash", "version": "0.5.11+git20200708+dd9ef66-5", "kind": "binary", "source": { "id": "", "name": "dash", "version": "0.5.11+git20200708+dd9ef66-5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "p+J9YgA22NC8PDODpTSxgw==": { "id": "p+J9YgA22NC8PDODpTSxgw==", "name": "libidn2-0", "version": "2.3.0-5", "kind": "binary", "source": { "id": "", "name": "libidn2", "version": "2.3.0-5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "pHAWej2qVWZtoCQ5DGoRcQ==": { "id": "pHAWej2qVWZtoCQ5DGoRcQ==", "name": "tzdata", "version": "2021a-1+deb11u8", "kind": "binary", "source": { "id": "", "name": "tzdata", "version": "2021a-1+deb11u8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "pZoLgWqHDgjhYQPevrtwdg==": { "id": "pZoLgWqHDgjhYQPevrtwdg==", "name": "libss2", "version": "1.46.2-2", "kind": "binary", "source": { "id": "", "name": "e2fsprogs", "version": "1.46.2-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "q78XIEiJs5tQHLZtjoU3Fg==": { "id": "q78XIEiJs5tQHLZtjoU3Fg==", "name": "adduser", "version": "3.118", "kind": "binary", "source": { "id": "", "name": "adduser", "version": "3.118", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "qN2BSWBeEFRJnExMNJ1S0A==": { "id": "qN2BSWBeEFRJnExMNJ1S0A==", "name": "libsqlite3-0", "version": "3.34.1-3", "kind": "binary", "source": { "id": "", "name": "sqlite3", "version": "3.34.1-3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "qrPZzwjmppjOiQbrGk5IQA==": { "id": "qrPZzwjmppjOiQbrGk5IQA==", "name": "libgssapi-krb5-2", "version": "1.18.3-6+deb11u3", "kind": "binary", "source": { "id": "", "name": "krb5", "version": "1.18.3-6+deb11u3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "rJ4UB7yOdBPwgrk5WLwIQw==": { "id": "rJ4UB7yOdBPwgrk5WLwIQw==", "name": "libhogweed6", "version": "3.7.3-1", "kind": "binary", "source": { "id": "", "name": "nettle", "version": "3.7.3-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "rUyBCRoo9C2erJrGUkvuDQ==": { "id": "rUyBCRoo9C2erJrGUkvuDQ==", "name": "libtirpc3", "version": "1.3.1-1+deb11u1", "kind": "binary", "source": { "id": "", "name": "libtirpc", "version": "1.3.1-1+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "s66OGd0F2Pbemhmyrg2R9w==": { "id": "s66OGd0F2Pbemhmyrg2R9w==", "name": "libsystemd0", "version": "247.3-7+deb11u1", "kind": "binary", "source": { "id": "", "name": "systemd", "version": "247.3-7+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "sU05gaIadSYQd4+DxTnInw==": { "id": "sU05gaIadSYQd4+DxTnInw==", "name": "libacl1", "version": "2.2.53-10", "kind": "binary", "source": { "id": "", "name": "acl", "version": "2.2.53-10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "sXwy5mmgqLM9WC30BdKwTA==": { "id": "sXwy5mmgqLM9WC30BdKwTA==", "name": "readline-common", "version": "8.1-1", "kind": "binary", "source": { "id": "", "name": "readline", "version": "8.1-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "tNSJ6slY9zv+TZ6de2MVDQ==": { "id": "tNSJ6slY9zv+TZ6de2MVDQ==", "name": "liblzma5", "version": "5.2.5-2.1~deb11u1", "kind": "binary", "source": { "id": "", "name": "xz-utils", "version": "5.2.5-2.1~deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "tYADP/V07/lE8Qno1R/hhg==": { "id": "tYADP/V07/lE8Qno1R/hhg==", "name": "libgcc-s1", "version": "10.2.1-6", "kind": "binary", "source": { "id": "", "name": "gcc-10", "version": "10.2.1-6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "uRB+svwXXxpR9DkvUVmAUQ==": { "id": "uRB+svwXXxpR9DkvUVmAUQ==", "name": "werkzeug", "version": "3.1.8", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.3.1.8.0.0.0.0.0.0", "cpe": "" }, "uXsuLx/plg6mDddGlE/9EA==": { "id": "uXsuLx/plg6mDddGlE/9EA==", "name": "libxxhash0", "version": "0.8.0-2", "kind": "binary", "source": { "id": "", "name": "xxhash", "version": "0.8.0-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "vqKK+x/7cGHNjLr4L7x4uQ==": { "id": "vqKK+x/7cGHNjLr4L7x4uQ==", "name": "libdb5.3", "version": "5.3.28+dfsg1-0.8", "kind": "binary", "source": { "id": "", "name": "db5.3", "version": "5.3.28+dfsg1-0.8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "wkuBBC4B84P3b4K0fGF0OQ==": { "id": "wkuBBC4B84P3b4K0fGF0OQ==", "name": "util-linux", "version": "2.36.1-8+deb11u1", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.36.1-8+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "xaMEpa2lawXi7R9jqzX8hA==": { "id": "xaMEpa2lawXi7R9jqzX8hA==", "name": "findutils", "version": "4.8.0-1", "kind": "binary", "source": { "id": "", "name": "findutils", "version": "4.8.0-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "yYcMjCGhY/mc+KraTEHSJg==": { "id": "yYcMjCGhY/mc+KraTEHSJg==", "name": "libkrb5-3", "version": "1.18.3-6+deb11u3", "kind": "binary", "source": { "id": "", "name": "krb5", "version": "1.18.3-6+deb11u3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "zL6jHnohFUDkhEaUeTlPOQ==": { "id": "zL6jHnohFUDkhEaUeTlPOQ==", "name": "sed", "version": "4.7-1", "kind": "binary", "source": { "id": "", "name": "sed", "version": "4.7-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "zQ8wKwnOqSw7e/gsx76vLQ==": { "id": "zQ8wKwnOqSw7e/gsx76vLQ==", "name": "debianutils", "version": "4.11.2", "kind": "binary", "source": { "id": "", "name": "debianutils", "version": "4.11.2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "zRv/Q67g6qJWTz0qqj4+BA==": { "id": "zRv/Q67g6qJWTz0qqj4+BA==", "name": "libnsl2", "version": "1.3.0-2", "kind": "binary", "source": { "id": "", "name": "libnsl", "version": "1.3.0-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "zV4ikAKeqBYFSvXnkFMYgg==": { "id": "zV4ikAKeqBYFSvXnkFMYgg==", "name": "libpam0g", "version": "1.4.0-9+deb11u1", "kind": "binary", "source": { "id": "", "name": "pam", "version": "1.4.0-9+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "zw9OGAXs3mWkBkmfKzbfqg==": { "id": "zw9OGAXs3mWkBkmfKzbfqg==", "name": "libapt-pkg6.0", "version": "2.2.4", "kind": "binary", "source": { "id": "", "name": "apt", "version": "2.2.4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" } }, "distributions": { "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77": { "id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" } }, "repository": { "5abc1b59-eaec-4c05-9f86-bdf94a21d76d": { "id": "5abc1b59-eaec-4c05-9f86-bdf94a21d76d", "name": "pypi", "uri": "https://pypi.org/simple", "cpe": "" } }, "environments": { "+GDQTbek1zYvATiVR/wBCA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "+aaqENN9U+Kuxcb1tQ8Utg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:778656c04542093db6d3b6e07bffbcf6ec4b24709276be7cdf177fcb3666663a", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "+ol9cHiNc+RWiD7Kw3TLCg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "05vApGRmP6ko1S0ji87IIQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "0jMyX7UCIuSpntMN1r7Ofg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "1jyJPCL93kiEbfmNKeyz3g==": [ { "package_db": "python:usr/local/lib/python3.11/site-packages", "introduced_in": "sha256:0821ff9604999a9e690c5afd04f46e7347e1bcf55229d18c65fa85b6dbe065cc", "distribution_id": "", "repository_ids": [ "5abc1b59-eaec-4c05-9f86-bdf94a21d76d" ] } ], "2MObxiEVNllmUEzdVZM5qw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "3f992oeEQfSQxRA0nlq8Wg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "4672uZtn8TnHDEzWVyhfjw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "4jCPzhS6OWt4agz9d/cfTw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "5zxxTA220k9gPCegfDHkag==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "7a3yla6TRFZrhmAreU7f8Q==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:2f9c09f7c02f4403f9ec5313e53e63eafe6cd43993457b810ce1b9642812daec", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "8alfBYUr5uWbAyB5PrY8Hg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "9snKXrH4dQy2IXHQ01Lg0A==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "Akbft1KN+9FKNhh1tM25eA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "BJL42acLPAR8bEnmM1Z3mg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "CBzoMmlXBcyP54HOnauO0g==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "CpILSbg3p6D7Gsp8sCW1Rg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "D0G6c/ML9XX4eoGHgx1jeQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "DY5Co0gkGtbgwDlkjfJLWA==": [ { "package_db": "python:usr/local/lib/python3.11/site-packages", "introduced_in": "sha256:0821ff9604999a9e690c5afd04f46e7347e1bcf55229d18c65fa85b6dbe065cc", "distribution_id": "", "repository_ids": [ "5abc1b59-eaec-4c05-9f86-bdf94a21d76d" ] } ], "DtMxcnDA8Je9vAHjmzagaA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "EVGnnBfWyiVHhoIR4vEpgg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "ExYxXcgoIRjAjUObwDE4jA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "FJIijlwFNqvdoVBcfTF/pg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "FOAAB3KiNsLyi03hQsjRTA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "FrUy4mOCaHm5aGT53as3JQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "G/7q+D+DsqYAVnohcyuzgQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "GGaavnLgXX31qx9chfhdOQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "Gm6VA87iOnaQ0rWR6oO9eA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "HFwGHerHwgvY8vkjr3x1Pg==": [ { "package_db": "python:usr/local/lib/python3.11/site-packages", "introduced_in": "sha256:0821ff9604999a9e690c5afd04f46e7347e1bcf55229d18c65fa85b6dbe065cc", "distribution_id": "", "repository_ids": [ "5abc1b59-eaec-4c05-9f86-bdf94a21d76d" ] } ], "IQfQp74RcAWE7jHtQsMLHg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "IiJKm8T4olfm6rhuKayFOw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "Jg2vDvx1JxyPDIrUzzR9NQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "LOfpAnA/2f7zE4SFJCrxVg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "LVHVhWoZgWwWvOspyUwb1w==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:2f9c09f7c02f4403f9ec5313e53e63eafe6cd43993457b810ce1b9642812daec", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "MvKvHHnD0jaLaWpyHvkhgQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "NA4G2YrIZ73fsX7d5r5rGw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "NzkVb7F31E+Vxxz3PCS6tg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "OgJFdUXRfF1Ls8u1+eOivw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "PaaRbD/FkW3JARtSKQgRcQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "PgPY5hWnihXRN45byvzY0g==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:2f9c09f7c02f4403f9ec5313e53e63eafe6cd43993457b810ce1b9642812daec", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "R1TkRM71ql+JWgz0VF5ESQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "RAMuXEdVU4AJ/z4aiK/NNg==": [ { "package_db": "python:usr/local/lib/python3.11/site-packages", "introduced_in": "sha256:0f372def914e585a52a46de64d0ed00b960c02f5f81a307d673e73b404203d61", "distribution_id": "", "repository_ids": [ "5abc1b59-eaec-4c05-9f86-bdf94a21d76d" ] } ], "RVoqRXLcdKU5LYfyLKdi3Q==": [ { "package_db": "python:usr/local/lib/python3.11/site-packages", "introduced_in": "sha256:0821ff9604999a9e690c5afd04f46e7347e1bcf55229d18c65fa85b6dbe065cc", "distribution_id": "", "repository_ids": [ "5abc1b59-eaec-4c05-9f86-bdf94a21d76d" ] } ], "RYsqO4ROpGMzzCO5WaTrlw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "RgdwX+VC70nXZ2E527PXaA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "SWnjL4fWu+WMpxhSCWLhZQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "T5NuX1yinNyGoZNN2r9u4Q==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:778656c04542093db6d3b6e07bffbcf6ec4b24709276be7cdf177fcb3666663a", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "VVXsYlCxogg17Ti1iR03Mw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "VbNyM3GfR5vEmJdFAiKqrA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "Wi4oa03apqVdR6okNeZiNA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "ZPlAztePXX+uFLVDX2lgNQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "ZWeYh81MRCu1nh3mOyptIA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "bGWj1aSf0wvrecU/pdTv5A==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "bHkSxcl6e1quNxLGb6uX8A==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "bTSLWiizipO2axtmvXFuVg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "be3s5y0dx4bgsQboIoDduw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "brvvAQ6V7yp7QbUuk+W5Hg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "d4b/e0nx+/vPWuPB7oDzPw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "dRfu6Up2F2Ze+gJ21oSeug==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:2f9c09f7c02f4403f9ec5313e53e63eafe6cd43993457b810ce1b9642812daec", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "dUT53gagQO5Ac9Bdlu5dAw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "dXglURzzdbLnOf14mab1Hg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "dobmrwm7aq9puvFHwNgXxw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "dv3AlW8tBL4D0mEPW7/Z2Q==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "eF2QIdrTmJlWmjQTkhntow==": [ { "package_db": "python:usr/local/lib/python3.11/site-packages", "introduced_in": "sha256:0f372def914e585a52a46de64d0ed00b960c02f5f81a307d673e73b404203d61", "distribution_id": "", "repository_ids": [ "5abc1b59-eaec-4c05-9f86-bdf94a21d76d" ] } ], "elSR7m8uLWd/kMl2jxTm/A==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "evNF5YpSAxyFV7iWv3lSVw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:778656c04542093db6d3b6e07bffbcf6ec4b24709276be7cdf177fcb3666663a", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "fCmdLCR2Ix0ldnZL1Fa52A==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "fqwKjkzVNvsxh6040zt05g==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "fyM9Y65kt8cTfJv4LKF7bg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "gP9HgvZWct50Kw/hM7BCKg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "gv6x84VyNacZgvJrC59jbQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "hdNUjYIlrdEAtBWAggakAw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "i4JkQ9JgSpZVyPFWOY5Bxw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "iWqdRZmp08/Tx22qEtmjJg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "jErhz6PtXvAy/EPWJ425rA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "jKa8Us2cqGejhOc2/n5DDA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "kq4lGEwi4agkgAJAkDs9Ng==": [ { "package_db": "python:usr/local/lib/python3.11/site-packages", "introduced_in": "sha256:0821ff9604999a9e690c5afd04f46e7347e1bcf55229d18c65fa85b6dbe065cc", "distribution_id": "", "repository_ids": [ "5abc1b59-eaec-4c05-9f86-bdf94a21d76d" ] } ], "krch6TQqNWzRi5F/dDkF+Q==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "l5lCPjtOmPM8/LLh9+NjeQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "lCjIskl1HulEHShaXtgmwQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "lvz5sq0NbU6sy/F1tg9uiQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "mlFDx1iAC2OWpmYHut2JHw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "nV87o429QBKIpM8DyOv4wg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "ngOu/a+sfrdDkZtETF1mgg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "nmd/xrCD27AKRWAzA5JZCA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "npX4tBmidkxp2QJN/c3Ktw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "nwapLKtbHTjy1u8+aA0X+Q==": [ { "package_db": "python:usr/local/lib/python3.11/site-packages", "introduced_in": "sha256:0f372def914e585a52a46de64d0ed00b960c02f5f81a307d673e73b404203d61", "distribution_id": "", "repository_ids": [ "5abc1b59-eaec-4c05-9f86-bdf94a21d76d" ] } ], "oH9T0w9ZyXDCGJ6Np6n1Iw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "ozJ983JkaV259+RUbqutzw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "p+J9YgA22NC8PDODpTSxgw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "pHAWej2qVWZtoCQ5DGoRcQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "pZoLgWqHDgjhYQPevrtwdg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "q78XIEiJs5tQHLZtjoU3Fg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "qN2BSWBeEFRJnExMNJ1S0A==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:2f9c09f7c02f4403f9ec5313e53e63eafe6cd43993457b810ce1b9642812daec", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "qrPZzwjmppjOiQbrGk5IQA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "rJ4UB7yOdBPwgrk5WLwIQw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "rUyBCRoo9C2erJrGUkvuDQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "s66OGd0F2Pbemhmyrg2R9w==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "sU05gaIadSYQd4+DxTnInw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "sXwy5mmgqLM9WC30BdKwTA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:2f9c09f7c02f4403f9ec5313e53e63eafe6cd43993457b810ce1b9642812daec", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "tNSJ6slY9zv+TZ6de2MVDQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "tYADP/V07/lE8Qno1R/hhg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "uRB+svwXXxpR9DkvUVmAUQ==": [ { "package_db": "python:usr/local/lib/python3.11/site-packages", "introduced_in": "sha256:0821ff9604999a9e690c5afd04f46e7347e1bcf55229d18c65fa85b6dbe065cc", "distribution_id": "", "repository_ids": [ "5abc1b59-eaec-4c05-9f86-bdf94a21d76d" ] } ], "uXsuLx/plg6mDddGlE/9EA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "vqKK+x/7cGHNjLr4L7x4uQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "wkuBBC4B84P3b4K0fGF0OQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "xaMEpa2lawXi7R9jqzX8hA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "yYcMjCGhY/mc+KraTEHSJg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "zL6jHnohFUDkhEaUeTlPOQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "zQ8wKwnOqSw7e/gsx76vLQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "zRv/Q67g6qJWTz0qqj4+BA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "zV4ikAKeqBYFSvXnkFMYgg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ], "zw9OGAXs3mWkBkmfKzbfqg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "5a62eb4c-a3b0-4cff-8540-9ac19b1aaf77", "repository_ids": null } ] }, "vulnerabilities": { "+N61/5529gFt7RkD8ooeKQ==": { "id": "+N61/5529gFt7RkD8ooeKQ==", "updater": "debian/updater", "name": "CVE-2023-0465", "description": "Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-0465", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1n-0+deb11u5" }, "+aR35vFmeRYa8dLzBaCMmQ==": { "id": "+aR35vFmeRYa8dLzBaCMmQ==", "updater": "debian/updater", "name": "CVE-2026-41989", "description": "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-41989", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "libgcrypt20", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "+x9OyXfXk9PrekfsnPKwlg==": { "id": "+x9OyXfXk9PrekfsnPKwlg==", "updater": "debian/updater", "name": "CVE-2020-13529", "description": "An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2020-13529", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "/7UJLAHsMPxTtTxvuPgrzA==": { "id": "/7UJLAHsMPxTtTxvuPgrzA==", "updater": "debian/updater", "name": "CVE-2024-45491", "description": "An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-45491", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.2.10-2+deb11u6" }, "/YwO4YLRGgF2uWU55V6+MQ==": { "id": "/YwO4YLRGgF2uWU55V6+MQ==", "updater": "debian/updater", "name": "CVE-2019-1010022", "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2019-1010022", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "/cV7Fn8Va+poBGxbPjGjrQ==": { "id": "/cV7Fn8Va+poBGxbPjGjrQ==", "updater": "debian/updater", "name": "CVE-2026-6238", "description": "The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a target application to crash or read uninitialized memory. These functions are for application debugging only and hence not in the path of code executed by the DNS resolver. Further, they have been deprecated since version 2.34 and should not be used by any new applications. Applications should consider porting away from these interfaces since they may be removed in future versions.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-6238", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "08pa4udz9bnA9IOsE208DA==": { "id": "08pa4udz9bnA9IOsE208DA==", "updater": "debian/updater", "name": "CVE-2023-4039", "description": "**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-4039", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "gcc-10", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "0H/7BkE/Q7YVSZhEABXg6w==": { "id": "0H/7BkE/Q7YVSZhEABXg6w==", "updater": "debian/updater", "name": "CVE-2024-26458", "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "0q/btA3zBEGWWmFxU7cNig==": { "id": "0q/btA3zBEGWWmFxU7cNig==", "updater": "debian/updater", "name": "CVE-2026-40225", "description": "In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-40225", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "247.3-7+deb11u8" }, "1U/zi3CEao+52y8LKU0uvw==": { "id": "1U/zi3CEao+52y8LKU0uvw==", "updater": "debian/updater", "name": "CVE-2021-36084", "description": "The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper).", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2021-36084", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "libsepol", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.1-1+deb11u1" }, "1VnWeA5AZgybyD8+PiXyiw==": { "id": "1VnWeA5AZgybyD8+PiXyiw==", "updater": "debian/updater", "name": "CVE-2025-70873", "description": "An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-70873", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "1dwwvWkARnFe67yAAGVglQ==": { "id": "1dwwvWkARnFe67yAAGVglQ==", "updater": "debian/updater", "name": "CVE-2023-31438", "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-31438", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "20nlQwJu4gG0Ex/vty+hig==": { "id": "20nlQwJu4gG0Ex/vty+hig==", "updater": "debian/updater", "name": "CVE-2026-5419", "description": "", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-5419", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "27BVJE6xR0Z84LzifDnFYA==": { "id": "27BVJE6xR0Z84LzifDnFYA==", "updater": "debian/updater", "name": "CVE-2022-48303", "description": "GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-48303", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.34+dfsg-1+deb11u1" }, "2TcHkpRhAP0iTCSGAQKUOg==": { "id": "2TcHkpRhAP0iTCSGAQKUOg==", "updater": "debian/updater", "name": "CVE-2026-3833", "description": "A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of `nameConstraints` labels, specifically for `dNSName` (DNS) or `rfc822Name` (email) constraints within `excludedSubtrees` or `permittedSubtrees`. A remote attacker can exploit this by crafting a leaf certificate with casing differences in the Subject Alternative Name (SAN), leading to a policy bypass where a certificate that should be rejected is instead accepted. This could result in unauthorized access or information disclosure.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-3833", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "3QDeWfKuntq5YxjjCuZXRQ==": { "id": "3QDeWfKuntq5YxjjCuZXRQ==", "updater": "debian/updater", "name": "CVE-2025-68160", "description": "Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. Impact summary: This out-of-bounds write can cause memory corruption which typically results in a crash, leading to Denial of Service for an application. The line-buffering BIO filter (BIO_f_linebuffer) is not used by default in TLS/SSL data paths. In OpenSSL command-line applications, it is typically only pushed onto stdout/stderr on VMS systems. Third-party applications that explicitly use this filter with a BIO chain that can short-write and that write large, newline-free data influenced by an attacker would be affected. However, the circumstances where this could happen are unlikely to be under attacker control, and BIO_f_linebuffer is unlikely to be handling non-curated data controlled by an attacker. For that reason the issue was assessed as Low severity. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the BIO implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-68160", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1w-0+deb11u5" }, "3Z3QMUqCN4dQV+f8cjn1eA==": { "id": "3Z3QMUqCN4dQV+f8cjn1eA==", "updater": "debian/updater", "name": "CVE-2025-69420", "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An application calling TS_RESP_verify_response() with a malformed TimeStamp Response can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2() access the signing cert attribute value without validating its type. When the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed TimeStamp Response to an application that verifies timestamp responses. The TimeStamp protocol (RFC 3161) is not widely used and the impact of the exploit is just a Denial of Service. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the TimeStamp Response implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-69420", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1w-0+deb11u5" }, "3cBlPR7Tm4BIC/+wflldAg==": { "id": "3cBlPR7Tm4BIC/+wflldAg==", "updater": "debian/updater", "name": "CVE-2024-12243", "description": "A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-12243", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u7" }, "5+uzHCKkmvMK8jl2uJkFqQ==": { "id": "5+uzHCKkmvMK8jl2uJkFqQ==", "updater": "debian/updater", "name": "CVE-2026-32777", "description": "libexpat before 2.7.5 allows an infinite loop while parsing DTD content.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-32777", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "59rfj7X7Q9O1jyg5L5a5zQ==": { "id": "59rfj7X7Q9O1jyg5L5a5zQ==", "updater": "debian/updater", "name": "CVE-2024-37370", "description": "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-37370", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.18.3-6+deb11u5" }, "5Cmp5KJXv+nVwwcs5/Kz7w==": { "id": "5Cmp5KJXv+nVwwcs5/Kz7w==", "updater": "debian/updater", "name": "CVE-2024-50602", "description": "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-50602", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.2.10-2+deb11u7" }, "5OqCQlhu6kV+tAsgGEGuwQ==": { "id": "5OqCQlhu6kV+tAsgGEGuwQ==", "updater": "debian/updater", "name": "CVE-2026-27171", "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-27171", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "zlib", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "5rGwN3bKZLMvxcM/W4jj+A==": { "id": "5rGwN3bKZLMvxcM/W4jj+A==", "updater": "debian/updater", "name": "CVE-2026-29111", "description": "systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this is not possible as the safety check causes an assert instead. This IPC call was added in v239, so versions older than that are not affected. Versions 260-rc1, 259.2, 258.5, and 257.11 contain patches. No known workarounds are available.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-29111", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "247.3-7+deb11u8" }, "6j23t/n6B77cQMxfCeLKzA==": { "id": "6j23t/n6B77cQMxfCeLKzA==", "updater": "debian/updater", "name": "CVE-2024-12133", "description": "A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-12133", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "libtasn1-6", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "4.16.0-2+deb11u2" }, "6jg3v7lJ92IZCQpZydR2sA==": { "id": "6jg3v7lJ92IZCQpZydR2sA==", "updater": "debian/updater", "name": "CVE-2024-28757", "description": "libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-28757", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "7DtFnnE8FjIpCQKunutpeg==": { "id": "7DtFnnE8FjIpCQKunutpeg==", "updater": "debian/updater", "name": "CVE-2020-16156", "description": "CPAN 2.28 allows Signature Verification Bypass.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2020-16156", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "perl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "5.32.1-4+deb11u4" }, "7N1fkfhDIULrLId2wh2Pqw==": { "id": "7N1fkfhDIULrLId2wh2Pqw==", "updater": "debian/updater", "name": "CVE-2026-42012", "description": "", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-42012", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "8uv2vKf0QrdM+zJP4ufG+Q==": { "id": "8uv2vKf0QrdM+zJP4ufG+Q==", "updater": "osv/pypi", "name": "GHSA-jp4c-xjxw-mgf9", "description": "pip Vulnerable to Inclusion of Functionality from Untrusted Control Sphere", "issued": "2026-04-27T15:30:52Z", "links": "https://nvd.nist.gov/vuln/detail/CVE-2026-6357 https://github.com/pypa/pip/pull/13923 https://github.com/pypa/pip/commit/b369bfc96cc524e00c267e1693290e6599c36bad https://github.com/pypa/pip https://ichard26.github.io/blog/2026/04/whats-new-in-pip-26.1/#security-fixes http://www.openwall.com/lists/oss-security/2026/04/27/7", "severity": "MODERATE", "normalized_severity": "Medium", "package": { "id": "", "name": "pip", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=26.1" }, "9JIazCQjSvYhpG9KE6d7Pg==": { "id": "9JIazCQjSvYhpG9KE6d7Pg==", "updater": "debian/updater", "name": "CVE-2025-8058", "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-8058", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "9ThuL3zLKpmduvKpiDZ60w==": { "id": "9ThuL3zLKpmduvKpiDZ60w==", "updater": "debian/updater", "name": "CVE-2026-24515", "description": "In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-24515", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "9sNDKQtqg7Z3gJr//JQlvg==": { "id": "9sNDKQtqg7Z3gJr//JQlvg==", "updater": "debian/updater", "name": "CVE-2025-32990", "description": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-32990", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u8" }, "9xk1p07t4ZV999E3HyfhVA==": { "id": "9xk1p07t4ZV999E3HyfhVA==", "updater": "debian/updater", "name": "CVE-2026-5704", "description": "A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files onto a system without detection.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-5704", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "ANq7+l7+5U6IDt9eU02u5w==": { "id": "ANq7+l7+5U6IDt9eU02u5w==", "updater": "debian/updater", "name": "CVE-2022-3219", "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-3219", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "ASrdm9EROwWp9Ip2w7HH5w==": { "id": "ASrdm9EROwWp9Ip2w7HH5w==", "updater": "debian/updater", "name": "CVE-2022-3821", "description": "An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-3821", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "247.3-7+deb11u2" }, "AvPdNumiwGnBie+lo1du3A==": { "id": "AvPdNumiwGnBie+lo1du3A==", "updater": "debian/updater", "name": "CVE-2023-31486", "description": "HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-31486", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "perl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "B78vSIll2muNDyY3F7urzw==": { "id": "B78vSIll2muNDyY3F7urzw==", "updater": "debian/updater", "name": "CVE-2026-34743", "description": "XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where where a subsequent lzma_index_append() would allocate too little memory, and a buffer overflow would occur. This issue has been patched in version 5.8.3.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-34743", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "xz-utils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "Ba+eHoq0U7aq9Kxwg98r8Q==": { "id": "Ba+eHoq0U7aq9Kxwg98r8Q==", "updater": "debian/updater", "name": "CVE-2025-8941", "description": "A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a \"complete\" fix for CVE-2025-6020.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-8941", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "pam", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "BtqRPc7F47wJWygPNOxw1w==": { "id": "BtqRPc7F47wJWygPNOxw1w==", "updater": "debian/updater", "name": "CVE-2026-32778", "description": "libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-32778", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "BxMnseA9J6OW2RWxSrlbyQ==": { "id": "BxMnseA9J6OW2RWxSrlbyQ==", "updater": "debian/updater", "name": "CVE-2021-36690", "description": "A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is intentionally allowed to execute commands). This report does NOT imply any problem in the SQLite library.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2021-36690", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "sqlite3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.34.1-3+deb11u1" }, "CaLsKNvkpKlxKVBlUnje9Q==": { "id": "CaLsKNvkpKlxKVBlUnje9Q==", "updater": "debian/updater", "name": "CVE-2021-36087", "description": "The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements in an optional block.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2021-36087", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "libsepol", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.1-1+deb11u1" }, "CfS0L/tTata7W0FXXtQ4EQ==": { "id": "CfS0L/tTata7W0FXXtQ4EQ==", "updater": "debian/updater", "name": "CVE-2026-4438", "description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-4438", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "CtYegggqGbMfg16G/qfITQ==": { "id": "CtYegggqGbMfg16G/qfITQ==", "updater": "debian/updater", "name": "CVE-2013-4235", "description": "shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2013-4235", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "shadow", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "DJOf0vCfrT4GvRr/tBJhbg==": { "id": "DJOf0vCfrT4GvRr/tBJhbg==", "updater": "debian/updater", "name": "CVE-2024-33601", "description": "nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-33601", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.31-13+deb11u10" }, "DRKFIYYNzLumACBV1CW/rw==": { "id": "DRKFIYYNzLumACBV1CW/rw==", "updater": "debian/updater", "name": "CVE-2022-35737", "description": "SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-35737", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "DS2nhayHHtinLlFzZheSwg==": { "id": "DS2nhayHHtinLlFzZheSwg==", "updater": "debian/updater", "name": "CVE-2025-66382", "description": "In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-66382", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "DTII3LzSaQL1baKsoSwsqg==": { "id": "DTII3LzSaQL1baKsoSwsqg==", "updater": "debian/updater", "name": "CVE-2026-42010", "description": "", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-42010", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "DfxJWBpJUY1aHu0ZUSilDg==": { "id": "DfxJWBpJUY1aHu0ZUSilDg==", "updater": "debian/updater", "name": "CVE-2018-6829", "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2018-6829", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "libgcrypt20", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "ELw1b1vO2YOtV7qNQijgCw==": { "id": "ELw1b1vO2YOtV7qNQijgCw==", "updater": "debian/updater", "name": "CVE-2026-4437", "description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-4437", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "EYo03ICovWfCjw2cKpwx4Q==": { "id": "EYo03ICovWfCjw2cKpwx4Q==", "updater": "debian/updater", "name": "CVE-2005-2541", "description": "Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2005-2541", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "EajCJi704nU1+LqESNMC1w==": { "id": "EajCJi704nU1+LqESNMC1w==", "updater": "debian/updater", "name": "CVE-2024-0727", "description": "Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates and keys and may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL does not correctly check for this case. This can lead to a NULL pointer dereference that results in OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs then that application will be vulnerable to this issue. OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and PKCS12_newpass(). We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function is related to writing data we do not consider it security significant. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-0727", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1w-0+deb11u2" }, "ErraMUPFwrdWYaj+aBxTMw==": { "id": "ErraMUPFwrdWYaj+aBxTMw==", "updater": "debian/updater", "name": "CVE-2026-33845", "description": "A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-33845", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "EvarhwbaAMrD3meGYFByGg==": { "id": "EvarhwbaAMrD3meGYFByGg==", "updater": "debian/updater", "name": "CVE-2023-50495", "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-50495", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "F0zkrLGlbsix59P9mqoAOg==": { "id": "F0zkrLGlbsix59P9mqoAOg==", "updater": "debian/updater", "name": "CVE-2025-30258", "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-30258", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "G45dR+E8Wb+bEhCdwuqUDg==": { "id": "G45dR+E8Wb+bEhCdwuqUDg==", "updater": "debian/updater", "name": "CVE-2019-20838", "description": "libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \\X or \\R has more than one fixed quantifier, a related issue to CVE-2019-20454.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2019-20838", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "pcre3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "GPLYq884jQKVksfMc+b7OQ==": { "id": "GPLYq884jQKVksfMc+b7OQ==", "updater": "debian/updater", "name": "CVE-2022-1304", "description": "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-1304", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "e2fsprogs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.46.2-2+deb11u1" }, "GRlufCZFwHNK64OQNCFIcg==": { "id": "GRlufCZFwHNK64OQNCFIcg==", "updater": "debian/updater", "name": "CVE-2013-4392", "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2013-4392", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "GezxxUl3QPWUTitg/VHmlQ==": { "id": "GezxxUl3QPWUTitg/VHmlQ==", "updater": "debian/updater", "name": "CVE-2019-1010024", "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "GmBi7n85v8sX6ItoMSgvlQ==": { "id": "GmBi7n85v8sX6ItoMSgvlQ==", "updater": "debian/updater", "name": "CVE-2025-9230", "description": "Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-9230", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1w-0+deb11u4" }, "HuTBrVHKx7uaMtQjiqifKQ==": { "id": "HuTBrVHKx7uaMtQjiqifKQ==", "updater": "debian/updater", "name": "CVE-2024-0567", "description": "A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-0567", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u5" }, "IJPGr43VMeLym6tW3EWgdg==": { "id": "IJPGr43VMeLym6tW3EWgdg==", "updater": "debian/updater", "name": "CVE-2024-8176", "description": "A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-8176", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "IvA5abshk33BAuuBar/pVQ==": { "id": "IvA5abshk33BAuuBar/pVQ==", "updater": "debian/updater", "name": "CVE-2024-45492", "description": "An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-45492", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.2.10-2+deb11u6" }, "IwuADin5bagOGQErETBgWw==": { "id": "IwuADin5bagOGQErETBgWw==", "updater": "debian/updater", "name": "CVE-2026-4046", "description": "The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets, which may be used to remotely crash an application. This vulnerability can be trivially mitigated by removing the IBM1390 and IBM1399 character sets from systems that do not need them.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-4046", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "Jl0PQIP9L3ufSvQ2j71iww==": { "id": "Jl0PQIP9L3ufSvQ2j71iww==", "updater": "osv/pypi", "name": "GHSA-r9hx-vwmv-q579", "description": "pypa/setuptools vulnerable to Regular Expression Denial of Service (ReDoS)", "issued": "2022-12-23T00:30:23Z", "links": "https://nvd.nist.gov/vuln/detail/CVE-2022-40897 https://github.com/pypa/setuptools/issues/3659 https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be https://setuptools.pypa.io/en/latest https://security.netapp.com/advisory/ntap-20240621-0006 https://security.netapp.com/advisory/ntap-20230214-0001 https://pyup.io/vulnerabilities/CVE-2022-40897/52495 https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YNA2BAH2ACBZ4TVJZKFLCR7L23BG5C3H https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ADES3NLOE5QJKBLGNZNI2RGVOSQXA37R https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YNA2BAH2ACBZ4TVJZKFLCR7L23BG5C3H https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ADES3NLOE5QJKBLGNZNI2RGVOSQXA37R https://lists.debian.org/debian-lts-announce/2024/09/msg00018.html https://github.com/pypa/setuptools/compare/v65.5.0...v65.5.1 https://github.com/pypa/setuptools/blob/fe8a98e696241487ba6ac9f91faa38ade939ec5d/setuptools/package_index.py#L200 https://github.com/pypa/setuptools https://github.com/pypa/advisory-database/tree/main/vulns/setuptools/PYSEC-2022-43012.yaml", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "setuptools", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=65.5.1" }, "KLrAiYCJHdmWQ2RaqUywlA==": { "id": "KLrAiYCJHdmWQ2RaqUywlA==", "updater": "debian/updater", "name": "CVE-2022-4304", "description": "A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-4304", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1n-0+deb11u4" }, "KZ3Jt7zkiM272dGLstI4XA==": { "id": "KZ3Jt7zkiM272dGLstI4XA==", "updater": "debian/updater", "name": "CVE-2013-0340", "description": "expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2013-0340", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "KaoEuixR8E5nnpGZ1pG25w==": { "id": "KaoEuixR8E5nnpGZ1pG25w==", "updater": "debian/updater", "name": "CVE-2024-0553", "description": "A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-0553", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u5" }, "KvTZOL1MGCoBHaXdBx1RcA==": { "id": "KvTZOL1MGCoBHaXdBx1RcA==", "updater": "debian/updater", "name": "CVE-2024-10041", "description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-10041", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "pam", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "KwgIGMm765S+zvIBAwM9+g==": { "id": "KwgIGMm765S+zvIBAwM9+g==", "updater": "debian/updater", "name": "CVE-2022-4899", "description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-4899", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "libzstd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "LAgKryCll+DIcYhTR/xbzg==": { "id": "LAgKryCll+DIcYhTR/xbzg==", "updater": "debian/updater", "name": "CVE-2026-42013", "description": "", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-42013", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "LD4zPH3rZZkbSPN5ojHClA==": { "id": "LD4zPH3rZZkbSPN5ojHClA==", "updater": "debian/updater", "name": "TEMP-0628843-DBAD28", "description": "", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/TEMP-0628843-DBAD28", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "shadow", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "MDmWztEMrTY+VyVp5c+Fvw==": { "id": "MDmWztEMrTY+VyVp5c+Fvw==", "updater": "debian/updater", "name": "TEMP-0841856-B18BAF", "description": "", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/TEMP-0841856-B18BAF", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "bash", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "MXRm//dBCnWFem5zffvqmA==": { "id": "MXRm//dBCnWFem5zffvqmA==", "updater": "debian/updater", "name": "CVE-2022-3715", "description": "A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue may lead to memory problems.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-3715", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "bash", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "MYYkxlB4Ank1zsdIh41apg==": { "id": "MYYkxlB4Ank1zsdIh41apg==", "updater": "debian/updater", "name": "CVE-2024-2961", "description": "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-2961", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.31-13+deb11u9" }, "MdrEi+/OrLlW3zDrheID2Q==": { "id": "MdrEi+/OrLlW3zDrheID2Q==", "updater": "debian/updater", "name": "CVE-2025-59375", "description": "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-59375", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "Mmh4dm/jzK4QVSJqQVsCDw==": { "id": "Mmh4dm/jzK4QVSJqQVsCDw==", "updater": "debian/updater", "name": "CVE-2026-22796", "description": "Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS#7 data. Impact summary: An application performing signature verification of PKCS#7 data or calling directly the PKCS7_digest_from_attributes() function can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The function PKCS7_digest_from_attributes() accesses the message digest attribute value without validating its type. When the type is not V_ASN1_OCTET_STRING, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed signed PKCS#7 to an application that verifies it. The impact of the exploit is just a Denial of Service, the PKCS7 API is legacy and applications should be using the CMS API instead. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#7 parsing implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-22796", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1w-0+deb11u5" }, "Mnnh2CmlXNNRCBXvqdG9ig==": { "id": "Mnnh2CmlXNNRCBXvqdG9ig==", "updater": "debian/updater", "name": "CVE-2026-28387", "description": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code. However, the issue only affects clients that make use of TLSA records with both the PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate usage. By far the most common deployment of DANE is in SMTP MTAs for which RFC7672 recommends that clients treat as 'unusable' any TLSA records that have the PKIX certificate usages. These SMTP (or other similar) clients are not vulnerable to this issue. Conversely, any clients that support only the PKIX usages, and ignore the DANE-TA(2) usage are also not vulnerable. The client would also need to be communicating with a server that publishes a TLSA RRset with both types of TLSA records. No FIPS modules are affected by this issue, the problem code is outside the FIPS module boundary.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-28387", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "Mxv06g47iCk7QIqi7Xbojw==": { "id": "Mxv06g47iCk7QIqi7Xbojw==", "updater": "debian/updater", "name": "CVE-2023-45853", "description": "MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-45853", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "zlib", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "NYWveHKKsIYIKl+vE8UEhw==": { "id": "NYWveHKKsIYIKl+vE8UEhw==", "updater": "debian/updater", "name": "TEMP-0517018-A83CE6", "description": "", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/TEMP-0517018-A83CE6", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "sysvinit", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "Ns8JH9Yqo6xZiGzihN4B3g==": { "id": "Ns8JH9Yqo6xZiGzihN4B3g==", "updater": "debian/updater", "name": "CVE-2024-22365", "description": "linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-22365", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "pam", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.4.0-9+deb11u2" }, "Nzgd66Rt/zG5Z8ZfbjecYA==": { "id": "Nzgd66Rt/zG5Z8ZfbjecYA==", "updater": "debian/updater", "name": "CVE-2024-26461", "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "OB48XTRaksNPWPm0dVHJmQ==": { "id": "OB48XTRaksNPWPm0dVHJmQ==", "updater": "debian/updater", "name": "CVE-2025-3576", "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-3576", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.18.3-6+deb11u7" }, "OTqcMsspao5I6JZMETZ06w==": { "id": "OTqcMsspao5I6JZMETZ06w==", "updater": "debian/updater", "name": "CVE-2026-0915", "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-0915", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "P4mYk7npVU6t91mlbAb8QA==": { "id": "P4mYk7npVU6t91mlbAb8QA==", "updater": "debian/updater", "name": "CVE-2024-2511", "description": "Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is being used (but not if early_data support is also configured and the default anti-replay protection is in use). In this case, under certain conditions, the session cache can get into an incorrect state and it will fail to flush properly as it fills. The session cache will continue to grow in an unbounded manner. A malicious client could deliberately create the scenario for this failure to force a Denial of Service. It may also happen by accident in normal operation. This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS clients. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL 1.0.2 is also not affected by this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-2511", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1w-0+deb11u2" }, "PFkN8K2aK2XnSQjmAIry9A==": { "id": "PFkN8K2aK2XnSQjmAIry9A==", "updater": "osv/pypi", "name": "GHSA-58qw-9mgm-455v", "description": "pip has an interpretation conflict due to handling both concatenated tar and ZIP files as ZIP files", "issued": "2026-04-20T18:31:48Z", "links": "https://nvd.nist.gov/vuln/detail/CVE-2026-3219 https://github.com/pypa/pip/pull/13870 https://github.com/pypa/pip https://mail.python.org/archives/list/security-announce@python.org/thread/QAJ5JIVWWCAJ4EZL2FP5MOOW35JS7LRJ http://www.openwall.com/lists/oss-security/2026/04/20/8", "severity": "MODERATE", "normalized_severity": "Medium", "package": { "id": "", "name": "pip", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "lastAffected=26.0.1" }, "PJI8cpGpF5+qVan9H5W87Q==": { "id": "PJI8cpGpF5+qVan9H5W87Q==", "updater": "debian/updater", "name": "CVE-2024-28085", "description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-28085", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "util-linux", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.36.1-8+deb11u2" }, "PUY4fn57nsAU2qBLtgRtdw==": { "id": "PUY4fn57nsAU2qBLtgRtdw==", "updater": "osv/pypi", "name": "GHSA-6vgw-5pg2-w6jp", "description": "pip Path Traversal vulnerability", "issued": "2026-02-02T15:30:34Z", "links": "https://nvd.nist.gov/vuln/detail/CVE-2026-1703 https://github.com/pypa/pip/pull/13777 https://github.com/pypa/pip/commit/8e227a9be4faa9594e05d02ca05a413a2a4e7735 https://github.com/pypa/pip https://mail.python.org/archives/list/security-announce@python.org/thread/WIEA34D4TABF2UNQJAOMXKCICSPBE2DJ", "severity": "LOW", "normalized_severity": "Low", "package": { "id": "", "name": "pip", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=26.0" }, "Pj9V3uC2c9o+P6lTpzzGeA==": { "id": "Pj9V3uC2c9o+P6lTpzzGeA==", "updater": "osv/pypi", "name": "PYSEC-2025-49", "description": "", "issued": "2025-05-17T16:15:19Z", "links": "https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf https://lists.debian.org/debian-lts-announce/2025/05/msg00035.html https://github.com/pypa/setuptools/issues/4946 https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b https://github.com/pypa/setuptools/blob/6ead555c5fb29bc57fe6105b1bffc163f56fd558/setuptools/package_index.py#L810C1-L825C88", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "setuptools", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=78.1.1" }, "QEROZuK4q+zt8UbP6ZV8wg==": { "id": "QEROZuK4q+zt8UbP6ZV8wg==", "updater": "debian/updater", "name": "CVE-2025-69418", "description": "Issue summary: When using the low-level OCB API directly with AES-NI or\u003cbr\u003eother hardware-accelerated code paths, inputs whose length is not a multiple\u003cbr\u003eof 16 bytes can leave the final partial block unencrypted and unauthenticated.\u003cbr\u003e\u003cbr\u003eImpact summary: The trailing 1-15 bytes of a message may be exposed in\u003cbr\u003ecleartext on encryption and are not covered by the authentication tag,\u003cbr\u003eallowing an attacker to read or tamper with those bytes without detection.\u003cbr\u003e\u003cbr\u003eThe low-level OCB encrypt and decrypt routines in the hardware-accelerated\u003cbr\u003estream path process full 16-byte blocks but do not advance the input/output\u003cbr\u003epointers. The subsequent tail-handling code then operates on the original\u003cbr\u003ebase pointers, effectively reprocessing the beginning of the buffer while\u003cbr\u003eleaving the actual trailing bytes unprocessed. The authentication checksum\u003cbr\u003ealso excludes the true tail bytes.\u003cbr\u003e\u003cbr\u003eHowever, typical OpenSSL consumers using EVP are not affected because the\u003cbr\u003ehigher-level EVP and provider OCB implementations split inputs so that full\u003cbr\u003eblocks and trailing partial blocks are processed in separate calls, avoiding\u003cbr\u003ethe problematic code path. Additionally, TLS does not use OCB ciphersuites.\u003cbr\u003eThe vulnerability only affects applications that call the low-level\u003cbr\u003eCRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with\u003cbr\u003enon-block-aligned lengths in a single call on hardware-accelerated builds.\u003cbr\u003eFor these reasons the issue was assessed as Low severity.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected\u003cbr\u003eby this issue, as OCB mode is not a FIPS-approved algorithm.\u003cbr\u003e\u003cbr\u003eOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\u003cbr\u003e\u003cbr\u003eOpenSSL 1.0.2 is not affected by this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-69418", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1w-0+deb11u5" }, "QGq5D5QwQKPerzYOBVoSsg==": { "id": "QGq5D5QwQKPerzYOBVoSsg==", "updater": "osv/pypi", "name": "GHSA-cx63-2mw6-8hw5", "description": "setuptools vulnerable to Command Injection via package URL", "issued": "2024-07-15T03:30:57Z", "links": "https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/pull/4332 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://github.com/pypa/setuptools https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://lists.debian.org/debian-lts-announce/2024/09/msg00018.html", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "setuptools", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=70.0.0" }, "Qd2XnJZ3qaQ3AbyDXUaR2A==": { "id": "Qd2XnJZ3qaQ3AbyDXUaR2A==", "updater": "osv/pypi", "name": "PYSEC-2022-43012", "description": "", "issued": "2022-12-23T00:15:00Z", "links": "https://github.com/pypa/setuptools/blob/fe8a98e696241487ba6ac9f91faa38ade939ec5d/setuptools/package_index.py#L200 https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/ https://github.com/pypa/setuptools/compare/v65.5.0...v65.5.1 https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be https://pyup.io/vulnerabilities/CVE-2022-40897/52495/", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "setuptools", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=65.5.1" }, "QopvyNp/5Ata9NdAUhFygw==": { "id": "QopvyNp/5Ata9NdAUhFygw==", "updater": "debian/updater", "name": "CVE-2025-5278", "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-5278", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "coreutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "RsDeaOU1gcwrKfmGECEolg==": { "id": "RsDeaOU1gcwrKfmGECEolg==", "updater": "debian/updater", "name": "CVE-2026-42015", "description": "", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-42015", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "RxgProNqXCgPRgAzu8keFA==": { "id": "RxgProNqXCgPRgAzu8keFA==", "updater": "debian/updater", "name": "CVE-2026-40355", "description": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-40355", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "SNR1VT02i1HBHxqGRTeBAQ==": { "id": "SNR1VT02i1HBHxqGRTeBAQ==", "updater": "debian/updater", "name": "CVE-2025-9820", "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-9820", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u9" }, "T2SiDOPpMK0bU0Y0qkOm1A==": { "id": "T2SiDOPpMK0bU0Y0qkOm1A==", "updater": "debian/updater", "name": "CVE-2019-1010025", "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "T4I8pNAq5VIHzHdHBx3kMA==": { "id": "T4I8pNAq5VIHzHdHBx3kMA==", "updater": "debian/updater", "name": "CVE-2025-24528", "description": "In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-24528", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.18.3-6+deb11u6" }, "Tcuyjettc5LT9G5wj3mSxw==": { "id": "Tcuyjettc5LT9G5wj3mSxw==", "updater": "debian/updater", "name": "CVE-2022-4450", "description": "The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the \"name\" (e.g. \"CERTIFICATE\"), any header data and the payload data. If the function succeeds then the \"name_out\", \"header\" and \"data\" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-4450", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1n-0+deb11u4" }, "TgHh5yPuwUnIt8v9WawGYw==": { "id": "TgHh5yPuwUnIt8v9WawGYw==", "updater": "debian/updater", "name": "CVE-2025-6141", "description": "A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. It is recommended to upgrade the affected component.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-6141", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "U3JbUhrT2SqWNuYU5d13cQ==": { "id": "U3JbUhrT2SqWNuYU5d13cQ==", "updater": "debian/updater", "name": "CVE-2021-33560", "description": "Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2021-33560", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "libgcrypt20", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "U5598afGvRaltva6Rjqnug==": { "id": "U5598afGvRaltva6Rjqnug==", "updater": "debian/updater", "name": "CVE-2026-4105", "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-4105", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "247.3-7+deb11u8" }, "Ud6njM/DPIrfSPiFct82Lw==": { "id": "Ud6njM/DPIrfSPiFct82Lw==", "updater": "debian/updater", "name": "CVE-2023-52426", "description": "libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-52426", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "UdV1OleGh/0MAkug0ZAlcQ==": { "id": "UdV1OleGh/0MAkug0ZAlcQ==", "updater": "debian/updater", "name": "CVE-2026-25210", "description": "In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-25210", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "Ul/kdhde9MT/cThQqWyUBA==": { "id": "Ul/kdhde9MT/cThQqWyUBA==", "updater": "debian/updater", "name": "CVE-2026-3832", "description": "A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol (OCSP) response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with OCSP verification enabled may incorrectly accept a revoked server certificate, potentially leading to a compromise of trust.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-3832", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "VzolVkOS5HseGzVTLzDMfA==": { "id": "VzolVkOS5HseGzVTLzDMfA==", "updater": "debian/updater", "name": "CVE-2023-39804", "description": "In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-39804", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.34+dfsg-1+deb11u1" }, "WCGqond4znYKCRcm4xyPrg==": { "id": "WCGqond4znYKCRcm4xyPrg==", "updater": "debian/updater", "name": "CVE-2007-5686", "description": "initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2007-5686", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "shadow", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "WG/hQnqUufOh6/5/mlRi/Q==": { "id": "WG/hQnqUufOh6/5/mlRi/Q==", "updater": "debian/updater", "name": "CVE-2023-31439", "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-31439", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "WHvU12ysgz1Ai1y1KSOiLA==": { "id": "WHvU12ysgz1Ai1y1KSOiLA==", "updater": "debian/updater", "name": "CVE-2024-33599", "description": "nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-33599", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.31-13+deb11u10" }, "WRwV7Adc7Zuy6O98PPaFDw==": { "id": "WRwV7Adc7Zuy6O98PPaFDw==", "updater": "debian/updater", "name": "CVE-2026-40356", "description": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-40356", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "WWnQMI7f7f75SgC9Dcl+QQ==": { "id": "WWnQMI7f7f75SgC9Dcl+QQ==", "updater": "debian/updater", "name": "TEMP-0290435-0B57B5", "description": "", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/TEMP-0290435-0B57B5", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "WcYPrwv9PSVoVoof5MRsxQ==": { "id": "WcYPrwv9PSVoVoof5MRsxQ==", "updater": "osv/pypi", "name": "PYSEC-2023-228", "description": "", "issued": "2023-10-25T18:17:00Z", "links": "https://mail.python.org/archives/list/security-announce@python.org/thread/F4PL35U6X4VVHZ5ILJU3PWUWN7H7LZXL/ https://github.com/pypa/pip/pull/12306", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "pip", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=23.3" }, "WxlxRC1KqAo8Mejv03fZGA==": { "id": "WxlxRC1KqAo8Mejv03fZGA==", "updater": "debian/updater", "name": "CVE-2025-68972", "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-68972", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "XQ5gIRaXVhDd6S954jtG2g==": { "id": "XQ5gIRaXVhDd6S954jtG2g==", "updater": "debian/updater", "name": "CVE-2026-5928", "description": "Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially resulting in unintentional disclosure of neighboring data in the heap, or a program crash. A bug in the wide character pushback implementation (_IO_wdefault_pbackfail in libio/wgenops.c) causes ungetwc() to operate on the regular character buffer (fp-\u003e_IO_read_ptr) instead of the actual wide-stream read pointer (fp-\u003e_wide_data-\u003e_IO_read_ptr). The program crash may happen in cases where fp-\u003e_IO_read_ptr is not initialized and hence points to NULL. The buffer under-read requires a special situation where the input character encoding is such that there are overlaps between single byte representations and multibyte representations in that encoding, resulting in spurious matches. The spurious match case is not possible in the standard Unicode character sets.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-5928", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "Xce4H7xsVfrtYV2aXED7xA==": { "id": "Xce4H7xsVfrtYV2aXED7xA==", "updater": "debian/updater", "name": "CVE-2017-18018", "description": "In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX \"-R -L\" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2017-18018", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "coreutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "XtT5+z5+yMbpdsyfkLItzA==": { "id": "XtT5+z5+yMbpdsyfkLItzA==", "updater": "debian/updater", "name": "CVE-2025-6395", "description": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-6395", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u8" }, "Y++3+aMTeU3vX7BI4/zG6w==": { "id": "Y++3+aMTeU3vX7BI4/zG6w==", "updater": "debian/updater", "name": "CVE-2025-14831", "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-14831", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u9" }, "Y4A2Zm5xcsipvfluZVH5fA==": { "id": "Y4A2Zm5xcsipvfluZVH5fA==", "updater": "debian/updater", "name": "CVE-2026-0861", "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1\u003c\u003c62+ 1, 1\u003c\u003c63] and exactly 1\u003c\u003c63 for posix_memalign and aligned_alloc. Typically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-0861", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "YXTNVVKQsWY/LFuomB715g==": { "id": "YXTNVVKQsWY/LFuomB715g==", "updater": "debian/updater", "name": "CVE-2025-13151", "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-13151", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "libtasn1-6", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "ZbWtFXr0WyByV4kCb3M6FA==": { "id": "ZbWtFXr0WyByV4kCb3M6FA==", "updater": "debian/updater", "name": "CVE-2023-5981", "description": "A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-5981", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u4" }, "ZdGgPSEZdeQ3XJo0+ZpAXQ==": { "id": "ZdGgPSEZdeQ3XJo0+ZpAXQ==", "updater": "debian/updater", "name": "CVE-2019-1010023", "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "ZrZi02myDWWW0L5oPQj/cg==": { "id": "ZrZi02myDWWW0L5oPQj/cg==", "updater": "debian/updater", "name": "CVE-2017-11164", "description": "In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2017-11164", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "pcre3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "ZxTVeoHgmvhWXsV+xLzphA==": { "id": "ZxTVeoHgmvhWXsV+xLzphA==", "updater": "debian/updater", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-4813", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "aWm6E1ULjtuw0ydmFnsI4A==": { "id": "aWm6E1ULjtuw0ydmFnsI4A==", "updater": "debian/updater", "name": "CVE-2025-6297", "description": "It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-6297", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "dpkg", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "afNm575eldgXY3DOGUNdqQ==": { "id": "afNm575eldgXY3DOGUNdqQ==", "updater": "debian/updater", "name": "CVE-2026-28388", "description": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number extension is missing. Impact summary: A NULL pointer dereference can trigger a crash which leads to a Denial of Service for an application. When CRL processing and delta CRL processing is enabled during X.509 certificate verification, the delta CRL processing does not check whether the CRL Number extension is NULL before dereferencing it. When a malformed delta CRL file is being processed, this parameter can be NULL, causing a NULL pointer dereference. Exploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in the verification context, the certificate being verified to contain a freshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and an attacker to provide a malformed CRL to an application that processes it. The vulnerability is limited to Denial of Service and cannot be escalated to achieve code execution or memory disclosure. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-28388", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "aqMHDRnPT+3QNU/8tSwsog==": { "id": "aqMHDRnPT+3QNU/8tSwsog==", "updater": "debian/updater", "name": "CVE-2019-9192", "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2019-9192", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "b2D8D2g8yPwuRhswdqF0Rw==": { "id": "b2D8D2g8yPwuRhswdqF0Rw==", "updater": "debian/updater", "name": "CVE-2023-3446", "description": "Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus ('p' parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulernable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the '-check' option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-3446", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1v-0~deb11u1" }, "bBymk1eoEM+tVYB+/Crz+g==": { "id": "bBymk1eoEM+tVYB+/Crz+g==", "updater": "debian/updater", "name": "CVE-2024-28835", "description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-28835", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u6" }, "bNvH54V1y9cXsGaCXVwFVw==": { "id": "bNvH54V1y9cXsGaCXVwFVw==", "updater": "osv/pypi", "name": "GHSA-5rjg-fvgr-3xxf", "description": "setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write", "issued": "2025-05-19T16:52:43Z", "links": "https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf https://nvd.nist.gov/vuln/detail/CVE-2025-47273 https://github.com/pypa/setuptools/issues/4946 https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b https://github.com/pypa/advisory-database/tree/main/vulns/setuptools/PYSEC-2025-49.yaml https://github.com/pypa/setuptools https://github.com/pypa/setuptools/blob/6ead555c5fb29bc57fe6105b1bffc163f56fd558/setuptools/package_index.py#L810C1-L825C88 https://lists.debian.org/debian-lts-announce/2025/05/msg00035.html", "severity": "HIGH", "normalized_severity": "High", "package": { "id": "", "name": "setuptools", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=78.1.1" }, "bZ2m6J3EIvmTdjYJprlOKA==": { "id": "bZ2m6J3EIvmTdjYJprlOKA==", "updater": "debian/updater", "name": "CVE-2021-36085", "description": "The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verify_map_perm_classperms and hashtab_map).", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2021-36085", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "libsepol", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.1-1+deb11u1" }, "bjAyJcmSN59FnAeiA6RMIg==": { "id": "bjAyJcmSN59FnAeiA6RMIg==", "updater": "debian/updater", "name": "CVE-2026-28389", "description": "Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of Service. When a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is processed, the optional parameters field of KeyEncryptionAlgorithmIdentifier is examined without checking for its presence. This results in a NULL pointer dereference if the field is missing. Applications and services that call CMS_decrypt() on untrusted input (e.g., S/MIME processing or CMS-based protocols) are vulnerable. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-28389", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "brAAPyN4siIQT5bxa9xu4g==": { "id": "brAAPyN4siIQT5bxa9xu4g==", "updater": "debian/updater", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-47038", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "perl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "5.32.1-4+deb11u3" }, "c9VxNhSZmjnQmY3rI/q1PA==": { "id": "c9VxNhSZmjnQmY3rI/q1PA==", "updater": "debian/updater", "name": "CVE-2025-15281", "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-15281", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "cHpKoxiUOXPYUJX1ihMLDg==": { "id": "cHpKoxiUOXPYUJX1ihMLDg==", "updater": "debian/updater", "name": "CVE-2018-5709", "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry-\u003en_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2018-5709", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "cZD87tDO2q60EFy3BAZ33g==": { "id": "cZD87tDO2q60EFy3BAZ33g==", "updater": "debian/updater", "name": "CVE-2023-0464", "description": "A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-0464", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1n-0+deb11u5" }, "ce9B0jxjyNiCfG4VtZhnVw==": { "id": "ce9B0jxjyNiCfG4VtZhnVw==", "updater": "debian/updater", "name": "CVE-2011-4116", "description": "_is_safe in the File::Temp module for Perl does not properly handle symlinks.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2011-4116", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "perl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "d1D8ilhRqv7A6eAzRE4Ojw==": { "id": "d1D8ilhRqv7A6eAzRE4Ojw==", "updater": "debian/updater", "name": "CVE-2023-29491", "description": "ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-29491", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "6.2+20201114-2+deb11u2" }, "dDtfYPtAiWG7x5kc85ma8w==": { "id": "dDtfYPtAiWG7x5kc85ma8w==", "updater": "debian/updater", "name": "CVE-2026-5435", "description": "The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-5435", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "dFbvYO8avXWxbjXnm5ACqQ==": { "id": "dFbvYO8avXWxbjXnm5ACqQ==", "updater": "debian/updater", "name": "CVE-2023-36054", "description": "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-36054", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.18.3-6+deb11u4" }, "dUTZP+bcDNUqytJV02E1dQ==": { "id": "dUTZP+bcDNUqytJV02E1dQ==", "updater": "debian/updater", "name": "CVE-2025-6965", "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-6965", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "sqlite3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "dZ/H1sYv9QSX9VO93tlGLw==": { "id": "dZ/H1sYv9QSX9VO93tlGLw==", "updater": "osv/pypi", "name": "GHSA-4xh5-x5gv-qwph", "description": "pip's fallback tar extraction doesn't check symbolic links point to extraction directory", "issued": "2025-09-24T15:31:14Z", "links": "https://nvd.nist.gov/vuln/detail/CVE-2025-8869 https://github.com/pypa/pip/pull/13550 https://github.com/pypa/pip/commit/f2b92314da012b9fffa36b3f3e67748a37ef464a https://github.com/pypa/pip https://lists.debian.org/debian-lts-announce/2025/10/msg00028.html https://mail.python.org/archives/list/security-announce@python.org/thread/IF5A3GCJY3VH7BVHJKOWOJFKTW7VFQEN https://pip.pypa.io/en/stable/news/#v25-2", "severity": "MODERATE", "normalized_severity": "Medium", "package": { "id": "", "name": "pip", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=25.3" }, "djiF0yOmYUIiWIfmt75aDA==": { "id": "djiF0yOmYUIiWIfmt75aDA==", "updater": "debian/updater", "name": "CVE-2026-42011", "description": "", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-42011", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "eietxU2AL+GdeSQwh6n6XA==": { "id": "eietxU2AL+GdeSQwh6n6XA==", "updater": "debian/updater", "name": "CVE-2023-0215", "description": "The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-0215", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1n-0+deb11u4" }, "epkSU4TSX3BVrueh1mbRzg==": { "id": "epkSU4TSX3BVrueh1mbRzg==", "updater": "debian/updater", "name": "CVE-2024-13176", "description": "Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measuring the timing would require either local access to the signing application or a very fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This can happen with significant probability only for some of the supported elliptic curves. In particular the NIST P-521 curve is affected. To be able to measure this leak, the attacker process must either be located in the same physical computer or must have a very fast network connection with low latency. For that reason the severity of this vulnerability is Low. The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-13176", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1w-0+deb11u3" }, "f6s0c0I4Eo7U1vb/8R9ATg==": { "id": "f6s0c0I4Eo7U1vb/8R9ATg==", "updater": "debian/updater", "name": "CVE-2025-6020", "description": "A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-6020", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "pam", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.4.0-9+deb11u2" }, "fUdim7gaWpwZtynNz5GiKg==": { "id": "fUdim7gaWpwZtynNz5GiKg==", "updater": "debian/updater", "name": "CVE-2023-0361", "description": "A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-0361", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u3" }, "fXJD4KsFmfzjgWJPYHqTrQ==": { "id": "fXJD4KsFmfzjgWJPYHqTrQ==", "updater": "debian/updater", "name": "CVE-2019-8457", "description": "SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2019-8457", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "db5.3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "fharKhY7OXyx+gXJAwiegw==": { "id": "fharKhY7OXyx+gXJAwiegw==", "updater": "debian/updater", "name": "CVE-2025-29088", "description": "In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (application crash). An sz*nBig multiplication is not cast to a 64-bit integer, and consequently some memory allocations may be incorrect.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-29088", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "fkr6aZMLVO7g6mTdU91lcg==": { "id": "fkr6aZMLVO7g6mTdU91lcg==", "updater": "debian/updater", "name": "CVE-2026-3184", "description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-3184", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "util-linux", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "g44foSnimIkShQZtpEhjbQ==": { "id": "g44foSnimIkShQZtpEhjbQ==", "updater": "debian/updater", "name": "CVE-2011-3389", "description": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2011-3389", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "g9KEtrzigl5TCrpvLCQU5A==": { "id": "g9KEtrzigl5TCrpvLCQU5A==", "updater": "debian/updater", "name": "CVE-2025-69419", "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service. The OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12 BMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes, the helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16 source byte count as the destination buffer capacity to UTF8_putc(). For BMP code points above U+07FF, UTF-8 requires three bytes, but the forwarded capacity can be just two bytes. UTF8_putc() then returns -1, and this negative value is added to the output length without validation, causing the length to become negative. The subsequent trailing NUL byte is then written at a negative offset, causing write outside of heap allocated buffer. The vulnerability is reachable via the public PKCS12_get_friendlyname() API when parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a different code path that avoids this issue, PKCS12_get_friendlyname() directly invokes the vulnerable function. Exploitation requires an attacker to provide a malicious PKCS#12 file to be parsed by the application and the attacker can just trigger a one zero byte write before the allocated buffer. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-69419", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1w-0+deb11u5" }, "gMRlXKqXSfP5n8UiPW430Q==": { "id": "gMRlXKqXSfP5n8UiPW430Q==", "updater": "debian/updater", "name": "CVE-2024-33602", "description": "nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-33602", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.31-13+deb11u10" }, "h+ZYYwp9nAKs/v08piJa2A==": { "id": "h+ZYYwp9nAKs/v08piJa2A==", "updater": "debian/updater", "name": "CVE-2026-33846", "description": "A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the message_length field remains consistent across all fragments of the same logical message. An attacker can exploit this by sending crafted DTLS fragments with conflicting message_length values, causing the implementation to allocate a buffer based on a smaller initial fragment and subsequently write beyond its bounds using larger, inconsistent fragments. Because the merge operation does not enforce proper bounds checking against the allocated buffer size, this results in an out-of-bounds write on the heap. The vulnerability is remotely exploitable without authentication via the DTLS handshake path and can lead to application crashes or potential memory corruption.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-33846", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "h7Lhy275V3QLvnBLGAulbw==": { "id": "h7Lhy275V3QLvnBLGAulbw==", "updater": "osv/pypi", "name": "PYSEC-2023-62", "description": "", "issued": "2023-05-02T18:15:00Z", "links": "https://github.com/pallets/flask/commit/70f906c51ce49c485f1d355703e9cc3386b1cc2b https://github.com/pallets/flask/releases/tag/2.3.2 https://github.com/pallets/flask/releases/tag/2.2.5 https://github.com/pallets/flask/security/advisories/GHSA-m2qf-hxjv-5gpq https://github.com/pallets/flask/commit/afd63b16170b7c047f5758eb910c416511e9c965", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "flask", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=2.2.5" }, "hb+m0qlWxENYdrb1R811qA==": { "id": "hb+m0qlWxENYdrb1R811qA==", "updater": "debian/updater", "name": "CVE-2026-32776", "description": "libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-32776", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "icG6omirC8ih0OmJHLIkrQ==": { "id": "icG6omirC8ih0OmJHLIkrQ==", "updater": "debian/updater", "name": "CVE-2026-5260", "description": "", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-5260", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "jJNc2KwFwVg03DlaNN1nbA==": { "id": "jJNc2KwFwVg03DlaNN1nbA==", "updater": "debian/updater", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-4806", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "jS/WQ+ua63nFUvjSzoQw1g==": { "id": "jS/WQ+ua63nFUvjSzoQw1g==", "updater": "debian/updater", "name": "CVE-2024-2236", "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-2236", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "libgcrypt20", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "k6VTDL+fxGnbqAk/IPGlnQ==": { "id": "k6VTDL+fxGnbqAk/IPGlnQ==", "updater": "debian/updater", "name": "CVE-2023-29383", "description": "In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \\n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \\r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that \"cat /etc/passwd\" shows a rogue user account.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-29383", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "shadow", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1:4.8.1-1+deb11u1" }, "k6fjQGJuJ+9NXMFLa5+CgA==": { "id": "k6fjQGJuJ+9NXMFLa5+CgA==", "updater": "debian/updater", "name": "CVE-2016-2781", "description": "chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2016-2781", "severity": "low", "normalized_severity": "Medium", "package": { "id": "", "name": "coreutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "k82HOcJqNkts86KJ0glvow==": { "id": "k82HOcJqNkts86KJ0glvow==", "updater": "debian/updater", "name": "CVE-2023-31484", "description": "CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-31484", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "perl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "5.32.1-4+deb11u4" }, "kgqUyyy6Fd5CUNREC3t1jg==": { "id": "kgqUyyy6Fd5CUNREC3t1jg==", "updater": "debian/updater", "name": "CVE-2025-32988", "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure. This vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-32988", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u8" }, "khiBNMMi17UID6UagXI8LA==": { "id": "khiBNMMi17UID6UagXI8LA==", "updater": "debian/updater", "name": "CVE-2021-36086", "description": "The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list).", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2021-36086", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "libsepol", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.1-1+deb11u1" }, "kwKUYCnvi/GndNgicLw/RQ==": { "id": "kwKUYCnvi/GndNgicLw/RQ==", "updater": "debian/updater", "name": "CVE-2023-0466", "description": "The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate verification. As suddenly enabling the policy check could break existing deployments it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. Instead the applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-0466", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1n-0+deb11u5" }, "kwonOUycdcBenNhjZ1b//Q==": { "id": "kwonOUycdcBenNhjZ1b//Q==", "updater": "osv/pypi", "name": "GHSA-68rp-wp8r-4726", "description": "Flask session does not add `Vary: Cookie` header when accessed in some ways", "issued": "2026-02-19T20:45:41Z", "links": "https://github.com/pallets/flask/security/advisories/GHSA-68rp-wp8r-4726 https://nvd.nist.gov/vuln/detail/CVE-2026-27205 https://github.com/pallets/flask/commit/089cb86dd22bff589a4eafb7ab8e42dc357623b4 https://github.com/pallets/flask https://github.com/pallets/flask/releases/tag/3.1.3", "severity": "LOW", "normalized_severity": "Low", "package": { "id": "", "name": "flask", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=3.1.3" }, "l6iyFrb04z9eZxh35gAtVA==": { "id": "l6iyFrb04z9eZxh35gAtVA==", "updater": "debian/updater", "name": "CVE-2025-0395", "description": "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-0395", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.31-13+deb11u12" }, "l8HSGkC4gSxCEUDns7KKfQ==": { "id": "l8HSGkC4gSxCEUDns7KKfQ==", "updater": "debian/updater", "name": "CVE-2011-3374", "description": "It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2011-3374", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "apt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "lAYsMZ/1tV9arAE2k+zsAQ==": { "id": "lAYsMZ/1tV9arAE2k+zsAQ==", "updater": "debian/updater", "name": "CVE-2023-31437", "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-31437", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "lShmgiPGgmUIO0VwzhSBRA==": { "id": "lShmgiPGgmUIO0VwzhSBRA==", "updater": "debian/updater", "name": "CVE-2023-2650", "description": "Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience notable to very long delays when processing those messages, which may lead to a Denial of Service. An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - most of which have no size limit. OBJ_obj2txt() may be used to translate an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL type ASN1_OBJECT) to its canonical numeric text form, which are the sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by periods. When one of the sub-identifiers in the OBJECT IDENTIFIER is very large (these are sizes that are seen as absurdly large, taking up tens or hundreds of KiBs), the translation to a decimal number in text may take a very long time. The time complexity is O(n^2) with 'n' being the size of the sub-identifiers in bytes (*). With OpenSSL 3.0, support to fetch cryptographic algorithms using names / identifiers in string form was introduced. This includes using OBJECT IDENTIFIERs in canonical numeric text form as identifiers for fetching algorithms. Such OBJECT IDENTIFIERs may be received through the ASN.1 structure AlgorithmIdentifier, which is commonly used in multiple protocols to specify what cryptographic algorithm should be used to sign or verify, encrypt or decrypt, or digest passed data. Applications that call OBJ_obj2txt() directly with untrusted data are affected, with any version of OpenSSL. If the use is for the mere purpose of display, the severity is considered low. In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 certificates, including simple things like verifying its signature. The impact on TLS is relatively low, because all versions of OpenSSL have a 100KiB limit on the peer's certificate chain. Additionally, this only impacts clients, or servers that have explicitly enabled client authentication. In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, such as X.509 certificates. This is assumed to not happen in such a way that it would cause a Denial of Service, so these versions are considered not affected by this issue in such a way that it would be cause for concern, and the severity is therefore considered low.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-2650", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1n-0+deb11u5" }, "lnMcIzRPoETIbrbgdDGINA==": { "id": "lnMcIzRPoETIbrbgdDGINA==", "updater": "debian/updater", "name": "CVE-2021-46848", "description": "GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2021-46848", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "libtasn1-6", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "4.16.0-2+deb11u1" }, "lpW8N25dDGtdRer0SxEc1A==": { "id": "lpW8N25dDGtdRer0SxEc1A==", "updater": "debian/updater", "name": "CVE-2026-42009", "description": "", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-42009", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "m619DfZfUke+jaTAnoZ2Xw==": { "id": "m619DfZfUke+jaTAnoZ2Xw==", "updater": "debian/updater", "name": "CVE-2023-7008", "description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-7008", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "247.3-7+deb11u6" }, "m8d/cgBRVljmHKGy6mUUXw==": { "id": "m8d/cgBRVljmHKGy6mUUXw==", "updater": "debian/updater", "name": "CVE-2025-40909", "description": "Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any third (or more) thread already running. This may lead to unintended operations such as loading code or accessing files from unexpected locations, which a local attacker may be able to exploit. The bug was introduced in commit 11a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-40909", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "perl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "5.32.1-4+deb11u5" }, "mJA9Uto8Hh0tElNp2qoYaA==": { "id": "mJA9Uto8Hh0tElNp2qoYaA==", "updater": "debian/updater", "name": "CVE-2017-7245", "description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2017-7245", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "pcre3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "meQYB1JR+XE3En/RrDfPvA==": { "id": "meQYB1JR+XE3En/RrDfPvA==", "updater": "debian/updater", "name": "CVE-2022-4415", "description": "A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-4415", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "247.3-7+deb11u2" }, "mj6UKCnVoHnC6YBWJGf/Ug==": { "id": "mj6UKCnVoHnC6YBWJGf/Ug==", "updater": "osv/pypi", "name": "GHSA-mq26-g339-26xf", "description": "Command Injection in pip when used with Mercurial", "issued": "2023-10-25T18:32:26Z", "links": "https://nvd.nist.gov/vuln/detail/CVE-2023-5752 https://github.com/pypa/pip/pull/12306 https://github.com/pypa/pip/commit/389cb799d0da9a840749fcd14878928467ed49b4 https://github.com/pypa/advisory-database/tree/main/vulns/pip/PYSEC-2023-228.yaml https://github.com/pypa/pip https://lists.debian.org/debian-lts-announce/2025/10/msg00028.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/622OZXWG72ISQPLM5Y57YCVIMWHD4C3U https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65UKKF5LBHEFDCUSPBHUN4IHYX7SRMHH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FXUVMJM25PUAZRQZBF54OFVKTY3MINPW https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KFC2SPFG5FLCZBYY2K3T5MFW2D22NG6E https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YBSB3SUPQ3VIFYUMHPO3MEQI4BJAXKCZ https://mail.python.org/archives/list/security-announce@python.org/thread/F4PL35U6X4VVHZ5ILJU3PWUWN7H7LZXL", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "pip", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=23.3" }, "mnGTl6DWEAI0reOCEqb0jw==": { "id": "mnGTl6DWEAI0reOCEqb0jw==", "updater": "debian/updater", "name": "CVE-2022-0563", "description": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-0563", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "util-linux", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "n+1p0npJfBZ4vUpG1OFi6w==": { "id": "n+1p0npJfBZ4vUpG1OFi6w==", "updater": "debian/updater", "name": "CVE-2023-50868", "description": "The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the \"NSEC3\" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-50868", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "247.3-7+deb11u6" }, "nApP7wP3SU/Fk79xF589WA==": { "id": "nApP7wP3SU/Fk79xF589WA==", "updater": "debian/updater", "name": "CVE-2026-40226", "description": "In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-40226", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "247.3-7+deb11u8" }, "o75dmeL6883s7llfbkU+PA==": { "id": "o75dmeL6883s7llfbkU+PA==", "updater": "debian/updater", "name": "CVE-2024-45490", "description": "An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-45490", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.2.10-2+deb11u6" }, "oeIf5WAd0bERBmJCeLsqIg==": { "id": "oeIf5WAd0bERBmJCeLsqIg==", "updater": "debian/updater", "name": "CVE-2017-7246", "description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2017-7246", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "pcre3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "pVmDd54NDrNeiY7vPLSO2A==": { "id": "pVmDd54NDrNeiY7vPLSO2A==", "updater": "debian/updater", "name": "CVE-2026-42014", "description": "", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-42014", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "pa+2016jZIT5xycgFHsAsQ==": { "id": "pa+2016jZIT5xycgFHsAsQ==", "updater": "debian/updater", "name": "CVE-2018-20796", "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2018-20796", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "pmcR65l6CQ+6Qdh99gUtFQ==": { "id": "pmcR65l6CQ+6Qdh99gUtFQ==", "updater": "debian/updater", "name": "CVE-2023-52425", "description": "libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-52425", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.2.10-2+deb11u6" }, "pu8XvxoOXeKAI0tvpRRucg==": { "id": "pu8XvxoOXeKAI0tvpRRucg==", "updater": "debian/updater", "name": "CVE-2023-5678", "description": "Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays. Likewise, applications that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. While DH_check() performs all the necessary checks (as of CVE-2023-3817), DH_check_pub_key() doesn't make any of these checks, and is therefore vulnerable for excessively large P and Q parameters. Likewise, while DH_generate_key() performs a check for an excessively large P, it doesn't check for an excessively large Q. An application that calls DH_generate_key() or DH_check_pub_key() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. DH_generate_key() and DH_check_pub_key() are also called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate(). Also vulnerable are the OpenSSL pkey command line application when using the \"-pubcheck\" option, as well as the OpenSSL genpkey command line application. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-5678", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1w-0+deb11u2" }, "pvJrwAdasLbb4sLGcD48Jg==": { "id": "pvJrwAdasLbb4sLGcD48Jg==", "updater": "debian/updater", "name": "CVE-2026-5450", "description": "Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-5450", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "qDLWFSo6NpfxWPhSeAS8zQ==": { "id": "qDLWFSo6NpfxWPhSeAS8zQ==", "updater": "debian/updater", "name": "CVE-2024-28834", "description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-28834", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u6" }, "qGfgK6gESZLmw0X26VnrJw==": { "id": "qGfgK6gESZLmw0X26VnrJw==", "updater": "debian/updater", "name": "CVE-2026-5958", "description": "When sed is invoked with both -i (in-place edit) and --follow-symlinks, the function open_next_file() performs two separate, non-atomic filesystem operations on the same path: 1. resolves symlink to its target and stores the resolved path for determining when output is written, 2. opens the original symlink path (not the resolved one) to read the file. Between these two calls there is a race window. If an attacker atomically replaces the symlink with a different target during that window, sed will: read content from the new (attacker-chosen) symlink target and write the processed result to the path recorded in step 1. This can lead to arbitrary file overwrite with attacker-controlled content in the context of the sed process. This issue was fixed in version 4.10.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-5958", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "sed", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "qICU5RK5Z4CLAC7/kEZ48Q==": { "id": "qICU5RK5Z4CLAC7/kEZ48Q==", "updater": "debian/updater", "name": "CVE-2025-14104", "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-14104", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "util-linux", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "qhu8cH6U47vSCL4GXDHHtA==": { "id": "qhu8cH6U47vSCL4GXDHHtA==", "updater": "debian/updater", "name": "CVE-2023-4641", "description": "A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-4641", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "shadow", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1:4.8.1-1+deb11u1" }, "qx22MhFBEwd9c5PrW7vjKw==": { "id": "qx22MhFBEwd9c5PrW7vjKw==", "updater": "debian/updater", "name": "CVE-2025-69720", "description": "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-69720", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "r5SCr3Z1Q4buRwe6QvoIRg==": { "id": "r5SCr3Z1Q4buRwe6QvoIRg==", "updater": "debian/updater", "name": "CVE-2026-41080", "description": "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-41080", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "s55QOTlka9E4jTdGv0d/FA==": { "id": "s55QOTlka9E4jTdGv0d/FA==", "updater": "debian/updater", "name": "CVE-2025-4802", "description": "Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-4802", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.31-13+deb11u13" }, "srcIw8ffB6famHHqmqImEw==": { "id": "srcIw8ffB6famHHqmqImEw==", "updater": "debian/updater", "name": "CVE-2023-3817", "description": "Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A correct q value, if present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if q is larger than p. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the \"-check\" option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-3817", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1v-0~deb11u1" }, "svo9ZP0wOZ7IXZp//n2f7g==": { "id": "svo9ZP0wOZ7IXZp//n2f7g==", "updater": "osv/pypi", "name": "GHSA-m2qf-hxjv-5gpq", "description": "Flask vulnerable to possible disclosure of permanent session cookie due to missing Vary: Cookie header", "issued": "2023-05-01T19:22:20Z", "links": "https://github.com/pallets/flask/security/advisories/GHSA-m2qf-hxjv-5gpq https://nvd.nist.gov/vuln/detail/CVE-2023-30861 https://github.com/pallets/flask/commit/70f906c51ce49c485f1d355703e9cc3386b1cc2b https://github.com/pallets/flask/commit/afd63b16170b7c047f5758eb910c416511e9c965 https://github.com/pallets/flask https://github.com/pallets/flask/releases/tag/2.2.5 https://github.com/pallets/flask/releases/tag/2.3.2 https://github.com/pypa/advisory-database/tree/main/vulns/flask/PYSEC-2023-62.yaml https://lists.debian.org/debian-lts-announce/2023/08/msg00024.html https://security.netapp.com/advisory/ntap-20230818-0006 https://www.debian.org/security/2023/dsa-5442", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "High", "package": { "id": "", "name": "flask", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=2.2.5" }, "swQXHeTg1VEUQHser/6eEQ==": { "id": "swQXHeTg1VEUQHser/6eEQ==", "updater": "debian/updater", "name": "CVE-2023-50387", "description": "Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the \"KeyTrap\" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-50387", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "247.3-7+deb11u6" }, "t3CEDp5fZQ6D+aOizMiuSg==": { "id": "t3CEDp5fZQ6D+aOizMiuSg==", "updater": "debian/updater", "name": "CVE-2023-0286", "description": "There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-0286", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1n-0+deb11u4" }, "tBbOIOCaKVlwik7hH/baMQ==": { "id": "tBbOIOCaKVlwik7hH/baMQ==", "updater": "debian/updater", "name": "CVE-2021-45346", "description": "A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user obtain sensitive information. NOTE: The developer disputes this as a vulnerability stating that If you give SQLite a corrupted database file and submit a query against the database, it might read parts of the database that you did not intend or expect.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2021-45346", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "tjx9raP+v/Zzj6SBJct3WA==": { "id": "tjx9raP+v/Zzj6SBJct3WA==", "updater": "debian/updater", "name": "CVE-2023-7104", "description": "A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-7104", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "sqlite3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.34.1-3+deb11u1" }, "tne7uZ2E+Ev6QI7ctt3PxA==": { "id": "tne7uZ2E+Ev6QI7ctt3PxA==", "updater": "debian/updater", "name": "CVE-2024-33600", "description": "nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-33600", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.31-13+deb11u10" }, "u+ya+p/mAtLPAYAgbSPTTw==": { "id": "u+ya+p/mAtLPAYAgbSPTTw==", "updater": "debian/updater", "name": "CVE-2022-41409", "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-41409", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "pcre2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "u4BvRhFacDxQuC7pVeExQg==": { "id": "u4BvRhFacDxQuC7pVeExQg==", "updater": "debian/updater", "name": "CVE-2026-27456", "description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-27456", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "util-linux", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "uEg5UAxE9NNjF71OxdO7uQ==": { "id": "uEg5UAxE9NNjF71OxdO7uQ==", "updater": "debian/updater", "name": "CVE-2017-16231", "description": "In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is used", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2017-16231", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "pcre3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "uTSYWROavw8Bf2n+4djlMg==": { "id": "uTSYWROavw8Bf2n+4djlMg==", "updater": "debian/updater", "name": "CVE-2025-4598", "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-4598", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "247.3-7+deb11u7" }, "ugZgSJOxFzPCX6LQaJzM3A==": { "id": "ugZgSJOxFzPCX6LQaJzM3A==", "updater": "debian/updater", "name": "CVE-2024-5535", "description": "Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or a crash. In particular this issue could result in up to 255 bytes of arbitrary private data from memory being sent to the peer leading to a loss of confidentiality. However, only applications that directly call the SSL_select_next_proto function with a 0 length list of supported client protocols are affected by this issue. This would normally never be a valid scenario and is typically not under attacker control but may occur by accident in the case of a configuration or programming error in the calling application. The OpenSSL API function SSL_select_next_proto is typically used by TLS applications that support ALPN (Application Layer Protocol Negotiation) or NPN (Next Protocol Negotiation). NPN is older, was never standardised and is deprecated in favour of ALPN. We believe that ALPN is significantly more widely deployed than NPN. The SSL_select_next_proto function accepts a list of protocols from the server and a list of protocols from the client and returns the first protocol that appears in the server list that also appears in the client list. In the case of no overlap between the two lists it returns the first item in the client list. In either case it will signal whether an overlap between the two lists was found. In the case where SSL_select_next_proto is called with a zero length client list it fails to notice this condition and returns the memory immediately following the client list pointer (and reports that there was no overlap in the lists). This function is typically called from a server side application callback for ALPN or a client side application callback for NPN. In the case of ALPN the list of protocols supplied by the client is guaranteed by libssl to never be zero in length. The list of server protocols comes from the application and should never normally be expected to be of zero length. In this case if the SSL_select_next_proto function has been called as expected (with the list supplied by the client passed in the client/client_len parameters), then the application will not be vulnerable to this issue. If the application has accidentally been configured with a zero length server list, and has accidentally passed that zero length server list in the client/client_len parameters, and has additionally failed to correctly handle a \"no overlap\" response (which would normally result in a handshake failure in ALPN) then it will be vulnerable to this problem. In the case of NPN, the protocol permits the client to opportunistically select a protocol when there is no overlap. OpenSSL returns the first client protocol in the no overlap case in support of this. The list of client protocols comes from the application and should never normally be expected to be of zero length. However if the SSL_select_next_proto function is accidentally called with a client_len of 0 then an invalid memory pointer will be returned instead. If the application uses this output as the opportunistic protocol then the loss of confidentiality will occur. This issue has been assessed as Low severity because applications are most likely to be vulnerable if they are using NPN instead of ALPN - but NPN is not widely used. It also requires an application configuration or programming error. Finally, this issue would not typically be under attacker control making active exploitation unlikely. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue. Due to the low severity of this issue we are not issuing new releases of OpenSSL at this time. The fix will be included in the next releases when they become available.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-5535", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1w-0+deb11u2" }, "uspznaGFEzt4cX0xZ36sYw==": { "id": "uspznaGFEzt4cX0xZ36sYw==", "updater": "debian/updater", "name": "CVE-2026-28390", "description": "Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of Service. When a CMS EnvelopedData message that uses KeyTransportRecipientInfo with RSA-OAEP encryption is processed, the optional parameters field of RSA-OAEP SourceFunc algorithm identifier is examined without checking for its presence. This results in a NULL pointer dereference if the field is missing. Applications and services that call CMS_decrypt() on untrusted input (e.g., S/MIME processing or CMS-based protocols) are vulnerable. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-28390", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "uwoSIcSlln9YRd7N1Kc3KQ==": { "id": "uwoSIcSlln9YRd7N1Kc3KQ==", "updater": "debian/updater", "name": "CVE-2026-40228", "description": "In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a \"logger -p emerg\" command is executed, if ForwardToWall=yes is set.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-40228", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "vcYYj1nbYwczzoLG255iZQ==": { "id": "vcYYj1nbYwczzoLG255iZQ==", "updater": "debian/updater", "name": "CVE-2023-4039", "description": "**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-4039", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "gcc-9", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "vmet9boOEsf+RUsh5rJnEw==": { "id": "vmet9boOEsf+RUsh5rJnEw==", "updater": "debian/updater", "name": "CVE-2024-4741", "description": "Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause memory to be accessed that was previously freed in some situations Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code. However, only applications that directly call the SSL_free_buffers function are affected by this issue. Applications that do not call this function are not vulnerable. Our investigations indicate that this function is rarely used by applications. The SSL_free_buffers function is used to free the internal OpenSSL buffer used when processing an incoming record from the network. The call is only expected to succeed if the buffer is not currently in use. However, two scenarios have been identified where the buffer is freed even when still in use. The first scenario occurs where a record header has been received from the network and processed by OpenSSL, but the full record body has not yet arrived. In this case calling SSL_free_buffers will succeed even though a record has only been partially processed and the buffer is still in use. The second scenario occurs where a full record containing application data has been received and processed by OpenSSL but the application has only read part of this data. Again a call to SSL_free_buffers will succeed even though the buffer is still in use. While these scenarios could occur accidentally during normal operation a malicious attacker could attempt to engineer a stituation where this occurs. We are not aware of this issue being actively exploited. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-4741", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1w-0+deb11u2" }, "w4Wr213OT8TRxlHAy3MwPQ==": { "id": "w4Wr213OT8TRxlHAy3MwPQ==", "updater": "debian/updater", "name": "CVE-2010-4756", "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2010-4756", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "wFMwqYmfC1KjDKz8vyBr4A==": { "id": "wFMwqYmfC1KjDKz8vyBr4A==", "updater": "debian/updater", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-4911", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.31-13+deb11u7" }, "wzv81XuYHOFtlrLHaamjZg==": { "id": "wzv81XuYHOFtlrLHaamjZg==", "updater": "debian/updater", "name": "CVE-2024-37371", "description": "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-37371", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.18.3-6+deb11u5" }, "x3SWTcEL2lgEvouAhmt6fQ==": { "id": "x3SWTcEL2lgEvouAhmt6fQ==", "updater": "debian/updater", "name": "CVE-2025-27587", "description": "OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-27587", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "xZI5XEFq7Cuk3Mu3KyTdmg==": { "id": "xZI5XEFq7Cuk3Mu3KyTdmg==", "updater": "debian/updater", "name": "CVE-2024-56433", "description": "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-56433", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "shadow", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "y2mOh8WlJTCvA6wlULAyvA==": { "id": "y2mOh8WlJTCvA6wlULAyvA==", "updater": "debian/updater", "name": "CVE-2025-68973", "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-68973", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.2.27-2+deb11u3" }, "ySGl3ADUS8EeTeweiO86Aw==": { "id": "ySGl3ADUS8EeTeweiO86Aw==", "updater": "debian/updater", "name": "CVE-2024-9143", "description": "Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory writes can lead to an application crash or even a possibility of a remote code execution, however, in all the protocols involving Elliptic Curve Cryptography that we're aware of, either only \"named curves\" are supported, or, if explicit curve parameters are supported, they specify an X9.62 encoding of binary (GF(2^m)) curves that can't represent problematic input values. Thus the likelihood of existence of a vulnerable application is low. In particular, the X9.62 encoding is used for ECC keys in X.509 certificates, so problematic inputs cannot occur in the context of processing X.509 certificates. Any problematic use-cases would have to be using an \"exotic\" curve encoding. The affected APIs include: EC_GROUP_new_curve_GF2m(), EC_GROUP_new_from_params(), and various supporting BN_GF2m_*() functions. Applications working with \"exotic\" explicit binary (GF(2^m)) curve parameters, that make it possible to represent invalid field polynomials with a zero constant term, via the above or similar APIs, may terminate abruptly as a result of reading or writing outside of array bounds. Remote code execution cannot easily be ruled out. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-9143", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1w-0+deb11u2" }, "yyExMMKc3SPW2jNE01wTug==": { "id": "yyExMMKc3SPW2jNE01wTug==", "updater": "debian/updater", "name": "CVE-2026-22795", "description": "Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file. Impact summary: An application processing a malformed PKCS#12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a Denial of Service. A type confusion vulnerability exists in PKCS#12 parsing code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid pointer read. The location is constrained to a 1-byte address space, meaning any attempted pointer manipulation can only target addresses between 0x00 and 0xFF. This range corresponds to the zero page, which is unmapped on most modern operating systems and will reliably result in a crash, leading only to a Denial of Service. Exploiting this issue also requires a user or application to process a maliciously crafted PKCS#12 file. It is uncommon to accept untrusted PKCS#12 files in applications as they are usually used to store private keys which are trusted by definition. For these reasons, the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-22795", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1w-0+deb11u5" }, "yyhzQNC9UPFT5NwvhGsvqg==": { "id": "yyhzQNC9UPFT5NwvhGsvqg==", "updater": "debian/updater", "name": "CVE-2022-2097", "description": "AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of \"in place\" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-2097", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1n-0+deb11u4" }, "zL8eGifGE7B+wAjTOBjRgQ==": { "id": "zL8eGifGE7B+wAjTOBjRgQ==", "updater": "debian/updater", "name": "CVE-2022-29458", "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-29458", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "6.2+20201114-2+deb11u1" }, "ziMZexwNoFxp4mgVOJVBNQ==": { "id": "ziMZexwNoFxp4mgVOJVBNQ==", "updater": "debian/updater", "name": "CVE-2025-69421", "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS#12 files. The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct parameter is NULL before dereferencing it. When called from PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can be NULL, causing a crash. The vulnerability is limited to Denial of Service and cannot be escalated to achieve code execution or memory disclosure. Exploiting this issue requires an attacker to provide a malformed PKCS#12 file to an application that processes it. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-69421", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1w-0+deb11u5" } }, "package_vulnerabilities": { "+ol9cHiNc+RWiD7Kw3TLCg==": [ "GPLYq884jQKVksfMc+b7OQ==" ], "0jMyX7UCIuSpntMN1r7Ofg==": [ "KwgIGMm765S+zvIBAwM9+g==" ], "2MObxiEVNllmUEzdVZM5qw==": [ "l8HSGkC4gSxCEUDns7KKfQ==" ], "3f992oeEQfSQxRA0nlq8Wg==": [ "U3JbUhrT2SqWNuYU5d13cQ==", "+aR35vFmeRYa8dLzBaCMmQ==", "DfxJWBpJUY1aHu0ZUSilDg==", "jS/WQ+ua63nFUvjSzoQw1g==" ], "4jCPzhS6OWt4agz9d/cfTw==": [ "d1D8ilhRqv7A6eAzRE4Ojw==", "EvarhwbaAMrD3meGYFByGg==", "qx22MhFBEwd9c5PrW7vjKw==", "zL8eGifGE7B+wAjTOBjRgQ==", "TgHh5yPuwUnIt8v9WawGYw==" ], "7a3yla6TRFZrhmAreU7f8Q==": [ "pmcR65l6CQ+6Qdh99gUtFQ==", "Ud6njM/DPIrfSPiFct82Lw==", "UdV1OleGh/0MAkug0ZAlcQ==", "5Cmp5KJXv+nVwwcs5/Kz7w==", "DS2nhayHHtinLlFzZheSwg==", "6jg3v7lJ92IZCQpZydR2sA==", "9ThuL3zLKpmduvKpiDZ60w==", "5+uzHCKkmvMK8jl2uJkFqQ==", "/7UJLAHsMPxTtTxvuPgrzA==", "KZ3Jt7zkiM272dGLstI4XA==", "o75dmeL6883s7llfbkU+PA==", "IJPGr43VMeLym6tW3EWgdg==", "hb+m0qlWxENYdrb1R811qA==", "BtqRPc7F47wJWygPNOxw1w==", "MdrEi+/OrLlW3zDrheID2Q==", "r5SCr3Z1Q4buRwe6QvoIRg==", "IvA5abshk33BAuuBar/pVQ==" ], "8alfBYUr5uWbAyB5PrY8Hg==": [ "meQYB1JR+XE3En/RrDfPvA==", "n+1p0npJfBZ4vUpG1OFi6w==", "GRlufCZFwHNK64OQNCFIcg==", "uTSYWROavw8Bf2n+4djlMg==", "U5598afGvRaltva6Rjqnug==", "5rGwN3bKZLMvxcM/W4jj+A==", "uwoSIcSlln9YRd7N1Kc3KQ==", "lAYsMZ/1tV9arAE2k+zsAQ==", "WG/hQnqUufOh6/5/mlRi/Q==", "+x9OyXfXk9PrekfsnPKwlg==", "nApP7wP3SU/Fk79xF589WA==", "1dwwvWkARnFe67yAAGVglQ==", "swQXHeTg1VEUQHser/6eEQ==", "m619DfZfUke+jaTAnoZ2Xw==", "0q/btA3zBEGWWmFxU7cNig==", "ASrdm9EROwWp9Ip2w7HH5w==" ], "Akbft1KN+9FKNhh1tM25eA==": [ "u4BvRhFacDxQuC7pVeExQg==", "PJI8cpGpF5+qVan9H5W87Q==", "mnGTl6DWEAI0reOCEqb0jw==", "qICU5RK5Z4CLAC7/kEZ48Q==", "fkr6aZMLVO7g6mTdU91lcg==" ], "BJL42acLPAR8bEnmM1Z3mg==": [ "u4BvRhFacDxQuC7pVeExQg==", "PJI8cpGpF5+qVan9H5W87Q==", "mnGTl6DWEAI0reOCEqb0jw==", "qICU5RK5Z4CLAC7/kEZ48Q==", "fkr6aZMLVO7g6mTdU91lcg==" ], "CBzoMmlXBcyP54HOnauO0g==": [ "Ns8JH9Yqo6xZiGzihN4B3g==", "Ba+eHoq0U7aq9Kxwg98r8Q==", "KvTZOL1MGCoBHaXdBx1RcA==", "f6s0c0I4Eo7U1vb/8R9ATg==" ], "D0G6c/ML9XX4eoGHgx1jeQ==": [ "l6iyFrb04z9eZxh35gAtVA==", "MYYkxlB4Ank1zsdIh41apg==", "w4Wr213OT8TRxlHAy3MwPQ==", "/YwO4YLRGgF2uWU55V6+MQ==", "gMRlXKqXSfP5n8UiPW430Q==", "IwuADin5bagOGQErETBgWw==", "jJNc2KwFwVg03DlaNN1nbA==", "s55QOTlka9E4jTdGv0d/FA==", "WHvU12ysgz1Ai1y1KSOiLA==", "OTqcMsspao5I6JZMETZ06w==", "Y4A2Zm5xcsipvfluZVH5fA==", "ZdGgPSEZdeQ3XJo0+ZpAXQ==", "c9VxNhSZmjnQmY3rI/q1PA==", "XQ5gIRaXVhDd6S954jtG2g==", "pvJrwAdasLbb4sLGcD48Jg==", "DJOf0vCfrT4GvRr/tBJhbg==", "pa+2016jZIT5xycgFHsAsQ==", "ELw1b1vO2YOtV7qNQijgCw==", "T2SiDOPpMK0bU0Y0qkOm1A==", "ZxTVeoHgmvhWXsV+xLzphA==", "wFMwqYmfC1KjDKz8vyBr4A==", "GezxxUl3QPWUTitg/VHmlQ==", "CfS0L/tTata7W0FXXtQ4EQ==", "dDtfYPtAiWG7x5kc85ma8w==", "tne7uZ2E+Ev6QI7ctt3PxA==", "aqMHDRnPT+3QNU/8tSwsog==", "/cV7Fn8Va+poBGxbPjGjrQ==", "9JIazCQjSvYhpG9KE6d7Pg==" ], "DtMxcnDA8Je9vAHjmzagaA==": [ "GPLYq884jQKVksfMc+b7OQ==" ], "ExYxXcgoIRjAjUObwDE4jA==": [ "59rfj7X7Q9O1jyg5L5a5zQ==", "dFbvYO8avXWxbjXnm5ACqQ==", "0H/7BkE/Q7YVSZhEABXg6w==", "Nzgd66Rt/zG5Z8ZfbjecYA==", "T4I8pNAq5VIHzHdHBx3kMA==", "cHpKoxiUOXPYUJX1ihMLDg==", "wzv81XuYHOFtlrLHaamjZg==", "RxgProNqXCgPRgAzu8keFA==", "WRwV7Adc7Zuy6O98PPaFDw==", "OB48XTRaksNPWPm0dVHJmQ==" ], "FJIijlwFNqvdoVBcfTF/pg==": [ "CtYegggqGbMfg16G/qfITQ==", "WCGqond4znYKCRcm4xyPrg==", "LD4zPH3rZZkbSPN5ojHClA==", "k6VTDL+fxGnbqAk/IPGlnQ==", "qhu8cH6U47vSCL4GXDHHtA==", "xZI5XEFq7Cuk3Mu3KyTdmg==" ], "G/7q+D+DsqYAVnohcyuzgQ==": [ "ySGl3ADUS8EeTeweiO86Aw==", "uspznaGFEzt4cX0xZ36sYw==", "Tcuyjettc5LT9G5wj3mSxw==", "epkSU4TSX3BVrueh1mbRzg==", "eietxU2AL+GdeSQwh6n6XA==", "b2D8D2g8yPwuRhswdqF0Rw==", "yyhzQNC9UPFT5NwvhGsvqg==", "cZD87tDO2q60EFy3BAZ33g==", "QEROZuK4q+zt8UbP6ZV8wg==", "+N61/5529gFt7RkD8ooeKQ==", "t3CEDp5fZQ6D+aOizMiuSg==", "EajCJi704nU1+LqESNMC1w==", "ziMZexwNoFxp4mgVOJVBNQ==", "bjAyJcmSN59FnAeiA6RMIg==", "ugZgSJOxFzPCX6LQaJzM3A==", "yyExMMKc3SPW2jNE01wTug==", "x3SWTcEL2lgEvouAhmt6fQ==", "afNm575eldgXY3DOGUNdqQ==", "vmet9boOEsf+RUsh5rJnEw==", "g9KEtrzigl5TCrpvLCQU5A==", "Mmh4dm/jzK4QVSJqQVsCDw==", "Mnnh2CmlXNNRCBXvqdG9ig==", "lShmgiPGgmUIO0VwzhSBRA==", "pu8XvxoOXeKAI0tvpRRucg==", "GmBi7n85v8sX6ItoMSgvlQ==", "KLrAiYCJHdmWQ2RaqUywlA==", "srcIw8ffB6famHHqmqImEw==", "P4mYk7npVU6t91mlbAb8QA==", "3QDeWfKuntq5YxjjCuZXRQ==", "3Z3QMUqCN4dQV+f8cjn1eA==", "kwKUYCnvi/GndNgicLw/RQ==" ], "Gm6VA87iOnaQ0rWR6oO9eA==": [ "u+ya+p/mAtLPAYAgbSPTTw==" ], "IQfQp74RcAWE7jHtQsMLHg==": [ "u4BvRhFacDxQuC7pVeExQg==", "mnGTl6DWEAI0reOCEqb0jw==", "qICU5RK5Z4CLAC7/kEZ48Q==", "fkr6aZMLVO7g6mTdU91lcg==" ], "LOfpAnA/2f7zE4SFJCrxVg==": [ "Mxv06g47iCk7QIqi7Xbojw==", "5OqCQlhu6kV+tAsgGEGuwQ==" ], "MvKvHHnD0jaLaWpyHvkhgQ==": [ "CtYegggqGbMfg16G/qfITQ==", "WCGqond4znYKCRcm4xyPrg==", "LD4zPH3rZZkbSPN5ojHClA==", "k6VTDL+fxGnbqAk/IPGlnQ==", "qhu8cH6U47vSCL4GXDHHtA==", "xZI5XEFq7Cuk3Mu3KyTdmg==" ], "NzkVb7F31E+Vxxz3PCS6tg==": [ "59rfj7X7Q9O1jyg5L5a5zQ==", "dFbvYO8avXWxbjXnm5ACqQ==", "0H/7BkE/Q7YVSZhEABXg6w==", "Nzgd66Rt/zG5Z8ZfbjecYA==", "T4I8pNAq5VIHzHdHBx3kMA==", "cHpKoxiUOXPYUJX1ihMLDg==", "wzv81XuYHOFtlrLHaamjZg==", "RxgProNqXCgPRgAzu8keFA==", "WRwV7Adc7Zuy6O98PPaFDw==", "OB48XTRaksNPWPm0dVHJmQ==" ], "PgPY5hWnihXRN45byvzY0g==": [ "d1D8ilhRqv7A6eAzRE4Ojw==", "EvarhwbaAMrD3meGYFByGg==", "qx22MhFBEwd9c5PrW7vjKw==", "zL8eGifGE7B+wAjTOBjRgQ==", "TgHh5yPuwUnIt8v9WawGYw==" ], "R1TkRM71ql+JWgz0VF5ESQ==": [ "CaLsKNvkpKlxKVBlUnje9Q==", "1U/zi3CEao+52y8LKU0uvw==", "bZ2m6J3EIvmTdjYJprlOKA==", "khiBNMMi17UID6UagXI8LA==" ], "RAMuXEdVU4AJ/z4aiK/NNg==": [ "bNvH54V1y9cXsGaCXVwFVw==", "QGq5D5QwQKPerzYOBVoSsg==", "Jl0PQIP9L3ufSvQ2j71iww==", "Qd2XnJZ3qaQ3AbyDXUaR2A==", "Pj9V3uC2c9o+P6lTpzzGeA==" ], "RYsqO4ROpGMzzCO5WaTrlw==": [ "aWm6E1ULjtuw0ydmFnsI4A==" ], "RgdwX+VC70nXZ2E527PXaA==": [ "GPLYq884jQKVksfMc+b7OQ==" ], "VbNyM3GfR5vEmJdFAiKqrA==": [ "vcYYj1nbYwczzoLG255iZQ==" ], "Wi4oa03apqVdR6okNeZiNA==": [ "XtT5+z5+yMbpdsyfkLItzA==", "HuTBrVHKx7uaMtQjiqifKQ==", "9sNDKQtqg7Z3gJr//JQlvg==", "Ul/kdhde9MT/cThQqWyUBA==", "djiF0yOmYUIiWIfmt75aDA==", "bBymk1eoEM+tVYB+/Crz+g==", "kgqUyyy6Fd5CUNREC3t1jg==", "LAgKryCll+DIcYhTR/xbzg==", "RsDeaOU1gcwrKfmGECEolg==", "qDLWFSo6NpfxWPhSeAS8zQ==", "SNR1VT02i1HBHxqGRTeBAQ==", "2TcHkpRhAP0iTCSGAQKUOg==", "icG6omirC8ih0OmJHLIkrQ==", "20nlQwJu4gG0Ex/vty+hig==", "KaoEuixR8E5nnpGZ1pG25w==", "Y++3+aMTeU3vX7BI4/zG6w==", "7N1fkfhDIULrLId2wh2Pqw==", "pVmDd54NDrNeiY7vPLSO2A==", "ZbWtFXr0WyByV4kCb3M6FA==", "3cBlPR7Tm4BIC/+wflldAg==", "DTII3LzSaQL1baKsoSwsqg==", "fUdim7gaWpwZtynNz5GiKg==", "lpW8N25dDGtdRer0SxEc1A==", "ErraMUPFwrdWYaj+aBxTMw==", "h+ZYYwp9nAKs/v08piJa2A==", "g44foSnimIkShQZtpEhjbQ==" ], "ZWeYh81MRCu1nh3mOyptIA==": [ "u4BvRhFacDxQuC7pVeExQg==", "PJI8cpGpF5+qVan9H5W87Q==", "mnGTl6DWEAI0reOCEqb0jw==", "qICU5RK5Z4CLAC7/kEZ48Q==", "fkr6aZMLVO7g6mTdU91lcg==" ], "bGWj1aSf0wvrecU/pdTv5A==": [ "08pa4udz9bnA9IOsE208DA==" ], "bHkSxcl6e1quNxLGb6uX8A==": [ "Xce4H7xsVfrtYV2aXED7xA==", "QopvyNp/5Ata9NdAUhFygw==", "k6fjQGJuJ+9NXMFLa5+CgA==" ], "bTSLWiizipO2axtmvXFuVg==": [ "YXTNVVKQsWY/LFuomB715g==", "lnMcIzRPoETIbrbgdDGINA==", "6j23t/n6B77cQMxfCeLKzA==" ], "brvvAQ6V7yp7QbUuk+W5Hg==": [ "GPLYq884jQKVksfMc+b7OQ==" ], "d4b/e0nx+/vPWuPB7oDzPw==": [ "l6iyFrb04z9eZxh35gAtVA==", "MYYkxlB4Ank1zsdIh41apg==", "w4Wr213OT8TRxlHAy3MwPQ==", "/YwO4YLRGgF2uWU55V6+MQ==", "gMRlXKqXSfP5n8UiPW430Q==", "IwuADin5bagOGQErETBgWw==", "jJNc2KwFwVg03DlaNN1nbA==", "s55QOTlka9E4jTdGv0d/FA==", "WHvU12ysgz1Ai1y1KSOiLA==", "OTqcMsspao5I6JZMETZ06w==", "Y4A2Zm5xcsipvfluZVH5fA==", "ZdGgPSEZdeQ3XJo0+ZpAXQ==", "c9VxNhSZmjnQmY3rI/q1PA==", "XQ5gIRaXVhDd6S954jtG2g==", "pvJrwAdasLbb4sLGcD48Jg==", "DJOf0vCfrT4GvRr/tBJhbg==", "pa+2016jZIT5xycgFHsAsQ==", "ELw1b1vO2YOtV7qNQijgCw==", "T2SiDOPpMK0bU0Y0qkOm1A==", "ZxTVeoHgmvhWXsV+xLzphA==", "wFMwqYmfC1KjDKz8vyBr4A==", "GezxxUl3QPWUTitg/VHmlQ==", "CfS0L/tTata7W0FXXtQ4EQ==", "dDtfYPtAiWG7x5kc85ma8w==", "tne7uZ2E+Ev6QI7ctt3PxA==", "aqMHDRnPT+3QNU/8tSwsog==", "/cV7Fn8Va+poBGxbPjGjrQ==", "9JIazCQjSvYhpG9KE6d7Pg==" ], "dUT53gagQO5Ac9Bdlu5dAw==": [ "NYWveHKKsIYIKl+vE8UEhw==" ], "dXglURzzdbLnOf14mab1Hg==": [ "VzolVkOS5HseGzVTLzDMfA==", "WWnQMI7f7f75SgC9Dcl+QQ==", "EYo03ICovWfCjw2cKpwx4Q==", "27BVJE6xR0Z84LzifDnFYA==", "9xk1p07t4ZV999E3HyfhVA==" ], "dobmrwm7aq9puvFHwNgXxw==": [ "08pa4udz9bnA9IOsE208DA==" ], "dv3AlW8tBL4D0mEPW7/Z2Q==": [ "Ns8JH9Yqo6xZiGzihN4B3g==", "Ba+eHoq0U7aq9Kxwg98r8Q==", "KvTZOL1MGCoBHaXdBx1RcA==", "f6s0c0I4Eo7U1vb/8R9ATg==" ], "elSR7m8uLWd/kMl2jxTm/A==": [ "Ns8JH9Yqo6xZiGzihN4B3g==", "Ba+eHoq0U7aq9Kxwg98r8Q==", "KvTZOL1MGCoBHaXdBx1RcA==", "f6s0c0I4Eo7U1vb/8R9ATg==" ], "evNF5YpSAxyFV7iWv3lSVw==": [ "ySGl3ADUS8EeTeweiO86Aw==", "uspznaGFEzt4cX0xZ36sYw==", "Tcuyjettc5LT9G5wj3mSxw==", "epkSU4TSX3BVrueh1mbRzg==", "eietxU2AL+GdeSQwh6n6XA==", "b2D8D2g8yPwuRhswdqF0Rw==", "yyhzQNC9UPFT5NwvhGsvqg==", "cZD87tDO2q60EFy3BAZ33g==", "QEROZuK4q+zt8UbP6ZV8wg==", "+N61/5529gFt7RkD8ooeKQ==", "t3CEDp5fZQ6D+aOizMiuSg==", "EajCJi704nU1+LqESNMC1w==", "ziMZexwNoFxp4mgVOJVBNQ==", "bjAyJcmSN59FnAeiA6RMIg==", "ugZgSJOxFzPCX6LQaJzM3A==", "yyExMMKc3SPW2jNE01wTug==", "x3SWTcEL2lgEvouAhmt6fQ==", "afNm575eldgXY3DOGUNdqQ==", "vmet9boOEsf+RUsh5rJnEw==", "g9KEtrzigl5TCrpvLCQU5A==", "Mmh4dm/jzK4QVSJqQVsCDw==", "Mnnh2CmlXNNRCBXvqdG9ig==", "lShmgiPGgmUIO0VwzhSBRA==", "pu8XvxoOXeKAI0tvpRRucg==", "GmBi7n85v8sX6ItoMSgvlQ==", "KLrAiYCJHdmWQ2RaqUywlA==", "srcIw8ffB6famHHqmqImEw==", "P4mYk7npVU6t91mlbAb8QA==", "3QDeWfKuntq5YxjjCuZXRQ==", "3Z3QMUqCN4dQV+f8cjn1eA==", "kwKUYCnvi/GndNgicLw/RQ==" ], "fCmdLCR2Ix0ldnZL1Fa52A==": [ "MDmWztEMrTY+VyVp5c+Fvw==", "MXRm//dBCnWFem5zffvqmA==" ], "hdNUjYIlrdEAtBWAggakAw==": [ "7DtFnnE8FjIpCQKunutpeg==", "AvPdNumiwGnBie+lo1du3A==", "brAAPyN4siIQT5bxa9xu4g==", "k82HOcJqNkts86KJ0glvow==", "ce9B0jxjyNiCfG4VtZhnVw==", "m8d/cgBRVljmHKGy6mUUXw==" ], "iWqdRZmp08/Tx22qEtmjJg==": [ "ZrZi02myDWWW0L5oPQj/cg==", "oeIf5WAd0bERBmJCeLsqIg==", "uEg5UAxE9NNjF71OxdO7uQ==", "G45dR+E8Wb+bEhCdwuqUDg==", "mJA9Uto8Hh0tElNp2qoYaA==" ], "jErhz6PtXvAy/EPWJ425rA==": [ "u4BvRhFacDxQuC7pVeExQg==", "PJI8cpGpF5+qVan9H5W87Q==", "mnGTl6DWEAI0reOCEqb0jw==", "qICU5RK5Z4CLAC7/kEZ48Q==", "fkr6aZMLVO7g6mTdU91lcg==" ], "jKa8Us2cqGejhOc2/n5DDA==": [ "u4BvRhFacDxQuC7pVeExQg==", "PJI8cpGpF5+qVan9H5W87Q==", "mnGTl6DWEAI0reOCEqb0jw==", "qICU5RK5Z4CLAC7/kEZ48Q==", "fkr6aZMLVO7g6mTdU91lcg==" ], "kq4lGEwi4agkgAJAkDs9Ng==": [ "kwonOUycdcBenNhjZ1b//Q==", "svo9ZP0wOZ7IXZp//n2f7g==", "h7Lhy275V3QLvnBLGAulbw==" ], "krch6TQqNWzRi5F/dDkF+Q==": [ "d1D8ilhRqv7A6eAzRE4Ojw==", "EvarhwbaAMrD3meGYFByGg==", "qx22MhFBEwd9c5PrW7vjKw==", "zL8eGifGE7B+wAjTOBjRgQ==", "TgHh5yPuwUnIt8v9WawGYw==" ], "l5lCPjtOmPM8/LLh9+NjeQ==": [ "ANq7+l7+5U6IDt9eU02u5w==", "y2mOh8WlJTCvA6wlULAyvA==", "F0zkrLGlbsix59P9mqoAOg==", "WxlxRC1KqAo8Mejv03fZGA==" ], "lCjIskl1HulEHShaXtgmwQ==": [ "d1D8ilhRqv7A6eAzRE4Ojw==", "EvarhwbaAMrD3meGYFByGg==", "qx22MhFBEwd9c5PrW7vjKw==", "zL8eGifGE7B+wAjTOBjRgQ==", "TgHh5yPuwUnIt8v9WawGYw==" ], "nwapLKtbHTjy1u8+aA0X+Q==": [ "dZ/H1sYv9QSX9VO93tlGLw==", "PFkN8K2aK2XnSQjmAIry9A==", "PUY4fn57nsAU2qBLtgRtdw==", "8uv2vKf0QrdM+zJP4ufG+Q==", "mj6UKCnVoHnC6YBWJGf/Ug==", "WcYPrwv9PSVoVoof5MRsxQ==" ], "pZoLgWqHDgjhYQPevrtwdg==": [ "GPLYq884jQKVksfMc+b7OQ==" ], "qN2BSWBeEFRJnExMNJ1S0A==": [ "tBbOIOCaKVlwik7hH/baMQ==", "DRKFIYYNzLumACBV1CW/rw==", "1VnWeA5AZgybyD8+PiXyiw==", "tjx9raP+v/Zzj6SBJct3WA==", "fharKhY7OXyx+gXJAwiegw==", "dUTZP+bcDNUqytJV02E1dQ==", "BxMnseA9J6OW2RWxSrlbyQ==" ], "qrPZzwjmppjOiQbrGk5IQA==": [ "59rfj7X7Q9O1jyg5L5a5zQ==", "dFbvYO8avXWxbjXnm5ACqQ==", "0H/7BkE/Q7YVSZhEABXg6w==", "Nzgd66Rt/zG5Z8ZfbjecYA==", "T4I8pNAq5VIHzHdHBx3kMA==", "cHpKoxiUOXPYUJX1ihMLDg==", "wzv81XuYHOFtlrLHaamjZg==", "RxgProNqXCgPRgAzu8keFA==", "WRwV7Adc7Zuy6O98PPaFDw==", "OB48XTRaksNPWPm0dVHJmQ==" ], "s66OGd0F2Pbemhmyrg2R9w==": [ "meQYB1JR+XE3En/RrDfPvA==", "n+1p0npJfBZ4vUpG1OFi6w==", "GRlufCZFwHNK64OQNCFIcg==", "uTSYWROavw8Bf2n+4djlMg==", "U5598afGvRaltva6Rjqnug==", "5rGwN3bKZLMvxcM/W4jj+A==", "uwoSIcSlln9YRd7N1Kc3KQ==", "lAYsMZ/1tV9arAE2k+zsAQ==", "WG/hQnqUufOh6/5/mlRi/Q==", "+x9OyXfXk9PrekfsnPKwlg==", "nApP7wP3SU/Fk79xF589WA==", "1dwwvWkARnFe67yAAGVglQ==", "swQXHeTg1VEUQHser/6eEQ==", "m619DfZfUke+jaTAnoZ2Xw==", "0q/btA3zBEGWWmFxU7cNig==", "ASrdm9EROwWp9Ip2w7HH5w==" ], "tNSJ6slY9zv+TZ6de2MVDQ==": [ "B78vSIll2muNDyY3F7urzw==" ], "tYADP/V07/lE8Qno1R/hhg==": [ "08pa4udz9bnA9IOsE208DA==" ], "vqKK+x/7cGHNjLr4L7x4uQ==": [ "fXJD4KsFmfzjgWJPYHqTrQ==" ], "wkuBBC4B84P3b4K0fGF0OQ==": [ "u4BvRhFacDxQuC7pVeExQg==", "PJI8cpGpF5+qVan9H5W87Q==", "mnGTl6DWEAI0reOCEqb0jw==", "qICU5RK5Z4CLAC7/kEZ48Q==", "fkr6aZMLVO7g6mTdU91lcg==" ], "yYcMjCGhY/mc+KraTEHSJg==": [ "59rfj7X7Q9O1jyg5L5a5zQ==", "dFbvYO8avXWxbjXnm5ACqQ==", "0H/7BkE/Q7YVSZhEABXg6w==", "Nzgd66Rt/zG5Z8ZfbjecYA==", "T4I8pNAq5VIHzHdHBx3kMA==", "cHpKoxiUOXPYUJX1ihMLDg==", "wzv81XuYHOFtlrLHaamjZg==", "RxgProNqXCgPRgAzu8keFA==", "WRwV7Adc7Zuy6O98PPaFDw==", "OB48XTRaksNPWPm0dVHJmQ==" ], "zL6jHnohFUDkhEaUeTlPOQ==": [ "qGfgK6gESZLmw0X26VnrJw==" ], "zV4ikAKeqBYFSvXnkFMYgg==": [ "Ns8JH9Yqo6xZiGzihN4B3g==", "Ba+eHoq0U7aq9Kxwg98r8Q==", "KvTZOL1MGCoBHaXdBx1RcA==", "f6s0c0I4Eo7U1vb/8R9ATg==" ], "zw9OGAXs3mWkBkmfKzbfqg==": [ "l8HSGkC4gSxCEUDns7KKfQ==" ] }, "enrichments": {} } pod: test-comp-jnrw-on-pull-request-p8rhm-clair-scan-pod | container step-oci-attach-report: Selecting auth Using token for quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-jnrw Attaching clair-report-amd64.json to quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-jnrw@sha256:37f25d7a43c381e79a2e46fe641d411d2d056ae66ef3382fda09340f833c5745 Executing: oras attach --no-tty --format go-template={{.digest}} --registry-config /home/oras/auth.json --artifact-type application/vnd.redhat.clair-report+json quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-jnrw@sha256:37f25d7a43c381e79a2e46fe641d411d2d056ae66ef3382fda09340f833c5745 clair-report-amd64.json:application/vnd.redhat.clair-report+json pod: test-comp-jnrw-on-pull-request-p8rhm-clair-scan-pod | container step-conftest-vulnerabilities: [ { "filename": "/tekton/home/clair-result-amd64.json", "namespace": "required_checks", "successes": 7, "warnings": [ { "msg": "Found packages with unpatched medium vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: coreutils-8.32-4+b1 (CVE-2016-2781)", "name": "clair_unpatched_medium_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 1 } }, { "msg": "Found packages with unpatched low/negligible vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: libexpat1-2.2.10-2+deb11u5 (CVE-2013-0340, CVE-2023-52426, CVE-2024-28757), libpcre3-2:8.39-13 (CVE-2017-11164, CVE-2017-16231, CVE-2017-7245, CVE-2017-7246, CVE-2019-20838), libgssapi-krb5-2-1.18.3-6+deb11u3 (CVE-2018-5709, CVE-2024-26458, CVE-2024-26461), bsdutils-1:2.36.1-8+deb11u1 (CVE-2022-0563, CVE-2025-14104), libudev1-247.3-7+deb11u1 (CVE-2013-4392, CVE-2020-13529, CVE-2023-31437, CVE-2023-31438, CVE-2023-31439), libkrb5support0-1.18.3-6+deb11u3 (CVE-2018-5709, CVE-2024-26458, CVE-2024-26461), libsqlite3-0-3.34.1-3 (CVE-2021-45346, CVE-2022-35737, CVE-2025-29088, CVE-2025-70873), libapt-pkg6.0-2.2.4 (CVE-2011-3374), libk5crypto3-1.18.3-6+deb11u3 (CVE-2018-5709, CVE-2024-26458, CVE-2024-26461), libgcc-s1-10.2.1-6 (CVE-2023-4039), mount-2.36.1-8+deb11u1 (CVE-2022-0563, CVE-2025-14104), libc6-2.31-13+deb11u5 (CVE-2010-4756, CVE-2018-20796, CVE-2019-1010022, CVE-2019-1010023, CVE-2019-1010024, CVE-2019-1010025, CVE-2019-9192), coreutils-8.32-4+b1 (CVE-2017-18018, CVE-2025-5278), libc-bin-2.31-13+deb11u5 (CVE-2010-4756, CVE-2018-20796, CVE-2019-1010022, CVE-2019-1010023, CVE-2019-1010024, CVE-2019-1010025, CVE-2019-9192), libblkid1-2.36.1-8+deb11u1 (CVE-2022-0563, CVE-2025-14104), gcc-9-base-9.3.0-22 (CVE-2023-4039), sysvinit-utils-2.96-7+deb11u1 (TEMP-0517018-A83CE6), libssl1.1-1.1.1n-0+deb11u3 (CVE-2025-27587), libuuid1-2.36.1-8+deb11u1 (CVE-2022-0563, CVE-2025-14104), libsmartcols1-2.36.1-8+deb11u1 (CVE-2022-0563, CVE-2025-14104), libgcrypt20-1.8.7-6 (CVE-2018-6829, CVE-2024-2236), gcc-10-base-10.2.1-6 (CVE-2023-4039), bash-5.1-2+deb11u1 (TEMP-0841856-B18BAF), util-linux-2.36.1-8+deb11u1 (CVE-2022-0563, CVE-2025-14104), libmount1-2.36.1-8+deb11u1 (CVE-2022-0563, CVE-2025-14104), passwd-1:4.8.1-1 (CVE-2007-5686, CVE-2013-4235, TEMP-0628843-DBAD28), perl-base-5.32.1-4+deb11u2 (CVE-2011-4116, CVE-2023-31486), gpgv-2.2.27-2+deb11u2 (CVE-2022-3219), libgnutls30-3.7.1-5+deb11u2 (CVE-2011-3389), libstdc++6-10.2.1-6 (CVE-2023-4039), openssl-1.1.1n-0+deb11u3 (CVE-2025-27587), libpcre2-8-0-10.36-2+deb11u1 (CVE-2022-41409), libkrb5-3-1.18.3-6+deb11u3 (CVE-2018-5709, CVE-2024-26458, CVE-2024-26461), apt-2.2.4 (CVE-2011-3374), login-1:4.8.1-1 (CVE-2007-5686, CVE-2013-4235, TEMP-0628843-DBAD28), libsystemd0-247.3-7+deb11u1 (CVE-2013-4392, CVE-2020-13529, CVE-2023-31437, CVE-2023-31438, CVE-2023-31439), tar-1.34+dfsg-1 (CVE-2005-2541, TEMP-0290435-0B57B5)", "name": "clair_unpatched_low_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 89 } }, { "msg": "Found packages with unpatched unknown vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: libexpat1-2.2.10-2+deb11u5 (CVE-2024-8176, CVE-2025-59375, CVE-2025-66382, CVE-2026-24515, CVE-2026-25210, CVE-2026-32776, CVE-2026-32777, CVE-2026-32778, CVE-2026-41080), libgssapi-krb5-2-1.18.3-6+deb11u3 (CVE-2026-40355, CVE-2026-40356), bsdutils-1:2.36.1-8+deb11u1 (CVE-2026-27456, CVE-2026-3184), zlib1g-1:1.2.11.dfsg-2+deb11u2 (CVE-2023-45853, CVE-2026-27171), libzstd1-1.4.8+dfsg-2.1 (CVE-2022-4899), sed-4.7-1 (CVE-2026-5958), dpkg-1.20.12 (CVE-2025-6297), libudev1-247.3-7+deb11u1 (CVE-2026-40228), libkrb5support0-1.18.3-6+deb11u3 (CVE-2026-40355, CVE-2026-40356), libsqlite3-0-3.34.1-3 (CVE-2025-6965), libk5crypto3-1.18.3-6+deb11u3 (CVE-2026-40355, CVE-2026-40356), mount-2.36.1-8+deb11u1 (CVE-2026-27456, CVE-2026-3184), libc6-2.31-13+deb11u5 (CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2025-8058, CVE-2026-0861, CVE-2026-0915, CVE-2026-4046, CVE-2026-4437, CVE-2026-4438, CVE-2026-5435, CVE-2026-5450, CVE-2026-5928, CVE-2026-6238), libc-bin-2.31-13+deb11u5 (CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2025-8058, CVE-2026-0861, CVE-2026-0915, CVE-2026-4046, CVE-2026-4437, CVE-2026-4438, CVE-2026-5435, CVE-2026-5450, CVE-2026-5928, CVE-2026-6238), libblkid1-2.36.1-8+deb11u1 (CVE-2026-27456, CVE-2026-3184), ncurses-bin-6.2+20201114-2 (CVE-2023-50495, CVE-2025-6141, CVE-2025-69720), ncurses-base-6.2+20201114-2 (CVE-2023-50495, CVE-2025-6141, CVE-2025-69720), libssl1.1-1.1.1n-0+deb11u3 (CVE-2026-28387, CVE-2026-28388, CVE-2026-28389, CVE-2026-28390), libuuid1-2.36.1-8+deb11u1 (CVE-2026-27456, CVE-2026-3184), libtinfo6-6.2+20201114-2 (CVE-2023-50495, CVE-2025-6141, CVE-2025-69720), libsmartcols1-2.36.1-8+deb11u1 (CVE-2026-27456, CVE-2026-3184), libgcrypt20-1.8.7-6 (CVE-2021-33560, CVE-2026-41989), libpam-runtime-1.4.0-9+deb11u1 (CVE-2024-10041, CVE-2025-8941), libpam-modules-bin-1.4.0-9+deb11u1 (CVE-2024-10041, CVE-2025-8941), bash-5.1-2+deb11u1 (CVE-2022-3715), util-linux-2.36.1-8+deb11u1 (CVE-2026-27456, CVE-2026-3184), libmount1-2.36.1-8+deb11u1 (CVE-2026-27456, CVE-2026-3184), passwd-1:4.8.1-1 (CVE-2024-56433), gpgv-2.2.27-2+deb11u2 (CVE-2025-30258, CVE-2025-68972), libgnutls30-3.7.1-5+deb11u2 (CVE-2026-33845, CVE-2026-33846, CVE-2026-3832, CVE-2026-3833, CVE-2026-42009, CVE-2026-42010, CVE-2026-42011, CVE-2026-42012, CVE-2026-42013, CVE-2026-42014, CVE-2026-42015, CVE-2026-5260, CVE-2026-5419), libpam0g-1.4.0-9+deb11u1 (CVE-2024-10041, CVE-2025-8941), openssl-1.1.1n-0+deb11u3 (CVE-2026-28387, CVE-2026-28388, CVE-2026-28389, CVE-2026-28390), liblzma5-5.2.5-2.1~deb11u1 (CVE-2026-34743), libkrb5-3-1.18.3-6+deb11u3 (CVE-2026-40355, CVE-2026-40356), libtasn1-6-4.16.0-2 (CVE-2025-13151), login-1:4.8.1-1 (CVE-2024-56433), libncursesw6-6.2+20201114-2 (CVE-2023-50495, CVE-2025-6141, CVE-2025-69720), libsystemd0-247.3-7+deb11u1 (CVE-2026-40228), tar-1.34+dfsg-1 (CVE-2026-5704), libpam-modules-1.4.0-9+deb11u1 (CVE-2024-10041, CVE-2025-8941), libdb5.3-5.3.28+dfsg1-0.8 (CVE-2019-8457)", "name": "clair_unpatched_unknown_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 117 } } ] } ] {"vulnerabilities":{"critical":0,"high":0,"medium":0,"low":0,"unknown":0},"unpatched_vulnerabilities":{"critical":0,"high":0,"medium":1,"low":89,"unknown":117}} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-jnrw:on-pr-2d475b7ced7f2f9adb74a83b290655cff6ef2c07", "digests": ["sha256:37f25d7a43c381e79a2e46fe641d411d2d056ae66ef3382fda09340f833c5745"]}} {"result":"SUCCESS","timestamp":"2026-05-06T07:10:38+00:00","note":"Task clair-scan completed: Refer to Tekton task result SCAN_OUTPUT for vulnerabilities scanned by Clair.","namespace":"default","successes":0,"failures":0,"warnings":0} pod: test-comp-jnrw-on-pull-request-p8rhm-clamav-scan-pod | init container: prepare 2026/05/06 07:06:31 Entrypoint initialization pod: test-comp-jnrw-on-pull-request-p8rhm-clamav-scan-pod | init container: place-scripts 2026/05/06 07:06:32 Decoded script /tekton/scripts/script-0-6ztxf 2026/05/06 07:06:32 Decoded script /tekton/scripts/script-1-c99ql pod: test-comp-jnrw-on-pull-request-p8rhm-clamav-scan-pod | container step-extract-and-scan-image: Starting clamd ... clamd is ready! Detecting artifact type for quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-jnrw@sha256:37f25d7a43c381e79a2e46fe641d411d2d056ae66ef3382fda09340f833c5745. Detected container image. Processing image manifests. Running "oc image extract" on image of arch amd64 Scanning image for arch amd64. This operation may take a while. ----------- SCAN SUMMARY ----------- Infected files: 0 Time: 36.216 sec (0 m 36 s) Start Date: 2026:05:06 07:07:45 End Date: 2026:05:06 07:08:21 Executed-on: Scan was executed on clamsdcan version - ClamAV 1.4.3/27992/Tue May 5 06:26:41 2026 Database version: 27992 [ { "filename": "/work/logs/clamscan-result-log-amd64.json", "namespace": "required_checks", "successes": 2 } ] {"timestamp":"1778051301","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1778051301","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1778051301","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-jnrw:on-pr-2d475b7ced7f2f9adb74a83b290655cff6ef2c07", "digests": ["sha256:37f25d7a43c381e79a2e46fe641d411d2d056ae66ef3382fda09340f833c5745"]}} pod: test-comp-jnrw-on-pull-request-p8rhm-clamav-scan-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-jnrw Attaching to quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-jnrw:on-pr-2d475b7ced7f2f9adb74a83b290655cff6ef2c07 Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/vnd.clamav quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-jnrw:on-pr-2d475b7ced7f2f9adb74a83b290655cff6ef2c07@sha256:37f25d7a43c381e79a2e46fe641d411d2d056ae66ef3382fda09340f833c5745 clamscan-result-amd64.log:text/vnd.clamav clamscan-ec-test-amd64.json:application/vnd.konflux.test_output+json Preparing clamscan-result-amd64.log Preparing clamscan-ec-test-amd64.json Uploading c839dba5b03b clamscan-ec-test-amd64.json Uploading d9a4c7777edc clamscan-result-amd64.log Exists 44136fa355b3 application/vnd.oci.empty.v1+json Uploaded d9a4c7777edc clamscan-result-amd64.log Uploaded c839dba5b03b clamscan-ec-test-amd64.json Uploading e2da341f91e0 application/vnd.oci.image.manifest.v1+json Uploaded e2da341f91e0 application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-jnrw:on-pr-2d475b7ced7f2f9adb74a83b290655cff6ef2c07@sha256:37f25d7a43c381e79a2e46fe641d411d2d056ae66ef3382fda09340f833c5745 Digest: sha256:e2da341f91e0f9b3a973f687b955a8fbf78c6d9319add48a7cf5255cdbfe786b pod: test-comp-jnrw-on-pull-request-p8rhm-clone-repository-pod | init container: prepare 2026/05/06 07:03:39 Entrypoint initialization pod: test-comp-jnrw-on-pull-request-p8rhm-clone-repository-pod | init container: place-scripts 2026/05/06 07:03:40 Decoded script /tekton/scripts/script-0-gdp28 2026/05/06 07:03:40 Decoded script /tekton/scripts/script-1-lvnn2 pod: test-comp-jnrw-on-pull-request-p8rhm-clone-repository-pod | container step-clone: INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt {"level":"info","ts":1778051025.3977282,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1778051025.6252344,"caller":"git/git.go:223","msg":"Successfully cloned https://github.com/redhat-appstudio-qe/devfile-sample-python-basic @ 2d475b7ced7f2f9adb74a83b290655cff6ef2c07 (grafted, HEAD) in path /workspace/output/source"} {"level":"info","ts":1778051025.6253035,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1778051025.6526341,"caller":"git/git.go:277","msg":"Successfully initialized and updated submodules in path /workspace/output/source"} Merge option disabled. Using checked-out revision 2d475b7ced7f2f9adb74a83b290655cff6ef2c07 directly. pod: test-comp-jnrw-on-pull-request-p8rhm-clone-repository-pod | container step-symlink-check: Running symlink check pod: test-comp-jnrw-on-pull-request-p8rhm-init-pod | init container: prepare 2026/05/06 07:03:14 Entrypoint initialization pod: test-comp-jnrw-on-pull-request-p8rhm-init-pod | container step-init: time="2026-05-06T07:03:30Z" level=info msg="[param] enable: false" time="2026-05-06T07:03:30Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-05-06T07:03:30Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-05-06T07:03:30Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-05-06T07:03:30Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-05-06T07:03:30Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-05-06T07:03:30Z" level=info msg="Cache proxy is disabled via param" time="2026-05-06T07:03:30Z" level=info msg="[result] HTTP PROXY: " time="2026-05-06T07:03:30Z" level=info msg="[result] NO PROXY: " pod: test-comp-jnrw-on-pull-request-p8rhm-prefetch-dependencies-pod | init container: prepare 2026/05/06 07:03:59 Entrypoint initialization pod: test-comp-jnrw-on-pull-request-p8rhm-prefetch-dependencies-pod | init container: place-scripts 2026/05/06 07:04:00 Decoded script /tekton/scripts/script-0-hwnzd pod: test-comp-jnrw-on-pull-request-p8rhm-prefetch-dependencies-pod | container step-prefetch-dependencies: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' Using mounted service CA bundle: /mnt/service-ca/ca-bundle.crt '/mnt/service-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/service-ca.crt' time="2026-05-06T07:04:14Z" level=debug msg="Starting prefetch-dependencies" time="2026-05-06T07:04:14Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-05-06T07:04:14Z" level=info msg="Not using package registry proxy because allow-package-registry-proxy is not set to `true` on the cluster level" logger=PrefetchDependencies time="2026-05-06T07:04:14Z" level=info msg="[param] source-dir: /workspace/source/source" time="2026-05-06T07:04:14Z" level=info msg="[param] output-dir: /workspace/source/cachi2/output" time="2026-05-06T07:04:14Z" level=info msg="[param] sbom-format: spdx" time="2026-05-06T07:04:14Z" level=info msg="[param] mode: strict" time="2026-05-06T07:04:14Z" level=info msg="[param] output-dir-mount-point: /cachi2/output" time="2026-05-06T07:04:14Z" level=info msg="[param] env-files: [/workspace/source/cachi2/cachi2.env /workspace/source/cachi2/prefetch.env /workspace/source/cachi2/prefetch-env.json]" time="2026-05-06T07:04:14Z" level=info msg="[param] git-auth-directory: /workspace/git-basic-auth" time="2026-05-06T07:04:15Z" level=info msg="hermeto [stdout] hermeto 0.51.0" logger=CliExecutor time="2026-05-06T07:04:15Z" level=warning msg="No input provided; skipping prefetch-dependencies" logger=PrefetchDependencies time="2026-05-06T07:04:15Z" level=debug msg="Finished prefetch-dependencies" pod: test-comp-jnrw-on-pull-request-p8rhm-push-dockerfile-pod | init container: prepare 2026/05/06 07:06:33 Entrypoint initialization pod: test-comp-jnrw-on-pull-request-p8rhm-push-dockerfile-pod | init container: working-dir-initializer pod: test-comp-jnrw-on-pull-request-p8rhm-push-dockerfile-pod | container step-push: time="2026-05-06T07:06:36Z" level=info msg="[param] image-url: quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-jnrw:on-pr-2d475b7ced7f2f9adb74a83b290655cff6ef2c07" time="2026-05-06T07:06:36Z" level=info msg="[param] image-digest: sha256:37f25d7a43c381e79a2e46fe641d411d2d056ae66ef3382fda09340f833c5745" time="2026-05-06T07:06:36Z" level=info msg="[param] containerfile: docker/Dockerfile" time="2026-05-06T07:06:36Z" level=info msg="[param] context: ." time="2026-05-06T07:06:36Z" level=info msg="[param] tag-suffix: .dockerfile" time="2026-05-06T07:06:36Z" level=info msg="[param] artifact-type: application/vnd.konflux.dockerfile" time="2026-05-06T07:06:36Z" level=info msg="[param] source: source" time="2026-05-06T07:06:36Z" level=info msg="[param] result-path-image-ref: /tekton/results/IMAGE_REF" time="2026-05-06T07:06:36Z" level=info msg="[param] alternative-filename: Dockerfile" time="2026-05-06T07:06:37Z" level=info msg="oras [stdout] quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-jnrw@sha256:f7e78519b04d36c00cd8d7f12463ae4b8cccfe287ef637a9e7438467b7d942f2" logger=CliExecutor time="2026-05-06T07:06:37Z" level=info msg="Containerfile '/workspace/workspace/source/docker/Dockerfile' is pushed to registry with tag: sha256-37f25d7a43c381e79a2e46fe641d411d2d056ae66ef3382fda09340f833c5745.dockerfile" {"image_ref":"quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-jnrw@sha256:f7e78519b04d36c00cd8d7f12463ae4b8cccfe287ef637a9e7438467b7d942f2"} pod: test-comp-jnrw-on-pull-request-p8rhm-rpms-signature-scan-pod | init container: prepare 2026/05/06 07:06:31 Entrypoint initialization pod: test-comp-jnrw-on-pull-request-p8rhm-rpms-signature-scan-pod | init container: place-scripts 2026/05/06 07:06:32 Decoded script /tekton/scripts/script-0-kxlnk 2026/05/06 07:06:32 Decoded script /tekton/scripts/script-1-dwfws pod: test-comp-jnrw-on-pull-request-p8rhm-rpms-signature-scan-pod | container step-rpms-signature-scan: + set -o pipefail + rpm_verifier --image-url quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-jnrw:on-pr-2d475b7ced7f2f9adb74a83b290655cff6ef2c07 --image-digest sha256:37f25d7a43c381e79a2e46fe641d411d2d056ae66ef3382fda09340f833c5745 --workdir /tmp Image: quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-jnrw@sha256:37f25d7a43c381e79a2e46fe641d411d2d056ae66ef3382fda09340f833c5745 No unsigned RPMs found {'keys': {'unsigned': 0}} ==================================== Final results: {"keys": {"unsigned": 0}} Images processed: {"image": {"pullspec": "quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-jnrw:on-pr-2d475b7ced7f2f9adb74a83b290655cff6ef2c07", "digests": ["sha256:37f25d7a43c381e79a2e46fe641d411d2d056ae66ef3382fda09340f833c5745"]}} pod: test-comp-jnrw-on-pull-request-p8rhm-rpms-signature-scan-pod | container step-output-results: + source /utils.sh ++ OPM_RENDER_CACHE=/tmp/konflux-test-opm-cache ++ DEFAULT_INDEX_IMAGE=registry.redhat.io/redhat/redhat-operator-index ++ cat /tmp/status + status=SUCCESS ++ cat /tmp/results + rpms_data='{"keys": {"unsigned": 0}}' ++ cat /tmp/images_processed + images_processed='{"image": {"pullspec": "quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-jnrw:on-pr-2d475b7ced7f2f9adb74a83b290655cff6ef2c07", "digests": ["sha256:37f25d7a43c381e79a2e46fe641d411d2d056ae66ef3382fda09340f833c5745"]}}' + '[' SUCCESS == ERROR ']' + note='Task rpms-signature-scan completed successfully' ++ make_result_json -r SUCCESS -t 'Task rpms-signature-scan completed successfully' ++ local RESULT= ++ local SUCCESSES=0 ++ local FAILURES=0 ++ local WARNINGS=0 ++ local 'NOTE=For details, check Tekton task log.' ++ local NAMESPACE=default ++ local OUTPUT ++ local OPTIND opt ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ RESULT=SUCCESS ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ NOTE='Task rpms-signature-scan completed successfully' ++ getopts :r:s:f:w:t:n: opt ++ shift 4 ++ '[' -z SUCCESS ']' ++ case "${RESULT}" in ++++ date -u --iso-8601=seconds +++ jq -rce --arg date 2026-05-06T07:08:58+00:00 --arg result SUCCESS --arg note 'Task rpms-signature-scan completed successfully' --arg namespace default --arg successes 0 --arg failures 0 --arg warnings 0 --null-input '{ result: $result, timestamp: $date, note: $note, namespace: $namespace, successes: $successes|tonumber, failures: $failures|tonumber, warnings: $warnings|tonumber }' ++ OUTPUT='{"result":"SUCCESS","timestamp":"2026-05-06T07:08:58+00:00","note":"Task rpms-signature-scan completed successfully","namespace":"default","successes":0,"failures":0,"warnings":0}' ++ echo '{"result":"SUCCESS","timestamp":"2026-05-06T07:08:58+00:00","note":"Task rpms-signature-scan completed successfully","namespace":"default","successes":0,"failures":0,"warnings":0}' + TEST_OUTPUT='{"result":"SUCCESS","timestamp":"2026-05-06T07:08:58+00:00","note":"Task rpms-signature-scan completed successfully","namespace":"default","successes":0,"failures":0,"warnings":0}' + echo '{"result":"SUCCESS","timestamp":"2026-05-06T07:08:58+00:00","note":"Task rpms-signature-scan completed successfully","namespace":"default","successes":0,"failures":0,"warnings":0}' + tee /tekton/results/TEST_OUTPUT {"result":"SUCCESS","timestamp":"2026-05-06T07:08:58+00:00","note":"Task rpms-signature-scan completed successfully","namespace":"default","successes":0,"failures":0,"warnings":0} + echo '{"keys": {"unsigned": 0}}' + tee /tekton/results/RPMS_DATA {"keys": {"unsigned": 0}} + echo '{"image": {"pullspec": "quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-jnrw:on-pr-2d475b7ced7f2f9adb74a83b290655cff6ef2c07", "digests": ["sha256:37f25d7a43c381e79a2e46fe641d411d2d056ae66ef3382fda09340f833c5745"]}}' + tee /tekton/results/IMAGES_PROCESSED {"image": {"pullspec": "quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-jnrw:on-pr-2d475b7ced7f2f9adb74a83b290655cff6ef2c07", "digests": ["sha256:37f25d7a43c381e79a2e46fe641d411d2d056ae66ef3382fda09340f833c5745"]}} pod: test-comp-jnrw-on-pull-request-p8rhm-sast-shell-check-pod | init container: prepare 2026/05/06 07:11:58 Entrypoint initialization pod: test-comp-jnrw-on-pull-request-p8rhm-sast-shell-check-pod | init container: place-scripts 2026/05/06 07:11:59 Decoded script /tekton/scripts/script-0-glxkk 2026/05/06 07:11:59 Decoded script /tekton/scripts/script-1-7r7hx pod: test-comp-jnrw-on-pull-request-p8rhm-sast-shell-check-pod | init container: working-dir-initializer pod: test-comp-jnrw-on-pull-request-p8rhm-sast-shell-check-pod | container step-sast-shell-check: + source /utils.sh ++ OPM_RENDER_CACHE=/tmp/konflux-test-opm-cache ++ DEFAULT_INDEX_IMAGE=registry.redhat.io/redhat/redhat-operator-index + trap 'handle_error /tekton/results/TEST_OUTPUT' EXIT + [[ -z '' ]] + PROJECT_NAME=test-comp-jnrw + echo 'INFO: The PROJECT_NAME used is: test-comp-jnrw' INFO: The PROJECT_NAME used is: test-comp-jnrw + ca_bundle=/mnt/trusted-ca/ca-bundle.crt + '[' -f /mnt/trusted-ca/ca-bundle.crt ']' INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt + echo 'INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt' + cp -vf /mnt/trusted-ca/ca-bundle.crt /etc/pki/ca-trust/source/anchors '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' + update-ca-trust ++ rpm -q --queryformat '%{NAME}-%{VERSION}-%{RELEASE}\n' ShellCheck + PACKAGE_VERSION=ShellCheck-0.10.0-3.el9 + OUTPUT_FILE=shellcheck-results.json + SOURCE_CODE_DIR=/workspace/workspace/source + declare -a ALL_TARGETS + IFS=, + read -ra TARGET_ARRAY + for d in "${TARGET_ARRAY[@]}" + potential_path=/workspace/workspace/source/. ++ realpath -m /workspace/workspace/source/. + resolved_path=/workspace/workspace/source + [[ /workspace/workspace/source == \/\w\o\r\k\s\p\a\c\e\/\w\o\r\k\s\p\a\c\e\/\s\o\u\r\c\e* ]] + ALL_TARGETS+=("$resolved_path") + '[' -z '' ']' + '[' -r /sys/fs/cgroup/cpu.max ']' + read -r quota period + '[' 800000 '!=' max ']' + '[' -n 100000 ']' + '[' 100000 -gt 0 ']' + export SC_JOBS=8 + SC_JOBS=8 + echo 'INFO: Setting SC_JOBS=8 based on cgroups v2 max for run-shellcheck.sh' INFO: Setting SC_JOBS=8 based on cgroups v2 max for run-shellcheck.sh + /usr/share/csmock/scripts/run-shellcheck.sh /workspace/workspace/source Looking for shell scripts................ done + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/applypatch-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/commit-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/post-update.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/prepare-commit-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-applypatch.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-commit.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-merge-commit.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-push.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-rebase.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-receive.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/push-to-checkout.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/sendemail-validate.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/update.sample + CSGREP_OPTS=(--mode=json --strip-path-prefix="$SOURCE_CODE_DIR"/ --remove-duplicates --embed-context=3 --set-scan-prop="ShellCheck:${PACKAGE_VERSION}") + [[ true == \t\r\u\e ]] + CSGREP_EVENT_FILTER='\[SC(1020|1035|1054|1066|1068|1073|1080|1083|1099|1113|1115|1127|1128|1143|2043|2050|' + CSGREP_EVENT_FILTER+='2055|2057|2066|2069|2071|2077|2078|2091|2092|2157|2171|2193|2194|2195|2215|2216|' + CSGREP_EVENT_FILTER+='2218|2224|2225|2242|2256|2258|2261)\]$' + CSGREP_OPTS+=(--event="$CSGREP_EVENT_FILTER") + csgrep --mode=json --strip-path-prefix=/workspace/workspace/source/ --remove-duplicates --embed-context=3 --set-scan-prop=ShellCheck:ShellCheck-0.10.0-3.el9 '--event=\[SC(1020|1035|1054|1066|1068|1073|1080|1083|1099|1113|1115|1127|1128|1143|2043|2050|2055|2057|2066|2069|2071|2077|2078|2091|2092|2157|2171|2193|2194|2195|2215|2216|2218|2224|2225|2242|2256|2258|2261)\]$' ./shellcheck-results/empty.json ./shellcheck-results/sc-103.json ./shellcheck-results/sc-110.json ./shellcheck-results/sc-114.json ./shellcheck-results/sc-124.json ./shellcheck-results/sc-70.json ./shellcheck-results/sc-76.json ./shellcheck-results/sc-79.json ./shellcheck-results/sc-81.json ./shellcheck-results/sc-82.json ./shellcheck-results/sc-85.json + [[ SITE_DEFAULT == \S\I\T\E\_\D\E\F\A\U\L\T ]] + KFP_GIT_URL=https://gitlab.cee.redhat.com/osh/known-false-positives.git + PROBE_URL=https://gitlab.cee.redhat.com/osh/known-false-positives + KFP_DIR=known-false-positives + KFP_CLONED=0 + mkdir known-false-positives + [[ -n https://gitlab.cee.redhat.com/osh/known-false-positives.git ]] INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... + echo -n 'INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... ' + curl --fail --head --max-time 60 --no-progress-meter https://gitlab.cee.redhat.com/osh/known-false-positives ++ head -1 curl: (6) Could not resolve host: gitlab.cee.redhat.com + [[ 0 -eq 0 ]] WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered + echo 'WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered' + echo 'ShellCheck results have been saved to shellcheck-results.json' ShellCheck results have been saved to shellcheck-results.json + csgrep --mode=evtstat shellcheck-results.json + csgrep --mode=sarif shellcheck-results.json + TEST_OUTPUT= + parse_test_output sast-shell-check sarif shellcheck-results.sarif + TEST_NAME=sast-shell-check + TEST_RESULT_FORMAT=sarif + TEST_RESULT_FILE=shellcheck-results.sarif + '[' -z sast-shell-check ']' + '[' -z sarif ']' + '[' -z shellcheck-results.sarif ']' + '[' '!' -f shellcheck-results.sarif ']' + '[' sarif = sarif ']' +++ jq -rce '(if (.runs[].results | length > 0) then "FAILURE" else "SUCCESS" end)' shellcheck-results.sarif +++ jq -rce '(.runs[].results | length)' shellcheck-results.sarif ++ make_result_json -r SUCCESS -f 0 ++ local RESULT= ++ local SUCCESSES=0 ++ local FAILURES=0 ++ local WARNINGS=0 ++ local 'NOTE=For details, check Tekton task log.' ++ local NAMESPACE=default ++ local OUTPUT ++ local OPTIND opt ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ RESULT=SUCCESS ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ FAILURES=0 ++ getopts :r:s:f:w:t:n: opt ++ shift 4 ++ '[' -z SUCCESS ']' ++ case "${RESULT}" in ++++ date -u --iso-8601=seconds +++ jq -rce --arg date 2026-05-06T07:12:32+00:00 --arg result SUCCESS --arg note 'For details, check Tekton task log.' --arg namespace default --arg successes 0 --arg failures 0 --arg warnings 0 --null-input '{ result: $result, timestamp: $date, note: $note, namespace: $namespace, successes: $successes|tonumber, failures: $failures|tonumber, warnings: $warnings|tonumber }' ++ OUTPUT='{"result":"SUCCESS","timestamp":"2026-05-06T07:12:32+00:00","note":"For details, check Tekton task log.","namespace":"default","successes":0,"failures":0,"warnings":0}' ++ echo '{"result":"SUCCESS","timestamp":"2026-05-06T07:12:32+00:00","note":"For details, check Tekton task log.","namespace":"default","successes":0,"failures":0,"warnings":0}' + TEST_OUTPUT='{"result":"SUCCESS","timestamp":"2026-05-06T07:12:32+00:00","note":"For details, check Tekton task log.","namespace":"default","successes":0,"failures":0,"warnings":0}' ++ echo '{"result":"SUCCESS","timestamp":"2026-05-06T07:12:32+00:00","note":"For details, check Tekton task log.","namespace":"default","successes":0,"failures":0,"warnings":0}' ++ jq .failures + '[' 0 -gt 0 ']' + echo '{"result":"SUCCESS","timestamp":"2026-05-06T07:12:32+00:00","note":"For details, check Tekton task log.","namespace":"default","successes":0,"failures":0,"warnings":0}' + tee /tekton/results/TEST_OUTPUT {"result":"SUCCESS","timestamp":"2026-05-06T07:12:32+00:00","note":"For details, check Tekton task log.","namespace":"default","successes":0,"failures":0,"warnings":0} + handle_error /tekton/results/TEST_OUTPUT + exit_code=0 + '[' 0 -ne 0 ']' + exit 0 pod: test-comp-jnrw-on-pull-request-p8rhm-sast-shell-check-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-jnrw Attaching to quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-jnrw:on-pr-2d475b7ced7f2f9adb74a83b290655cff6ef2c07 Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/sarif+json quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-jnrw:on-pr-2d475b7ced7f2f9adb74a83b290655cff6ef2c07@sha256:37f25d7a43c381e79a2e46fe641d411d2d056ae66ef3382fda09340f833c5745 shellcheck-results.sarif:application/sarif+json Preparing shellcheck-results.sarif Uploading da808faebf6f shellcheck-results.sarif Exists 44136fa355b3 application/vnd.oci.empty.v1+json Uploaded da808faebf6f shellcheck-results.sarif Uploading 23db8064cdd9 application/vnd.oci.image.manifest.v1+json Uploaded 23db8064cdd9 application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-jnrw:on-pr-2d475b7ced7f2f9adb74a83b290655cff6ef2c07@sha256:37f25d7a43c381e79a2e46fe641d411d2d056ae66ef3382fda09340f833c5745 Digest: sha256:23db8064cdd9523b67afd6e48463479cf4ed244f8f846e5621560d9f359c5b2f No excluded-findings.json exists. Skipping upload. pod: test-comp-jnrw-on-pull-request-p8rhm-sast-snyk-check-pod | init container: prepare 2026/05/06 07:06:33 Entrypoint initialization pod: test-comp-jnrw-on-pull-request-p8rhm-sast-snyk-check-pod | init container: place-scripts 2026/05/06 07:06:33 Decoded script /tekton/scripts/script-0-ltcpf 2026/05/06 07:06:33 Decoded script /tekton/scripts/script-1-zspwc pod: test-comp-jnrw-on-pull-request-p8rhm-sast-snyk-check-pod | init container: working-dir-initializer pod: test-comp-jnrw-on-pull-request-p8rhm-sast-snyk-check-pod | container step-sast-snyk-check: INFO: The PROJECT_NAME used is: test-comp-jnrw INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' {"result":"SKIPPED","timestamp":"2026-05-06T07:07:19+00:00","note":"Task sast-snyk-check skipped: If you wish to use the Snyk code SAST task, please create a secret name snyk-secret with the key 'snyk_token' containing the Snyk token by following the steps given [here](https://konflux-ci.dev/docs/testing/build/snyk/)","namespace":"default","successes":0,"failures":0,"warnings":0} pod: test-comp-jnrw-on-pull-request-p8rhm-sast-snyk-check-pod | container step-upload: No sast_snyk_check_out.sarif exists. Skipping upload. No excluded-findings.json exists. Skipping upload. pod: test-comp-jnrw-on-pull-request-p8rhm-sast-unicode-check-pod | init container: prepare 2026/05/06 07:06:32 Entrypoint initialization pod: test-comp-jnrw-on-pull-request-p8rhm-sast-unicode-check-pod | init container: place-scripts 2026/05/06 07:06:33 Decoded script /tekton/scripts/script-0-4tkzw 2026/05/06 07:06:33 Decoded script /tekton/scripts/script-1-7sr2b pod: test-comp-jnrw-on-pull-request-p8rhm-sast-unicode-check-pod | init container: working-dir-initializer pod: test-comp-jnrw-on-pull-request-p8rhm-sast-unicode-check-pod | container step-sast-unicode-check: + . /utils.sh ++ OPM_RENDER_CACHE=/tmp/konflux-test-opm-cache ++ DEFAULT_INDEX_IMAGE=registry.redhat.io/redhat/redhat-operator-index + trap 'handle_error /tekton/results/TEST_OUTPUT' EXIT + [[ -z '' ]] + PROJECT_NAME=test-comp-jnrw + echo 'INFO: The PROJECT_NAME used is: test-comp-jnrw' INFO: The PROJECT_NAME used is: test-comp-jnrw + ca_bundle=/mnt/trusted-ca/ca-bundle.crt + '[' -f /mnt/trusted-ca/ca-bundle.crt ']' INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt + echo 'INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt' + cp -vf /mnt/trusted-ca/ca-bundle.crt /etc/pki/ca-trust/source/anchors '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' + update-ca-trust + SCAN_PROP=https://github.com/siddhesh/find-unicode-control.git#c2accbfbba7553a8bc1ebd97089ae08ad8347e58 + FUC_EXIT_CODE=0 + declare -a ALL_TARGETS + OLD_IFS=' ' + IFS=, + for d in $TARGET_DIRS + ALL_TARGETS+=("${SOURCE_CODE_DIR}/source/${d}") + IFS=' ' + LANG=en_US.utf8 + find_unicode_control.py -p bidi -v -d -t /workspace/workspace/source/. + [[ 0 -ne 0 ]] + sed -i raw_sast_unicode_check_out.txt -E -e 's|(.*:[0-9]+)(.*)|\1: warning:\2|' -e 's|^|Error: UNICONTROL_WARNING:\n|' + CSGERP_OPTS=(--mode=json --remove-duplicates --embed-context=3 --set-scan-prop="${SCAN_PROP}" --strip-path-prefix="${SOURCE_CODE_DIR}"/source/) + csgrep --mode=json --remove-duplicates --embed-context=3 --set-scan-prop=https://github.com/siddhesh/find-unicode-control.git#c2accbfbba7553a8bc1ebd97089ae08ad8347e58 --strip-path-prefix=/workspace/workspace/source/ raw_sast_unicode_check_out.txt + csgrep --mode=evtstat processed_sast_unicode_check_out.json + [[ SITE_DEFAULT == \S\I\T\E\_\D\E\F\A\U\L\T ]] + KFP_GIT_URL=https://gitlab.cee.redhat.com/osh/known-false-positives.git + PROBE_URL=https://gitlab.cee.redhat.com/osh/known-false-positives + KFP_DIR=known-false-positives + KFP_CLONED=0 + mkdir known-false-positives + [[ -n https://gitlab.cee.redhat.com/osh/known-false-positives.git ]] + echo -n 'INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... ' INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... + curl --fail --head --max-time 60 --no-progress-meter https://gitlab.cee.redhat.com/osh/known-false-positives ++ head -1 curl: (6) Could not resolve host: gitlab.cee.redhat.com + [[ 0 -eq 0 ]] + echo 'WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered' WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered + mv processed_sast_unicode_check_out.json sast_unicode_check_out.json + csgrep --mode=sarif sast_unicode_check_out.json + [[ 0 -eq 0 ]] + note='Task sast-unicode-check success: No finding was detected' ++ make_result_json -r SUCCESS -t 'Task sast-unicode-check success: No finding was detected' ++ local RESULT= ++ local SUCCESSES=0 ++ local FAILURES=0 ++ local WARNINGS=0 ++ local 'NOTE=For details, check Tekton task log.' ++ local NAMESPACE=default ++ local OUTPUT ++ local OPTIND opt ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ RESULT=SUCCESS ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ NOTE='Task sast-unicode-check success: No finding was detected' ++ getopts :r:s:f:w:t:n: opt ++ shift 4 ++ '[' -z SUCCESS ']' ++ case "${RESULT}" in ++++ date -u --iso-8601=seconds +++ jq -rce --arg date 2026-05-06T07:07:19+00:00 --arg result SUCCESS --arg note 'Task sast-unicode-check success: No finding was detected' --arg namespace default --arg successes 0 --arg failures 0 --arg warnings 0 --null-input '{ result: $result, timestamp: $date, note: $note, namespace: $namespace, successes: $successes|tonumber, failures: $failures|tonumber, warnings: $warnings|tonumber }' ++ OUTPUT='{"result":"SUCCESS","timestamp":"2026-05-06T07:07:19+00:00","note":"Task sast-unicode-check success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' ++ echo '{"result":"SUCCESS","timestamp":"2026-05-06T07:07:19+00:00","note":"Task sast-unicode-check success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' + ERROR_OUTPUT='{"result":"SUCCESS","timestamp":"2026-05-06T07:07:19+00:00","note":"Task sast-unicode-check success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' + echo '{"result":"SUCCESS","timestamp":"2026-05-06T07:07:19+00:00","note":"Task sast-unicode-check success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' + tee /tekton/results/TEST_OUTPUT {"result":"SUCCESS","timestamp":"2026-05-06T07:07:19+00:00","note":"Task sast-unicode-check success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0} + handle_error /tekton/results/TEST_OUTPUT + exit_code=0 + '[' 0 -ne 0 ']' + exit 0 pod: test-comp-jnrw-on-pull-request-p8rhm-sast-unicode-check-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-jnrw Attaching to quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-jnrw:on-pr-2d475b7ced7f2f9adb74a83b290655cff6ef2c07 Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/sarif+json quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-jnrw:on-pr-2d475b7ced7f2f9adb74a83b290655cff6ef2c07@sha256:37f25d7a43c381e79a2e46fe641d411d2d056ae66ef3382fda09340f833c5745 sast_unicode_check_out.sarif:application/sarif+json Preparing sast_unicode_check_out.sarif Uploading 0e9806f310b4 sast_unicode_check_out.sarif Exists 44136fa355b3 application/vnd.oci.empty.v1+json Uploaded 0e9806f310b4 sast_unicode_check_out.sarif Uploading e963d3f9112e application/vnd.oci.image.manifest.v1+json Uploaded e963d3f9112e application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-jnrw:on-pr-2d475b7ced7f2f9adb74a83b290655cff6ef2c07@sha256:37f25d7a43c381e79a2e46fe641d411d2d056ae66ef3382fda09340f833c5745 Digest: sha256:e963d3f9112e08668cecc6a59c89913169af0d2bd549a6773ec4546aed1c0a8c No excluded-findings.json exists. Skipping upload. New PipelineRun test-comp-jnrw-on-pull-request-m8thq found after retrigger for component build-e2e-fnei/test-comp-jnrw PipelineRun test-comp-jnrw-on-pull-request-m8thq found for Component build-e2e-fnei/test-comp-jnrw PipelineRun test-comp-jnrw-on-pull-request-m8thq reason: ResolvingTaskRef PipelineRun test-comp-jnrw-on-pull-request-m8thq reason: Running PipelineRun test-comp-jnrw-on-pull-request-m8thq reason: Running PipelineRun test-comp-jnrw-on-pull-request-m8thq reason: Running PipelineRun test-comp-jnrw-on-pull-request-m8thq reason: Running PipelineRun test-comp-jnrw-on-pull-request-m8thq reason: Running PipelineRun test-comp-jnrw-on-pull-request-m8thq reason: Running PipelineRun test-comp-jnrw-on-pull-request-m8thq reason: Running PipelineRun test-comp-jnrw-on-pull-request-m8thq reason: Running PipelineRun test-comp-jnrw-on-pull-request-m8thq reason: Completed < Exit [It] should eventually finish successfully for component with Git source URL https://github.com/redhat-appstudio-qe/devfile-sample-python-basic and Pipeline docker-build - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:356 @ 05/06/26 07:16:03.407 (11m16.303s) > Enter [AfterEach] [build-service-suite Build templates E2E test] - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:207 @ 05/06/26 07:16:03.407 < Exit [AfterEach] [build-service-suite Build templates E2E test] - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:207 @ 05/06/26 07:16:03.407 (0s) > Enter [It] should push Dockerfile to registry - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:366 @ 05/06/26 07:16:03.408 < Exit [It] should push Dockerfile to registry - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:366 @ 05/06/26 07:16:08.5 (5.092s) > Enter [AfterEach] [build-service-suite Build templates E2E test] - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:207 @ 05/06/26 07:16:08.5 < Exit [AfterEach] [build-service-suite Build templates E2E test] - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:207 @ 05/06/26 07:16:08.5 (0s) > Enter [It] floating tags are created successfully - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:378 @ 05/06/26 07:16:08.501 [SKIPPED] floating tag validation is not needed for: https://github.com/redhat-appstudio-qe/devfile-sample-python-basic In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:380 @ 05/06/26 07:16:08.501 < Exit [It] floating tags are created successfully - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:378 @ 05/06/26 07:16:08.501 (0s) > Enter [AfterEach] [build-service-suite Build templates E2E test] - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:207 @ 05/06/26 07:16:08.501 < Exit [AfterEach] [build-service-suite Build templates E2E test] - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:207 @ 05/06/26 07:16:08.501 (0s) > Enter [It] image manifest mediaType is correct - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:395 @ 05/06/26 07:16:08.502 < Exit [It] image manifest mediaType is correct - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:395 @ 05/06/26 07:16:08.806 (304ms) > Enter [AfterEach] [build-service-suite Build templates E2E test] - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:207 @ 05/06/26 07:16:08.806 < Exit [AfterEach] [build-service-suite Build templates E2E test] - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:207 @ 05/06/26 07:16:08.806 (0s) > Enter [It] check for source images if enabled in pipeline - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:420 @ 05/06/26 07:16:08.806 Source build is enabled: false [SKIPPED] Skipping source image check since it is not enabled in the pipeline In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:440 @ 05/06/26 07:16:08.819 < Exit [It] check for source images if enabled in pipeline - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:420 @ 05/06/26 07:16:08.819 (13ms) > Enter [AfterEach] [build-service-suite Build templates E2E test] - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:207 @ 05/06/26 07:16:08.82 < Exit [AfterEach] [build-service-suite Build templates E2E test] - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:207 @ 05/06/26 07:16:08.82 (0s) > Enter [BeforeAll] when Pipeline Results are stored for component with Git source URL https://github.com/redhat-appstudio-qe/devfile-sample-python-basic and Pipeline docker-build - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:477 @ 05/06/26 07:16:08.82 < Exit [BeforeAll] when Pipeline Results are stored for component with Git source URL https://github.com/redhat-appstudio-qe/devfile-sample-python-basic and Pipeline docker-build - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:477 @ 05/06/26 07:16:08.924 (104ms) > Enter [It] should have Pipeline Records - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:498 @ 05/06/26 07:16:08.925 records for PipelineRun test-comp-jnrw-on-pull-request-m8thq: &{[{build-e2e-fnei/results/09ed1f44-cc9f-4396-a6ae-029406d246f1/records/aef78efb-573d-4ab3-b9de-2e8ab06ee422 0f9ee3fc-1b56-4b84-94e6-ba0d6316a964 0f9ee3fc-1b56-4b84-94e6-ba0d6316a964} {build-e2e-fnei/results/09ed1f44-cc9f-4396-a6ae-029406d246f1/records/9e18e7de-9d52-43f7-a323-ebc2330d5310 153cbcf4-8f9d-444f-b5f5-98a5355aacae 153cbcf4-8f9d-444f-b5f5-98a5355aacae} {build-e2e-fnei/results/09ed1f44-cc9f-4396-a6ae-029406d246f1/records/a84e7778-b071-4fca-9f64-b7a0ad2f797e 16a71161-edaf-436f-9937-dd61df47a97e 16a71161-edaf-436f-9937-dd61df47a97e} {build-e2e-fnei/results/09ed1f44-cc9f-4396-a6ae-029406d246f1/records/622bbb20-2f8a-4576-bfa5-fae1194da964 300fb672-3dd6-4b25-bbca-d4cbd50388ef 300fb672-3dd6-4b25-bbca-d4cbd50388ef} {build-e2e-fnei/results/09ed1f44-cc9f-4396-a6ae-029406d246f1/records/9d292885-3907-4ef8-ada2-6b56360481cd 319604e2-31f2-4f52-9eed-651b50769c32 319604e2-31f2-4f52-9eed-651b50769c32} {build-e2e-fnei/results/09ed1f44-cc9f-4396-a6ae-029406d246f1/records/1f88bd1d-2f28-440e-945d-fc8b6302a766 39b69093-8742-4466-85ae-149eb7fd2571 39b69093-8742-4466-85ae-149eb7fd2571} {build-e2e-fnei/results/09ed1f44-cc9f-4396-a6ae-029406d246f1/records/5d6b7cfc-4348-4f68-9837-d062161e861f 4fc116d2-c41f-448f-8d08-8db06a91cf61 4fc116d2-c41f-448f-8d08-8db06a91cf61} {build-e2e-fnei/results/09ed1f44-cc9f-4396-a6ae-029406d246f1/records/5fc1d8d4-42dc-4a18-ae72-93499631ca38 70323961-3ff4-4cfb-9d96-427a43e55efb 70323961-3ff4-4cfb-9d96-427a43e55efb} {build-e2e-fnei/results/09ed1f44-cc9f-4396-a6ae-029406d246f1/records/bfd1c40e-7efd-4e69-a574-0042eb8a909f 872489de-de45-4ad8-baa6-7ebf1cb025fc 872489de-de45-4ad8-baa6-7ebf1cb025fc} {build-e2e-fnei/results/09ed1f44-cc9f-4396-a6ae-029406d246f1/records/0b27d26b-d6ac-4ffc-9250-91af8d403189 8ad9a57d-9d3d-4659-8197-a840f5917ec3 8ad9a57d-9d3d-4659-8197-a840f5917ec3} {build-e2e-fnei/results/09ed1f44-cc9f-4396-a6ae-029406d246f1/records/c9e3f5ba-4888-4be1-9d12-aea72ee58092 9bfde6c9-30e4-4689-87c9-28af13137e12 9bfde6c9-30e4-4689-87c9-28af13137e12} {build-e2e-fnei/results/09ed1f44-cc9f-4396-a6ae-029406d246f1/records/d3e6ecf7-d29a-4fb5-88cc-da7de370498b d13ce1d2-5882-49d7-ad0f-0311669c646f d13ce1d2-5882-49d7-ad0f-0311669c646f} {build-e2e-fnei/results/09ed1f44-cc9f-4396-a6ae-029406d246f1/records/a3f9f275-8b7f-4640-8d59-79b7609d51a3 d49b5857-68a4-4c95-b92a-493a18bd7e5e d49b5857-68a4-4c95-b92a-493a18bd7e5e} {build-e2e-fnei/results/09ed1f44-cc9f-4396-a6ae-029406d246f1/records/15df734d-5401-46c9-89fc-86a16e811970 d5c0a1d1-effc-4ef6-8a5a-75cb05d9f11b d5c0a1d1-effc-4ef6-8a5a-75cb05d9f11b} {build-e2e-fnei/results/09ed1f44-cc9f-4396-a6ae-029406d246f1/records/6c501c84-b871-4342-ae52-4183f65d5268 e3d88ffd-608b-4979-9506-5d9ee8c46a71 e3d88ffd-608b-4979-9506-5d9ee8c46a71} {build-e2e-fnei/results/09ed1f44-cc9f-4396-a6ae-029406d246f1/records/09ed1f44-cc9f-4396-a6ae-029406d246f1 e9efd2e4-4bec-463e-8ff4-b2aae6991b0d e9efd2e4-4bec-463e-8ff4-b2aae6991b0d}]} < Exit [It] should have Pipeline Records - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:498 @ 05/06/26 07:16:09.039 (114ms) > Enter [AfterEach] [build-service-suite Build templates E2E test] - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:207 @ 05/06/26 07:16:09.039 < Exit [AfterEach] [build-service-suite Build templates E2E test] - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:207 @ 05/06/26 07:16:09.04 (0s) > Enter [It] should validate tekton taskrun test results for component with Git source URL https://github.com/redhat-appstudio-qe/devfile-sample-python-basic and Pipeline docker-build - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:540 @ 05/06/26 07:16:09.041 < Exit [It] should validate tekton taskrun test results for component with Git source URL https://github.com/redhat-appstudio-qe/devfile-sample-python-basic and Pipeline docker-build - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:540 @ 05/06/26 07:16:09.285 (245ms) > Enter [AfterEach] [build-service-suite Build templates E2E test] - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:207 @ 05/06/26 07:16:09.286 < Exit [AfterEach] [build-service-suite Build templates E2E test] - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:207 @ 05/06/26 07:16:09.286 (0s) > Enter [BeforeAll] when the container image for component with Git source URL https://github.com/redhat-appstudio-qe/devfile-sample-python-basic is created and pushed to container registry - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:550 @ 05/06/26 07:16:09.287 < Exit [BeforeAll] when the container image for component with Git source URL https://github.com/redhat-appstudio-qe/devfile-sample-python-basic is created and pushed to container registry - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:550 @ 05/06/26 07:16:09.295 (8ms) > Enter [It] should have Hermeto content in the SBOM in case the build was hermetic - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:661 @ 05/06/26 07:16:09.295 [SKIPPED] Hermetic build is not enabled, skipping the test In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:663 @ 05/06/26 07:16:09.295 < Exit [It] should have Hermeto content in the SBOM in case the build was hermetic - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:661 @ 05/06/26 07:16:09.295 (0s) > Enter [AfterEach] [build-service-suite Build templates E2E test] - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:207 @ 05/06/26 07:16:09.295 < Exit [AfterEach] [build-service-suite Build templates E2E test] - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:207 @ 05/06/26 07:16:09.295 (0s) > Enter [It] should eventually finish successfully for component with Git source URL https://github.com/redhat-appstudio-qe/devfile-sample-python-basic and Pipeline docker-build-oci-ta - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:356 @ 05/06/26 07:16:09.296 PipelineRun test-comp-ewin-on-pull-request-gs2jz found for Component build-e2e-fnei/test-comp-ewin PipelineRun test-comp-ewin-on-pull-request-gs2jz reason: Failed attempt 1/3: PipelineRun "test-comp-ewin-on-pull-request-gs2jz" failed: pod: test-comp-ewin-on-pull-requ470f7c58152749b86d52657e1a9b0065-pod | init container: prepare 2026/05/06 07:06:34 Entrypoint initialization pod: test-comp-ewin-on-pull-requ470f7c58152749b86d52657e1a9b0065-pod | init container: place-scripts 2026/05/06 07:06:41 Decoded script /tekton/scripts/script-0-5c8v6 2026/05/06 07:06:41 Decoded script /tekton/scripts/script-1-sfm95 2026/05/06 07:06:41 Decoded script /tekton/scripts/script-2-gknqx 2026/05/06 07:06:41 Decoded script /tekton/scripts/script-3-gfm49 2026/05/06 07:06:41 Decoded script /tekton/scripts/script-4-mznfw 2026/05/06 07:06:41 Decoded script /tekton/scripts/script-5-9wc95 pod: test-comp-ewin-on-pull-requ470f7c58152749b86d52657e1a9b0065-pod | container step-introspect: Artifact type will be determined by introspection. Checking the media type of the OCI artifact... [retry] executing: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-ewin:on-pr-7ef594af8804f542e0ce08ca6eb1b4cc840deffc The media type of the OCI artifact is application/vnd.oci.image.manifest.v1+json. Looking for image labels that indicate this might be an operator bundle... [retry] executing: skopeo inspect --retry-times 3 docker://quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-ewin:on-pr-7ef594af8804f542e0ce08ca6eb1b4cc840deffc Found 0 matching labels. Expecting 3 or more to identify this image as an operator bundle. Introspection concludes that this artifact is of type "application". pod: test-comp-ewin-on-pull-requ470f7c58152749b86d52657e1a9b0065-pod | container step-generate-container-auth: Selecting auth for quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-ewin:on-pr-7ef594af8804f542e0ce08ca6eb1b4cc840deffc Using token for quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-ewin Auth json written to "/auth/auth.json". pod: test-comp-ewin-on-pull-requ470f7c58152749b86d52657e1a9b0065-pod | container step-set-skip-for-bundles: 2026/05/06 07:07:16 INFO Step was skipped due to when expressions were evaluated to false. pod: test-comp-ewin-on-pull-requ470f7c58152749b86d52657e1a9b0065-pod | container step-app-check: time="2026-05-06T07:07:17Z" level=info msg="certification library version" version="1.17.2 <commit: eb87e5b2d67ad110a0afe8edfb16f445e0877c4e>" time="2026-05-06T07:07:17Z" level=info msg="running checks for quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-ewin:on-pr-7ef594af8804f542e0ce08ca6eb1b4cc840deffc for platform amd64" time="2026-05-06T07:07:17Z" level=info msg="target image" image="quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-ewin:on-pr-7ef594af8804f542e0ce08ca6eb1b4cc840deffc" time="2026-05-06T07:07:21Z" level=error msg="could not get rpm list, continuing without it" error="could not find rpm db/packages: stat /tmp/preflight-3020478813/fs/usr/lib/sysimage/rpm/rpmdb.sqlite: no such file or directory\nstat /tmp/preflight-3020478813/fs/var/lib/rpm/rpmdb.sqlite: no such file or directory\nstat /tmp/preflight-3020478813/fs/var/lib/rpm/Packages: no such file or directory" time="2026-05-06T07:07:21Z" level=info msg="warning: licenses directory does not exist or all of its children are empty directories: error when checking for /licenses: stat /tmp/preflight-3020478813/fs/licenses: no such file or directory" check=HasLicense time="2026-05-06T07:07:21Z" level=info msg="check completed" check=HasLicense result=FAILED time="2026-05-06T07:07:21Z" level=info msg="check completed" check=HasUniqueTag result=PASSED time="2026-05-06T07:07:21Z" level=info msg="check completed" check=LayerCountAcceptable result=PASSED time="2026-05-06T07:07:21Z" level=info msg="check completed" check=HasNoProhibitedPackages err="unable to get a list of all packages in the image: could not get rpm list: could not find rpm db/packages: stat /tmp/preflight-3020478813/fs/usr/lib/sysimage/rpm/rpmdb.sqlite: no such file or directory\nstat /tmp/preflight-3020478813/fs/var/lib/rpm/rpmdb.sqlite: no such file or directory\nstat /tmp/preflight-3020478813/fs/var/lib/rpm/Packages: no such file or directory" result=ERROR time="2026-05-06T07:07:21Z" level=info msg="check completed" check=HasRequiredLabel result=FAILED time="2026-05-06T07:07:21Z" level=info msg="detected empty USER. Presumed to be running as root" check=RunAsNonRoot time="2026-05-06T07:07:21Z" level=info msg="USER value must be provided and be a non-root value for this check to pass" check=RunAsNonRoot time="2026-05-06T07:07:21Z" level=info msg="check completed" check=RunAsNonRoot result=FAILED time="2026-05-06T07:07:25Z" level=info msg="check completed" check=HasModifiedFiles result=PASSED time="2026-05-06T07:07:25Z" level=info msg="check completed" check=BasedOnUbi result=FAILED time="2026-05-06T07:07:25Z" level=info msg="This image's tag on-pr-7ef594af8804f542e0ce08ca6eb1b4cc840deffc will be paired with digest sha256:11aa3b04d4b45a49211382ab7cffe5a39c2e687ff85eeb32884e8d28471ce1d3 once this image has been published in accordance with Red Hat Certification policy. You may then add or remove any supplemental tags through your Red Hat Connect portal as you see fit." { "image": "quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-ewin:on-pr-7ef594af8804f542e0ce08ca6eb1b4cc840deffc", "passed": false, "test_library": { "name": "github.com/redhat-openshift-ecosystem/openshift-preflight", "version": "1.17.2", "commit": "eb87e5b2d67ad110a0afe8edfb16f445e0877c4e" }, "results": { "passed": [ { "name": "HasUniqueTag", "elapsed_time": 0, "description": "Checking if container has a tag other than 'latest', so that the image can be uniquely identified." }, { "name": "LayerCountAcceptable", "elapsed_time": 0, "description": "Checking if container has less than 40 layers. Too many layers within the container images can degrade container performance." }, { "name": "HasModifiedFiles", "elapsed_time": 3674, "description": "Checks that no files installed via RPM in the base Red Hat layer have been modified" } ], "failed": [ { "name": "HasLicense", "elapsed_time": 0, "description": "Checking if terms and conditions applicable to the software including open source licensing information are present. The license must be at /licenses", "help": "Check HasLicense encountered an error. Please review the preflight.log file for more information.", "suggestion": "Create a directory named /licenses and include all relevant licensing and/or terms and conditions as text file(s) in that directory.", "knowledgebase_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction", "check_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction" }, { "name": "HasRequiredLabel", "elapsed_time": 0, "description": "Checking if the required labels (name, vendor, version, release, summary, description, maintainer) are present in the container metadata", "help": "Check HasRequiredLabel encountered an error. Please review the preflight.log file for more information.", "suggestion": "Add the following labels to your Dockerfile or Containerfile: name, vendor, version, release, summary, description, maintainer.", "knowledgebase_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction", "check_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction" }, { "name": "RunAsNonRoot", "elapsed_time": 0, "description": "Checking if container runs as the root user because a container that does not specify a non-root user will fail the automatic certification, and will be subject to a manual review before the container can be approved for publication", "help": "Check RunAsNonRoot encountered an error. Please review the preflight.log file for more information.", "suggestion": "Indicate a specific USER in the dockerfile or containerfile", "knowledgebase_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction", "check_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction" }, { "name": "BasedOnUbi", "elapsed_time": 145, "description": "Checking if the container's base image is based upon the Red Hat Universal Base Image (UBI)", "help": "Check BasedOnUbi encountered an error. Please review the preflight.log file for more information.", "suggestion": "Change the FROM directive in your Dockerfile or Containerfile, for the latest list of images and details refer to: https://catalog.redhat.com/software/base-images", "knowledgebase_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction", "check_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction" } ], "errors": [ { "name": "HasNoProhibitedPackages", "elapsed_time": 0, "description": "Checks to ensure that the image in use does not include prohibited packages, such as Red Hat Enterprise Linux (RHEL) kernel packages.", "help": "Check HasNoProhibitedPackages encountered an error. Please review the preflight.log file for more information." } ] } } time="2026-05-06T07:07:25Z" level=info msg="Preflight result: FAILED" pod: test-comp-ewin-on-pull-requ470f7c58152749b86d52657e1a9b0065-pod | container step-app-set-outcome: {"result":"ERROR","timestamp":"1778051245","note":"Task preflight is a ERROR: Refer to Tekton task logs for more information","successes":3,"failures":4,"warnings":0}[retry] executing: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-ewin:on-pr-7ef594af8804f542e0ce08ca6eb1b4cc840deffc pod: test-comp-ewin-on-pull-requ470f7c58152749b86d52657e1a9b0065-pod | container step-final-outcome: + [[ ! -f /mount/konflux.results.json ]] + tee /tekton/steps/step-final-outcome/results/test-output {"result":"ERROR","timestamp":"1778051245","note":"Task preflight is a ERROR: Refer to Tekton task logs for more information","successes":3,"failures":4,"warnings":0} pod: test-comp-ewin-on-pull-request-gs2jz-apply-tags-pod | init container: prepare 2026/05/06 07:06:34 Entrypoint initialization pod: test-comp-ewin-on-pull-request-gs2jz-apply-tags-pod | container step-apply-additional-tags: time="2026-05-06T07:06:43Z" level=info msg="[param] image-url: quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-ewin:on-pr-7ef594af8804f542e0ce08ca6eb1b4cc840deffc" time="2026-05-06T07:06:43Z" level=info msg="[param] digest: sha256:11aa3b04d4b45a49211382ab7cffe5a39c2e687ff85eeb32884e8d28471ce1d3" time="2026-05-06T07:06:43Z" level=info msg="[param] tags-from-image-label: konflux.additional-tags" time="2026-05-06T07:06:44Z" level=warning msg="No tags given in 'konflux.additional-tags' image label" {"tags":[]} pod: test-comp-ewin-on-pull-request-gs2jz-build-container-pod | init container: prepare 2026/05/06 07:04:35 Entrypoint initialization pod: test-comp-ewin-on-pull-request-gs2jz-build-container-pod | init container: place-scripts 2026/05/06 07:04:35 Decoded script /tekton/scripts/script-1-hqdjj 2026/05/06 07:04:35 Decoded script /tekton/scripts/script-2-xxn8k 2026/05/06 07:04:35 Decoded script /tekton/scripts/script-3-2phdb 2026/05/06 07:04:35 Decoded script /tekton/scripts/script-4-mjw8t 2026/05/06 07:04:35 Decoded script /tekton/scripts/script-5-jjj4x pod: test-comp-ewin-on-pull-request-gs2jz-build-container-pod | container step-use-trusted-artifact: Using token for quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-ewin Executing: oras blob fetch --registry-config /tmp/use-oci.sh.pbXXuX/auth-5acFGY.json quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-ewin@sha256:6a47c6bf7dc3eabf4e15441f8a3fdec1e0c421c5ed5ef9b3976fc7df590545ee --output - Restored artifact quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-ewin@sha256:6a47c6bf7dc3eabf4e15441f8a3fdec1e0c421c5ed5ef9b3976fc7df590545ee to /var/workdir/source WARN: artifact URI not provided, (given: =/var/workdir/cachi2) pod: test-comp-ewin-on-pull-request-gs2jz-build-container-pod | container step-build: [2026-05-06T07:05:08,866215969+00:00] Validate context path [2026-05-06T07:05:08,869425359+00:00] Update CA trust [2026-05-06T07:05:08,870507100+00:00] Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-05-06T07:05:11,014691449+00:00] Prepare Dockerfile Checking if /var/workdir/cachi2/output/bom.json exists. Could not find prefetched sbom. No content_sets found for ICM [2026-05-06T07:05:11,020148590+00:00] Prepare system (architecture: x86_64) [2026-05-06T07:05:11,068769540+00:00] Setup prefetched Trying to pull quay.io/devfile/python:slim... Getting image source signatures Copying blob sha256:0f372def914e585a52a46de64d0ed00b960c02f5f81a307d673e73b404203d61 Copying blob sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb Copying blob sha256:30fb943195a7f7cee90a9c67461c338d1d76a7004d2f94792b774ef71d875a02 Copying blob sha256:2f9c09f7c02f4403f9ec5313e53e63eafe6cd43993457b810ce1b9642812daec Copying blob sha256:778656c04542093db6d3b6e07bffbcf6ec4b24709276be7cdf177fcb3666663a Copying config sha256:04f51101c1b979fb8a45a5332bfa8ed2c60f613ea396c3edd40f3d91702b24ef Writing manifest to image destination [2026-05-06T07:05:38,894268323+00:00] Unsetting proxy { "architecture": "x86_64", "vcs-type": "git", "vcs-ref": "7ef594af8804f542e0ce08ca6eb1b4cc840deffc", "org.opencontainers.image.revision": "7ef594af8804f542e0ce08ca6eb1b4cc840deffc", "org.opencontainers.image.source": "https://github.com/redhat-appstudio-qe/devfile-sample-python-basic", "quay.expires-after": "6h", "build-date": "2026-05-06T07:05:11Z", "org.opencontainers.image.created": "2026-05-06T07:05:11Z", "io.buildah.version": "1.42.2" } [2026-05-06T07:05:38,950657773+00:00] Register sub-man Adding the entitlement to the build [2026-05-06T07:05:38,953944771+00:00] Add secrets [2026-05-06T07:05:38,961497939+00:00] Run buildah build [2026-05-06T07:05:38,962544036+00:00] buildah build --volume /tmp/entitlement:/etc/pki/entitlement --security-opt=unmask=/proc/interrupts --label architecture=x86_64 --label vcs-type=git --label vcs-ref=7ef594af8804f542e0ce08ca6eb1b4cc840deffc --label org.opencontainers.image.revision=7ef594af8804f542e0ce08ca6eb1b4cc840deffc --label org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/devfile-sample-python-basic --label quay.expires-after=6h --label build-date=2026-05-06T07:05:11Z --label org.opencontainers.image.created=2026-05-06T07:05:11Z --annotation org.opencontainers.image.revision=7ef594af8804f542e0ce08ca6eb1b4cc840deffc --annotation org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/devfile-sample-python-basic --annotation org.opencontainers.image.created=2026-05-06T07:05:11Z --tls-verify=true --no-cache --ulimit nofile=4096:4096 --http-proxy=false -f /tmp/Dockerfile.Vo1LaL -t quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-ewin:on-pr-7ef594af8804f542e0ce08ca6eb1b4cc840deffc . STEP 1/11: FROM quay.io/devfile/python:slim STEP 2/11: EXPOSE 8081/tcp STEP 3/11: ENV FLASK_PORT=8081 STEP 4/11: WORKDIR /projects STEP 5/11: COPY requirements.txt . STEP 6/11: RUN pip install -r requirements.txt Collecting Flask==2.1.0 Downloading Flask-2.1.0-py3-none-any.whl (95 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 95.2/95.2 kB 18.6 MB/s eta 0:00:00 Collecting Werkzeug>=2.0 Downloading werkzeug-3.1.8-py3-none-any.whl (226 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 226.5/226.5 kB 79.4 MB/s eta 0:00:00 Collecting Jinja2>=3.0 Downloading jinja2-3.1.6-py3-none-any.whl (134 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 134.9/134.9 kB 115.9 MB/s eta 0:00:00 Collecting itsdangerous>=2.0 Downloading itsdangerous-2.2.0-py3-none-any.whl (16 kB) Collecting click>=8.0 Downloading click-8.3.3-py3-none-any.whl (110 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 110.5/110.5 kB 118.9 MB/s eta 0:00:00 Collecting MarkupSafe>=2.0 Downloading markupsafe-3.0.3-cp311-cp311-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl (22 kB) Installing collected packages: MarkupSafe, itsdangerous, click, Werkzeug, Jinja2, Flask Successfully installed Flask-2.1.0 Jinja2-3.1.6 MarkupSafe-3.0.3 Werkzeug-3.1.8 click-8.3.3 itsdangerous-2.2.0 WARNING: Running pip as the 'root' user can result in broken permissions and conflicting behaviour with the system package manager. It is recommended to use a virtual environment instead: https://pip.pypa.io/warnings/venv [notice] A new release of pip available: 22.3.1 -> 26.1.1 [notice] To update, run: pip install --upgrade pip STEP 7/11: COPY . . STEP 8/11: CMD [ "python", "./app.py" ] STEP 9/11: COPY labels.json /usr/share/buildinfo/labels.json STEP 10/11: COPY labels.json /root/buildinfo/labels.json STEP 11/11: LABEL "architecture"="x86_64" "vcs-type"="git" "vcs-ref"="7ef594af8804f542e0ce08ca6eb1b4cc840deffc" "org.opencontainers.image.revision"="7ef594af8804f542e0ce08ca6eb1b4cc840deffc" "org.opencontainers.image.source"="https://github.com/redhat-appstudio-qe/devfile-sample-python-basic" "quay.expires-after"="6h" "build-date"="2026-05-06T07:05:11Z" "org.opencontainers.image.created"="2026-05-06T07:05:11Z" COMMIT quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-ewin:on-pr-7ef594af8804f542e0ce08ca6eb1b4cc840deffc --> ff5da7b47d53 Successfully tagged quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-ewin:on-pr-7ef594af8804f542e0ce08ca6eb1b4cc840deffc ff5da7b47d53d26efde6c8211fd3976b78ffa55d97bfc974df0d7913d373513f [2026-05-06T07:05:42,985974559+00:00] Unsetting proxy [2026-05-06T07:05:42,987229326+00:00] Add metadata Recording base image digests used quay.io/devfile/python:slim quay.io/devfile/python:slim@sha256:54924a2ee4a2ef17028ae076ce38e59b3f4054353a5c9f9318dfaee60377532c Getting image source signatures Copying blob sha256:758ca54a0af8a188d7d5e1757abf2aced2860888baee8f3941c91970d735a8b4 Copying blob sha256:d9892173749de078dfb702835e9e3858aff86e7447fb11c5a2f2c6bb10f882f6 Copying blob sha256:b5ebffba54d3e3f7fd80435fcdc34c4a96fdb2ecab0f0a298fe08f74c2f69d29 Copying blob sha256:609bcd29c7943a6667e3204bfa5b86a07d255f78ebc26d4c4e8981b335ac3b9a Copying blob sha256:0a7eaca7a2e7e116a5658c409ea2ceb98226b7481a3b0f90c8d94d9f230fe238 Copying blob sha256:d326469892d974408d96f1e02d64dce10d20f88613688af11e99e3e22523beeb Copying config sha256:ff5da7b47d53d26efde6c8211fd3976b78ffa55d97bfc974df0d7913d373513f Writing manifest to image destination [2026-05-06T07:05:46,411012707+00:00] End build pod: test-comp-ewin-on-pull-request-gs2jz-build-container-pod | container step-push: [2026-05-06T07:05:46,972187917+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-05-06T07:05:49,033131291+00:00] Convert image [2026-05-06T07:05:49,034205851+00:00] Push image with unique tag Pushing to quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-ewin:test-comp-ewin-on-pull-request-gs2jz-build-container [retry] executing: buildah push --format=oci --retry 3 --tls-verify=true quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-ewin:on-pr-7ef594af8804f542e0ce08ca6eb1b4cc840deffc docker://quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-ewin:test-comp-ewin-on-pull-request-gs2jz-build-container Getting image source signatures Copying blob sha256:758ca54a0af8a188d7d5e1757abf2aced2860888baee8f3941c91970d735a8b4 Copying blob sha256:b5ebffba54d3e3f7fd80435fcdc34c4a96fdb2ecab0f0a298fe08f74c2f69d29 Copying blob sha256:d9892173749de078dfb702835e9e3858aff86e7447fb11c5a2f2c6bb10f882f6 Copying blob sha256:0a7eaca7a2e7e116a5658c409ea2ceb98226b7481a3b0f90c8d94d9f230fe238 Copying blob sha256:609bcd29c7943a6667e3204bfa5b86a07d255f78ebc26d4c4e8981b335ac3b9a Copying blob sha256:d326469892d974408d96f1e02d64dce10d20f88613688af11e99e3e22523beeb Copying config sha256:ff5da7b47d53d26efde6c8211fd3976b78ffa55d97bfc974df0d7913d373513f Writing manifest to image destination [2026-05-06T07:05:53,926997473+00:00] Push image with git revision Pushing to quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-ewin:on-pr-7ef594af8804f542e0ce08ca6eb1b4cc840deffc [retry] executing: buildah push --format=oci --retry 3 --tls-verify=true --digestfile /var/workdir/image-digest quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-ewin:on-pr-7ef594af8804f542e0ce08ca6eb1b4cc840deffc docker://quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-ewin:on-pr-7ef594af8804f542e0ce08ca6eb1b4cc840deffc Getting image source signatures Copying blob sha256:758ca54a0af8a188d7d5e1757abf2aced2860888baee8f3941c91970d735a8b4 Copying blob sha256:d9892173749de078dfb702835e9e3858aff86e7447fb11c5a2f2c6bb10f882f6 Copying blob sha256:b5ebffba54d3e3f7fd80435fcdc34c4a96fdb2ecab0f0a298fe08f74c2f69d29 Copying blob sha256:609bcd29c7943a6667e3204bfa5b86a07d255f78ebc26d4c4e8981b335ac3b9a Copying blob sha256:d326469892d974408d96f1e02d64dce10d20f88613688af11e99e3e22523beeb Copying blob sha256:0a7eaca7a2e7e116a5658c409ea2ceb98226b7481a3b0f90c8d94d9f230fe238 Copying config sha256:ff5da7b47d53d26efde6c8211fd3976b78ffa55d97bfc974df0d7913d373513f Writing manifest to image destination sha256:11aa3b04d4b45a49211382ab7cffe5a39c2e687ff85eeb32884e8d28471ce1d3quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-ewin:on-pr-7ef594af8804f542e0ce08ca6eb1b4cc840deffc [retry] executing: kubectl get configmap cluster-config -n konflux-info -o json Keyless signing is disabled (none of rekorInternalUrl, fulcioInternalUrl, defaultOIDCIssuer, tufInternalUrl are configured in the konflux-info/cluster-config configmap) [2026-05-06T07:05:54,746706547+00:00] End push pod: test-comp-ewin-on-pull-request-gs2jz-build-container-pod | container step-sbom-syft-generate: [2026-05-06T07:05:54,913669590+00:00] Generate SBOM Running syft on the image Running syft on the source code [0000] WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal) [2026-05-06T07:06:00,124512590+00:00] End sbom-syft-generate pod: test-comp-ewin-on-pull-request-gs2jz-build-container-pod | container step-prepare-sboms: [2026-05-06T07:06:00,461851970+00:00] Prepare SBOM [2026-05-06T07:06:00,465794709+00:00] Generate SBOM with mobster Skipping SBOM validation 2026-05-06 07:06:01,607 [INFO] mobster.log: Logging level set to 20 2026-05-06 07:06:01,686 [INFO] mobster.oci: Fetching manifest for quay.io/devfile/python@sha256:54924a2ee4a2ef17028ae076ce38e59b3f4054353a5c9f9318dfaee60377532c 2026-05-06 07:06:02,233 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type spdxjson failed for quay.io/devfile/python@sha256:54924a2ee4a2ef17028ae076ce38e59b3f4054353a5c9f9318dfaee60377532c with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-05-06 07:06:02,433 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type cyclonedx failed for quay.io/devfile/python@sha256:54924a2ee4a2ef17028ae076ce38e59b3f4054353a5c9f9318dfaee60377532c with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-05-06 07:06:02,877 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type spdxjson failed for quay.io/devfile/python@sha256:54924a2ee4a2ef17028ae076ce38e59b3f4054353a5c9f9318dfaee60377532c with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-05-06 07:06:03,139 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type cyclonedx failed for quay.io/devfile/python@sha256:54924a2ee4a2ef17028ae076ce38e59b3f4054353a5c9f9318dfaee60377532c with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-05-06 07:06:03,582 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type spdxjson failed for quay.io/devfile/python@sha256:54924a2ee4a2ef17028ae076ce38e59b3f4054353a5c9f9318dfaee60377532c with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-05-06 07:06:03,822 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type cyclonedx failed for quay.io/devfile/python@sha256:54924a2ee4a2ef17028ae076ce38e59b3f4054353a5c9f9318dfaee60377532c with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-05-06 07:06:04,238 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type spdxjson failed for quay.io/devfile/python@sha256:54924a2ee4a2ef17028ae076ce38e59b3f4054353a5c9f9318dfaee60377532c with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-05-06 07:06:04,440 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type cyclonedx failed for quay.io/devfile/python@sha256:54924a2ee4a2ef17028ae076ce38e59b3f4054353a5c9f9318dfaee60377532c with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-05-06 07:06:04,440 [INFO] mobster.cmd.generate.oci_image.contextual_sbom.contextualize: Contextual mechanism won't be used, there is no parent image SBOM. 2026-05-06 07:06:04,440 [INFO] mobster.cmd.generate.oci_image: Contextual SBOM workflow finished successfully. 2026-05-06 07:06:04,441 [INFO] mobster.log: Contextual workflow completed in 2.77s 2026-05-06 07:06:04,463 [INFO] mobster.main: Exiting with code 0. [2026-05-06T07:06:04,530058277+00:00] End prepare-sboms pod: test-comp-ewin-on-pull-request-gs2jz-build-container-pod | container step-upload-sbom: [2026-05-06T07:06:04,542581085+00:00] Upload SBOM INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' Using token for quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-ewin Pushing sbom to registry [retry] executing: cosign attach sbom --sbom sbom.json --type spdx quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-ewin:on-pr-7ef594af8804f542e0ce08ca6eb1b4cc840deffc@sha256:11aa3b04d4b45a49211382ab7cffe5a39c2e687ff85eeb32884e8d28471ce1d3 WARNING: SBOM attachments are deprecated and support will be removed in a Cosign release soon after 2024-02-22 (see https://github.com/sigstore/cosign/issues/2755). Instead, please use SBOM attestations. WARNING: Attaching SBOMs this way does not sign them. To sign them, use 'cosign attest --predicate sbom.json --key <key path>'. Uploading SBOM file for [quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-ewin@sha256:11aa3b04d4b45a49211382ab7cffe5a39c2e687ff85eeb32884e8d28471ce1d3] to [quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-ewin:sha256-11aa3b04d4b45a49211382ab7cffe5a39c2e687ff85eeb32884e8d28471ce1d3.sbom] with mediaType [text/spdx+json]. quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-ewin@sha256:27c3cf3c13b304c064ffb9fadc50435ecb321481b73c698df1db09d7e4c3b7cd [2026-05-06T07:06:08,460607848+00:00] End upload-sbom pod: test-comp-ewin-on-pull-request-gs2jz-build-image-index-pod | init container: prepare 2026/05/06 07:06:10 Entrypoint initialization pod: test-comp-ewin-on-pull-request-gs2jz-build-image-index-pod | init container: place-scripts 2026/05/06 07:06:11 Decoded script /tekton/scripts/script-0-cjlm2 2026/05/06 07:06:11 Decoded script /tekton/scripts/script-1-s949g 2026/05/06 07:06:11 Decoded script /tekton/scripts/script-2-fd22f pod: test-comp-ewin-on-pull-request-gs2jz-build-image-index-pod | container step-build: [2026-05-06T07:06:24,788532939+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' Running konflux-build-cli time="2026-05-06T07:06:26Z" level=info msg="[param] image: quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-ewin:on-pr-7ef594af8804f542e0ce08ca6eb1b4cc840deffc" time="2026-05-06T07:06:26Z" level=info msg="[param] images: [quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-ewin:on-pr-7ef594af8804f542e0ce08ca6eb1b4cc840deffc@sha256:11aa3b04d4b45a49211382ab7cffe5a39c2e687ff85eeb32884e8d28471ce1d3]" time="2026-05-06T07:06:26Z" level=info msg="[param] buildah-format: oci" time="2026-05-06T07:06:26Z" level=info msg="[param] always-build-index: false" time="2026-05-06T07:06:26Z" level=info msg="[param] additional-tags: [test-comp-ewin-on-pull-request-gs2jz-build-image-index]" time="2026-05-06T07:06:26Z" level=info msg="[param] output-manifest-path: /index-build-data/manifest_data.json" time="2026-05-06T07:06:26Z" level=info msg="[param] result-path-image-digest: /tekton/results/IMAGE_DIGEST" time="2026-05-06T07:06:26Z" level=info msg="[param] result-path-image-url: /tekton/results/IMAGE_URL" time="2026-05-06T07:06:26Z" level=info msg="[param] result-path-image-ref: /tekton/results/IMAGE_REF" time="2026-05-06T07:06:26Z" level=info msg="[param] result-path-images: /tekton/results/IMAGES" time="2026-05-06T07:06:26Z" level=info msg="Creating manifest list: quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-ewin:on-pr-7ef594af8804f542e0ce08ca6eb1b4cc840deffc" time="2026-05-06T07:06:26Z" level=info msg="buildah [stdout] 2abf831442d8b584db0bfaa8bbd7abd0c99b69908cbfe6e5574e88e4c4ca683e" logger=CliExecutor time="2026-05-06T07:06:26Z" level=info msg="Skipping image index generation. Returning results for single image." {"image_digest":"sha256:11aa3b04d4b45a49211382ab7cffe5a39c2e687ff85eeb32884e8d28471ce1d3","image_url":"quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-ewin:on-pr-7ef594af8804f542e0ce08ca6eb1b4cc840deffc","image_ref":"quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-ewin@sha256:11aa3b04d4b45a49211382ab7cffe5a39c2e687ff85eeb32884e8d28471ce1d3","images":"quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-ewin@sha256:11aa3b04d4b45a49211382ab7cffe5a39c2e687ff85eeb32884e8d28471ce1d3"} pod: test-comp-ewin-on-pull-request-gs2jz-build-image-index-pod | container step-create-sbom: The manifest_data.json file does not exist. Skipping the SBOM creation... pod: test-comp-ewin-on-pull-request-gs2jz-build-image-index-pod | container step-upload-sbom: [2026-05-06T07:06:28,079654302+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' The index.spdx.json file does not exists. Skipping the SBOM upload... pod: test-comp-ewin-on-pull-request-gs2jz-clair-scan-pod | init container: prepare 2026/05/06 07:06:33 Entrypoint initialization pod: test-comp-ewin-on-pull-request-gs2jz-clair-scan-pod | init container: place-scripts 2026/05/06 07:06:45 Decoded script /tekton/scripts/script-0-bmwz8 2026/05/06 07:06:45 Decoded script /tekton/scripts/script-1-f2s5s 2026/05/06 07:06:45 Decoded script /tekton/scripts/script-2-tw8gd 2026/05/06 07:06:45 Decoded script /tekton/scripts/script-3-nwntj pod: test-comp-ewin-on-pull-request-gs2jz-clair-scan-pod | container step-get-image-manifests: Inspecting raw image manifest quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-ewin@sha256:11aa3b04d4b45a49211382ab7cffe5a39c2e687ff85eeb32884e8d28471ce1d3. pod: test-comp-ewin-on-pull-request-gs2jz-clair-scan-pod | container step-get-vulnerabilities: Running clair-action on amd64 image manifest... �[90m2026-05-06T07:10:23Z�[0m �[32mINF�[0m �[1mmatchers created�[0m �[36mcomponent=�[0mlibvuln/New �[36mmatchers=�[0m[{"docs":"https://pkg.go.dev/github.com/quay/claircore/gobin","name":"gobin"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/java","name":"java-maven"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ubuntu","name":"ubuntu-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel","name":"rhel"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/aws","name":"aws-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/python","name":"python"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ruby","name":"ruby-gem"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/suse","name":"suse"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/alpine","name":"alpine-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/debian","name":"debian-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/photon","name":"photon"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel/rhcc","name":"rhel-container-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/oracle","name":"oracle"}] �[90m2026-05-06T07:10:23Z�[0m �[32mINF�[0m �[1mlibvuln initialized�[0m �[36mcomponent=�[0mlibvuln/New �[90m2026-05-06T07:10:25Z�[0m �[32mINF�[0m �[1mregistered configured scanners�[0m �[36mcomponent=�[0mlibindex/New �[90m2026-05-06T07:10:25Z�[0m �[32mINF�[0m �[1mNewLayerScanner: constructing a new layer-scanner�[0m �[36mcomponent=�[0mindexer.NewLayerScanner �[90m2026-05-06T07:10:25Z�[0m �[32mINF�[0m �[1mindex request start�[0m �[36mcomponent=�[0mlibindex/Libindex.Index �[36mmanifest=�[0msha256:11aa3b04d4b45a49211382ab7cffe5a39c2e687ff85eeb32884e8d28471ce1d3 �[90m2026-05-06T07:10:25Z�[0m �[32mINF�[0m �[1mstarting scan�[0m �[36mcomponent=�[0mindexer/controller/Controller.Index �[36mmanifest=�[0msha256:11aa3b04d4b45a49211382ab7cffe5a39c2e687ff85eeb32884e8d28471ce1d3 �[90m2026-05-06T07:10:25Z�[0m �[32mINF�[0m �[1mmanifest to be scanned�[0m �[36mcomponent=�[0mindexer/controller/Controller.Index �[36mmanifest=�[0msha256:11aa3b04d4b45a49211382ab7cffe5a39c2e687ff85eeb32884e8d28471ce1d3 �[36mstate=�[0mCheckManifest �[90m2026-05-06T07:10:25Z�[0m �[32mINF�[0m �[1mlayers fetch start�[0m �[36mcomponent=�[0mindexer/controller/Controller.Index �[36mmanifest=�[0msha256:11aa3b04d4b45a49211382ab7cffe5a39c2e687ff85eeb32884e8d28471ce1d3 �[36mstate=�[0mFetchLayers �[90m2026-05-06T07:10:26Z�[0m �[32mINF�[0m �[1mlayers fetch success�[0m �[36mcomponent=�[0mindexer/controller/Controller.Index �[36mmanifest=�[0msha256:11aa3b04d4b45a49211382ab7cffe5a39c2e687ff85eeb32884e8d28471ce1d3 �[36mstate=�[0mFetchLayers �[90m2026-05-06T07:10:26Z�[0m �[32mINF�[0m �[1mlayers fetch done�[0m �[36mcomponent=�[0mindexer/controller/Controller.Index �[36mmanifest=�[0msha256:11aa3b04d4b45a49211382ab7cffe5a39c2e687ff85eeb32884e8d28471ce1d3 �[36mstate=�[0mFetchLayers �[90m2026-05-06T07:10:26Z�[0m �[32mINF�[0m �[1mlayers scan start�[0m �[36mcomponent=�[0mindexer/controller/Controller.Index �[36mmanifest=�[0msha256:11aa3b04d4b45a49211382ab7cffe5a39c2e687ff85eeb32884e8d28471ce1d3 �[36mstate=�[0mScanLayers �[90m2026-05-06T07:10:26Z�[0m �[32mINF�[0m �[1mlayers scan done�[0m �[36mcomponent=�[0mindexer/controller/Controller.Index �[36mmanifest=�[0msha256:11aa3b04d4b45a49211382ab7cffe5a39c2e687ff85eeb32884e8d28471ce1d3 �[36mstate=�[0mScanLayers �[90m2026-05-06T07:10:26Z�[0m �[32mINF�[0m �[1mstarting index manifest�[0m �[36mcomponent=�[0mindexer/controller/Controller.Index �[36mmanifest=�[0msha256:11aa3b04d4b45a49211382ab7cffe5a39c2e687ff85eeb32884e8d28471ce1d3 �[36mstate=�[0mIndexManifest �[90m2026-05-06T07:10:26Z�[0m �[32mINF�[0m �[1mfinishing scan�[0m �[36mcomponent=�[0mindexer/controller/Controller.Index �[36mmanifest=�[0msha256:11aa3b04d4b45a49211382ab7cffe5a39c2e687ff85eeb32884e8d28471ce1d3 �[36mstate=�[0mIndexFinished �[90m2026-05-06T07:10:26Z�[0m �[32mINF�[0m �[1mmanifest successfully scanned�[0m �[36mcomponent=�[0mindexer/controller/Controller.Index �[36mmanifest=�[0msha256:11aa3b04d4b45a49211382ab7cffe5a39c2e687ff85eeb32884e8d28471ce1d3 �[36mstate=�[0mIndexFinished �[90m2026-05-06T07:10:26Z�[0m �[32mINF�[0m �[1mindex request done�[0m �[36mcomponent=�[0mlibindex/Libindex.Index �[36mmanifest=�[0msha256:11aa3b04d4b45a49211382ab7cffe5a39c2e687ff85eeb32884e8d28471ce1d3 { "manifest_hash": "sha256:11aa3b04d4b45a49211382ab7cffe5a39c2e687ff85eeb32884e8d28471ce1d3", "packages": { "+GDQTbek1zYvATiVR/wBCA==": { "id": "+GDQTbek1zYvATiVR/wBCA==", "name": "gzip", "version": "1.10-4+deb11u1", "kind": "binary", "source": { "id": "", "name": "gzip", "version": "1.10-4+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "+aaqENN9U+Kuxcb1tQ8Utg==": { "id": "+aaqENN9U+Kuxcb1tQ8Utg==", "name": "netbase", "version": "6.3", "kind": "binary", "source": { "id": "", "name": "netbase", "version": "6.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "+ol9cHiNc+RWiD7Kw3TLCg==": { "id": "+ol9cHiNc+RWiD7Kw3TLCg==", "name": "libcom-err2", "version": "1.46.2-2", "kind": "binary", "source": { "id": "", "name": "e2fsprogs", "version": "1.46.2-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "05vApGRmP6ko1S0ji87IIQ==": { "id": "05vApGRmP6ko1S0ji87IIQ==", "name": "libunistring2", "version": "0.9.10-4", "kind": "binary", "source": { "id": "", "name": "libunistring", "version": "0.9.10-4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "0jMyX7UCIuSpntMN1r7Ofg==": { "id": "0jMyX7UCIuSpntMN1r7Ofg==", "name": "libzstd1", "version": "1.4.8+dfsg-2.1", "kind": "binary", "source": { "id": "", "name": "libzstd", "version": "1.4.8+dfsg-2.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "1jyJPCL93kiEbfmNKeyz3g==": { "id": "1jyJPCL93kiEbfmNKeyz3g==", "name": "jinja2", "version": "3.1.6", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.3.1.6.0.0.0.0.0.0", "cpe": "" }, "2MObxiEVNllmUEzdVZM5qw==": { "id": "2MObxiEVNllmUEzdVZM5qw==", "name": "apt", "version": "2.2.4", "kind": "binary", "source": { "id": "", "name": "apt", "version": "2.2.4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "3f992oeEQfSQxRA0nlq8Wg==": { "id": "3f992oeEQfSQxRA0nlq8Wg==", "name": "libgcrypt20", "version": "1.8.7-6", "kind": "binary", "source": { "id": "", "name": "libgcrypt20", "version": "1.8.7-6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "4672uZtn8TnHDEzWVyhfjw==": { "id": "4672uZtn8TnHDEzWVyhfjw==", "name": "base-files", "version": "11.1+deb11u5", "kind": "binary", "source": { "id": "", "name": "base-files", "version": "11.1+deb11u5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "4jCPzhS6OWt4agz9d/cfTw==": { "id": "4jCPzhS6OWt4agz9d/cfTw==", "name": "ncurses-base", "version": "6.2+20201114-2", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.2+20201114-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "5zxxTA220k9gPCegfDHkag==": { "id": "5zxxTA220k9gPCegfDHkag==", "name": "libgmp10", "version": "2:6.2.1+dfsg-1+deb11u1", "kind": "binary", "source": { "id": "", "name": "gmp", "version": "2:6.2.1+dfsg-1+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "7a3yla6TRFZrhmAreU7f8Q==": { "id": "7a3yla6TRFZrhmAreU7f8Q==", "name": "libexpat1", "version": "2.2.10-2+deb11u5", "kind": "binary", "source": { "id": "", "name": "expat", "version": "2.2.10-2+deb11u5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "8alfBYUr5uWbAyB5PrY8Hg==": { "id": "8alfBYUr5uWbAyB5PrY8Hg==", "name": "libudev1", "version": "247.3-7+deb11u1", "kind": "binary", "source": { "id": "", "name": "systemd", "version": "247.3-7+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "9snKXrH4dQy2IXHQ01Lg0A==": { "id": "9snKXrH4dQy2IXHQ01Lg0A==", "name": "libaudit1", "version": "1:3.0-2", "kind": "binary", "source": { "id": "", "name": "audit", "version": "1:3.0-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "Akbft1KN+9FKNhh1tM25eA==": { "id": "Akbft1KN+9FKNhh1tM25eA==", "name": "mount", "version": "2.36.1-8+deb11u1", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.36.1-8+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "BJL42acLPAR8bEnmM1Z3mg==": { "id": "BJL42acLPAR8bEnmM1Z3mg==", "name": "libblkid1", "version": "2.36.1-8+deb11u1", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.36.1-8+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "CBzoMmlXBcyP54HOnauO0g==": { "id": "CBzoMmlXBcyP54HOnauO0g==", "name": "libpam-runtime", "version": "1.4.0-9+deb11u1", "kind": "binary", "source": { "id": "", "name": "pam", "version": "1.4.0-9+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "CpILSbg3p6D7Gsp8sCW1Rg==": { "id": "CpILSbg3p6D7Gsp8sCW1Rg==", "name": "libsemanage1", "version": "3.1-1+b2", "kind": "binary", "source": { "id": "", "name": "libsemanage", "version": "3.1-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "D0G6c/ML9XX4eoGHgx1jeQ==": { "id": "D0G6c/ML9XX4eoGHgx1jeQ==", "name": "libc6", "version": "2.31-13+deb11u5", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.31-13+deb11u5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "DY5Co0gkGtbgwDlkjfJLWA==": { "id": "DY5Co0gkGtbgwDlkjfJLWA==", "name": "markupsafe", "version": "3.0.3", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.3.0.3.0.0.0.0.0.0", "cpe": "" }, "DtMxcnDA8Je9vAHjmzagaA==": { "id": "DtMxcnDA8Je9vAHjmzagaA==", "name": "e2fsprogs", "version": "1.46.2-2", "kind": "binary", "source": { "id": "", "name": "e2fsprogs", "version": "1.46.2-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "EVGnnBfWyiVHhoIR4vEpgg==": { "id": "EVGnnBfWyiVHhoIR4vEpgg==", "name": "libbz2-1.0", "version": "1.0.8-4", "kind": "binary", "source": { "id": "", "name": "bzip2", "version": "1.0.8-4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "ExYxXcgoIRjAjUObwDE4jA==": { "id": "ExYxXcgoIRjAjUObwDE4jA==", "name": "libk5crypto3", "version": "1.18.3-6+deb11u3", "kind": "binary", "source": { "id": "", "name": "krb5", "version": "1.18.3-6+deb11u3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "FJIijlwFNqvdoVBcfTF/pg==": { "id": "FJIijlwFNqvdoVBcfTF/pg==", "name": "login", "version": "1:4.8.1-1", "kind": "binary", "source": { "id": "", "name": "shadow", "version": "1:4.8.1-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "FOAAB3KiNsLyi03hQsjRTA==": { "id": "FOAAB3KiNsLyi03hQsjRTA==", "name": "libcrypt1", "version": "1:4.4.18-4", "kind": "binary", "source": { "id": "", "name": "libxcrypt", "version": "1:4.4.18-4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "FrUy4mOCaHm5aGT53as3JQ==": { "id": "FrUy4mOCaHm5aGT53as3JQ==", "name": "diffutils", "version": "1:3.7-5", "kind": "binary", "source": { "id": "", "name": "diffutils", "version": "1:3.7-5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "G/7q+D+DsqYAVnohcyuzgQ==": { "id": "G/7q+D+DsqYAVnohcyuzgQ==", "name": "libssl1.1", "version": "1.1.1n-0+deb11u3", "kind": "binary", "source": { "id": "", "name": "openssl", "version": "1.1.1n-0+deb11u3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "GGaavnLgXX31qx9chfhdOQ==": { "id": "GGaavnLgXX31qx9chfhdOQ==", "name": "libaudit-common", "version": "1:3.0-2", "kind": "binary", "source": { "id": "", "name": "audit", "version": "1:3.0-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "Gm6VA87iOnaQ0rWR6oO9eA==": { "id": "Gm6VA87iOnaQ0rWR6oO9eA==", "name": "libpcre2-8-0", "version": "10.36-2+deb11u1", "kind": "binary", "source": { "id": "", "name": "pcre2", "version": "10.36-2+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "HFwGHerHwgvY8vkjr3x1Pg==": { "id": "HFwGHerHwgvY8vkjr3x1Pg==", "name": "itsdangerous", "version": "2.2.0", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.2.2.0.0.0.0.0.0.0", "cpe": "" }, "IQfQp74RcAWE7jHtQsMLHg==": { "id": "IQfQp74RcAWE7jHtQsMLHg==", "name": "bsdutils", "version": "1:2.36.1-8+deb11u1", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.36.1-8+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "IiJKm8T4olfm6rhuKayFOw==": { "id": "IiJKm8T4olfm6rhuKayFOw==", "name": "lsb-base", "version": "11.1.0", "kind": "binary", "source": { "id": "", "name": "lsb", "version": "11.1.0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "Jg2vDvx1JxyPDIrUzzR9NQ==": { "id": "Jg2vDvx1JxyPDIrUzzR9NQ==", "name": "grep", "version": "3.6-1", "kind": "binary", "source": { "id": "", "name": "grep", "version": "3.6-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "LOfpAnA/2f7zE4SFJCrxVg==": { "id": "LOfpAnA/2f7zE4SFJCrxVg==", "name": "zlib1g", "version": "1:1.2.11.dfsg-2+deb11u2", "kind": "binary", "source": { "id": "", "name": "zlib", "version": "1:1.2.11.dfsg-2+deb11u2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "LVHVhWoZgWwWvOspyUwb1w==": { "id": "LVHVhWoZgWwWvOspyUwb1w==", "name": "libreadline8", "version": "8.1-1", "kind": "binary", "source": { "id": "", "name": "readline", "version": "8.1-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "MvKvHHnD0jaLaWpyHvkhgQ==": { "id": "MvKvHHnD0jaLaWpyHvkhgQ==", "name": "passwd", "version": "1:4.8.1-1", "kind": "binary", "source": { "id": "", "name": "shadow", "version": "1:4.8.1-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "NA4G2YrIZ73fsX7d5r5rGw==": { "id": "NA4G2YrIZ73fsX7d5r5rGw==", "name": "debconf", "version": "1.5.77", "kind": "binary", "source": { "id": "", "name": "debconf", "version": "1.5.77", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "NzkVb7F31E+Vxxz3PCS6tg==": { "id": "NzkVb7F31E+Vxxz3PCS6tg==", "name": "libkrb5support0", "version": "1.18.3-6+deb11u3", "kind": "binary", "source": { "id": "", "name": "krb5", "version": "1.18.3-6+deb11u3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "OgJFdUXRfF1Ls8u1+eOivw==": { "id": "OgJFdUXRfF1Ls8u1+eOivw==", "name": "libgpg-error0", "version": "1.38-2", "kind": "binary", "source": { "id": "", "name": "libgpg-error", "version": "1.38-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "PaaRbD/FkW3JARtSKQgRcQ==": { "id": "PaaRbD/FkW3JARtSKQgRcQ==", "name": "libattr1", "version": "1:2.4.48-6", "kind": "binary", "source": { "id": "", "name": "attr", "version": "1:2.4.48-6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "PgPY5hWnihXRN45byvzY0g==": { "id": "PgPY5hWnihXRN45byvzY0g==", "name": "libncursesw6", "version": "6.2+20201114-2", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.2+20201114-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "R1TkRM71ql+JWgz0VF5ESQ==": { "id": "R1TkRM71ql+JWgz0VF5ESQ==", "name": "libsepol1", "version": "3.1-1", "kind": "binary", "source": { "id": "", "name": "libsepol", "version": "3.1-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "RAMuXEdVU4AJ/z4aiK/NNg==": { "id": "RAMuXEdVU4AJ/z4aiK/NNg==", "name": "setuptools", "version": "65.5.0", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.65.5.0.0.0.0.0.0.0", "cpe": "" }, "RVoqRXLcdKU5LYfyLKdi3Q==": { "id": "RVoqRXLcdKU5LYfyLKdi3Q==", "name": "click", "version": "8.3.3", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.8.3.3.0.0.0.0.0.0", "cpe": "" }, "RYsqO4ROpGMzzCO5WaTrlw==": { "id": "RYsqO4ROpGMzzCO5WaTrlw==", "name": "dpkg", "version": "1.20.12", "kind": "binary", "source": { "id": "", "name": "dpkg", "version": "1.20.12", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "RgdwX+VC70nXZ2E527PXaA==": { "id": "RgdwX+VC70nXZ2E527PXaA==", "name": "logsave", "version": "1.46.2-2", "kind": "binary", "source": { "id": "", "name": "e2fsprogs", "version": "1.46.2-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "SWnjL4fWu+WMpxhSCWLhZQ==": { "id": "SWnjL4fWu+WMpxhSCWLhZQ==", "name": "base-passwd", "version": "3.5.51", "kind": "binary", "source": { "id": "", "name": "base-passwd", "version": "3.5.51", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "T5NuX1yinNyGoZNN2r9u4Q==": { "id": "T5NuX1yinNyGoZNN2r9u4Q==", "name": "ca-certificates", "version": "20210119", "kind": "binary", "source": { "id": "", "name": "ca-certificates", "version": "20210119", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "VVXsYlCxogg17Ti1iR03Mw==": { "id": "VVXsYlCxogg17Ti1iR03Mw==", "name": "libseccomp2", "version": "2.5.1-1+deb11u1", "kind": "binary", "source": { "id": "", "name": "libseccomp", "version": "2.5.1-1+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "VbNyM3GfR5vEmJdFAiKqrA==": { "id": "VbNyM3GfR5vEmJdFAiKqrA==", "name": "gcc-9-base", "version": "9.3.0-22", "kind": "binary", "source": { "id": "", "name": "gcc-9", "version": "9.3.0-22", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "Wi4oa03apqVdR6okNeZiNA==": { "id": "Wi4oa03apqVdR6okNeZiNA==", "name": "libgnutls30", "version": "3.7.1-5+deb11u2", "kind": "binary", "source": { "id": "", "name": "gnutls28", "version": "3.7.1-5+deb11u2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "ZPlAztePXX+uFLVDX2lgNQ==": { "id": "ZPlAztePXX+uFLVDX2lgNQ==", "name": "libsemanage-common", "version": "3.1-1", "kind": "binary", "source": { "id": "", "name": "libsemanage", "version": "3.1-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "ZWeYh81MRCu1nh3mOyptIA==": { "id": "ZWeYh81MRCu1nh3mOyptIA==", "name": "libmount1", "version": "2.36.1-8+deb11u1", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.36.1-8+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "bGWj1aSf0wvrecU/pdTv5A==": { "id": "bGWj1aSf0wvrecU/pdTv5A==", "name": "gcc-10-base", "version": "10.2.1-6", "kind": "binary", "source": { "id": "", "name": "gcc-10", "version": "10.2.1-6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "bHkSxcl6e1quNxLGb6uX8A==": { "id": "bHkSxcl6e1quNxLGb6uX8A==", "name": "coreutils", "version": "8.32-4+b1", "kind": "binary", "source": { "id": "", "name": "coreutils", "version": "8.32-4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "bTSLWiizipO2axtmvXFuVg==": { "id": "bTSLWiizipO2axtmvXFuVg==", "name": "libtasn1-6", "version": "4.16.0-2", "kind": "binary", "source": { "id": "", "name": "libtasn1-6", "version": "4.16.0-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "be3s5y0dx4bgsQboIoDduw==": { "id": "be3s5y0dx4bgsQboIoDduw==", "name": "libp11-kit0", "version": "0.23.22-1", "kind": "binary", "source": { "id": "", "name": "p11-kit", "version": "0.23.22-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "brvvAQ6V7yp7QbUuk+W5Hg==": { "id": "brvvAQ6V7yp7QbUuk+W5Hg==", "name": "libext2fs2", "version": "1.46.2-2", "kind": "binary", "source": { "id": "", "name": "e2fsprogs", "version": "1.46.2-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "d4b/e0nx+/vPWuPB7oDzPw==": { "id": "d4b/e0nx+/vPWuPB7oDzPw==", "name": "libc-bin", "version": "2.31-13+deb11u5", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.31-13+deb11u5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "dRfu6Up2F2Ze+gJ21oSeug==": { "id": "dRfu6Up2F2Ze+gJ21oSeug==", "name": "libgdbm6", "version": "1.19-2", "kind": "binary", "source": { "id": "", "name": "gdbm", "version": "1.19-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "dUT53gagQO5Ac9Bdlu5dAw==": { "id": "dUT53gagQO5Ac9Bdlu5dAw==", "name": "sysvinit-utils", "version": "2.96-7+deb11u1", "kind": "binary", "source": { "id": "", "name": "sysvinit", "version": "2.96-7+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "dXglURzzdbLnOf14mab1Hg==": { "id": "dXglURzzdbLnOf14mab1Hg==", "name": "tar", "version": "1.34+dfsg-1", "kind": "binary", "source": { "id": "", "name": "tar", "version": "1.34+dfsg-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "dobmrwm7aq9puvFHwNgXxw==": { "id": "dobmrwm7aq9puvFHwNgXxw==", "name": "libstdc++6", "version": "10.2.1-6", "kind": "binary", "source": { "id": "", "name": "gcc-10", "version": "10.2.1-6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "dv3AlW8tBL4D0mEPW7/Z2Q==": { "id": "dv3AlW8tBL4D0mEPW7/Z2Q==", "name": "libpam-modules-bin", "version": "1.4.0-9+deb11u1", "kind": "binary", "source": { "id": "", "name": "pam", "version": "1.4.0-9+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "eF2QIdrTmJlWmjQTkhntow==": { "id": "eF2QIdrTmJlWmjQTkhntow==", "name": "wheel", "version": "0.38.4", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.0.38.4.0.0.0.0.0.0", "cpe": "" }, "elSR7m8uLWd/kMl2jxTm/A==": { "id": "elSR7m8uLWd/kMl2jxTm/A==", "name": "libpam-modules", "version": "1.4.0-9+deb11u1", "kind": "binary", "source": { "id": "", "name": "pam", "version": "1.4.0-9+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "evNF5YpSAxyFV7iWv3lSVw==": { "id": "evNF5YpSAxyFV7iWv3lSVw==", "name": "openssl", "version": "1.1.1n-0+deb11u3", "kind": "binary", "source": { "id": "", "name": "openssl", "version": "1.1.1n-0+deb11u3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "fCmdLCR2Ix0ldnZL1Fa52A==": { "id": "fCmdLCR2Ix0ldnZL1Fa52A==", "name": "bash", "version": "5.1-2+deb11u1", "kind": "binary", "source": { "id": "", "name": "bash", "version": "5.1-2+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "fqwKjkzVNvsxh6040zt05g==": { "id": "fqwKjkzVNvsxh6040zt05g==", "name": "hostname", "version": "3.23", "kind": "binary", "source": { "id": "", "name": "hostname", "version": "3.23", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "fyM9Y65kt8cTfJv4LKF7bg==": { "id": "fyM9Y65kt8cTfJv4LKF7bg==", "name": "libcap-ng0", "version": "0.7.9-2.2+b1", "kind": "binary", "source": { "id": "", "name": "libcap-ng", "version": "0.7.9-2.2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "gP9HgvZWct50Kw/hM7BCKg==": { "id": "gP9HgvZWct50Kw/hM7BCKg==", "name": "libtirpc-common", "version": "1.3.1-1+deb11u1", "kind": "binary", "source": { "id": "", "name": "libtirpc", "version": "1.3.1-1+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "gv6x84VyNacZgvJrC59jbQ==": { "id": "gv6x84VyNacZgvJrC59jbQ==", "name": "libffi7", "version": "3.3-6", "kind": "binary", "source": { "id": "", "name": "libffi", "version": "3.3-6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "hdNUjYIlrdEAtBWAggakAw==": { "id": "hdNUjYIlrdEAtBWAggakAw==", "name": "perl-base", "version": "5.32.1-4+deb11u2", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-4+deb11u2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "i4JkQ9JgSpZVyPFWOY5Bxw==": { "id": "i4JkQ9JgSpZVyPFWOY5Bxw==", "name": "liblz4-1", "version": "1.9.3-2", "kind": "binary", "source": { "id": "", "name": "lz4", "version": "1.9.3-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "iWqdRZmp08/Tx22qEtmjJg==": { "id": "iWqdRZmp08/Tx22qEtmjJg==", "name": "libpcre3", "version": "2:8.39-13", "kind": "binary", "source": { "id": "", "name": "pcre3", "version": "2:8.39-13", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "jErhz6PtXvAy/EPWJ425rA==": { "id": "jErhz6PtXvAy/EPWJ425rA==", "name": "libuuid1", "version": "2.36.1-8+deb11u1", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.36.1-8+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "jKa8Us2cqGejhOc2/n5DDA==": { "id": "jKa8Us2cqGejhOc2/n5DDA==", "name": "libsmartcols1", "version": "2.36.1-8+deb11u1", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.36.1-8+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "kq4lGEwi4agkgAJAkDs9Ng==": { "id": "kq4lGEwi4agkgAJAkDs9Ng==", "name": "flask", "version": "2.1.0", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.2.1.0.0.0.0.0.0.0", "cpe": "" }, "krch6TQqNWzRi5F/dDkF+Q==": { "id": "krch6TQqNWzRi5F/dDkF+Q==", "name": "ncurses-bin", "version": "6.2+20201114-2", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.2+20201114-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "l5lCPjtOmPM8/LLh9+NjeQ==": { "id": "l5lCPjtOmPM8/LLh9+NjeQ==", "name": "gpgv", "version": "2.2.27-2+deb11u2", "kind": "binary", "source": { "id": "", "name": "gnupg2", "version": "2.2.27-2+deb11u2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "lCjIskl1HulEHShaXtgmwQ==": { "id": "lCjIskl1HulEHShaXtgmwQ==", "name": "libtinfo6", "version": "6.2+20201114-2", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.2+20201114-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "lvz5sq0NbU6sy/F1tg9uiQ==": { "id": "lvz5sq0NbU6sy/F1tg9uiQ==", "name": "libkeyutils1", "version": "1.6.1-2", "kind": "binary", "source": { "id": "", "name": "keyutils", "version": "1.6.1-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "mlFDx1iAC2OWpmYHut2JHw==": { "id": "mlFDx1iAC2OWpmYHut2JHw==", "name": "libnettle8", "version": "3.7.3-1", "kind": "binary", "source": { "id": "", "name": "nettle", "version": "3.7.3-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "nV87o429QBKIpM8DyOv4wg==": { "id": "nV87o429QBKIpM8DyOv4wg==", "name": "debian-archive-keyring", "version": "2021.1.1", "kind": "binary", "source": { "id": "", "name": "debian-archive-keyring", "version": "2021.1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "ngOu/a+sfrdDkZtETF1mgg==": { "id": "ngOu/a+sfrdDkZtETF1mgg==", "name": "libselinux1", "version": "3.1-3", "kind": "binary", "source": { "id": "", "name": "libselinux", "version": "3.1-3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "nmd/xrCD27AKRWAzA5JZCA==": { "id": "nmd/xrCD27AKRWAzA5JZCA==", "name": "mawk", "version": "1.3.4.20200120-2", "kind": "binary", "source": { "id": "", "name": "mawk", "version": "1.3.4.20200120-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "npX4tBmidkxp2QJN/c3Ktw==": { "id": "npX4tBmidkxp2QJN/c3Ktw==", "name": "libdebconfclient0", "version": "0.260", "kind": "binary", "source": { "id": "", "name": "cdebconf", "version": "0.260", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "nwapLKtbHTjy1u8+aA0X+Q==": { "id": "nwapLKtbHTjy1u8+aA0X+Q==", "name": "pip", "version": "22.3.1", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.22.3.1.0.0.0.0.0.0", "cpe": "" }, "oH9T0w9ZyXDCGJ6Np6n1Iw==": { "id": "oH9T0w9ZyXDCGJ6Np6n1Iw==", "name": "init-system-helpers", "version": "1.60", "kind": "binary", "source": { "id": "", "name": "init-system-helpers", "version": "1.60", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "ozJ983JkaV259+RUbqutzw==": { "id": "ozJ983JkaV259+RUbqutzw==", "name": "dash", "version": "0.5.11+git20200708+dd9ef66-5", "kind": "binary", "source": { "id": "", "name": "dash", "version": "0.5.11+git20200708+dd9ef66-5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "p+J9YgA22NC8PDODpTSxgw==": { "id": "p+J9YgA22NC8PDODpTSxgw==", "name": "libidn2-0", "version": "2.3.0-5", "kind": "binary", "source": { "id": "", "name": "libidn2", "version": "2.3.0-5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "pHAWej2qVWZtoCQ5DGoRcQ==": { "id": "pHAWej2qVWZtoCQ5DGoRcQ==", "name": "tzdata", "version": "2021a-1+deb11u8", "kind": "binary", "source": { "id": "", "name": "tzdata", "version": "2021a-1+deb11u8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "pZoLgWqHDgjhYQPevrtwdg==": { "id": "pZoLgWqHDgjhYQPevrtwdg==", "name": "libss2", "version": "1.46.2-2", "kind": "binary", "source": { "id": "", "name": "e2fsprogs", "version": "1.46.2-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "q78XIEiJs5tQHLZtjoU3Fg==": { "id": "q78XIEiJs5tQHLZtjoU3Fg==", "name": "adduser", "version": "3.118", "kind": "binary", "source": { "id": "", "name": "adduser", "version": "3.118", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "qN2BSWBeEFRJnExMNJ1S0A==": { "id": "qN2BSWBeEFRJnExMNJ1S0A==", "name": "libsqlite3-0", "version": "3.34.1-3", "kind": "binary", "source": { "id": "", "name": "sqlite3", "version": "3.34.1-3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "qrPZzwjmppjOiQbrGk5IQA==": { "id": "qrPZzwjmppjOiQbrGk5IQA==", "name": "libgssapi-krb5-2", "version": "1.18.3-6+deb11u3", "kind": "binary", "source": { "id": "", "name": "krb5", "version": "1.18.3-6+deb11u3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "rJ4UB7yOdBPwgrk5WLwIQw==": { "id": "rJ4UB7yOdBPwgrk5WLwIQw==", "name": "libhogweed6", "version": "3.7.3-1", "kind": "binary", "source": { "id": "", "name": "nettle", "version": "3.7.3-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "rUyBCRoo9C2erJrGUkvuDQ==": { "id": "rUyBCRoo9C2erJrGUkvuDQ==", "name": "libtirpc3", "version": "1.3.1-1+deb11u1", "kind": "binary", "source": { "id": "", "name": "libtirpc", "version": "1.3.1-1+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "s66OGd0F2Pbemhmyrg2R9w==": { "id": "s66OGd0F2Pbemhmyrg2R9w==", "name": "libsystemd0", "version": "247.3-7+deb11u1", "kind": "binary", "source": { "id": "", "name": "systemd", "version": "247.3-7+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "sU05gaIadSYQd4+DxTnInw==": { "id": "sU05gaIadSYQd4+DxTnInw==", "name": "libacl1", "version": "2.2.53-10", "kind": "binary", "source": { "id": "", "name": "acl", "version": "2.2.53-10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "sXwy5mmgqLM9WC30BdKwTA==": { "id": "sXwy5mmgqLM9WC30BdKwTA==", "name": "readline-common", "version": "8.1-1", "kind": "binary", "source": { "id": "", "name": "readline", "version": "8.1-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "tNSJ6slY9zv+TZ6de2MVDQ==": { "id": "tNSJ6slY9zv+TZ6de2MVDQ==", "name": "liblzma5", "version": "5.2.5-2.1~deb11u1", "kind": "binary", "source": { "id": "", "name": "xz-utils", "version": "5.2.5-2.1~deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "tYADP/V07/lE8Qno1R/hhg==": { "id": "tYADP/V07/lE8Qno1R/hhg==", "name": "libgcc-s1", "version": "10.2.1-6", "kind": "binary", "source": { "id": "", "name": "gcc-10", "version": "10.2.1-6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "uRB+svwXXxpR9DkvUVmAUQ==": { "id": "uRB+svwXXxpR9DkvUVmAUQ==", "name": "werkzeug", "version": "3.1.8", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.3.1.8.0.0.0.0.0.0", "cpe": "" }, "uXsuLx/plg6mDddGlE/9EA==": { "id": "uXsuLx/plg6mDddGlE/9EA==", "name": "libxxhash0", "version": "0.8.0-2", "kind": "binary", "source": { "id": "", "name": "xxhash", "version": "0.8.0-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "vqKK+x/7cGHNjLr4L7x4uQ==": { "id": "vqKK+x/7cGHNjLr4L7x4uQ==", "name": "libdb5.3", "version": "5.3.28+dfsg1-0.8", "kind": "binary", "source": { "id": "", "name": "db5.3", "version": "5.3.28+dfsg1-0.8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "wkuBBC4B84P3b4K0fGF0OQ==": { "id": "wkuBBC4B84P3b4K0fGF0OQ==", "name": "util-linux", "version": "2.36.1-8+deb11u1", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.36.1-8+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "xaMEpa2lawXi7R9jqzX8hA==": { "id": "xaMEpa2lawXi7R9jqzX8hA==", "name": "findutils", "version": "4.8.0-1", "kind": "binary", "source": { "id": "", "name": "findutils", "version": "4.8.0-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "yYcMjCGhY/mc+KraTEHSJg==": { "id": "yYcMjCGhY/mc+KraTEHSJg==", "name": "libkrb5-3", "version": "1.18.3-6+deb11u3", "kind": "binary", "source": { "id": "", "name": "krb5", "version": "1.18.3-6+deb11u3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "zL6jHnohFUDkhEaUeTlPOQ==": { "id": "zL6jHnohFUDkhEaUeTlPOQ==", "name": "sed", "version": "4.7-1", "kind": "binary", "source": { "id": "", "name": "sed", "version": "4.7-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "zQ8wKwnOqSw7e/gsx76vLQ==": { "id": "zQ8wKwnOqSw7e/gsx76vLQ==", "name": "debianutils", "version": "4.11.2", "kind": "binary", "source": { "id": "", "name": "debianutils", "version": "4.11.2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "zRv/Q67g6qJWTz0qqj4+BA==": { "id": "zRv/Q67g6qJWTz0qqj4+BA==", "name": "libnsl2", "version": "1.3.0-2", "kind": "binary", "source": { "id": "", "name": "libnsl", "version": "1.3.0-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "zV4ikAKeqBYFSvXnkFMYgg==": { "id": "zV4ikAKeqBYFSvXnkFMYgg==", "name": "libpam0g", "version": "1.4.0-9+deb11u1", "kind": "binary", "source": { "id": "", "name": "pam", "version": "1.4.0-9+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "zw9OGAXs3mWkBkmfKzbfqg==": { "id": "zw9OGAXs3mWkBkmfKzbfqg==", "name": "libapt-pkg6.0", "version": "2.2.4", "kind": "binary", "source": { "id": "", "name": "apt", "version": "2.2.4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" } }, "distributions": { "301485d7-24b6-4c47-aef1-c0adff4e8471": { "id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" } }, "repository": { "34e1f956-ee87-432d-913e-4074f2e2763d": { "id": "34e1f956-ee87-432d-913e-4074f2e2763d", "name": "pypi", "uri": "https://pypi.org/simple", "cpe": "" } }, "environments": { "+GDQTbek1zYvATiVR/wBCA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "+aaqENN9U+Kuxcb1tQ8Utg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:778656c04542093db6d3b6e07bffbcf6ec4b24709276be7cdf177fcb3666663a", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "+ol9cHiNc+RWiD7Kw3TLCg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "05vApGRmP6ko1S0ji87IIQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "0jMyX7UCIuSpntMN1r7Ofg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "1jyJPCL93kiEbfmNKeyz3g==": [ { "package_db": "python:usr/local/lib/python3.11/site-packages", "introduced_in": "sha256:b6c8c943d979d9c37e3796cdc3ec5c1911f78585f467d6d94dd1c0fa64b1d230", "distribution_id": "", "repository_ids": [ "34e1f956-ee87-432d-913e-4074f2e2763d" ] } ], "2MObxiEVNllmUEzdVZM5qw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "3f992oeEQfSQxRA0nlq8Wg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "4672uZtn8TnHDEzWVyhfjw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "4jCPzhS6OWt4agz9d/cfTw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "5zxxTA220k9gPCegfDHkag==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "7a3yla6TRFZrhmAreU7f8Q==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:2f9c09f7c02f4403f9ec5313e53e63eafe6cd43993457b810ce1b9642812daec", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "8alfBYUr5uWbAyB5PrY8Hg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "9snKXrH4dQy2IXHQ01Lg0A==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "Akbft1KN+9FKNhh1tM25eA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "BJL42acLPAR8bEnmM1Z3mg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "CBzoMmlXBcyP54HOnauO0g==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "CpILSbg3p6D7Gsp8sCW1Rg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "D0G6c/ML9XX4eoGHgx1jeQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "DY5Co0gkGtbgwDlkjfJLWA==": [ { "package_db": "python:usr/local/lib/python3.11/site-packages", "introduced_in": "sha256:b6c8c943d979d9c37e3796cdc3ec5c1911f78585f467d6d94dd1c0fa64b1d230", "distribution_id": "", "repository_ids": [ "34e1f956-ee87-432d-913e-4074f2e2763d" ] } ], "DtMxcnDA8Je9vAHjmzagaA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "EVGnnBfWyiVHhoIR4vEpgg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "ExYxXcgoIRjAjUObwDE4jA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "FJIijlwFNqvdoVBcfTF/pg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "FOAAB3KiNsLyi03hQsjRTA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "FrUy4mOCaHm5aGT53as3JQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "G/7q+D+DsqYAVnohcyuzgQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "GGaavnLgXX31qx9chfhdOQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "Gm6VA87iOnaQ0rWR6oO9eA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "HFwGHerHwgvY8vkjr3x1Pg==": [ { "package_db": "python:usr/local/lib/python3.11/site-packages", "introduced_in": "sha256:b6c8c943d979d9c37e3796cdc3ec5c1911f78585f467d6d94dd1c0fa64b1d230", "distribution_id": "", "repository_ids": [ "34e1f956-ee87-432d-913e-4074f2e2763d" ] } ], "IQfQp74RcAWE7jHtQsMLHg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "IiJKm8T4olfm6rhuKayFOw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "Jg2vDvx1JxyPDIrUzzR9NQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "LOfpAnA/2f7zE4SFJCrxVg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "LVHVhWoZgWwWvOspyUwb1w==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:2f9c09f7c02f4403f9ec5313e53e63eafe6cd43993457b810ce1b9642812daec", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "MvKvHHnD0jaLaWpyHvkhgQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "NA4G2YrIZ73fsX7d5r5rGw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "NzkVb7F31E+Vxxz3PCS6tg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "OgJFdUXRfF1Ls8u1+eOivw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "PaaRbD/FkW3JARtSKQgRcQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "PgPY5hWnihXRN45byvzY0g==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:2f9c09f7c02f4403f9ec5313e53e63eafe6cd43993457b810ce1b9642812daec", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "R1TkRM71ql+JWgz0VF5ESQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "RAMuXEdVU4AJ/z4aiK/NNg==": [ { "package_db": "python:usr/local/lib/python3.11/site-packages", "introduced_in": "sha256:0f372def914e585a52a46de64d0ed00b960c02f5f81a307d673e73b404203d61", "distribution_id": "", "repository_ids": [ "34e1f956-ee87-432d-913e-4074f2e2763d" ] } ], "RVoqRXLcdKU5LYfyLKdi3Q==": [ { "package_db": "python:usr/local/lib/python3.11/site-packages", "introduced_in": "sha256:b6c8c943d979d9c37e3796cdc3ec5c1911f78585f467d6d94dd1c0fa64b1d230", "distribution_id": "", "repository_ids": [ "34e1f956-ee87-432d-913e-4074f2e2763d" ] } ], "RYsqO4ROpGMzzCO5WaTrlw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "RgdwX+VC70nXZ2E527PXaA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "SWnjL4fWu+WMpxhSCWLhZQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "T5NuX1yinNyGoZNN2r9u4Q==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:778656c04542093db6d3b6e07bffbcf6ec4b24709276be7cdf177fcb3666663a", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "VVXsYlCxogg17Ti1iR03Mw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "VbNyM3GfR5vEmJdFAiKqrA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "Wi4oa03apqVdR6okNeZiNA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "ZPlAztePXX+uFLVDX2lgNQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "ZWeYh81MRCu1nh3mOyptIA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "bGWj1aSf0wvrecU/pdTv5A==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "bHkSxcl6e1quNxLGb6uX8A==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "bTSLWiizipO2axtmvXFuVg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "be3s5y0dx4bgsQboIoDduw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "brvvAQ6V7yp7QbUuk+W5Hg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "d4b/e0nx+/vPWuPB7oDzPw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "dRfu6Up2F2Ze+gJ21oSeug==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:2f9c09f7c02f4403f9ec5313e53e63eafe6cd43993457b810ce1b9642812daec", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "dUT53gagQO5Ac9Bdlu5dAw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "dXglURzzdbLnOf14mab1Hg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "dobmrwm7aq9puvFHwNgXxw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "dv3AlW8tBL4D0mEPW7/Z2Q==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "eF2QIdrTmJlWmjQTkhntow==": [ { "package_db": "python:usr/local/lib/python3.11/site-packages", "introduced_in": "sha256:0f372def914e585a52a46de64d0ed00b960c02f5f81a307d673e73b404203d61", "distribution_id": "", "repository_ids": [ "34e1f956-ee87-432d-913e-4074f2e2763d" ] } ], "elSR7m8uLWd/kMl2jxTm/A==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "evNF5YpSAxyFV7iWv3lSVw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:778656c04542093db6d3b6e07bffbcf6ec4b24709276be7cdf177fcb3666663a", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "fCmdLCR2Ix0ldnZL1Fa52A==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "fqwKjkzVNvsxh6040zt05g==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "fyM9Y65kt8cTfJv4LKF7bg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "gP9HgvZWct50Kw/hM7BCKg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "gv6x84VyNacZgvJrC59jbQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "hdNUjYIlrdEAtBWAggakAw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "i4JkQ9JgSpZVyPFWOY5Bxw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "iWqdRZmp08/Tx22qEtmjJg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "jErhz6PtXvAy/EPWJ425rA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "jKa8Us2cqGejhOc2/n5DDA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "kq4lGEwi4agkgAJAkDs9Ng==": [ { "package_db": "python:usr/local/lib/python3.11/site-packages", "introduced_in": "sha256:b6c8c943d979d9c37e3796cdc3ec5c1911f78585f467d6d94dd1c0fa64b1d230", "distribution_id": "", "repository_ids": [ "34e1f956-ee87-432d-913e-4074f2e2763d" ] } ], "krch6TQqNWzRi5F/dDkF+Q==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "l5lCPjtOmPM8/LLh9+NjeQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "lCjIskl1HulEHShaXtgmwQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "lvz5sq0NbU6sy/F1tg9uiQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "mlFDx1iAC2OWpmYHut2JHw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "nV87o429QBKIpM8DyOv4wg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "ngOu/a+sfrdDkZtETF1mgg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "nmd/xrCD27AKRWAzA5JZCA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "npX4tBmidkxp2QJN/c3Ktw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "nwapLKtbHTjy1u8+aA0X+Q==": [ { "package_db": "python:usr/local/lib/python3.11/site-packages", "introduced_in": "sha256:0f372def914e585a52a46de64d0ed00b960c02f5f81a307d673e73b404203d61", "distribution_id": "", "repository_ids": [ "34e1f956-ee87-432d-913e-4074f2e2763d" ] } ], "oH9T0w9ZyXDCGJ6Np6n1Iw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "ozJ983JkaV259+RUbqutzw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "p+J9YgA22NC8PDODpTSxgw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "pHAWej2qVWZtoCQ5DGoRcQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "pZoLgWqHDgjhYQPevrtwdg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "q78XIEiJs5tQHLZtjoU3Fg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "qN2BSWBeEFRJnExMNJ1S0A==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:2f9c09f7c02f4403f9ec5313e53e63eafe6cd43993457b810ce1b9642812daec", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "qrPZzwjmppjOiQbrGk5IQA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "rJ4UB7yOdBPwgrk5WLwIQw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "rUyBCRoo9C2erJrGUkvuDQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "s66OGd0F2Pbemhmyrg2R9w==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "sU05gaIadSYQd4+DxTnInw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "sXwy5mmgqLM9WC30BdKwTA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:2f9c09f7c02f4403f9ec5313e53e63eafe6cd43993457b810ce1b9642812daec", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "tNSJ6slY9zv+TZ6de2MVDQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "tYADP/V07/lE8Qno1R/hhg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "uRB+svwXXxpR9DkvUVmAUQ==": [ { "package_db": "python:usr/local/lib/python3.11/site-packages", "introduced_in": "sha256:b6c8c943d979d9c37e3796cdc3ec5c1911f78585f467d6d94dd1c0fa64b1d230", "distribution_id": "", "repository_ids": [ "34e1f956-ee87-432d-913e-4074f2e2763d" ] } ], "uXsuLx/plg6mDddGlE/9EA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "vqKK+x/7cGHNjLr4L7x4uQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "wkuBBC4B84P3b4K0fGF0OQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "xaMEpa2lawXi7R9jqzX8hA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "yYcMjCGhY/mc+KraTEHSJg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "zL6jHnohFUDkhEaUeTlPOQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "zQ8wKwnOqSw7e/gsx76vLQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "zRv/Q67g6qJWTz0qqj4+BA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "zV4ikAKeqBYFSvXnkFMYgg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ], "zw9OGAXs3mWkBkmfKzbfqg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "301485d7-24b6-4c47-aef1-c0adff4e8471", "repository_ids": null } ] }, "vulnerabilities": { "+N61/5529gFt7RkD8ooeKQ==": { "id": "+N61/5529gFt7RkD8ooeKQ==", "updater": "debian/updater", "name": "CVE-2023-0465", "description": "Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-0465", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1n-0+deb11u5" }, "+aR35vFmeRYa8dLzBaCMmQ==": { "id": "+aR35vFmeRYa8dLzBaCMmQ==", "updater": "debian/updater", "name": "CVE-2026-41989", "description": "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-41989", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "libgcrypt20", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "+x9OyXfXk9PrekfsnPKwlg==": { "id": "+x9OyXfXk9PrekfsnPKwlg==", "updater": "debian/updater", "name": "CVE-2020-13529", "description": "An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2020-13529", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "/7UJLAHsMPxTtTxvuPgrzA==": { "id": "/7UJLAHsMPxTtTxvuPgrzA==", "updater": "debian/updater", "name": "CVE-2024-45491", "description": "An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-45491", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.2.10-2+deb11u6" }, "/YwO4YLRGgF2uWU55V6+MQ==": { "id": "/YwO4YLRGgF2uWU55V6+MQ==", "updater": "debian/updater", "name": "CVE-2019-1010022", "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2019-1010022", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "/cV7Fn8Va+poBGxbPjGjrQ==": { "id": "/cV7Fn8Va+poBGxbPjGjrQ==", "updater": "debian/updater", "name": "CVE-2026-6238", "description": "The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a target application to crash or read uninitialized memory. These functions are for application debugging only and hence not in the path of code executed by the DNS resolver. Further, they have been deprecated since version 2.34 and should not be used by any new applications. Applications should consider porting away from these interfaces since they may be removed in future versions.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-6238", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "08pa4udz9bnA9IOsE208DA==": { "id": "08pa4udz9bnA9IOsE208DA==", "updater": "debian/updater", "name": "CVE-2023-4039", "description": "**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-4039", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "gcc-10", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "0H/7BkE/Q7YVSZhEABXg6w==": { "id": "0H/7BkE/Q7YVSZhEABXg6w==", "updater": "debian/updater", "name": "CVE-2024-26458", "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "0q/btA3zBEGWWmFxU7cNig==": { "id": "0q/btA3zBEGWWmFxU7cNig==", "updater": "debian/updater", "name": "CVE-2026-40225", "description": "In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-40225", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "247.3-7+deb11u8" }, "1U/zi3CEao+52y8LKU0uvw==": { "id": "1U/zi3CEao+52y8LKU0uvw==", "updater": "debian/updater", "name": "CVE-2021-36084", "description": "The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper).", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2021-36084", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "libsepol", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.1-1+deb11u1" }, "1VnWeA5AZgybyD8+PiXyiw==": { "id": "1VnWeA5AZgybyD8+PiXyiw==", "updater": "debian/updater", "name": "CVE-2025-70873", "description": "An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-70873", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "1dwwvWkARnFe67yAAGVglQ==": { "id": "1dwwvWkARnFe67yAAGVglQ==", "updater": "debian/updater", "name": "CVE-2023-31438", "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-31438", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "20nlQwJu4gG0Ex/vty+hig==": { "id": "20nlQwJu4gG0Ex/vty+hig==", "updater": "debian/updater", "name": "CVE-2026-5419", "description": "", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-5419", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "27BVJE6xR0Z84LzifDnFYA==": { "id": "27BVJE6xR0Z84LzifDnFYA==", "updater": "debian/updater", "name": "CVE-2022-48303", "description": "GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-48303", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.34+dfsg-1+deb11u1" }, "2TcHkpRhAP0iTCSGAQKUOg==": { "id": "2TcHkpRhAP0iTCSGAQKUOg==", "updater": "debian/updater", "name": "CVE-2026-3833", "description": "A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of `nameConstraints` labels, specifically for `dNSName` (DNS) or `rfc822Name` (email) constraints within `excludedSubtrees` or `permittedSubtrees`. A remote attacker can exploit this by crafting a leaf certificate with casing differences in the Subject Alternative Name (SAN), leading to a policy bypass where a certificate that should be rejected is instead accepted. This could result in unauthorized access or information disclosure.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-3833", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "3QDeWfKuntq5YxjjCuZXRQ==": { "id": "3QDeWfKuntq5YxjjCuZXRQ==", "updater": "debian/updater", "name": "CVE-2025-68160", "description": "Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. Impact summary: This out-of-bounds write can cause memory corruption which typically results in a crash, leading to Denial of Service for an application. The line-buffering BIO filter (BIO_f_linebuffer) is not used by default in TLS/SSL data paths. In OpenSSL command-line applications, it is typically only pushed onto stdout/stderr on VMS systems. Third-party applications that explicitly use this filter with a BIO chain that can short-write and that write large, newline-free data influenced by an attacker would be affected. However, the circumstances where this could happen are unlikely to be under attacker control, and BIO_f_linebuffer is unlikely to be handling non-curated data controlled by an attacker. For that reason the issue was assessed as Low severity. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the BIO implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-68160", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1w-0+deb11u5" }, "3Z3QMUqCN4dQV+f8cjn1eA==": { "id": "3Z3QMUqCN4dQV+f8cjn1eA==", "updater": "debian/updater", "name": "CVE-2025-69420", "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An application calling TS_RESP_verify_response() with a malformed TimeStamp Response can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2() access the signing cert attribute value without validating its type. When the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed TimeStamp Response to an application that verifies timestamp responses. The TimeStamp protocol (RFC 3161) is not widely used and the impact of the exploit is just a Denial of Service. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the TimeStamp Response implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-69420", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1w-0+deb11u5" }, "3cBlPR7Tm4BIC/+wflldAg==": { "id": "3cBlPR7Tm4BIC/+wflldAg==", "updater": "debian/updater", "name": "CVE-2024-12243", "description": "A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-12243", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u7" }, "5+uzHCKkmvMK8jl2uJkFqQ==": { "id": "5+uzHCKkmvMK8jl2uJkFqQ==", "updater": "debian/updater", "name": "CVE-2026-32777", "description": "libexpat before 2.7.5 allows an infinite loop while parsing DTD content.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-32777", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "59rfj7X7Q9O1jyg5L5a5zQ==": { "id": "59rfj7X7Q9O1jyg5L5a5zQ==", "updater": "debian/updater", "name": "CVE-2024-37370", "description": "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-37370", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.18.3-6+deb11u5" }, "5Cmp5KJXv+nVwwcs5/Kz7w==": { "id": "5Cmp5KJXv+nVwwcs5/Kz7w==", "updater": "debian/updater", "name": "CVE-2024-50602", "description": "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-50602", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.2.10-2+deb11u7" }, "5OqCQlhu6kV+tAsgGEGuwQ==": { "id": "5OqCQlhu6kV+tAsgGEGuwQ==", "updater": "debian/updater", "name": "CVE-2026-27171", "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-27171", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "zlib", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "5rGwN3bKZLMvxcM/W4jj+A==": { "id": "5rGwN3bKZLMvxcM/W4jj+A==", "updater": "debian/updater", "name": "CVE-2026-29111", "description": "systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this is not possible as the safety check causes an assert instead. This IPC call was added in v239, so versions older than that are not affected. Versions 260-rc1, 259.2, 258.5, and 257.11 contain patches. No known workarounds are available.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-29111", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "247.3-7+deb11u8" }, "6j23t/n6B77cQMxfCeLKzA==": { "id": "6j23t/n6B77cQMxfCeLKzA==", "updater": "debian/updater", "name": "CVE-2024-12133", "description": "A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-12133", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "libtasn1-6", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "4.16.0-2+deb11u2" }, "6jg3v7lJ92IZCQpZydR2sA==": { "id": "6jg3v7lJ92IZCQpZydR2sA==", "updater": "debian/updater", "name": "CVE-2024-28757", "description": "libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-28757", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "7DtFnnE8FjIpCQKunutpeg==": { "id": "7DtFnnE8FjIpCQKunutpeg==", "updater": "debian/updater", "name": "CVE-2020-16156", "description": "CPAN 2.28 allows Signature Verification Bypass.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2020-16156", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "perl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "5.32.1-4+deb11u4" }, "7N1fkfhDIULrLId2wh2Pqw==": { "id": "7N1fkfhDIULrLId2wh2Pqw==", "updater": "debian/updater", "name": "CVE-2026-42012", "description": "", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-42012", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "8uv2vKf0QrdM+zJP4ufG+Q==": { "id": "8uv2vKf0QrdM+zJP4ufG+Q==", "updater": "osv/pypi", "name": "GHSA-jp4c-xjxw-mgf9", "description": "pip Vulnerable to Inclusion of Functionality from Untrusted Control Sphere", "issued": "2026-04-27T15:30:52Z", "links": "https://nvd.nist.gov/vuln/detail/CVE-2026-6357 https://github.com/pypa/pip/pull/13923 https://github.com/pypa/pip/commit/b369bfc96cc524e00c267e1693290e6599c36bad https://github.com/pypa/pip https://ichard26.github.io/blog/2026/04/whats-new-in-pip-26.1/#security-fixes http://www.openwall.com/lists/oss-security/2026/04/27/7", "severity": "MODERATE", "normalized_severity": "Medium", "package": { "id": "", "name": "pip", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=26.1" }, "9JIazCQjSvYhpG9KE6d7Pg==": { "id": "9JIazCQjSvYhpG9KE6d7Pg==", "updater": "debian/updater", "name": "CVE-2025-8058", "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-8058", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "9ThuL3zLKpmduvKpiDZ60w==": { "id": "9ThuL3zLKpmduvKpiDZ60w==", "updater": "debian/updater", "name": "CVE-2026-24515", "description": "In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-24515", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "9sNDKQtqg7Z3gJr//JQlvg==": { "id": "9sNDKQtqg7Z3gJr//JQlvg==", "updater": "debian/updater", "name": "CVE-2025-32990", "description": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-32990", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u8" }, "9xk1p07t4ZV999E3HyfhVA==": { "id": "9xk1p07t4ZV999E3HyfhVA==", "updater": "debian/updater", "name": "CVE-2026-5704", "description": "A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files onto a system without detection.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-5704", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "ANq7+l7+5U6IDt9eU02u5w==": { "id": "ANq7+l7+5U6IDt9eU02u5w==", "updater": "debian/updater", "name": "CVE-2022-3219", "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-3219", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "ASrdm9EROwWp9Ip2w7HH5w==": { "id": "ASrdm9EROwWp9Ip2w7HH5w==", "updater": "debian/updater", "name": "CVE-2022-3821", "description": "An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-3821", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "247.3-7+deb11u2" }, "AvPdNumiwGnBie+lo1du3A==": { "id": "AvPdNumiwGnBie+lo1du3A==", "updater": "debian/updater", "name": "CVE-2023-31486", "description": "HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-31486", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "perl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "B78vSIll2muNDyY3F7urzw==": { "id": "B78vSIll2muNDyY3F7urzw==", "updater": "debian/updater", "name": "CVE-2026-34743", "description": "XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where where a subsequent lzma_index_append() would allocate too little memory, and a buffer overflow would occur. This issue has been patched in version 5.8.3.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-34743", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "xz-utils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "Ba+eHoq0U7aq9Kxwg98r8Q==": { "id": "Ba+eHoq0U7aq9Kxwg98r8Q==", "updater": "debian/updater", "name": "CVE-2025-8941", "description": "A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a \"complete\" fix for CVE-2025-6020.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-8941", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "pam", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "BtqRPc7F47wJWygPNOxw1w==": { "id": "BtqRPc7F47wJWygPNOxw1w==", "updater": "debian/updater", "name": "CVE-2026-32778", "description": "libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-32778", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "BxMnseA9J6OW2RWxSrlbyQ==": { "id": "BxMnseA9J6OW2RWxSrlbyQ==", "updater": "debian/updater", "name": "CVE-2021-36690", "description": "A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is intentionally allowed to execute commands). This report does NOT imply any problem in the SQLite library.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2021-36690", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "sqlite3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.34.1-3+deb11u1" }, "CaLsKNvkpKlxKVBlUnje9Q==": { "id": "CaLsKNvkpKlxKVBlUnje9Q==", "updater": "debian/updater", "name": "CVE-2021-36087", "description": "The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements in an optional block.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2021-36087", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "libsepol", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.1-1+deb11u1" }, "CfS0L/tTata7W0FXXtQ4EQ==": { "id": "CfS0L/tTata7W0FXXtQ4EQ==", "updater": "debian/updater", "name": "CVE-2026-4438", "description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-4438", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "CtYegggqGbMfg16G/qfITQ==": { "id": "CtYegggqGbMfg16G/qfITQ==", "updater": "debian/updater", "name": "CVE-2013-4235", "description": "shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2013-4235", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "shadow", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "DJOf0vCfrT4GvRr/tBJhbg==": { "id": "DJOf0vCfrT4GvRr/tBJhbg==", "updater": "debian/updater", "name": "CVE-2024-33601", "description": "nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-33601", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.31-13+deb11u10" }, "DRKFIYYNzLumACBV1CW/rw==": { "id": "DRKFIYYNzLumACBV1CW/rw==", "updater": "debian/updater", "name": "CVE-2022-35737", "description": "SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-35737", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "DS2nhayHHtinLlFzZheSwg==": { "id": "DS2nhayHHtinLlFzZheSwg==", "updater": "debian/updater", "name": "CVE-2025-66382", "description": "In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-66382", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "DTII3LzSaQL1baKsoSwsqg==": { "id": "DTII3LzSaQL1baKsoSwsqg==", "updater": "debian/updater", "name": "CVE-2026-42010", "description": "", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-42010", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "DfxJWBpJUY1aHu0ZUSilDg==": { "id": "DfxJWBpJUY1aHu0ZUSilDg==", "updater": "debian/updater", "name": "CVE-2018-6829", "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2018-6829", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "libgcrypt20", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "ELw1b1vO2YOtV7qNQijgCw==": { "id": "ELw1b1vO2YOtV7qNQijgCw==", "updater": "debian/updater", "name": "CVE-2026-4437", "description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-4437", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "EYo03ICovWfCjw2cKpwx4Q==": { "id": "EYo03ICovWfCjw2cKpwx4Q==", "updater": "debian/updater", "name": "CVE-2005-2541", "description": "Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2005-2541", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "EajCJi704nU1+LqESNMC1w==": { "id": "EajCJi704nU1+LqESNMC1w==", "updater": "debian/updater", "name": "CVE-2024-0727", "description": "Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates and keys and may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL does not correctly check for this case. This can lead to a NULL pointer dereference that results in OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs then that application will be vulnerable to this issue. OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and PKCS12_newpass(). We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function is related to writing data we do not consider it security significant. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-0727", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1w-0+deb11u2" }, "ErraMUPFwrdWYaj+aBxTMw==": { "id": "ErraMUPFwrdWYaj+aBxTMw==", "updater": "debian/updater", "name": "CVE-2026-33845", "description": "A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-33845", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "EvarhwbaAMrD3meGYFByGg==": { "id": "EvarhwbaAMrD3meGYFByGg==", "updater": "debian/updater", "name": "CVE-2023-50495", "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-50495", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "F0zkrLGlbsix59P9mqoAOg==": { "id": "F0zkrLGlbsix59P9mqoAOg==", "updater": "debian/updater", "name": "CVE-2025-30258", "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-30258", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "G45dR+E8Wb+bEhCdwuqUDg==": { "id": "G45dR+E8Wb+bEhCdwuqUDg==", "updater": "debian/updater", "name": "CVE-2019-20838", "description": "libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \\X or \\R has more than one fixed quantifier, a related issue to CVE-2019-20454.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2019-20838", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "pcre3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "GPLYq884jQKVksfMc+b7OQ==": { "id": "GPLYq884jQKVksfMc+b7OQ==", "updater": "debian/updater", "name": "CVE-2022-1304", "description": "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-1304", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "e2fsprogs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.46.2-2+deb11u1" }, "GRlufCZFwHNK64OQNCFIcg==": { "id": "GRlufCZFwHNK64OQNCFIcg==", "updater": "debian/updater", "name": "CVE-2013-4392", "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2013-4392", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "GezxxUl3QPWUTitg/VHmlQ==": { "id": "GezxxUl3QPWUTitg/VHmlQ==", "updater": "debian/updater", "name": "CVE-2019-1010024", "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "GmBi7n85v8sX6ItoMSgvlQ==": { "id": "GmBi7n85v8sX6ItoMSgvlQ==", "updater": "debian/updater", "name": "CVE-2025-9230", "description": "Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-9230", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1w-0+deb11u4" }, "HuTBrVHKx7uaMtQjiqifKQ==": { "id": "HuTBrVHKx7uaMtQjiqifKQ==", "updater": "debian/updater", "name": "CVE-2024-0567", "description": "A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-0567", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u5" }, "IJPGr43VMeLym6tW3EWgdg==": { "id": "IJPGr43VMeLym6tW3EWgdg==", "updater": "debian/updater", "name": "CVE-2024-8176", "description": "A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-8176", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "IvA5abshk33BAuuBar/pVQ==": { "id": "IvA5abshk33BAuuBar/pVQ==", "updater": "debian/updater", "name": "CVE-2024-45492", "description": "An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-45492", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.2.10-2+deb11u6" }, "IwuADin5bagOGQErETBgWw==": { "id": "IwuADin5bagOGQErETBgWw==", "updater": "debian/updater", "name": "CVE-2026-4046", "description": "The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets, which may be used to remotely crash an application. This vulnerability can be trivially mitigated by removing the IBM1390 and IBM1399 character sets from systems that do not need them.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-4046", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "Jl0PQIP9L3ufSvQ2j71iww==": { "id": "Jl0PQIP9L3ufSvQ2j71iww==", "updater": "osv/pypi", "name": "GHSA-r9hx-vwmv-q579", "description": "pypa/setuptools vulnerable to Regular Expression Denial of Service (ReDoS)", "issued": "2022-12-23T00:30:23Z", "links": "https://nvd.nist.gov/vuln/detail/CVE-2022-40897 https://github.com/pypa/setuptools/issues/3659 https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be https://setuptools.pypa.io/en/latest https://security.netapp.com/advisory/ntap-20240621-0006 https://security.netapp.com/advisory/ntap-20230214-0001 https://pyup.io/vulnerabilities/CVE-2022-40897/52495 https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YNA2BAH2ACBZ4TVJZKFLCR7L23BG5C3H https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ADES3NLOE5QJKBLGNZNI2RGVOSQXA37R https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YNA2BAH2ACBZ4TVJZKFLCR7L23BG5C3H https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ADES3NLOE5QJKBLGNZNI2RGVOSQXA37R https://lists.debian.org/debian-lts-announce/2024/09/msg00018.html https://github.com/pypa/setuptools/compare/v65.5.0...v65.5.1 https://github.com/pypa/setuptools/blob/fe8a98e696241487ba6ac9f91faa38ade939ec5d/setuptools/package_index.py#L200 https://github.com/pypa/setuptools https://github.com/pypa/advisory-database/tree/main/vulns/setuptools/PYSEC-2022-43012.yaml", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "setuptools", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=65.5.1" }, "KLrAiYCJHdmWQ2RaqUywlA==": { "id": "KLrAiYCJHdmWQ2RaqUywlA==", "updater": "debian/updater", "name": "CVE-2022-4304", "description": "A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-4304", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1n-0+deb11u4" }, "KZ3Jt7zkiM272dGLstI4XA==": { "id": "KZ3Jt7zkiM272dGLstI4XA==", "updater": "debian/updater", "name": "CVE-2013-0340", "description": "expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2013-0340", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "KaoEuixR8E5nnpGZ1pG25w==": { "id": "KaoEuixR8E5nnpGZ1pG25w==", "updater": "debian/updater", "name": "CVE-2024-0553", "description": "A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-0553", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u5" }, "KvTZOL1MGCoBHaXdBx1RcA==": { "id": "KvTZOL1MGCoBHaXdBx1RcA==", "updater": "debian/updater", "name": "CVE-2024-10041", "description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-10041", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "pam", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "KwgIGMm765S+zvIBAwM9+g==": { "id": "KwgIGMm765S+zvIBAwM9+g==", "updater": "debian/updater", "name": "CVE-2022-4899", "description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-4899", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "libzstd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "LAgKryCll+DIcYhTR/xbzg==": { "id": "LAgKryCll+DIcYhTR/xbzg==", "updater": "debian/updater", "name": "CVE-2026-42013", "description": "", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-42013", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "LD4zPH3rZZkbSPN5ojHClA==": { "id": "LD4zPH3rZZkbSPN5ojHClA==", "updater": "debian/updater", "name": "TEMP-0628843-DBAD28", "description": "", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/TEMP-0628843-DBAD28", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "shadow", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "MDmWztEMrTY+VyVp5c+Fvw==": { "id": "MDmWztEMrTY+VyVp5c+Fvw==", "updater": "debian/updater", "name": "TEMP-0841856-B18BAF", "description": "", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/TEMP-0841856-B18BAF", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "bash", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "MXRm//dBCnWFem5zffvqmA==": { "id": "MXRm//dBCnWFem5zffvqmA==", "updater": "debian/updater", "name": "CVE-2022-3715", "description": "A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue may lead to memory problems.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-3715", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "bash", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "MYYkxlB4Ank1zsdIh41apg==": { "id": "MYYkxlB4Ank1zsdIh41apg==", "updater": "debian/updater", "name": "CVE-2024-2961", "description": "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-2961", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.31-13+deb11u9" }, "MdrEi+/OrLlW3zDrheID2Q==": { "id": "MdrEi+/OrLlW3zDrheID2Q==", "updater": "debian/updater", "name": "CVE-2025-59375", "description": "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-59375", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "Mmh4dm/jzK4QVSJqQVsCDw==": { "id": "Mmh4dm/jzK4QVSJqQVsCDw==", "updater": "debian/updater", "name": "CVE-2026-22796", "description": "Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS#7 data. Impact summary: An application performing signature verification of PKCS#7 data or calling directly the PKCS7_digest_from_attributes() function can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The function PKCS7_digest_from_attributes() accesses the message digest attribute value without validating its type. When the type is not V_ASN1_OCTET_STRING, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed signed PKCS#7 to an application that verifies it. The impact of the exploit is just a Denial of Service, the PKCS7 API is legacy and applications should be using the CMS API instead. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#7 parsing implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-22796", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1w-0+deb11u5" }, "Mnnh2CmlXNNRCBXvqdG9ig==": { "id": "Mnnh2CmlXNNRCBXvqdG9ig==", "updater": "debian/updater", "name": "CVE-2026-28387", "description": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code. However, the issue only affects clients that make use of TLSA records with both the PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate usage. By far the most common deployment of DANE is in SMTP MTAs for which RFC7672 recommends that clients treat as 'unusable' any TLSA records that have the PKIX certificate usages. These SMTP (or other similar) clients are not vulnerable to this issue. Conversely, any clients that support only the PKIX usages, and ignore the DANE-TA(2) usage are also not vulnerable. The client would also need to be communicating with a server that publishes a TLSA RRset with both types of TLSA records. No FIPS modules are affected by this issue, the problem code is outside the FIPS module boundary.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-28387", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "Mxv06g47iCk7QIqi7Xbojw==": { "id": "Mxv06g47iCk7QIqi7Xbojw==", "updater": "debian/updater", "name": "CVE-2023-45853", "description": "MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-45853", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "zlib", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "NYWveHKKsIYIKl+vE8UEhw==": { "id": "NYWveHKKsIYIKl+vE8UEhw==", "updater": "debian/updater", "name": "TEMP-0517018-A83CE6", "description": "", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/TEMP-0517018-A83CE6", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "sysvinit", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "Ns8JH9Yqo6xZiGzihN4B3g==": { "id": "Ns8JH9Yqo6xZiGzihN4B3g==", "updater": "debian/updater", "name": "CVE-2024-22365", "description": "linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-22365", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "pam", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.4.0-9+deb11u2" }, "Nzgd66Rt/zG5Z8ZfbjecYA==": { "id": "Nzgd66Rt/zG5Z8ZfbjecYA==", "updater": "debian/updater", "name": "CVE-2024-26461", "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "OB48XTRaksNPWPm0dVHJmQ==": { "id": "OB48XTRaksNPWPm0dVHJmQ==", "updater": "debian/updater", "name": "CVE-2025-3576", "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-3576", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.18.3-6+deb11u7" }, "OTqcMsspao5I6JZMETZ06w==": { "id": "OTqcMsspao5I6JZMETZ06w==", "updater": "debian/updater", "name": "CVE-2026-0915", "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-0915", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "P4mYk7npVU6t91mlbAb8QA==": { "id": "P4mYk7npVU6t91mlbAb8QA==", "updater": "debian/updater", "name": "CVE-2024-2511", "description": "Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is being used (but not if early_data support is also configured and the default anti-replay protection is in use). In this case, under certain conditions, the session cache can get into an incorrect state and it will fail to flush properly as it fills. The session cache will continue to grow in an unbounded manner. A malicious client could deliberately create the scenario for this failure to force a Denial of Service. It may also happen by accident in normal operation. This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS clients. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL 1.0.2 is also not affected by this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-2511", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1w-0+deb11u2" }, "PFkN8K2aK2XnSQjmAIry9A==": { "id": "PFkN8K2aK2XnSQjmAIry9A==", "updater": "osv/pypi", "name": "GHSA-58qw-9mgm-455v", "description": "pip has an interpretation conflict due to handling both concatenated tar and ZIP files as ZIP files", "issued": "2026-04-20T18:31:48Z", "links": "https://nvd.nist.gov/vuln/detail/CVE-2026-3219 https://github.com/pypa/pip/pull/13870 https://github.com/pypa/pip https://mail.python.org/archives/list/security-announce@python.org/thread/QAJ5JIVWWCAJ4EZL2FP5MOOW35JS7LRJ http://www.openwall.com/lists/oss-security/2026/04/20/8", "severity": "MODERATE", "normalized_severity": "Medium", "package": { "id": "", "name": "pip", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "lastAffected=26.0.1" }, "PJI8cpGpF5+qVan9H5W87Q==": { "id": "PJI8cpGpF5+qVan9H5W87Q==", "updater": "debian/updater", "name": "CVE-2024-28085", "description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-28085", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "util-linux", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.36.1-8+deb11u2" }, "PUY4fn57nsAU2qBLtgRtdw==": { "id": "PUY4fn57nsAU2qBLtgRtdw==", "updater": "osv/pypi", "name": "GHSA-6vgw-5pg2-w6jp", "description": "pip Path Traversal vulnerability", "issued": "2026-02-02T15:30:34Z", "links": "https://nvd.nist.gov/vuln/detail/CVE-2026-1703 https://github.com/pypa/pip/pull/13777 https://github.com/pypa/pip/commit/8e227a9be4faa9594e05d02ca05a413a2a4e7735 https://github.com/pypa/pip https://mail.python.org/archives/list/security-announce@python.org/thread/WIEA34D4TABF2UNQJAOMXKCICSPBE2DJ", "severity": "LOW", "normalized_severity": "Low", "package": { "id": "", "name": "pip", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=26.0" }, "Pj9V3uC2c9o+P6lTpzzGeA==": { "id": "Pj9V3uC2c9o+P6lTpzzGeA==", "updater": "osv/pypi", "name": "PYSEC-2025-49", "description": "", "issued": "2025-05-17T16:15:19Z", "links": "https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf https://lists.debian.org/debian-lts-announce/2025/05/msg00035.html https://github.com/pypa/setuptools/issues/4946 https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b https://github.com/pypa/setuptools/blob/6ead555c5fb29bc57fe6105b1bffc163f56fd558/setuptools/package_index.py#L810C1-L825C88", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "setuptools", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=78.1.1" }, "QEROZuK4q+zt8UbP6ZV8wg==": { "id": "QEROZuK4q+zt8UbP6ZV8wg==", "updater": "debian/updater", "name": "CVE-2025-69418", "description": "Issue summary: When using the low-level OCB API directly with AES-NI or\u003cbr\u003eother hardware-accelerated code paths, inputs whose length is not a multiple\u003cbr\u003eof 16 bytes can leave the final partial block unencrypted and unauthenticated.\u003cbr\u003e\u003cbr\u003eImpact summary: The trailing 1-15 bytes of a message may be exposed in\u003cbr\u003ecleartext on encryption and are not covered by the authentication tag,\u003cbr\u003eallowing an attacker to read or tamper with those bytes without detection.\u003cbr\u003e\u003cbr\u003eThe low-level OCB encrypt and decrypt routines in the hardware-accelerated\u003cbr\u003estream path process full 16-byte blocks but do not advance the input/output\u003cbr\u003epointers. The subsequent tail-handling code then operates on the original\u003cbr\u003ebase pointers, effectively reprocessing the beginning of the buffer while\u003cbr\u003eleaving the actual trailing bytes unprocessed. The authentication checksum\u003cbr\u003ealso excludes the true tail bytes.\u003cbr\u003e\u003cbr\u003eHowever, typical OpenSSL consumers using EVP are not affected because the\u003cbr\u003ehigher-level EVP and provider OCB implementations split inputs so that full\u003cbr\u003eblocks and trailing partial blocks are processed in separate calls, avoiding\u003cbr\u003ethe problematic code path. Additionally, TLS does not use OCB ciphersuites.\u003cbr\u003eThe vulnerability only affects applications that call the low-level\u003cbr\u003eCRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with\u003cbr\u003enon-block-aligned lengths in a single call on hardware-accelerated builds.\u003cbr\u003eFor these reasons the issue was assessed as Low severity.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected\u003cbr\u003eby this issue, as OCB mode is not a FIPS-approved algorithm.\u003cbr\u003e\u003cbr\u003eOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\u003cbr\u003e\u003cbr\u003eOpenSSL 1.0.2 is not affected by this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-69418", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1w-0+deb11u5" }, "QGq5D5QwQKPerzYOBVoSsg==": { "id": "QGq5D5QwQKPerzYOBVoSsg==", "updater": "osv/pypi", "name": "GHSA-cx63-2mw6-8hw5", "description": "setuptools vulnerable to Command Injection via package URL", "issued": "2024-07-15T03:30:57Z", "links": "https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/pull/4332 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://github.com/pypa/setuptools https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://lists.debian.org/debian-lts-announce/2024/09/msg00018.html", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "setuptools", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=70.0.0" }, "Qd2XnJZ3qaQ3AbyDXUaR2A==": { "id": "Qd2XnJZ3qaQ3AbyDXUaR2A==", "updater": "osv/pypi", "name": "PYSEC-2022-43012", "description": "", "issued": "2022-12-23T00:15:00Z", "links": "https://github.com/pypa/setuptools/blob/fe8a98e696241487ba6ac9f91faa38ade939ec5d/setuptools/package_index.py#L200 https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/ https://github.com/pypa/setuptools/compare/v65.5.0...v65.5.1 https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be https://pyup.io/vulnerabilities/CVE-2022-40897/52495/", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "setuptools", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=65.5.1" }, "QopvyNp/5Ata9NdAUhFygw==": { "id": "QopvyNp/5Ata9NdAUhFygw==", "updater": "debian/updater", "name": "CVE-2025-5278", "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-5278", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "coreutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "RsDeaOU1gcwrKfmGECEolg==": { "id": "RsDeaOU1gcwrKfmGECEolg==", "updater": "debian/updater", "name": "CVE-2026-42015", "description": "", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-42015", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "RxgProNqXCgPRgAzu8keFA==": { "id": "RxgProNqXCgPRgAzu8keFA==", "updater": "debian/updater", "name": "CVE-2026-40355", "description": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-40355", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "SNR1VT02i1HBHxqGRTeBAQ==": { "id": "SNR1VT02i1HBHxqGRTeBAQ==", "updater": "debian/updater", "name": "CVE-2025-9820", "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-9820", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u9" }, "T2SiDOPpMK0bU0Y0qkOm1A==": { "id": "T2SiDOPpMK0bU0Y0qkOm1A==", "updater": "debian/updater", "name": "CVE-2019-1010025", "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "T4I8pNAq5VIHzHdHBx3kMA==": { "id": "T4I8pNAq5VIHzHdHBx3kMA==", "updater": "debian/updater", "name": "CVE-2025-24528", "description": "In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-24528", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.18.3-6+deb11u6" }, "Tcuyjettc5LT9G5wj3mSxw==": { "id": "Tcuyjettc5LT9G5wj3mSxw==", "updater": "debian/updater", "name": "CVE-2022-4450", "description": "The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the \"name\" (e.g. \"CERTIFICATE\"), any header data and the payload data. If the function succeeds then the \"name_out\", \"header\" and \"data\" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-4450", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1n-0+deb11u4" }, "TgHh5yPuwUnIt8v9WawGYw==": { "id": "TgHh5yPuwUnIt8v9WawGYw==", "updater": "debian/updater", "name": "CVE-2025-6141", "description": "A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. It is recommended to upgrade the affected component.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-6141", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "U3JbUhrT2SqWNuYU5d13cQ==": { "id": "U3JbUhrT2SqWNuYU5d13cQ==", "updater": "debian/updater", "name": "CVE-2021-33560", "description": "Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2021-33560", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "libgcrypt20", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "U5598afGvRaltva6Rjqnug==": { "id": "U5598afGvRaltva6Rjqnug==", "updater": "debian/updater", "name": "CVE-2026-4105", "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-4105", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "247.3-7+deb11u8" }, "Ud6njM/DPIrfSPiFct82Lw==": { "id": "Ud6njM/DPIrfSPiFct82Lw==", "updater": "debian/updater", "name": "CVE-2023-52426", "description": "libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-52426", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "UdV1OleGh/0MAkug0ZAlcQ==": { "id": "UdV1OleGh/0MAkug0ZAlcQ==", "updater": "debian/updater", "name": "CVE-2026-25210", "description": "In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-25210", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "Ul/kdhde9MT/cThQqWyUBA==": { "id": "Ul/kdhde9MT/cThQqWyUBA==", "updater": "debian/updater", "name": "CVE-2026-3832", "description": "A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol (OCSP) response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with OCSP verification enabled may incorrectly accept a revoked server certificate, potentially leading to a compromise of trust.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-3832", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "VzolVkOS5HseGzVTLzDMfA==": { "id": "VzolVkOS5HseGzVTLzDMfA==", "updater": "debian/updater", "name": "CVE-2023-39804", "description": "In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-39804", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.34+dfsg-1+deb11u1" }, "WCGqond4znYKCRcm4xyPrg==": { "id": "WCGqond4znYKCRcm4xyPrg==", "updater": "debian/updater", "name": "CVE-2007-5686", "description": "initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2007-5686", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "shadow", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "WG/hQnqUufOh6/5/mlRi/Q==": { "id": "WG/hQnqUufOh6/5/mlRi/Q==", "updater": "debian/updater", "name": "CVE-2023-31439", "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-31439", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "WHvU12ysgz1Ai1y1KSOiLA==": { "id": "WHvU12ysgz1Ai1y1KSOiLA==", "updater": "debian/updater", "name": "CVE-2024-33599", "description": "nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-33599", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.31-13+deb11u10" }, "WRwV7Adc7Zuy6O98PPaFDw==": { "id": "WRwV7Adc7Zuy6O98PPaFDw==", "updater": "debian/updater", "name": "CVE-2026-40356", "description": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-40356", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "WWnQMI7f7f75SgC9Dcl+QQ==": { "id": "WWnQMI7f7f75SgC9Dcl+QQ==", "updater": "debian/updater", "name": "TEMP-0290435-0B57B5", "description": "", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/TEMP-0290435-0B57B5", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "WcYPrwv9PSVoVoof5MRsxQ==": { "id": "WcYPrwv9PSVoVoof5MRsxQ==", "updater": "osv/pypi", "name": "PYSEC-2023-228", "description": "", "issued": "2023-10-25T18:17:00Z", "links": "https://mail.python.org/archives/list/security-announce@python.org/thread/F4PL35U6X4VVHZ5ILJU3PWUWN7H7LZXL/ https://github.com/pypa/pip/pull/12306", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "pip", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=23.3" }, "WxlxRC1KqAo8Mejv03fZGA==": { "id": "WxlxRC1KqAo8Mejv03fZGA==", "updater": "debian/updater", "name": "CVE-2025-68972", "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-68972", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "XQ5gIRaXVhDd6S954jtG2g==": { "id": "XQ5gIRaXVhDd6S954jtG2g==", "updater": "debian/updater", "name": "CVE-2026-5928", "description": "Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially resulting in unintentional disclosure of neighboring data in the heap, or a program crash. A bug in the wide character pushback implementation (_IO_wdefault_pbackfail in libio/wgenops.c) causes ungetwc() to operate on the regular character buffer (fp-\u003e_IO_read_ptr) instead of the actual wide-stream read pointer (fp-\u003e_wide_data-\u003e_IO_read_ptr). The program crash may happen in cases where fp-\u003e_IO_read_ptr is not initialized and hence points to NULL. The buffer under-read requires a special situation where the input character encoding is such that there are overlaps between single byte representations and multibyte representations in that encoding, resulting in spurious matches. The spurious match case is not possible in the standard Unicode character sets.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-5928", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "Xce4H7xsVfrtYV2aXED7xA==": { "id": "Xce4H7xsVfrtYV2aXED7xA==", "updater": "debian/updater", "name": "CVE-2017-18018", "description": "In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX \"-R -L\" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2017-18018", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "coreutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "XtT5+z5+yMbpdsyfkLItzA==": { "id": "XtT5+z5+yMbpdsyfkLItzA==", "updater": "debian/updater", "name": "CVE-2025-6395", "description": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-6395", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u8" }, "Y++3+aMTeU3vX7BI4/zG6w==": { "id": "Y++3+aMTeU3vX7BI4/zG6w==", "updater": "debian/updater", "name": "CVE-2025-14831", "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-14831", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u9" }, "Y4A2Zm5xcsipvfluZVH5fA==": { "id": "Y4A2Zm5xcsipvfluZVH5fA==", "updater": "debian/updater", "name": "CVE-2026-0861", "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1\u003c\u003c62+ 1, 1\u003c\u003c63] and exactly 1\u003c\u003c63 for posix_memalign and aligned_alloc. Typically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-0861", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "YXTNVVKQsWY/LFuomB715g==": { "id": "YXTNVVKQsWY/LFuomB715g==", "updater": "debian/updater", "name": "CVE-2025-13151", "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-13151", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "libtasn1-6", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "ZbWtFXr0WyByV4kCb3M6FA==": { "id": "ZbWtFXr0WyByV4kCb3M6FA==", "updater": "debian/updater", "name": "CVE-2023-5981", "description": "A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-5981", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u4" }, "ZdGgPSEZdeQ3XJo0+ZpAXQ==": { "id": "ZdGgPSEZdeQ3XJo0+ZpAXQ==", "updater": "debian/updater", "name": "CVE-2019-1010023", "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "ZrZi02myDWWW0L5oPQj/cg==": { "id": "ZrZi02myDWWW0L5oPQj/cg==", "updater": "debian/updater", "name": "CVE-2017-11164", "description": "In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2017-11164", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "pcre3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "ZxTVeoHgmvhWXsV+xLzphA==": { "id": "ZxTVeoHgmvhWXsV+xLzphA==", "updater": "debian/updater", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-4813", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "aWm6E1ULjtuw0ydmFnsI4A==": { "id": "aWm6E1ULjtuw0ydmFnsI4A==", "updater": "debian/updater", "name": "CVE-2025-6297", "description": "It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-6297", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "dpkg", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "afNm575eldgXY3DOGUNdqQ==": { "id": "afNm575eldgXY3DOGUNdqQ==", "updater": "debian/updater", "name": "CVE-2026-28388", "description": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number extension is missing. Impact summary: A NULL pointer dereference can trigger a crash which leads to a Denial of Service for an application. When CRL processing and delta CRL processing is enabled during X.509 certificate verification, the delta CRL processing does not check whether the CRL Number extension is NULL before dereferencing it. When a malformed delta CRL file is being processed, this parameter can be NULL, causing a NULL pointer dereference. Exploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in the verification context, the certificate being verified to contain a freshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and an attacker to provide a malformed CRL to an application that processes it. The vulnerability is limited to Denial of Service and cannot be escalated to achieve code execution or memory disclosure. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-28388", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "aqMHDRnPT+3QNU/8tSwsog==": { "id": "aqMHDRnPT+3QNU/8tSwsog==", "updater": "debian/updater", "name": "CVE-2019-9192", "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2019-9192", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "b2D8D2g8yPwuRhswdqF0Rw==": { "id": "b2D8D2g8yPwuRhswdqF0Rw==", "updater": "debian/updater", "name": "CVE-2023-3446", "description": "Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus ('p' parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulernable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the '-check' option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-3446", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1v-0~deb11u1" }, "bBymk1eoEM+tVYB+/Crz+g==": { "id": "bBymk1eoEM+tVYB+/Crz+g==", "updater": "debian/updater", "name": "CVE-2024-28835", "description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-28835", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u6" }, "bNvH54V1y9cXsGaCXVwFVw==": { "id": "bNvH54V1y9cXsGaCXVwFVw==", "updater": "osv/pypi", "name": "GHSA-5rjg-fvgr-3xxf", "description": "setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write", "issued": "2025-05-19T16:52:43Z", "links": "https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf https://nvd.nist.gov/vuln/detail/CVE-2025-47273 https://github.com/pypa/setuptools/issues/4946 https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b https://github.com/pypa/advisory-database/tree/main/vulns/setuptools/PYSEC-2025-49.yaml https://github.com/pypa/setuptools https://github.com/pypa/setuptools/blob/6ead555c5fb29bc57fe6105b1bffc163f56fd558/setuptools/package_index.py#L810C1-L825C88 https://lists.debian.org/debian-lts-announce/2025/05/msg00035.html", "severity": "HIGH", "normalized_severity": "High", "package": { "id": "", "name": "setuptools", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=78.1.1" }, "bZ2m6J3EIvmTdjYJprlOKA==": { "id": "bZ2m6J3EIvmTdjYJprlOKA==", "updater": "debian/updater", "name": "CVE-2021-36085", "description": "The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verify_map_perm_classperms and hashtab_map).", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2021-36085", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "libsepol", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.1-1+deb11u1" }, "bjAyJcmSN59FnAeiA6RMIg==": { "id": "bjAyJcmSN59FnAeiA6RMIg==", "updater": "debian/updater", "name": "CVE-2026-28389", "description": "Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of Service. When a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is processed, the optional parameters field of KeyEncryptionAlgorithmIdentifier is examined without checking for its presence. This results in a NULL pointer dereference if the field is missing. Applications and services that call CMS_decrypt() on untrusted input (e.g., S/MIME processing or CMS-based protocols) are vulnerable. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-28389", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "brAAPyN4siIQT5bxa9xu4g==": { "id": "brAAPyN4siIQT5bxa9xu4g==", "updater": "debian/updater", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-47038", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "perl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "5.32.1-4+deb11u3" }, "c9VxNhSZmjnQmY3rI/q1PA==": { "id": "c9VxNhSZmjnQmY3rI/q1PA==", "updater": "debian/updater", "name": "CVE-2025-15281", "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-15281", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "cHpKoxiUOXPYUJX1ihMLDg==": { "id": "cHpKoxiUOXPYUJX1ihMLDg==", "updater": "debian/updater", "name": "CVE-2018-5709", "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry-\u003en_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2018-5709", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "cZD87tDO2q60EFy3BAZ33g==": { "id": "cZD87tDO2q60EFy3BAZ33g==", "updater": "debian/updater", "name": "CVE-2023-0464", "description": "A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-0464", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1n-0+deb11u5" }, "ce9B0jxjyNiCfG4VtZhnVw==": { "id": "ce9B0jxjyNiCfG4VtZhnVw==", "updater": "debian/updater", "name": "CVE-2011-4116", "description": "_is_safe in the File::Temp module for Perl does not properly handle symlinks.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2011-4116", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "perl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "d1D8ilhRqv7A6eAzRE4Ojw==": { "id": "d1D8ilhRqv7A6eAzRE4Ojw==", "updater": "debian/updater", "name": "CVE-2023-29491", "description": "ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-29491", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "6.2+20201114-2+deb11u2" }, "dDtfYPtAiWG7x5kc85ma8w==": { "id": "dDtfYPtAiWG7x5kc85ma8w==", "updater": "debian/updater", "name": "CVE-2026-5435", "description": "The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-5435", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "dFbvYO8avXWxbjXnm5ACqQ==": { "id": "dFbvYO8avXWxbjXnm5ACqQ==", "updater": "debian/updater", "name": "CVE-2023-36054", "description": "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-36054", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.18.3-6+deb11u4" }, "dUTZP+bcDNUqytJV02E1dQ==": { "id": "dUTZP+bcDNUqytJV02E1dQ==", "updater": "debian/updater", "name": "CVE-2025-6965", "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-6965", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "sqlite3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "dZ/H1sYv9QSX9VO93tlGLw==": { "id": "dZ/H1sYv9QSX9VO93tlGLw==", "updater": "osv/pypi", "name": "GHSA-4xh5-x5gv-qwph", "description": "pip's fallback tar extraction doesn't check symbolic links point to extraction directory", "issued": "2025-09-24T15:31:14Z", "links": "https://nvd.nist.gov/vuln/detail/CVE-2025-8869 https://github.com/pypa/pip/pull/13550 https://github.com/pypa/pip/commit/f2b92314da012b9fffa36b3f3e67748a37ef464a https://github.com/pypa/pip https://lists.debian.org/debian-lts-announce/2025/10/msg00028.html https://mail.python.org/archives/list/security-announce@python.org/thread/IF5A3GCJY3VH7BVHJKOWOJFKTW7VFQEN https://pip.pypa.io/en/stable/news/#v25-2", "severity": "MODERATE", "normalized_severity": "Medium", "package": { "id": "", "name": "pip", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=25.3" }, "djiF0yOmYUIiWIfmt75aDA==": { "id": "djiF0yOmYUIiWIfmt75aDA==", "updater": "debian/updater", "name": "CVE-2026-42011", "description": "", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-42011", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "eietxU2AL+GdeSQwh6n6XA==": { "id": "eietxU2AL+GdeSQwh6n6XA==", "updater": "debian/updater", "name": "CVE-2023-0215", "description": "The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-0215", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1n-0+deb11u4" }, "epkSU4TSX3BVrueh1mbRzg==": { "id": "epkSU4TSX3BVrueh1mbRzg==", "updater": "debian/updater", "name": "CVE-2024-13176", "description": "Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measuring the timing would require either local access to the signing application or a very fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This can happen with significant probability only for some of the supported elliptic curves. In particular the NIST P-521 curve is affected. To be able to measure this leak, the attacker process must either be located in the same physical computer or must have a very fast network connection with low latency. For that reason the severity of this vulnerability is Low. The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-13176", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1w-0+deb11u3" }, "f6s0c0I4Eo7U1vb/8R9ATg==": { "id": "f6s0c0I4Eo7U1vb/8R9ATg==", "updater": "debian/updater", "name": "CVE-2025-6020", "description": "A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-6020", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "pam", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.4.0-9+deb11u2" }, "fUdim7gaWpwZtynNz5GiKg==": { "id": "fUdim7gaWpwZtynNz5GiKg==", "updater": "debian/updater", "name": "CVE-2023-0361", "description": "A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-0361", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u3" }, "fXJD4KsFmfzjgWJPYHqTrQ==": { "id": "fXJD4KsFmfzjgWJPYHqTrQ==", "updater": "debian/updater", "name": "CVE-2019-8457", "description": "SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2019-8457", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "db5.3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "fharKhY7OXyx+gXJAwiegw==": { "id": "fharKhY7OXyx+gXJAwiegw==", "updater": "debian/updater", "name": "CVE-2025-29088", "description": "In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (application crash). An sz*nBig multiplication is not cast to a 64-bit integer, and consequently some memory allocations may be incorrect.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-29088", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "fkr6aZMLVO7g6mTdU91lcg==": { "id": "fkr6aZMLVO7g6mTdU91lcg==", "updater": "debian/updater", "name": "CVE-2026-3184", "description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-3184", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "util-linux", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "g44foSnimIkShQZtpEhjbQ==": { "id": "g44foSnimIkShQZtpEhjbQ==", "updater": "debian/updater", "name": "CVE-2011-3389", "description": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2011-3389", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "g9KEtrzigl5TCrpvLCQU5A==": { "id": "g9KEtrzigl5TCrpvLCQU5A==", "updater": "debian/updater", "name": "CVE-2025-69419", "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service. The OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12 BMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes, the helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16 source byte count as the destination buffer capacity to UTF8_putc(). For BMP code points above U+07FF, UTF-8 requires three bytes, but the forwarded capacity can be just two bytes. UTF8_putc() then returns -1, and this negative value is added to the output length without validation, causing the length to become negative. The subsequent trailing NUL byte is then written at a negative offset, causing write outside of heap allocated buffer. The vulnerability is reachable via the public PKCS12_get_friendlyname() API when parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a different code path that avoids this issue, PKCS12_get_friendlyname() directly invokes the vulnerable function. Exploitation requires an attacker to provide a malicious PKCS#12 file to be parsed by the application and the attacker can just trigger a one zero byte write before the allocated buffer. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-69419", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1w-0+deb11u5" }, "gMRlXKqXSfP5n8UiPW430Q==": { "id": "gMRlXKqXSfP5n8UiPW430Q==", "updater": "debian/updater", "name": "CVE-2024-33602", "description": "nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-33602", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.31-13+deb11u10" }, "h+ZYYwp9nAKs/v08piJa2A==": { "id": "h+ZYYwp9nAKs/v08piJa2A==", "updater": "debian/updater", "name": "CVE-2026-33846", "description": "A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the message_length field remains consistent across all fragments of the same logical message. An attacker can exploit this by sending crafted DTLS fragments with conflicting message_length values, causing the implementation to allocate a buffer based on a smaller initial fragment and subsequently write beyond its bounds using larger, inconsistent fragments. Because the merge operation does not enforce proper bounds checking against the allocated buffer size, this results in an out-of-bounds write on the heap. The vulnerability is remotely exploitable without authentication via the DTLS handshake path and can lead to application crashes or potential memory corruption.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-33846", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "h7Lhy275V3QLvnBLGAulbw==": { "id": "h7Lhy275V3QLvnBLGAulbw==", "updater": "osv/pypi", "name": "PYSEC-2023-62", "description": "", "issued": "2023-05-02T18:15:00Z", "links": "https://github.com/pallets/flask/commit/70f906c51ce49c485f1d355703e9cc3386b1cc2b https://github.com/pallets/flask/releases/tag/2.3.2 https://github.com/pallets/flask/releases/tag/2.2.5 https://github.com/pallets/flask/security/advisories/GHSA-m2qf-hxjv-5gpq https://github.com/pallets/flask/commit/afd63b16170b7c047f5758eb910c416511e9c965", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "flask", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=2.2.5" }, "hb+m0qlWxENYdrb1R811qA==": { "id": "hb+m0qlWxENYdrb1R811qA==", "updater": "debian/updater", "name": "CVE-2026-32776", "description": "libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-32776", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "icG6omirC8ih0OmJHLIkrQ==": { "id": "icG6omirC8ih0OmJHLIkrQ==", "updater": "debian/updater", "name": "CVE-2026-5260", "description": "", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-5260", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "jJNc2KwFwVg03DlaNN1nbA==": { "id": "jJNc2KwFwVg03DlaNN1nbA==", "updater": "debian/updater", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-4806", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "jS/WQ+ua63nFUvjSzoQw1g==": { "id": "jS/WQ+ua63nFUvjSzoQw1g==", "updater": "debian/updater", "name": "CVE-2024-2236", "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-2236", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "libgcrypt20", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "k6VTDL+fxGnbqAk/IPGlnQ==": { "id": "k6VTDL+fxGnbqAk/IPGlnQ==", "updater": "debian/updater", "name": "CVE-2023-29383", "description": "In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \\n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \\r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that \"cat /etc/passwd\" shows a rogue user account.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-29383", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "shadow", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1:4.8.1-1+deb11u1" }, "k6fjQGJuJ+9NXMFLa5+CgA==": { "id": "k6fjQGJuJ+9NXMFLa5+CgA==", "updater": "debian/updater", "name": "CVE-2016-2781", "description": "chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2016-2781", "severity": "low", "normalized_severity": "Medium", "package": { "id": "", "name": "coreutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "k82HOcJqNkts86KJ0glvow==": { "id": "k82HOcJqNkts86KJ0glvow==", "updater": "debian/updater", "name": "CVE-2023-31484", "description": "CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-31484", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "perl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "5.32.1-4+deb11u4" }, "kgqUyyy6Fd5CUNREC3t1jg==": { "id": "kgqUyyy6Fd5CUNREC3t1jg==", "updater": "debian/updater", "name": "CVE-2025-32988", "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure. This vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-32988", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u8" }, "khiBNMMi17UID6UagXI8LA==": { "id": "khiBNMMi17UID6UagXI8LA==", "updater": "debian/updater", "name": "CVE-2021-36086", "description": "The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list).", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2021-36086", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "libsepol", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.1-1+deb11u1" }, "kwKUYCnvi/GndNgicLw/RQ==": { "id": "kwKUYCnvi/GndNgicLw/RQ==", "updater": "debian/updater", "name": "CVE-2023-0466", "description": "The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate verification. As suddenly enabling the policy check could break existing deployments it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. Instead the applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-0466", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1n-0+deb11u5" }, "kwonOUycdcBenNhjZ1b//Q==": { "id": "kwonOUycdcBenNhjZ1b//Q==", "updater": "osv/pypi", "name": "GHSA-68rp-wp8r-4726", "description": "Flask session does not add `Vary: Cookie` header when accessed in some ways", "issued": "2026-02-19T20:45:41Z", "links": "https://github.com/pallets/flask/security/advisories/GHSA-68rp-wp8r-4726 https://nvd.nist.gov/vuln/detail/CVE-2026-27205 https://github.com/pallets/flask/commit/089cb86dd22bff589a4eafb7ab8e42dc357623b4 https://github.com/pallets/flask https://github.com/pallets/flask/releases/tag/3.1.3", "severity": "LOW", "normalized_severity": "Low", "package": { "id": "", "name": "flask", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=3.1.3" }, "l6iyFrb04z9eZxh35gAtVA==": { "id": "l6iyFrb04z9eZxh35gAtVA==", "updater": "debian/updater", "name": "CVE-2025-0395", "description": "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-0395", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.31-13+deb11u12" }, "l8HSGkC4gSxCEUDns7KKfQ==": { "id": "l8HSGkC4gSxCEUDns7KKfQ==", "updater": "debian/updater", "name": "CVE-2011-3374", "description": "It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2011-3374", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "apt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "lAYsMZ/1tV9arAE2k+zsAQ==": { "id": "lAYsMZ/1tV9arAE2k+zsAQ==", "updater": "debian/updater", "name": "CVE-2023-31437", "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-31437", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "lShmgiPGgmUIO0VwzhSBRA==": { "id": "lShmgiPGgmUIO0VwzhSBRA==", "updater": "debian/updater", "name": "CVE-2023-2650", "description": "Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience notable to very long delays when processing those messages, which may lead to a Denial of Service. An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - most of which have no size limit. OBJ_obj2txt() may be used to translate an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL type ASN1_OBJECT) to its canonical numeric text form, which are the sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by periods. When one of the sub-identifiers in the OBJECT IDENTIFIER is very large (these are sizes that are seen as absurdly large, taking up tens or hundreds of KiBs), the translation to a decimal number in text may take a very long time. The time complexity is O(n^2) with 'n' being the size of the sub-identifiers in bytes (*). With OpenSSL 3.0, support to fetch cryptographic algorithms using names / identifiers in string form was introduced. This includes using OBJECT IDENTIFIERs in canonical numeric text form as identifiers for fetching algorithms. Such OBJECT IDENTIFIERs may be received through the ASN.1 structure AlgorithmIdentifier, which is commonly used in multiple protocols to specify what cryptographic algorithm should be used to sign or verify, encrypt or decrypt, or digest passed data. Applications that call OBJ_obj2txt() directly with untrusted data are affected, with any version of OpenSSL. If the use is for the mere purpose of display, the severity is considered low. In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 certificates, including simple things like verifying its signature. The impact on TLS is relatively low, because all versions of OpenSSL have a 100KiB limit on the peer's certificate chain. Additionally, this only impacts clients, or servers that have explicitly enabled client authentication. In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, such as X.509 certificates. This is assumed to not happen in such a way that it would cause a Denial of Service, so these versions are considered not affected by this issue in such a way that it would be cause for concern, and the severity is therefore considered low.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-2650", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1n-0+deb11u5" }, "lnMcIzRPoETIbrbgdDGINA==": { "id": "lnMcIzRPoETIbrbgdDGINA==", "updater": "debian/updater", "name": "CVE-2021-46848", "description": "GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2021-46848", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "libtasn1-6", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "4.16.0-2+deb11u1" }, "lpW8N25dDGtdRer0SxEc1A==": { "id": "lpW8N25dDGtdRer0SxEc1A==", "updater": "debian/updater", "name": "CVE-2026-42009", "description": "", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-42009", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "m619DfZfUke+jaTAnoZ2Xw==": { "id": "m619DfZfUke+jaTAnoZ2Xw==", "updater": "debian/updater", "name": "CVE-2023-7008", "description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-7008", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "247.3-7+deb11u6" }, "m8d/cgBRVljmHKGy6mUUXw==": { "id": "m8d/cgBRVljmHKGy6mUUXw==", "updater": "debian/updater", "name": "CVE-2025-40909", "description": "Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any third (or more) thread already running. This may lead to unintended operations such as loading code or accessing files from unexpected locations, which a local attacker may be able to exploit. The bug was introduced in commit 11a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-40909", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "perl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "5.32.1-4+deb11u5" }, "mJA9Uto8Hh0tElNp2qoYaA==": { "id": "mJA9Uto8Hh0tElNp2qoYaA==", "updater": "debian/updater", "name": "CVE-2017-7245", "description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2017-7245", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "pcre3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "meQYB1JR+XE3En/RrDfPvA==": { "id": "meQYB1JR+XE3En/RrDfPvA==", "updater": "debian/updater", "name": "CVE-2022-4415", "description": "A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-4415", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "247.3-7+deb11u2" }, "mj6UKCnVoHnC6YBWJGf/Ug==": { "id": "mj6UKCnVoHnC6YBWJGf/Ug==", "updater": "osv/pypi", "name": "GHSA-mq26-g339-26xf", "description": "Command Injection in pip when used with Mercurial", "issued": "2023-10-25T18:32:26Z", "links": "https://nvd.nist.gov/vuln/detail/CVE-2023-5752 https://github.com/pypa/pip/pull/12306 https://github.com/pypa/pip/commit/389cb799d0da9a840749fcd14878928467ed49b4 https://github.com/pypa/advisory-database/tree/main/vulns/pip/PYSEC-2023-228.yaml https://github.com/pypa/pip https://lists.debian.org/debian-lts-announce/2025/10/msg00028.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/622OZXWG72ISQPLM5Y57YCVIMWHD4C3U https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65UKKF5LBHEFDCUSPBHUN4IHYX7SRMHH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FXUVMJM25PUAZRQZBF54OFVKTY3MINPW https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KFC2SPFG5FLCZBYY2K3T5MFW2D22NG6E https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YBSB3SUPQ3VIFYUMHPO3MEQI4BJAXKCZ https://mail.python.org/archives/list/security-announce@python.org/thread/F4PL35U6X4VVHZ5ILJU3PWUWN7H7LZXL", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "pip", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=23.3" }, "mnGTl6DWEAI0reOCEqb0jw==": { "id": "mnGTl6DWEAI0reOCEqb0jw==", "updater": "debian/updater", "name": "CVE-2022-0563", "description": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-0563", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "util-linux", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "n+1p0npJfBZ4vUpG1OFi6w==": { "id": "n+1p0npJfBZ4vUpG1OFi6w==", "updater": "debian/updater", "name": "CVE-2023-50868", "description": "The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the \"NSEC3\" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-50868", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "247.3-7+deb11u6" }, "nApP7wP3SU/Fk79xF589WA==": { "id": "nApP7wP3SU/Fk79xF589WA==", "updater": "debian/updater", "name": "CVE-2026-40226", "description": "In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-40226", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "247.3-7+deb11u8" }, "o75dmeL6883s7llfbkU+PA==": { "id": "o75dmeL6883s7llfbkU+PA==", "updater": "debian/updater", "name": "CVE-2024-45490", "description": "An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-45490", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.2.10-2+deb11u6" }, "oeIf5WAd0bERBmJCeLsqIg==": { "id": "oeIf5WAd0bERBmJCeLsqIg==", "updater": "debian/updater", "name": "CVE-2017-7246", "description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2017-7246", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "pcre3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "pVmDd54NDrNeiY7vPLSO2A==": { "id": "pVmDd54NDrNeiY7vPLSO2A==", "updater": "debian/updater", "name": "CVE-2026-42014", "description": "", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-42014", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "pa+2016jZIT5xycgFHsAsQ==": { "id": "pa+2016jZIT5xycgFHsAsQ==", "updater": "debian/updater", "name": "CVE-2018-20796", "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2018-20796", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "pmcR65l6CQ+6Qdh99gUtFQ==": { "id": "pmcR65l6CQ+6Qdh99gUtFQ==", "updater": "debian/updater", "name": "CVE-2023-52425", "description": "libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-52425", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.2.10-2+deb11u6" }, "pu8XvxoOXeKAI0tvpRRucg==": { "id": "pu8XvxoOXeKAI0tvpRRucg==", "updater": "debian/updater", "name": "CVE-2023-5678", "description": "Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays. Likewise, applications that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. While DH_check() performs all the necessary checks (as of CVE-2023-3817), DH_check_pub_key() doesn't make any of these checks, and is therefore vulnerable for excessively large P and Q parameters. Likewise, while DH_generate_key() performs a check for an excessively large P, it doesn't check for an excessively large Q. An application that calls DH_generate_key() or DH_check_pub_key() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. DH_generate_key() and DH_check_pub_key() are also called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate(). Also vulnerable are the OpenSSL pkey command line application when using the \"-pubcheck\" option, as well as the OpenSSL genpkey command line application. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-5678", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1w-0+deb11u2" }, "pvJrwAdasLbb4sLGcD48Jg==": { "id": "pvJrwAdasLbb4sLGcD48Jg==", "updater": "debian/updater", "name": "CVE-2026-5450", "description": "Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-5450", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "qDLWFSo6NpfxWPhSeAS8zQ==": { "id": "qDLWFSo6NpfxWPhSeAS8zQ==", "updater": "debian/updater", "name": "CVE-2024-28834", "description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-28834", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u6" }, "qGfgK6gESZLmw0X26VnrJw==": { "id": "qGfgK6gESZLmw0X26VnrJw==", "updater": "debian/updater", "name": "CVE-2026-5958", "description": "When sed is invoked with both -i (in-place edit) and --follow-symlinks, the function open_next_file() performs two separate, non-atomic filesystem operations on the same path: 1. resolves symlink to its target and stores the resolved path for determining when output is written, 2. opens the original symlink path (not the resolved one) to read the file. Between these two calls there is a race window. If an attacker atomically replaces the symlink with a different target during that window, sed will: read content from the new (attacker-chosen) symlink target and write the processed result to the path recorded in step 1. This can lead to arbitrary file overwrite with attacker-controlled content in the context of the sed process. This issue was fixed in version 4.10.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-5958", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "sed", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "qICU5RK5Z4CLAC7/kEZ48Q==": { "id": "qICU5RK5Z4CLAC7/kEZ48Q==", "updater": "debian/updater", "name": "CVE-2025-14104", "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-14104", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "util-linux", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "qhu8cH6U47vSCL4GXDHHtA==": { "id": "qhu8cH6U47vSCL4GXDHHtA==", "updater": "debian/updater", "name": "CVE-2023-4641", "description": "A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-4641", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "shadow", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1:4.8.1-1+deb11u1" }, "qx22MhFBEwd9c5PrW7vjKw==": { "id": "qx22MhFBEwd9c5PrW7vjKw==", "updater": "debian/updater", "name": "CVE-2025-69720", "description": "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-69720", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "r5SCr3Z1Q4buRwe6QvoIRg==": { "id": "r5SCr3Z1Q4buRwe6QvoIRg==", "updater": "debian/updater", "name": "CVE-2026-41080", "description": "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-41080", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "s55QOTlka9E4jTdGv0d/FA==": { "id": "s55QOTlka9E4jTdGv0d/FA==", "updater": "debian/updater", "name": "CVE-2025-4802", "description": "Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-4802", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.31-13+deb11u13" }, "srcIw8ffB6famHHqmqImEw==": { "id": "srcIw8ffB6famHHqmqImEw==", "updater": "debian/updater", "name": "CVE-2023-3817", "description": "Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A correct q value, if present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if q is larger than p. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the \"-check\" option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-3817", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1v-0~deb11u1" }, "svo9ZP0wOZ7IXZp//n2f7g==": { "id": "svo9ZP0wOZ7IXZp//n2f7g==", "updater": "osv/pypi", "name": "GHSA-m2qf-hxjv-5gpq", "description": "Flask vulnerable to possible disclosure of permanent session cookie due to missing Vary: Cookie header", "issued": "2023-05-01T19:22:20Z", "links": "https://github.com/pallets/flask/security/advisories/GHSA-m2qf-hxjv-5gpq https://nvd.nist.gov/vuln/detail/CVE-2023-30861 https://github.com/pallets/flask/commit/70f906c51ce49c485f1d355703e9cc3386b1cc2b https://github.com/pallets/flask/commit/afd63b16170b7c047f5758eb910c416511e9c965 https://github.com/pallets/flask https://github.com/pallets/flask/releases/tag/2.2.5 https://github.com/pallets/flask/releases/tag/2.3.2 https://github.com/pypa/advisory-database/tree/main/vulns/flask/PYSEC-2023-62.yaml https://lists.debian.org/debian-lts-announce/2023/08/msg00024.html https://security.netapp.com/advisory/ntap-20230818-0006 https://www.debian.org/security/2023/dsa-5442", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "High", "package": { "id": "", "name": "flask", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=2.2.5" }, "swQXHeTg1VEUQHser/6eEQ==": { "id": "swQXHeTg1VEUQHser/6eEQ==", "updater": "debian/updater", "name": "CVE-2023-50387", "description": "Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the \"KeyTrap\" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-50387", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "247.3-7+deb11u6" }, "t3CEDp5fZQ6D+aOizMiuSg==": { "id": "t3CEDp5fZQ6D+aOizMiuSg==", "updater": "debian/updater", "name": "CVE-2023-0286", "description": "There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-0286", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1n-0+deb11u4" }, "tBbOIOCaKVlwik7hH/baMQ==": { "id": "tBbOIOCaKVlwik7hH/baMQ==", "updater": "debian/updater", "name": "CVE-2021-45346", "description": "A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user obtain sensitive information. NOTE: The developer disputes this as a vulnerability stating that If you give SQLite a corrupted database file and submit a query against the database, it might read parts of the database that you did not intend or expect.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2021-45346", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "tjx9raP+v/Zzj6SBJct3WA==": { "id": "tjx9raP+v/Zzj6SBJct3WA==", "updater": "debian/updater", "name": "CVE-2023-7104", "description": "A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-7104", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "sqlite3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.34.1-3+deb11u1" }, "tne7uZ2E+Ev6QI7ctt3PxA==": { "id": "tne7uZ2E+Ev6QI7ctt3PxA==", "updater": "debian/updater", "name": "CVE-2024-33600", "description": "nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-33600", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.31-13+deb11u10" }, "u+ya+p/mAtLPAYAgbSPTTw==": { "id": "u+ya+p/mAtLPAYAgbSPTTw==", "updater": "debian/updater", "name": "CVE-2022-41409", "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-41409", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "pcre2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "u4BvRhFacDxQuC7pVeExQg==": { "id": "u4BvRhFacDxQuC7pVeExQg==", "updater": "debian/updater", "name": "CVE-2026-27456", "description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-27456", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "util-linux", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "uEg5UAxE9NNjF71OxdO7uQ==": { "id": "uEg5UAxE9NNjF71OxdO7uQ==", "updater": "debian/updater", "name": "CVE-2017-16231", "description": "In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is used", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2017-16231", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "pcre3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "uTSYWROavw8Bf2n+4djlMg==": { "id": "uTSYWROavw8Bf2n+4djlMg==", "updater": "debian/updater", "name": "CVE-2025-4598", "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-4598", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "247.3-7+deb11u7" }, "ugZgSJOxFzPCX6LQaJzM3A==": { "id": "ugZgSJOxFzPCX6LQaJzM3A==", "updater": "debian/updater", "name": "CVE-2024-5535", "description": "Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or a crash. In particular this issue could result in up to 255 bytes of arbitrary private data from memory being sent to the peer leading to a loss of confidentiality. However, only applications that directly call the SSL_select_next_proto function with a 0 length list of supported client protocols are affected by this issue. This would normally never be a valid scenario and is typically not under attacker control but may occur by accident in the case of a configuration or programming error in the calling application. The OpenSSL API function SSL_select_next_proto is typically used by TLS applications that support ALPN (Application Layer Protocol Negotiation) or NPN (Next Protocol Negotiation). NPN is older, was never standardised and is deprecated in favour of ALPN. We believe that ALPN is significantly more widely deployed than NPN. The SSL_select_next_proto function accepts a list of protocols from the server and a list of protocols from the client and returns the first protocol that appears in the server list that also appears in the client list. In the case of no overlap between the two lists it returns the first item in the client list. In either case it will signal whether an overlap between the two lists was found. In the case where SSL_select_next_proto is called with a zero length client list it fails to notice this condition and returns the memory immediately following the client list pointer (and reports that there was no overlap in the lists). This function is typically called from a server side application callback for ALPN or a client side application callback for NPN. In the case of ALPN the list of protocols supplied by the client is guaranteed by libssl to never be zero in length. The list of server protocols comes from the application and should never normally be expected to be of zero length. In this case if the SSL_select_next_proto function has been called as expected (with the list supplied by the client passed in the client/client_len parameters), then the application will not be vulnerable to this issue. If the application has accidentally been configured with a zero length server list, and has accidentally passed that zero length server list in the client/client_len parameters, and has additionally failed to correctly handle a \"no overlap\" response (which would normally result in a handshake failure in ALPN) then it will be vulnerable to this problem. In the case of NPN, the protocol permits the client to opportunistically select a protocol when there is no overlap. OpenSSL returns the first client protocol in the no overlap case in support of this. The list of client protocols comes from the application and should never normally be expected to be of zero length. However if the SSL_select_next_proto function is accidentally called with a client_len of 0 then an invalid memory pointer will be returned instead. If the application uses this output as the opportunistic protocol then the loss of confidentiality will occur. This issue has been assessed as Low severity because applications are most likely to be vulnerable if they are using NPN instead of ALPN - but NPN is not widely used. It also requires an application configuration or programming error. Finally, this issue would not typically be under attacker control making active exploitation unlikely. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue. Due to the low severity of this issue we are not issuing new releases of OpenSSL at this time. The fix will be included in the next releases when they become available.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-5535", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1w-0+deb11u2" }, "uspznaGFEzt4cX0xZ36sYw==": { "id": "uspznaGFEzt4cX0xZ36sYw==", "updater": "debian/updater", "name": "CVE-2026-28390", "description": "Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of Service. When a CMS EnvelopedData message that uses KeyTransportRecipientInfo with RSA-OAEP encryption is processed, the optional parameters field of RSA-OAEP SourceFunc algorithm identifier is examined without checking for its presence. This results in a NULL pointer dereference if the field is missing. Applications and services that call CMS_decrypt() on untrusted input (e.g., S/MIME processing or CMS-based protocols) are vulnerable. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-28390", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "uwoSIcSlln9YRd7N1Kc3KQ==": { "id": "uwoSIcSlln9YRd7N1Kc3KQ==", "updater": "debian/updater", "name": "CVE-2026-40228", "description": "In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a \"logger -p emerg\" command is executed, if ForwardToWall=yes is set.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-40228", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "vcYYj1nbYwczzoLG255iZQ==": { "id": "vcYYj1nbYwczzoLG255iZQ==", "updater": "debian/updater", "name": "CVE-2023-4039", "description": "**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-4039", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "gcc-9", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "vmet9boOEsf+RUsh5rJnEw==": { "id": "vmet9boOEsf+RUsh5rJnEw==", "updater": "debian/updater", "name": "CVE-2024-4741", "description": "Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause memory to be accessed that was previously freed in some situations Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code. However, only applications that directly call the SSL_free_buffers function are affected by this issue. Applications that do not call this function are not vulnerable. Our investigations indicate that this function is rarely used by applications. The SSL_free_buffers function is used to free the internal OpenSSL buffer used when processing an incoming record from the network. The call is only expected to succeed if the buffer is not currently in use. However, two scenarios have been identified where the buffer is freed even when still in use. The first scenario occurs where a record header has been received from the network and processed by OpenSSL, but the full record body has not yet arrived. In this case calling SSL_free_buffers will succeed even though a record has only been partially processed and the buffer is still in use. The second scenario occurs where a full record containing application data has been received and processed by OpenSSL but the application has only read part of this data. Again a call to SSL_free_buffers will succeed even though the buffer is still in use. While these scenarios could occur accidentally during normal operation a malicious attacker could attempt to engineer a stituation where this occurs. We are not aware of this issue being actively exploited. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-4741", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1w-0+deb11u2" }, "w4Wr213OT8TRxlHAy3MwPQ==": { "id": "w4Wr213OT8TRxlHAy3MwPQ==", "updater": "debian/updater", "name": "CVE-2010-4756", "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2010-4756", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "wFMwqYmfC1KjDKz8vyBr4A==": { "id": "wFMwqYmfC1KjDKz8vyBr4A==", "updater": "debian/updater", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-4911", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.31-13+deb11u7" }, "wzv81XuYHOFtlrLHaamjZg==": { "id": "wzv81XuYHOFtlrLHaamjZg==", "updater": "debian/updater", "name": "CVE-2024-37371", "description": "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-37371", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.18.3-6+deb11u5" }, "x3SWTcEL2lgEvouAhmt6fQ==": { "id": "x3SWTcEL2lgEvouAhmt6fQ==", "updater": "debian/updater", "name": "CVE-2025-27587", "description": "OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-27587", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "xZI5XEFq7Cuk3Mu3KyTdmg==": { "id": "xZI5XEFq7Cuk3Mu3KyTdmg==", "updater": "debian/updater", "name": "CVE-2024-56433", "description": "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-56433", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "shadow", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "y2mOh8WlJTCvA6wlULAyvA==": { "id": "y2mOh8WlJTCvA6wlULAyvA==", "updater": "debian/updater", "name": "CVE-2025-68973", "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-68973", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.2.27-2+deb11u3" }, "ySGl3ADUS8EeTeweiO86Aw==": { "id": "ySGl3ADUS8EeTeweiO86Aw==", "updater": "debian/updater", "name": "CVE-2024-9143", "description": "Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory writes can lead to an application crash or even a possibility of a remote code execution, however, in all the protocols involving Elliptic Curve Cryptography that we're aware of, either only \"named curves\" are supported, or, if explicit curve parameters are supported, they specify an X9.62 encoding of binary (GF(2^m)) curves that can't represent problematic input values. Thus the likelihood of existence of a vulnerable application is low. In particular, the X9.62 encoding is used for ECC keys in X.509 certificates, so problematic inputs cannot occur in the context of processing X.509 certificates. Any problematic use-cases would have to be using an \"exotic\" curve encoding. The affected APIs include: EC_GROUP_new_curve_GF2m(), EC_GROUP_new_from_params(), and various supporting BN_GF2m_*() functions. Applications working with \"exotic\" explicit binary (GF(2^m)) curve parameters, that make it possible to represent invalid field polynomials with a zero constant term, via the above or similar APIs, may terminate abruptly as a result of reading or writing outside of array bounds. Remote code execution cannot easily be ruled out. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-9143", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1w-0+deb11u2" }, "yyExMMKc3SPW2jNE01wTug==": { "id": "yyExMMKc3SPW2jNE01wTug==", "updater": "debian/updater", "name": "CVE-2026-22795", "description": "Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file. Impact summary: An application processing a malformed PKCS#12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a Denial of Service. A type confusion vulnerability exists in PKCS#12 parsing code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid pointer read. The location is constrained to a 1-byte address space, meaning any attempted pointer manipulation can only target addresses between 0x00 and 0xFF. This range corresponds to the zero page, which is unmapped on most modern operating systems and will reliably result in a crash, leading only to a Denial of Service. Exploiting this issue also requires a user or application to process a maliciously crafted PKCS#12 file. It is uncommon to accept untrusted PKCS#12 files in applications as they are usually used to store private keys which are trusted by definition. For these reasons, the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2026-22795", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1w-0+deb11u5" }, "yyhzQNC9UPFT5NwvhGsvqg==": { "id": "yyhzQNC9UPFT5NwvhGsvqg==", "updater": "debian/updater", "name": "CVE-2022-2097", "description": "AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of \"in place\" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-2097", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1n-0+deb11u4" }, "zL8eGifGE7B+wAjTOBjRgQ==": { "id": "zL8eGifGE7B+wAjTOBjRgQ==", "updater": "debian/updater", "name": "CVE-2022-29458", "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-29458", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "6.2+20201114-2+deb11u1" }, "ziMZexwNoFxp4mgVOJVBNQ==": { "id": "ziMZexwNoFxp4mgVOJVBNQ==", "updater": "debian/updater", "name": "CVE-2025-69421", "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS#12 files. The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct parameter is NULL before dereferencing it. When called from PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can be NULL, causing a crash. The vulnerability is limited to Denial of Service and cannot be escalated to achieve code execution or memory disclosure. Exploiting this issue requires an attacker to provide a malformed PKCS#12 file to an application that processes it. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-69421", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1w-0+deb11u5" } }, "package_vulnerabilities": { "+ol9cHiNc+RWiD7Kw3TLCg==": [ "GPLYq884jQKVksfMc+b7OQ==" ], "0jMyX7UCIuSpntMN1r7Ofg==": [ "KwgIGMm765S+zvIBAwM9+g==" ], "2MObxiEVNllmUEzdVZM5qw==": [ "l8HSGkC4gSxCEUDns7KKfQ==" ], "3f992oeEQfSQxRA0nlq8Wg==": [ "U3JbUhrT2SqWNuYU5d13cQ==", "+aR35vFmeRYa8dLzBaCMmQ==", "DfxJWBpJUY1aHu0ZUSilDg==", "jS/WQ+ua63nFUvjSzoQw1g==" ], "4jCPzhS6OWt4agz9d/cfTw==": [ "d1D8ilhRqv7A6eAzRE4Ojw==", "EvarhwbaAMrD3meGYFByGg==", "qx22MhFBEwd9c5PrW7vjKw==", "zL8eGifGE7B+wAjTOBjRgQ==", "TgHh5yPuwUnIt8v9WawGYw==" ], "7a3yla6TRFZrhmAreU7f8Q==": [ "pmcR65l6CQ+6Qdh99gUtFQ==", "Ud6njM/DPIrfSPiFct82Lw==", "UdV1OleGh/0MAkug0ZAlcQ==", "5Cmp5KJXv+nVwwcs5/Kz7w==", "DS2nhayHHtinLlFzZheSwg==", "6jg3v7lJ92IZCQpZydR2sA==", "9ThuL3zLKpmduvKpiDZ60w==", "5+uzHCKkmvMK8jl2uJkFqQ==", "/7UJLAHsMPxTtTxvuPgrzA==", "KZ3Jt7zkiM272dGLstI4XA==", "o75dmeL6883s7llfbkU+PA==", "IJPGr43VMeLym6tW3EWgdg==", "hb+m0qlWxENYdrb1R811qA==", "BtqRPc7F47wJWygPNOxw1w==", "MdrEi+/OrLlW3zDrheID2Q==", "r5SCr3Z1Q4buRwe6QvoIRg==", "IvA5abshk33BAuuBar/pVQ==" ], "8alfBYUr5uWbAyB5PrY8Hg==": [ "meQYB1JR+XE3En/RrDfPvA==", "n+1p0npJfBZ4vUpG1OFi6w==", "GRlufCZFwHNK64OQNCFIcg==", "uTSYWROavw8Bf2n+4djlMg==", "U5598afGvRaltva6Rjqnug==", "5rGwN3bKZLMvxcM/W4jj+A==", "uwoSIcSlln9YRd7N1Kc3KQ==", "lAYsMZ/1tV9arAE2k+zsAQ==", "WG/hQnqUufOh6/5/mlRi/Q==", "+x9OyXfXk9PrekfsnPKwlg==", "nApP7wP3SU/Fk79xF589WA==", "1dwwvWkARnFe67yAAGVglQ==", "swQXHeTg1VEUQHser/6eEQ==", "m619DfZfUke+jaTAnoZ2Xw==", "0q/btA3zBEGWWmFxU7cNig==", "ASrdm9EROwWp9Ip2w7HH5w==" ], "Akbft1KN+9FKNhh1tM25eA==": [ "u4BvRhFacDxQuC7pVeExQg==", "PJI8cpGpF5+qVan9H5W87Q==", "mnGTl6DWEAI0reOCEqb0jw==", "qICU5RK5Z4CLAC7/kEZ48Q==", "fkr6aZMLVO7g6mTdU91lcg==" ], "BJL42acLPAR8bEnmM1Z3mg==": [ "u4BvRhFacDxQuC7pVeExQg==", "PJI8cpGpF5+qVan9H5W87Q==", "mnGTl6DWEAI0reOCEqb0jw==", "qICU5RK5Z4CLAC7/kEZ48Q==", "fkr6aZMLVO7g6mTdU91lcg==" ], "CBzoMmlXBcyP54HOnauO0g==": [ "Ns8JH9Yqo6xZiGzihN4B3g==", "Ba+eHoq0U7aq9Kxwg98r8Q==", "KvTZOL1MGCoBHaXdBx1RcA==", "f6s0c0I4Eo7U1vb/8R9ATg==" ], "D0G6c/ML9XX4eoGHgx1jeQ==": [ "l6iyFrb04z9eZxh35gAtVA==", "MYYkxlB4Ank1zsdIh41apg==", "w4Wr213OT8TRxlHAy3MwPQ==", "/YwO4YLRGgF2uWU55V6+MQ==", "gMRlXKqXSfP5n8UiPW430Q==", "IwuADin5bagOGQErETBgWw==", "jJNc2KwFwVg03DlaNN1nbA==", "s55QOTlka9E4jTdGv0d/FA==", "WHvU12ysgz1Ai1y1KSOiLA==", "OTqcMsspao5I6JZMETZ06w==", "Y4A2Zm5xcsipvfluZVH5fA==", "ZdGgPSEZdeQ3XJo0+ZpAXQ==", "c9VxNhSZmjnQmY3rI/q1PA==", "XQ5gIRaXVhDd6S954jtG2g==", "pvJrwAdasLbb4sLGcD48Jg==", "DJOf0vCfrT4GvRr/tBJhbg==", "pa+2016jZIT5xycgFHsAsQ==", "ELw1b1vO2YOtV7qNQijgCw==", "T2SiDOPpMK0bU0Y0qkOm1A==", "ZxTVeoHgmvhWXsV+xLzphA==", "wFMwqYmfC1KjDKz8vyBr4A==", "GezxxUl3QPWUTitg/VHmlQ==", "CfS0L/tTata7W0FXXtQ4EQ==", "dDtfYPtAiWG7x5kc85ma8w==", "tne7uZ2E+Ev6QI7ctt3PxA==", "aqMHDRnPT+3QNU/8tSwsog==", "/cV7Fn8Va+poBGxbPjGjrQ==", "9JIazCQjSvYhpG9KE6d7Pg==" ], "DtMxcnDA8Je9vAHjmzagaA==": [ "GPLYq884jQKVksfMc+b7OQ==" ], "ExYxXcgoIRjAjUObwDE4jA==": [ "59rfj7X7Q9O1jyg5L5a5zQ==", "dFbvYO8avXWxbjXnm5ACqQ==", "0H/7BkE/Q7YVSZhEABXg6w==", "Nzgd66Rt/zG5Z8ZfbjecYA==", "T4I8pNAq5VIHzHdHBx3kMA==", "cHpKoxiUOXPYUJX1ihMLDg==", "wzv81XuYHOFtlrLHaamjZg==", "RxgProNqXCgPRgAzu8keFA==", "WRwV7Adc7Zuy6O98PPaFDw==", "OB48XTRaksNPWPm0dVHJmQ==" ], "FJIijlwFNqvdoVBcfTF/pg==": [ "CtYegggqGbMfg16G/qfITQ==", "WCGqond4znYKCRcm4xyPrg==", "LD4zPH3rZZkbSPN5ojHClA==", "k6VTDL+fxGnbqAk/IPGlnQ==", "qhu8cH6U47vSCL4GXDHHtA==", "xZI5XEFq7Cuk3Mu3KyTdmg==" ], "G/7q+D+DsqYAVnohcyuzgQ==": [ "ySGl3ADUS8EeTeweiO86Aw==", "uspznaGFEzt4cX0xZ36sYw==", "Tcuyjettc5LT9G5wj3mSxw==", "epkSU4TSX3BVrueh1mbRzg==", "eietxU2AL+GdeSQwh6n6XA==", "b2D8D2g8yPwuRhswdqF0Rw==", "yyhzQNC9UPFT5NwvhGsvqg==", "cZD87tDO2q60EFy3BAZ33g==", "QEROZuK4q+zt8UbP6ZV8wg==", "+N61/5529gFt7RkD8ooeKQ==", "t3CEDp5fZQ6D+aOizMiuSg==", "EajCJi704nU1+LqESNMC1w==", "ziMZexwNoFxp4mgVOJVBNQ==", "bjAyJcmSN59FnAeiA6RMIg==", "ugZgSJOxFzPCX6LQaJzM3A==", "yyExMMKc3SPW2jNE01wTug==", "x3SWTcEL2lgEvouAhmt6fQ==", "afNm575eldgXY3DOGUNdqQ==", "vmet9boOEsf+RUsh5rJnEw==", "g9KEtrzigl5TCrpvLCQU5A==", "Mmh4dm/jzK4QVSJqQVsCDw==", "Mnnh2CmlXNNRCBXvqdG9ig==", "lShmgiPGgmUIO0VwzhSBRA==", "pu8XvxoOXeKAI0tvpRRucg==", "GmBi7n85v8sX6ItoMSgvlQ==", "KLrAiYCJHdmWQ2RaqUywlA==", "srcIw8ffB6famHHqmqImEw==", "P4mYk7npVU6t91mlbAb8QA==", "3QDeWfKuntq5YxjjCuZXRQ==", "3Z3QMUqCN4dQV+f8cjn1eA==", "kwKUYCnvi/GndNgicLw/RQ==" ], "Gm6VA87iOnaQ0rWR6oO9eA==": [ "u+ya+p/mAtLPAYAgbSPTTw==" ], "IQfQp74RcAWE7jHtQsMLHg==": [ "u4BvRhFacDxQuC7pVeExQg==", "mnGTl6DWEAI0reOCEqb0jw==", "qICU5RK5Z4CLAC7/kEZ48Q==", "fkr6aZMLVO7g6mTdU91lcg==" ], "LOfpAnA/2f7zE4SFJCrxVg==": [ "Mxv06g47iCk7QIqi7Xbojw==", "5OqCQlhu6kV+tAsgGEGuwQ==" ], "MvKvHHnD0jaLaWpyHvkhgQ==": [ "CtYegggqGbMfg16G/qfITQ==", "WCGqond4znYKCRcm4xyPrg==", "LD4zPH3rZZkbSPN5ojHClA==", "k6VTDL+fxGnbqAk/IPGlnQ==", "qhu8cH6U47vSCL4GXDHHtA==", "xZI5XEFq7Cuk3Mu3KyTdmg==" ], "NzkVb7F31E+Vxxz3PCS6tg==": [ "59rfj7X7Q9O1jyg5L5a5zQ==", "dFbvYO8avXWxbjXnm5ACqQ==", "0H/7BkE/Q7YVSZhEABXg6w==", "Nzgd66Rt/zG5Z8ZfbjecYA==", "T4I8pNAq5VIHzHdHBx3kMA==", "cHpKoxiUOXPYUJX1ihMLDg==", "wzv81XuYHOFtlrLHaamjZg==", "RxgProNqXCgPRgAzu8keFA==", "WRwV7Adc7Zuy6O98PPaFDw==", "OB48XTRaksNPWPm0dVHJmQ==" ], "PgPY5hWnihXRN45byvzY0g==": [ "d1D8ilhRqv7A6eAzRE4Ojw==", "EvarhwbaAMrD3meGYFByGg==", "qx22MhFBEwd9c5PrW7vjKw==", "zL8eGifGE7B+wAjTOBjRgQ==", "TgHh5yPuwUnIt8v9WawGYw==" ], "R1TkRM71ql+JWgz0VF5ESQ==": [ "CaLsKNvkpKlxKVBlUnje9Q==", "1U/zi3CEao+52y8LKU0uvw==", "bZ2m6J3EIvmTdjYJprlOKA==", "khiBNMMi17UID6UagXI8LA==" ], "RAMuXEdVU4AJ/z4aiK/NNg==": [ "bNvH54V1y9cXsGaCXVwFVw==", "QGq5D5QwQKPerzYOBVoSsg==", "Jl0PQIP9L3ufSvQ2j71iww==", "Qd2XnJZ3qaQ3AbyDXUaR2A==", "Pj9V3uC2c9o+P6lTpzzGeA==" ], "RYsqO4ROpGMzzCO5WaTrlw==": [ "aWm6E1ULjtuw0ydmFnsI4A==" ], "RgdwX+VC70nXZ2E527PXaA==": [ "GPLYq884jQKVksfMc+b7OQ==" ], "VbNyM3GfR5vEmJdFAiKqrA==": [ "vcYYj1nbYwczzoLG255iZQ==" ], "Wi4oa03apqVdR6okNeZiNA==": [ "XtT5+z5+yMbpdsyfkLItzA==", "HuTBrVHKx7uaMtQjiqifKQ==", "9sNDKQtqg7Z3gJr//JQlvg==", "Ul/kdhde9MT/cThQqWyUBA==", "djiF0yOmYUIiWIfmt75aDA==", "bBymk1eoEM+tVYB+/Crz+g==", "kgqUyyy6Fd5CUNREC3t1jg==", "LAgKryCll+DIcYhTR/xbzg==", "RsDeaOU1gcwrKfmGECEolg==", "qDLWFSo6NpfxWPhSeAS8zQ==", "SNR1VT02i1HBHxqGRTeBAQ==", "2TcHkpRhAP0iTCSGAQKUOg==", "icG6omirC8ih0OmJHLIkrQ==", "20nlQwJu4gG0Ex/vty+hig==", "KaoEuixR8E5nnpGZ1pG25w==", "Y++3+aMTeU3vX7BI4/zG6w==", "7N1fkfhDIULrLId2wh2Pqw==", "pVmDd54NDrNeiY7vPLSO2A==", "ZbWtFXr0WyByV4kCb3M6FA==", "3cBlPR7Tm4BIC/+wflldAg==", "DTII3LzSaQL1baKsoSwsqg==", "fUdim7gaWpwZtynNz5GiKg==", "lpW8N25dDGtdRer0SxEc1A==", "ErraMUPFwrdWYaj+aBxTMw==", "h+ZYYwp9nAKs/v08piJa2A==", "g44foSnimIkShQZtpEhjbQ==" ], "ZWeYh81MRCu1nh3mOyptIA==": [ "u4BvRhFacDxQuC7pVeExQg==", "PJI8cpGpF5+qVan9H5W87Q==", "mnGTl6DWEAI0reOCEqb0jw==", "qICU5RK5Z4CLAC7/kEZ48Q==", "fkr6aZMLVO7g6mTdU91lcg==" ], "bGWj1aSf0wvrecU/pdTv5A==": [ "08pa4udz9bnA9IOsE208DA==" ], "bHkSxcl6e1quNxLGb6uX8A==": [ "Xce4H7xsVfrtYV2aXED7xA==", "QopvyNp/5Ata9NdAUhFygw==", "k6fjQGJuJ+9NXMFLa5+CgA==" ], "bTSLWiizipO2axtmvXFuVg==": [ "YXTNVVKQsWY/LFuomB715g==", "lnMcIzRPoETIbrbgdDGINA==", "6j23t/n6B77cQMxfCeLKzA==" ], "brvvAQ6V7yp7QbUuk+W5Hg==": [ "GPLYq884jQKVksfMc+b7OQ==" ], "d4b/e0nx+/vPWuPB7oDzPw==": [ "l6iyFrb04z9eZxh35gAtVA==", "MYYkxlB4Ank1zsdIh41apg==", "w4Wr213OT8TRxlHAy3MwPQ==", "/YwO4YLRGgF2uWU55V6+MQ==", "gMRlXKqXSfP5n8UiPW430Q==", "IwuADin5bagOGQErETBgWw==", "jJNc2KwFwVg03DlaNN1nbA==", "s55QOTlka9E4jTdGv0d/FA==", "WHvU12ysgz1Ai1y1KSOiLA==", "OTqcMsspao5I6JZMETZ06w==", "Y4A2Zm5xcsipvfluZVH5fA==", "ZdGgPSEZdeQ3XJo0+ZpAXQ==", "c9VxNhSZmjnQmY3rI/q1PA==", "XQ5gIRaXVhDd6S954jtG2g==", "pvJrwAdasLbb4sLGcD48Jg==", "DJOf0vCfrT4GvRr/tBJhbg==", "pa+2016jZIT5xycgFHsAsQ==", "ELw1b1vO2YOtV7qNQijgCw==", "T2SiDOPpMK0bU0Y0qkOm1A==", "ZxTVeoHgmvhWXsV+xLzphA==", "wFMwqYmfC1KjDKz8vyBr4A==", "GezxxUl3QPWUTitg/VHmlQ==", "CfS0L/tTata7W0FXXtQ4EQ==", "dDtfYPtAiWG7x5kc85ma8w==", "tne7uZ2E+Ev6QI7ctt3PxA==", "aqMHDRnPT+3QNU/8tSwsog==", "/cV7Fn8Va+poBGxbPjGjrQ==", "9JIazCQjSvYhpG9KE6d7Pg==" ], "dUT53gagQO5Ac9Bdlu5dAw==": [ "NYWveHKKsIYIKl+vE8UEhw==" ], "dXglURzzdbLnOf14mab1Hg==": [ "VzolVkOS5HseGzVTLzDMfA==", "WWnQMI7f7f75SgC9Dcl+QQ==", "EYo03ICovWfCjw2cKpwx4Q==", "27BVJE6xR0Z84LzifDnFYA==", "9xk1p07t4ZV999E3HyfhVA==" ], "dobmrwm7aq9puvFHwNgXxw==": [ "08pa4udz9bnA9IOsE208DA==" ], "dv3AlW8tBL4D0mEPW7/Z2Q==": [ "Ns8JH9Yqo6xZiGzihN4B3g==", "Ba+eHoq0U7aq9Kxwg98r8Q==", "KvTZOL1MGCoBHaXdBx1RcA==", "f6s0c0I4Eo7U1vb/8R9ATg==" ], "elSR7m8uLWd/kMl2jxTm/A==": [ "Ns8JH9Yqo6xZiGzihN4B3g==", "Ba+eHoq0U7aq9Kxwg98r8Q==", "KvTZOL1MGCoBHaXdBx1RcA==", "f6s0c0I4Eo7U1vb/8R9ATg==" ], "evNF5YpSAxyFV7iWv3lSVw==": [ "ySGl3ADUS8EeTeweiO86Aw==", "uspznaGFEzt4cX0xZ36sYw==", "Tcuyjettc5LT9G5wj3mSxw==", "epkSU4TSX3BVrueh1mbRzg==", "eietxU2AL+GdeSQwh6n6XA==", "b2D8D2g8yPwuRhswdqF0Rw==", "yyhzQNC9UPFT5NwvhGsvqg==", "cZD87tDO2q60EFy3BAZ33g==", "QEROZuK4q+zt8UbP6ZV8wg==", "+N61/5529gFt7RkD8ooeKQ==", "t3CEDp5fZQ6D+aOizMiuSg==", "EajCJi704nU1+LqESNMC1w==", "ziMZexwNoFxp4mgVOJVBNQ==", "bjAyJcmSN59FnAeiA6RMIg==", "ugZgSJOxFzPCX6LQaJzM3A==", "yyExMMKc3SPW2jNE01wTug==", "x3SWTcEL2lgEvouAhmt6fQ==", "afNm575eldgXY3DOGUNdqQ==", "vmet9boOEsf+RUsh5rJnEw==", "g9KEtrzigl5TCrpvLCQU5A==", "Mmh4dm/jzK4QVSJqQVsCDw==", "Mnnh2CmlXNNRCBXvqdG9ig==", "lShmgiPGgmUIO0VwzhSBRA==", "pu8XvxoOXeKAI0tvpRRucg==", "GmBi7n85v8sX6ItoMSgvlQ==", "KLrAiYCJHdmWQ2RaqUywlA==", "srcIw8ffB6famHHqmqImEw==", "P4mYk7npVU6t91mlbAb8QA==", "3QDeWfKuntq5YxjjCuZXRQ==", "3Z3QMUqCN4dQV+f8cjn1eA==", "kwKUYCnvi/GndNgicLw/RQ==" ], "fCmdLCR2Ix0ldnZL1Fa52A==": [ "MDmWztEMrTY+VyVp5c+Fvw==", "MXRm//dBCnWFem5zffvqmA==" ], "hdNUjYIlrdEAtBWAggakAw==": [ "7DtFnnE8FjIpCQKunutpeg==", "AvPdNumiwGnBie+lo1du3A==", "brAAPyN4siIQT5bxa9xu4g==", "k82HOcJqNkts86KJ0glvow==", "ce9B0jxjyNiCfG4VtZhnVw==", "m8d/cgBRVljmHKGy6mUUXw==" ], "iWqdRZmp08/Tx22qEtmjJg==": [ "ZrZi02myDWWW0L5oPQj/cg==", "oeIf5WAd0bERBmJCeLsqIg==", "uEg5UAxE9NNjF71OxdO7uQ==", "G45dR+E8Wb+bEhCdwuqUDg==", "mJA9Uto8Hh0tElNp2qoYaA==" ], "jErhz6PtXvAy/EPWJ425rA==": [ "u4BvRhFacDxQuC7pVeExQg==", "PJI8cpGpF5+qVan9H5W87Q==", "mnGTl6DWEAI0reOCEqb0jw==", "qICU5RK5Z4CLAC7/kEZ48Q==", "fkr6aZMLVO7g6mTdU91lcg==" ], "jKa8Us2cqGejhOc2/n5DDA==": [ "u4BvRhFacDxQuC7pVeExQg==", "PJI8cpGpF5+qVan9H5W87Q==", "mnGTl6DWEAI0reOCEqb0jw==", "qICU5RK5Z4CLAC7/kEZ48Q==", "fkr6aZMLVO7g6mTdU91lcg==" ], "kq4lGEwi4agkgAJAkDs9Ng==": [ "kwonOUycdcBenNhjZ1b//Q==", "svo9ZP0wOZ7IXZp//n2f7g==", "h7Lhy275V3QLvnBLGAulbw==" ], "krch6TQqNWzRi5F/dDkF+Q==": [ "d1D8ilhRqv7A6eAzRE4Ojw==", "EvarhwbaAMrD3meGYFByGg==", "qx22MhFBEwd9c5PrW7vjKw==", "zL8eGifGE7B+wAjTOBjRgQ==", "TgHh5yPuwUnIt8v9WawGYw==" ], "l5lCPjtOmPM8/LLh9+NjeQ==": [ "ANq7+l7+5U6IDt9eU02u5w==", "y2mOh8WlJTCvA6wlULAyvA==", "F0zkrLGlbsix59P9mqoAOg==", "WxlxRC1KqAo8Mejv03fZGA==" ], "lCjIskl1HulEHShaXtgmwQ==": [ "d1D8ilhRqv7A6eAzRE4Ojw==", "EvarhwbaAMrD3meGYFByGg==", "qx22MhFBEwd9c5PrW7vjKw==", "zL8eGifGE7B+wAjTOBjRgQ==", "TgHh5yPuwUnIt8v9WawGYw==" ], "nwapLKtbHTjy1u8+aA0X+Q==": [ "dZ/H1sYv9QSX9VO93tlGLw==", "PFkN8K2aK2XnSQjmAIry9A==", "PUY4fn57nsAU2qBLtgRtdw==", "8uv2vKf0QrdM+zJP4ufG+Q==", "mj6UKCnVoHnC6YBWJGf/Ug==", "WcYPrwv9PSVoVoof5MRsxQ==" ], "pZoLgWqHDgjhYQPevrtwdg==": [ "GPLYq884jQKVksfMc+b7OQ==" ], "qN2BSWBeEFRJnExMNJ1S0A==": [ "tBbOIOCaKVlwik7hH/baMQ==", "DRKFIYYNzLumACBV1CW/rw==", "1VnWeA5AZgybyD8+PiXyiw==", "tjx9raP+v/Zzj6SBJct3WA==", "fharKhY7OXyx+gXJAwiegw==", "dUTZP+bcDNUqytJV02E1dQ==", "BxMnseA9J6OW2RWxSrlbyQ==" ], "qrPZzwjmppjOiQbrGk5IQA==": [ "59rfj7X7Q9O1jyg5L5a5zQ==", "dFbvYO8avXWxbjXnm5ACqQ==", "0H/7BkE/Q7YVSZhEABXg6w==", "Nzgd66Rt/zG5Z8ZfbjecYA==", "T4I8pNAq5VIHzHdHBx3kMA==", "cHpKoxiUOXPYUJX1ihMLDg==", "wzv81XuYHOFtlrLHaamjZg==", "RxgProNqXCgPRgAzu8keFA==", "WRwV7Adc7Zuy6O98PPaFDw==", "OB48XTRaksNPWPm0dVHJmQ==" ], "s66OGd0F2Pbemhmyrg2R9w==": [ "meQYB1JR+XE3En/RrDfPvA==", "n+1p0npJfBZ4vUpG1OFi6w==", "GRlufCZFwHNK64OQNCFIcg==", "uTSYWROavw8Bf2n+4djlMg==", "U5598afGvRaltva6Rjqnug==", "5rGwN3bKZLMvxcM/W4jj+A==", "uwoSIcSlln9YRd7N1Kc3KQ==", "lAYsMZ/1tV9arAE2k+zsAQ==", "WG/hQnqUufOh6/5/mlRi/Q==", "+x9OyXfXk9PrekfsnPKwlg==", "nApP7wP3SU/Fk79xF589WA==", "1dwwvWkARnFe67yAAGVglQ==", "swQXHeTg1VEUQHser/6eEQ==", "m619DfZfUke+jaTAnoZ2Xw==", "0q/btA3zBEGWWmFxU7cNig==", "ASrdm9EROwWp9Ip2w7HH5w==" ], "tNSJ6slY9zv+TZ6de2MVDQ==": [ "B78vSIll2muNDyY3F7urzw==" ], "tYADP/V07/lE8Qno1R/hhg==": [ "08pa4udz9bnA9IOsE208DA==" ], "vqKK+x/7cGHNjLr4L7x4uQ==": [ "fXJD4KsFmfzjgWJPYHqTrQ==" ], "wkuBBC4B84P3b4K0fGF0OQ==": [ "u4BvRhFacDxQuC7pVeExQg==", "PJI8cpGpF5+qVan9H5W87Q==", "mnGTl6DWEAI0reOCEqb0jw==", "qICU5RK5Z4CLAC7/kEZ48Q==", "fkr6aZMLVO7g6mTdU91lcg==" ], "yYcMjCGhY/mc+KraTEHSJg==": [ "59rfj7X7Q9O1jyg5L5a5zQ==", "dFbvYO8avXWxbjXnm5ACqQ==", "0H/7BkE/Q7YVSZhEABXg6w==", "Nzgd66Rt/zG5Z8ZfbjecYA==", "T4I8pNAq5VIHzHdHBx3kMA==", "cHpKoxiUOXPYUJX1ihMLDg==", "wzv81XuYHOFtlrLHaamjZg==", "RxgProNqXCgPRgAzu8keFA==", "WRwV7Adc7Zuy6O98PPaFDw==", "OB48XTRaksNPWPm0dVHJmQ==" ], "zL6jHnohFUDkhEaUeTlPOQ==": [ "qGfgK6gESZLmw0X26VnrJw==" ], "zV4ikAKeqBYFSvXnkFMYgg==": [ "Ns8JH9Yqo6xZiGzihN4B3g==", "Ba+eHoq0U7aq9Kxwg98r8Q==", "KvTZOL1MGCoBHaXdBx1RcA==", "f6s0c0I4Eo7U1vb/8R9ATg==" ], "zw9OGAXs3mWkBkmfKzbfqg==": [ "l8HSGkC4gSxCEUDns7KKfQ==" ] }, "enrichments": {} } pod: test-comp-ewin-on-pull-request-gs2jz-clair-scan-pod | container step-oci-attach-report: Selecting auth Using token for quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-ewin Attaching clair-report-amd64.json to quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-ewin@sha256:11aa3b04d4b45a49211382ab7cffe5a39c2e687ff85eeb32884e8d28471ce1d3 Executing: oras attach --no-tty --format go-template={{.digest}} --registry-config /home/oras/auth.json --artifact-type application/vnd.redhat.clair-report+json quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-ewin@sha256:11aa3b04d4b45a49211382ab7cffe5a39c2e687ff85eeb32884e8d28471ce1d3 clair-report-amd64.json:application/vnd.redhat.clair-report+json pod: test-comp-ewin-on-pull-request-gs2jz-clair-scan-pod | container step-conftest-vulnerabilities: [ { "filename": "/tekton/home/clair-result-amd64.json", "namespace": "required_checks", "successes": 7, "warnings": [ { "msg": "Found packages with unpatched medium vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: coreutils-8.32-4+b1 (CVE-2016-2781)", "name": "clair_unpatched_medium_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 1 } }, { "msg": "Found packages with unpatched low/negligible vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: libsqlite3-0-3.34.1-3 (CVE-2021-45346, CVE-2022-35737, CVE-2025-29088, CVE-2025-70873), libmount1-2.36.1-8+deb11u1 (CVE-2022-0563, CVE-2025-14104), libc-bin-2.31-13+deb11u5 (CVE-2010-4756, CVE-2018-20796, CVE-2019-1010022, CVE-2019-1010023, CVE-2019-1010024, CVE-2019-1010025, CVE-2019-9192), bsdutils-1:2.36.1-8+deb11u1 (CVE-2022-0563, CVE-2025-14104), libsystemd0-247.3-7+deb11u1 (CVE-2013-4392, CVE-2020-13529, CVE-2023-31437, CVE-2023-31438, CVE-2023-31439), libapt-pkg6.0-2.2.4 (CVE-2011-3374), passwd-1:4.8.1-1 (CVE-2007-5686, CVE-2013-4235, TEMP-0628843-DBAD28), tar-1.34+dfsg-1 (CVE-2005-2541, TEMP-0290435-0B57B5), libuuid1-2.36.1-8+deb11u1 (CVE-2022-0563, CVE-2025-14104), libsmartcols1-2.36.1-8+deb11u1 (CVE-2022-0563, CVE-2025-14104), coreutils-8.32-4+b1 (CVE-2017-18018, CVE-2025-5278), perl-base-5.32.1-4+deb11u2 (CVE-2011-4116, CVE-2023-31486), libgssapi-krb5-2-1.18.3-6+deb11u3 (CVE-2018-5709, CVE-2024-26458, CVE-2024-26461), mount-2.36.1-8+deb11u1 (CVE-2022-0563, CVE-2025-14104), libgcc-s1-10.2.1-6 (CVE-2023-4039), apt-2.2.4 (CVE-2011-3374), sysvinit-utils-2.96-7+deb11u1 (TEMP-0517018-A83CE6), login-1:4.8.1-1 (CVE-2007-5686, CVE-2013-4235, TEMP-0628843-DBAD28), gcc-9-base-9.3.0-22 (CVE-2023-4039), libpcre3-2:8.39-13 (CVE-2017-11164, CVE-2017-16231, CVE-2017-7245, CVE-2017-7246, CVE-2019-20838), libstdc++6-10.2.1-6 (CVE-2023-4039), gpgv-2.2.27-2+deb11u2 (CVE-2022-3219), gcc-10-base-10.2.1-6 (CVE-2023-4039), libexpat1-2.2.10-2+deb11u5 (CVE-2013-0340, CVE-2023-52426, CVE-2024-28757), libgnutls30-3.7.1-5+deb11u2 (CVE-2011-3389), util-linux-2.36.1-8+deb11u1 (CVE-2022-0563, CVE-2025-14104), libblkid1-2.36.1-8+deb11u1 (CVE-2022-0563, CVE-2025-14104), libc6-2.31-13+deb11u5 (CVE-2010-4756, CVE-2018-20796, CVE-2019-1010022, CVE-2019-1010023, CVE-2019-1010024, CVE-2019-1010025, CVE-2019-9192), libssl1.1-1.1.1n-0+deb11u3 (CVE-2025-27587), libk5crypto3-1.18.3-6+deb11u3 (CVE-2018-5709, CVE-2024-26458, CVE-2024-26461), bash-5.1-2+deb11u1 (TEMP-0841856-B18BAF), openssl-1.1.1n-0+deb11u3 (CVE-2025-27587), libkrb5-3-1.18.3-6+deb11u3 (CVE-2018-5709, CVE-2024-26458, CVE-2024-26461), libpcre2-8-0-10.36-2+deb11u1 (CVE-2022-41409), libudev1-247.3-7+deb11u1 (CVE-2013-4392, CVE-2020-13529, CVE-2023-31437, CVE-2023-31438, CVE-2023-31439), libkrb5support0-1.18.3-6+deb11u3 (CVE-2018-5709, CVE-2024-26458, CVE-2024-26461), libgcrypt20-1.8.7-6 (CVE-2018-6829, CVE-2024-2236)", "name": "clair_unpatched_low_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 89 } }, { "msg": "Found packages with unpatched unknown vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: libsqlite3-0-3.34.1-3 (CVE-2025-6965), libdb5.3-5.3.28+dfsg1-0.8 (CVE-2019-8457), ncurses-base-6.2+20201114-2 (CVE-2023-50495, CVE-2025-6141, CVE-2025-69720), libmount1-2.36.1-8+deb11u1 (CVE-2026-27456, CVE-2026-3184), libc-bin-2.31-13+deb11u5 (CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2025-8058, CVE-2026-0861, CVE-2026-0915, CVE-2026-4046, CVE-2026-4437, CVE-2026-4438, CVE-2026-5435, CVE-2026-5450, CVE-2026-5928, CVE-2026-6238), bsdutils-1:2.36.1-8+deb11u1 (CVE-2026-27456, CVE-2026-3184), libpam-runtime-1.4.0-9+deb11u1 (CVE-2024-10041, CVE-2025-8941), libzstd1-1.4.8+dfsg-2.1 (CVE-2022-4899), libsystemd0-247.3-7+deb11u1 (CVE-2026-40228), passwd-1:4.8.1-1 (CVE-2024-56433), tar-1.34+dfsg-1 (CVE-2026-5704), zlib1g-1:1.2.11.dfsg-2+deb11u2 (CVE-2023-45853, CVE-2026-27171), libuuid1-2.36.1-8+deb11u1 (CVE-2026-27456, CVE-2026-3184), libsmartcols1-2.36.1-8+deb11u1 (CVE-2026-27456, CVE-2026-3184), libtinfo6-6.2+20201114-2 (CVE-2023-50495, CVE-2025-6141, CVE-2025-69720), sed-4.7-1 (CVE-2026-5958), libgssapi-krb5-2-1.18.3-6+deb11u3 (CVE-2026-40355, CVE-2026-40356), mount-2.36.1-8+deb11u1 (CVE-2026-27456, CVE-2026-3184), libncursesw6-6.2+20201114-2 (CVE-2023-50495, CVE-2025-6141, CVE-2025-69720), login-1:4.8.1-1 (CVE-2024-56433), liblzma5-5.2.5-2.1~deb11u1 (CVE-2026-34743), gpgv-2.2.27-2+deb11u2 (CVE-2025-30258, CVE-2025-68972), dpkg-1.20.12 (CVE-2025-6297), libexpat1-2.2.10-2+deb11u5 (CVE-2024-8176, CVE-2025-59375, CVE-2025-66382, CVE-2026-24515, CVE-2026-25210, CVE-2026-32776, CVE-2026-32777, CVE-2026-32778, CVE-2026-41080), libgnutls30-3.7.1-5+deb11u2 (CVE-2026-33845, CVE-2026-33846, CVE-2026-3832, CVE-2026-3833, CVE-2026-42009, CVE-2026-42010, CVE-2026-42011, CVE-2026-42012, CVE-2026-42013, CVE-2026-42014, CVE-2026-42015, CVE-2026-5260, CVE-2026-5419), util-linux-2.36.1-8+deb11u1 (CVE-2026-27456, CVE-2026-3184), libblkid1-2.36.1-8+deb11u1 (CVE-2026-27456, CVE-2026-3184), libc6-2.31-13+deb11u5 (CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2025-8058, CVE-2026-0861, CVE-2026-0915, CVE-2026-4046, CVE-2026-4437, CVE-2026-4438, CVE-2026-5435, CVE-2026-5450, CVE-2026-5928, CVE-2026-6238), libssl1.1-1.1.1n-0+deb11u3 (CVE-2026-28387, CVE-2026-28388, CVE-2026-28389, CVE-2026-28390), libpam-modules-bin-1.4.0-9+deb11u1 (CVE-2024-10041, CVE-2025-8941), libk5crypto3-1.18.3-6+deb11u3 (CVE-2026-40355, CVE-2026-40356), bash-5.1-2+deb11u1 (CVE-2022-3715), libpam0g-1.4.0-9+deb11u1 (CVE-2024-10041, CVE-2025-8941), libpam-modules-1.4.0-9+deb11u1 (CVE-2024-10041, CVE-2025-8941), openssl-1.1.1n-0+deb11u3 (CVE-2026-28387, CVE-2026-28388, CVE-2026-28389, CVE-2026-28390), libkrb5-3-1.18.3-6+deb11u3 (CVE-2026-40355, CVE-2026-40356), ncurses-bin-6.2+20201114-2 (CVE-2023-50495, CVE-2025-6141, CVE-2025-69720), libudev1-247.3-7+deb11u1 (CVE-2026-40228), libkrb5support0-1.18.3-6+deb11u3 (CVE-2026-40355, CVE-2026-40356), libgcrypt20-1.8.7-6 (CVE-2021-33560, CVE-2026-41989), libtasn1-6-4.16.0-2 (CVE-2025-13151)", "name": "clair_unpatched_unknown_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 117 } } ] } ] {"vulnerabilities":{"critical":0,"high":0,"medium":0,"low":0,"unknown":0},"unpatched_vulnerabilities":{"critical":0,"high":0,"medium":1,"low":89,"unknown":117}} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-ewin:on-pr-7ef594af8804f542e0ce08ca6eb1b4cc840deffc", "digests": ["sha256:11aa3b04d4b45a49211382ab7cffe5a39c2e687ff85eeb32884e8d28471ce1d3"]}} {"result":"SUCCESS","timestamp":"2026-05-06T07:10:38+00:00","note":"Task clair-scan completed: Refer to Tekton task result SCAN_OUTPUT for vulnerabilities scanned by Clair.","namespace":"default","successes":0,"failures":0,"warnings":0} pod: test-comp-ewin-on-pull-request-gs2jz-clamav-scan-pod | init container: prepare 2026/05/06 07:06:34 Entrypoint initialization pod: test-comp-ewin-on-pull-request-gs2jz-clamav-scan-pod | init container: place-scripts 2026/05/06 07:06:41 Decoded script /tekton/scripts/script-0-fwnmq 2026/05/06 07:06:41 Decoded script /tekton/scripts/script-1-gnf7b pod: test-comp-ewin-on-pull-request-gs2jz-clamav-scan-pod | container step-extract-and-scan-image: Starting clamd ... clamd is ready! Detecting artifact type for quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-ewin@sha256:11aa3b04d4b45a49211382ab7cffe5a39c2e687ff85eeb32884e8d28471ce1d3. Detected container image. Processing image manifests. Running "oc image extract" on image of arch amd64 Scanning image for arch amd64. This operation may take a while. ----------- SCAN SUMMARY ----------- Infected files: 0 Time: 34.924 sec (0 m 34 s) Start Date: 2026:05:06 07:07:13 End Date: 2026:05:06 07:07:47 Executed-on: Scan was executed on clamsdcan version - ClamAV 1.4.3/27992/Tue May 5 06:26:41 2026 Database version: 27992 [ { "filename": "/work/logs/clamscan-result-log-amd64.json", "namespace": "required_checks", "successes": 2 } ] {"timestamp":"1778051268","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1778051268","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1778051268","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-ewin:on-pr-7ef594af8804f542e0ce08ca6eb1b4cc840deffc", "digests": ["sha256:11aa3b04d4b45a49211382ab7cffe5a39c2e687ff85eeb32884e8d28471ce1d3"]}} pod: test-comp-ewin-on-pull-request-gs2jz-clamav-scan-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-ewin Attaching to quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-ewin:on-pr-7ef594af8804f542e0ce08ca6eb1b4cc840deffc Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/vnd.clamav quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-ewin:on-pr-7ef594af8804f542e0ce08ca6eb1b4cc840deffc@sha256:11aa3b04d4b45a49211382ab7cffe5a39c2e687ff85eeb32884e8d28471ce1d3 clamscan-result-amd64.log:text/vnd.clamav clamscan-ec-test-amd64.json:application/vnd.konflux.test_output+json Preparing clamscan-result-amd64.log Preparing clamscan-ec-test-amd64.json Exists 44136fa355b3 application/vnd.oci.empty.v1+json Uploading ec0475dde633 clamscan-ec-test-amd64.json Uploading 3c65243005d3 clamscan-result-amd64.log Uploaded ec0475dde633 clamscan-ec-test-amd64.json Uploaded 3c65243005d3 clamscan-result-amd64.log Uploading 6e790af6c0d5 application/vnd.oci.image.manifest.v1+json Uploaded 6e790af6c0d5 application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-ewin:on-pr-7ef594af8804f542e0ce08ca6eb1b4cc840deffc@sha256:11aa3b04d4b45a49211382ab7cffe5a39c2e687ff85eeb32884e8d28471ce1d3 Digest: sha256:6e790af6c0d57613b4a884b1bd57530acc3fcb91bb8558241e8f5bf44435ea01 pod: test-comp-ewin-on-pull-request-gs2jz-clone-repository-pod | init container: prepare 2026/05/06 07:04:04 Entrypoint initialization pod: test-comp-ewin-on-pull-request-gs2jz-clone-repository-pod | init container: place-scripts 2026/05/06 07:04:04 Decoded script /tekton/scripts/script-0-v5ktm 2026/05/06 07:04:04 Decoded script /tekton/scripts/script-1-qdpvf pod: test-comp-ewin-on-pull-request-gs2jz-clone-repository-pod | container step-clone: INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt {"level":"info","ts":1778051054.59503,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1778051054.820704,"caller":"git/git.go:223","msg":"Successfully cloned https://github.com/redhat-appstudio-qe/devfile-sample-python-basic @ 7ef594af8804f542e0ce08ca6eb1b4cc840deffc (grafted, HEAD) in path /var/workdir/source"} {"level":"info","ts":1778051054.8207495,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1778051054.847787,"caller":"git/git.go:277","msg":"Successfully initialized and updated submodules in path /var/workdir/source"} Merge option disabled. Using checked-out revision 7ef594af8804f542e0ce08ca6eb1b4cc840deffc directly. pod: test-comp-ewin-on-pull-request-gs2jz-clone-repository-pod | container step-symlink-check: Running symlink check pod: test-comp-ewin-on-pull-request-gs2jz-clone-repository-pod | container step-create-trusted-artifact: Prepared artifact from /var/workdir/source (sha256:6a47c6bf7dc3eabf4e15441f8a3fdec1e0c421c5ed5ef9b3976fc7df590545ee) Using token for quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-ewin Executing: oras push --annotation=quay.expires-after=6h --registry-config /tmp/create-oci.sh.Ch3W9x/auth-4QrWpd.json quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-ewin:on-pr-7ef594af8804f542e0ce08ca6eb1b4cc840deffc.git SOURCE_ARTIFACT Uploading 6a47c6bf7dc3 SOURCE_ARTIFACT Uploaded 6a47c6bf7dc3 SOURCE_ARTIFACT Pushed [registry] quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-ewin:on-pr-7ef594af8804f542e0ce08ca6eb1b4cc840deffc.git ArtifactType: application/vnd.unknown.artifact.v1 Digest: sha256:952980d000df9cfa43498fb62940a45f5b49ad65512bc65fc83b06b8331c77ca Artifacts created pod: test-comp-ewin-on-pull-request-gs2jz-init-pod | init container: prepare 2026/05/06 07:03:55 Entrypoint initialization pod: test-comp-ewin-on-pull-request-gs2jz-init-pod | container step-init: time="2026-05-06T07:03:58Z" level=info msg="[param] enable: false" time="2026-05-06T07:03:58Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-05-06T07:03:58Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-05-06T07:03:58Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-05-06T07:03:58Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-05-06T07:03:58Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-05-06T07:03:58Z" level=info msg="Cache proxy is disabled via param" time="2026-05-06T07:03:58Z" level=info msg="[result] HTTP PROXY: " time="2026-05-06T07:03:58Z" level=info msg="[result] NO PROXY: " pod: test-comp-ewin-on-pull-request-gs2jz-prefetch-dependencies-pod | init container: prepare 2026/05/06 07:04:22 Entrypoint initialization pod: test-comp-ewin-on-pull-request-gs2jz-prefetch-dependencies-pod | init container: place-scripts 2026/05/06 07:04:23 Decoded script /tekton/scripts/script-0-8jvlc 2026/05/06 07:04:23 Decoded script /tekton/scripts/script-2-77q76 pod: test-comp-ewin-on-pull-request-gs2jz-prefetch-dependencies-pod | container step-skip-ta: pod: test-comp-ewin-on-pull-request-gs2jz-prefetch-dependencies-pod | container step-use-trusted-artifact: WARN: found skip file in /var/workdir/source pod: test-comp-ewin-on-pull-request-gs2jz-prefetch-dependencies-pod | container step-prefetch-dependencies: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' Using mounted service CA bundle: /mnt/service-ca/ca-bundle.crt '/mnt/service-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/service-ca.crt' time="2026-05-06T07:04:29Z" level=debug msg="Starting prefetch-dependencies" time="2026-05-06T07:04:29Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-05-06T07:04:29Z" level=info msg="Not using package registry proxy because allow-package-registry-proxy is not set to `true` on the cluster level" logger=PrefetchDependencies time="2026-05-06T07:04:29Z" level=info msg="[param] source-dir: /var/workdir/source" time="2026-05-06T07:04:29Z" level=info msg="[param] output-dir: /var/workdir/cachi2/output" time="2026-05-06T07:04:29Z" level=info msg="[param] sbom-format: spdx" time="2026-05-06T07:04:29Z" level=info msg="[param] mode: strict" time="2026-05-06T07:04:29Z" level=info msg="[param] output-dir-mount-point: /cachi2/output" time="2026-05-06T07:04:29Z" level=info msg="[param] env-files: [/var/workdir/cachi2/cachi2.env /var/workdir/cachi2/prefetch.env /var/workdir/cachi2/prefetch-env.json]" time="2026-05-06T07:04:29Z" level=info msg="[param] git-auth-directory: /workspace/git-basic-auth" time="2026-05-06T07:04:30Z" level=info msg="hermeto [stdout] hermeto 0.51.0" logger=CliExecutor time="2026-05-06T07:04:30Z" level=warning msg="No input provided; skipping prefetch-dependencies" logger=PrefetchDependencies time="2026-05-06T07:04:30Z" level=debug msg="Finished prefetch-dependencies" pod: test-comp-ewin-on-pull-request-gs2jz-prefetch-dependencies-pod | container step-create-trusted-artifact: WARN: found skip file in /var/workdir/source WARN: found skip file in /var/workdir/cachi2 pod: test-comp-ewin-on-pull-request-gs2jz-push-dockerfile-pod | init container: prepare 2026/05/06 07:07:17 Entrypoint initialization pod: test-comp-ewin-on-pull-request-gs2jz-push-dockerfile-pod | container step-use-trusted-artifact: Using token for quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-ewin Executing: oras blob fetch --registry-config /tmp/use-oci.sh.2AP7GK/auth-ZvztdO.json quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-ewin@sha256:6a47c6bf7dc3eabf4e15441f8a3fdec1e0c421c5ed5ef9b3976fc7df590545ee --output - Restored artifact quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-ewin@sha256:6a47c6bf7dc3eabf4e15441f8a3fdec1e0c421c5ed5ef9b3976fc7df590545ee to /var/workdir/source pod: test-comp-ewin-on-pull-request-gs2jz-push-dockerfile-pod | container step-push: time="2026-05-06T07:07:20Z" level=info msg="[param] image-url: quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-ewin:on-pr-7ef594af8804f542e0ce08ca6eb1b4cc840deffc" time="2026-05-06T07:07:20Z" level=info msg="[param] image-digest: sha256:11aa3b04d4b45a49211382ab7cffe5a39c2e687ff85eeb32884e8d28471ce1d3" time="2026-05-06T07:07:20Z" level=info msg="[param] containerfile: docker/Dockerfile" time="2026-05-06T07:07:20Z" level=info msg="[param] context: ." time="2026-05-06T07:07:20Z" level=info msg="[param] tag-suffix: .dockerfile" time="2026-05-06T07:07:20Z" level=info msg="[param] artifact-type: application/vnd.konflux.dockerfile" time="2026-05-06T07:07:20Z" level=info msg="[param] source: source" time="2026-05-06T07:07:20Z" level=info msg="[param] result-path-image-ref: /tekton/results/IMAGE_REF" time="2026-05-06T07:07:20Z" level=info msg="[param] alternative-filename: Dockerfile" time="2026-05-06T07:07:22Z" level=info msg="oras [stdout] quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-ewin@sha256:10fda0f366ec6effa28a72544be4f9a9a5d2382e559bf56c98d282bbfe4f19ef" logger=CliExecutor time="2026-05-06T07:07:22Z" level=info msg="Containerfile '/var/workdir/source/docker/Dockerfile' is pushed to registry with tag: sha256-11aa3b04d4b45a49211382ab7cffe5a39c2e687ff85eeb32884e8d28471ce1d3.dockerfile" {"image_ref":"quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-ewin@sha256:10fda0f366ec6effa28a72544be4f9a9a5d2382e559bf56c98d282bbfe4f19ef"} pod: test-comp-ewin-on-pull-request-gs2jz-sast-snyk-check-pod | init container: prepare 2026/05/06 07:07:17 Entrypoint initialization pod: test-comp-ewin-on-pull-request-gs2jz-sast-snyk-check-pod | init container: place-scripts 2026/05/06 07:07:17 Decoded script /tekton/scripts/script-1-4jhrp 2026/05/06 07:07:17 Decoded script /tekton/scripts/script-2-hwxdd pod: test-comp-ewin-on-pull-request-gs2jz-sast-snyk-check-pod | container step-use-trusted-artifact: Using token for quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-ewin Executing: oras blob fetch --registry-config /tmp/use-oci.sh.nmPxYd/auth-F76NrR.json quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-ewin@sha256:6a47c6bf7dc3eabf4e15441f8a3fdec1e0c421c5ed5ef9b3976fc7df590545ee --output - Restored artifact quay.io/redhat-appstudio-qe/build-e2e-fnei/test-comp-ewin@sha256:6a47c6bf7dc3eabf4e15441f8a3fdec1e0c421c5ed5ef9b3976fc7df590545ee to /var/workdir/source WARN: artifact URI not provided, (given: =/var/workdir/cachi2) pod: test-comp-ewin-on-pull-request-gs2jz-sast-snyk-check-pod | container step-sast-snyk-check: INFO: The PROJECT_NAME used is: test-comp-ewin INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' {"result":"SKIPPED","timestamp":"2026-05-06T07:08:54+00:00","note":"Task sast-snyk-check-oci-ta skipped: If you wish to use the Snyk code SAST task, please create a secret name snyk-secret with the key 'snyk_token' containing the Snyk token by following the steps given [here](https://konflux-ci.dev/docs/testing/build/snyk/)","namespace":"default","successes":0,"failures":0,"warnings":0} pod: test-comp-ewin-on-pull-request-gs2jz-sast-snyk-check-pod | container step-upload: No sast_snyk_check_out.sarif exists. Skipping upload. No excluded-findings.json exists. Skipping upload. New PipelineRun test-comp-ewin-on-pull-request-ndkct found after retrigger for component build-e2e-fnei/test-comp-ewin PipelineRun test-comp-ewin-on-pull-request-ndkct found for Component build-e2e-fnei/test-comp-ewin PipelineRun test-comp-ewin-on-pull-request-ndkct reason: ResolvingTaskRef PipelineRun test-comp-ewin-on-pull-request-ndkct reason: Running PipelineRun test-comp-ewin-on-pull-request-ndkct reason: Running PipelineRun test-comp-ewin-on-pull-request-ndkct reason: Running PipelineRun test-comp-ewin-on-pull-request-ndkct reason: Running PipelineRun test-comp-ewin-on-pull-request-ndkct reason: Running PipelineRun test-comp-ewin-on-pull-request-ndkct reason: Running PipelineRun test-comp-ewin-on-pull-request-ndkct reason: Running PipelineRun test-comp-ewin-on-pull-request-ndkct reason: Completed < Exit [It] should eventually finish successfully for component with Git source URL https://github.com/redhat-appstudio-qe/devfile-sample-python-basic and Pipeline docker-build-oci-ta - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:356 @ 05/06/26 07:19:04.309 (2m55.013s) > Enter [AfterEach] [build-service-suite Build templates E2E test] - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:207 @ 05/06/26 07:19:04.309 < Exit [AfterEach] [build-service-suite Build templates E2E test] - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:207 @ 05/06/26 07:19:04.31 (0s) > Enter [It] should push Dockerfile to registry - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:366 @ 05/06/26 07:19:04.312 < Exit [It] should push Dockerfile to registry - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:366 @ 05/06/26 07:19:08.672 (4.36s) > Enter [AfterEach] [build-service-suite Build templates E2E test] - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:207 @ 05/06/26 07:19:08.672 < Exit [AfterEach] [build-service-suite Build templates E2E test] - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:207 @ 05/06/26 07:19:08.672 (0s) > Enter [It] floating tags are created successfully - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:378 @ 05/06/26 07:19:08.673 [SKIPPED] floating tag validation is not needed for: https://github.com/redhat-appstudio-qe/devfile-sample-python-basic In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:380 @ 05/06/26 07:19:08.673 < Exit [It] floating tags are created successfully - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:378 @ 05/06/26 07:19:08.673 (0s) > Enter [AfterEach] [build-service-suite Build templates E2E test] - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:207 @ 05/06/26 07:19:08.673 < Exit [AfterEach] [build-service-suite Build templates E2E test] - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:207 @ 05/06/26 07:19:08.673 (0s) > Enter [It] image manifest mediaType is correct - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:395 @ 05/06/26 07:19:08.673 < Exit [It] image manifest mediaType is correct - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:395 @ 05/06/26 07:19:08.998 (325ms) > Enter [AfterEach] [build-service-suite Build templates E2E test] - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:207 @ 05/06/26 07:19:08.998 < Exit [AfterEach] [build-service-suite Build templates E2E test] - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:207 @ 05/06/26 07:19:08.998 (0s) > Enter [It] check for source images if enabled in pipeline - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:420 @ 05/06/26 07:19:08.999 Source build is enabled: false [SKIPPED] Skipping source image check since it is not enabled in the pipeline In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:440 @ 05/06/26 07:19:09.014 < Exit [It] check for source images if enabled in pipeline - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:420 @ 05/06/26 07:19:09.014 (15ms) > Enter [AfterEach] [build-service-suite Build templates E2E test] - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:207 @ 05/06/26 07:19:09.014 < Exit [AfterEach] [build-service-suite Build templates E2E test] - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:207 @ 05/06/26 07:19:09.014 (0s) > Enter [BeforeAll] when Pipeline Results are stored for component with Git source URL https://github.com/redhat-appstudio-qe/devfile-sample-python-basic and Pipeline docker-build-oci-ta - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:477 @ 05/06/26 07:19:09.014 < Exit [BeforeAll] when Pipeline Results are stored for component with Git source URL https://github.com/redhat-appstudio-qe/devfile-sample-python-basic and Pipeline docker-build-oci-ta - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:477 @ 05/06/26 07:19:09.044 (29ms) > Enter [It] should have Pipeline Records - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:498 @ 05/06/26 07:19:09.044 records for PipelineRun test-comp-ewin-on-pull-request-ndkct: &{[{build-e2e-fnei/results/c48342c6-ebc5-4281-a602-b9b74d262a73/records/b38f81b4-3245-42b8-947a-6bd4f0b9acd7 07be85cd-055d-43b7-b664-99d1f9ec04fb 07be85cd-055d-43b7-b664-99d1f9ec04fb} {build-e2e-fnei/results/c48342c6-ebc5-4281-a602-b9b74d262a73/records/9a1789e1-5927-4603-b36f-2c1961ebbf4c 0a904020-4dcf-439d-beca-b671a0723896 0a904020-4dcf-439d-beca-b671a0723896} {build-e2e-fnei/results/c48342c6-ebc5-4281-a602-b9b74d262a73/records/01c2471d-8adc-482c-a2f1-49ac7018fe4a 0e1ec7cd-b5d6-4589-9c5d-81f786dc7436 0e1ec7cd-b5d6-4589-9c5d-81f786dc7436} {build-e2e-fnei/results/c48342c6-ebc5-4281-a602-b9b74d262a73/records/7cbef2ae-9dc6-45d1-9320-b2a06a332bc4 1839a49d-0ea5-4643-839d-a691dc6e5741 1839a49d-0ea5-4643-839d-a691dc6e5741} {build-e2e-fnei/results/c48342c6-ebc5-4281-a602-b9b74d262a73/records/4086b863-81a0-42e4-9d47-092037925a45 2b2ddbbf-9dc9-4d7a-9ceb-e915c9eb957a 2b2ddbbf-9dc9-4d7a-9ceb-e915c9eb957a} {build-e2e-fnei/results/c48342c6-ebc5-4281-a602-b9b74d262a73/records/eed26229-bcb3-4fda-b2d1-49f684f4892a 2ce645e8-d723-468f-aba2-e76099a625ba 2ce645e8-d723-468f-aba2-e76099a625ba} {build-e2e-fnei/results/c48342c6-ebc5-4281-a602-b9b74d262a73/records/ed3a8201-1a73-44bb-8e16-eac218b5d220 3e3e1a20-f552-4561-af23-c81c936a7707 3e3e1a20-f552-4561-af23-c81c936a7707} {build-e2e-fnei/results/c48342c6-ebc5-4281-a602-b9b74d262a73/records/7446c5e5-6f68-4ae4-92bf-1221717a4448 634b5484-a145-4a5a-868a-ba9a8d59bd5a 634b5484-a145-4a5a-868a-ba9a8d59bd5a} {build-e2e-fnei/results/c48342c6-ebc5-4281-a602-b9b74d262a73/records/5138425b-19c3-489d-8f8f-228d01a518e6 6db4250f-412d-469b-87e4-c5b9005c4a36 6db4250f-412d-469b-87e4-c5b9005c4a36} {build-e2e-fnei/results/c48342c6-ebc5-4281-a602-b9b74d262a73/records/10c547e9-f031-4a99-ad2a-187c776b5d53 7775078d-e1bf-4762-8892-2196eba89af7 7775078d-e1bf-4762-8892-2196eba89af7} {build-e2e-fnei/results/c48342c6-ebc5-4281-a602-b9b74d262a73/records/670e320c-18ef-434d-8306-0bbcd87807ff b7de5f74-ed03-43a0-92a5-8fbd7866054f b7de5f74-ed03-43a0-92a5-8fbd7866054f} {build-e2e-fnei/results/c48342c6-ebc5-4281-a602-b9b74d262a73/records/99accef2-3fc7-4c2c-8dd2-add460b601da bdba5f8e-37f2-4b94-9083-e2822a3a49e5 bdba5f8e-37f2-4b94-9083-e2822a3a49e5} {build-e2e-fnei/results/c48342c6-ebc5-4281-a602-b9b74d262a73/records/ae7e1874-ede0-48e2-b8f0-1891240cc9a6 c9549043-480a-4a6a-ba51-d38dd4ceedbc c9549043-480a-4a6a-ba51-d38dd4ceedbc} {build-e2e-fnei/results/c48342c6-ebc5-4281-a602-b9b74d262a73/records/c48342c6-ebc5-4281-a602-b9b74d262a73 da33affe-58c4-4a05-9069-8258fd53e915 da33affe-58c4-4a05-9069-8258fd53e915} {build-e2e-fnei/results/c48342c6-ebc5-4281-a602-b9b74d262a73/records/113faff3-40d5-4662-a659-de6ba344fc72 e2f04c01-4a30-47d6-a78f-92d8a46aec59 e2f04c01-4a30-47d6-a78f-92d8a46aec59} {build-e2e-fnei/results/c48342c6-ebc5-4281-a602-b9b74d262a73/records/78871122-d881-4b3e-9c86-d30b0c942538 f25010a6-df51-4036-b2ce-34a06ed7cc0d f25010a6-df51-4036-b2ce-34a06ed7cc0d}]} < Exit [It] should have Pipeline Records - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:498 @ 05/06/26 07:19:09.121 (78ms) > Enter [AfterEach] [build-service-suite Build templates E2E test] - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:207 @ 05/06/26 07:19:09.122 < Exit [AfterEach] [build-service-suite Build templates E2E test] - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:207 @ 05/06/26 07:19:09.122 (0s) > Enter [It] should validate tekton taskrun test results for component with Git source URL https://github.com/redhat-appstudio-qe/devfile-sample-python-basic and Pipeline docker-build-oci-ta - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:540 @ 05/06/26 07:19:09.122 < Exit [It] should validate tekton taskrun test results for component with Git source URL https://github.com/redhat-appstudio-qe/devfile-sample-python-basic and Pipeline docker-build-oci-ta - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:540 @ 05/06/26 07:19:09.347 (225ms) > Enter [AfterEach] [build-service-suite Build templates E2E test] - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:207 @ 05/06/26 07:19:09.348 < Exit [AfterEach] [build-service-suite Build templates E2E test] - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:207 @ 05/06/26 07:19:09.348 (0s) > Enter [BeforeAll] when the container image for component with Git source URL https://github.com/redhat-appstudio-qe/devfile-sample-python-basic is created and pushed to container registry - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:550 @ 05/06/26 07:19:09.348 < Exit [BeforeAll] when the container image for component with Git source URL https://github.com/redhat-appstudio-qe/devfile-sample-python-basic is created and pushed to container registry - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:550 @ 05/06/26 07:19:09.361 (12ms) > Enter [It] should have Hermeto content in the SBOM in case the build was hermetic - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:661 @ 05/06/26 07:19:09.361 [SKIPPED] Hermetic build is not enabled, skipping the test In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:663 @ 05/06/26 07:19:09.361 < Exit [It] should have Hermeto content in the SBOM in case the build was hermetic - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:661 @ 05/06/26 07:19:09.361 (0s) > Enter [AfterEach] [build-service-suite Build templates E2E test] - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:207 @ 05/06/26 07:19:09.361 < Exit [AfterEach] [build-service-suite Build templates E2E test] - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:207 @ 05/06/26 07:19:09.361 (0s) > Enter [It] should eventually finish successfully for component with Git source URL https://github.com/redhat-appstudio-qe/devfile-sample-python-basic and Pipeline docker-build-oci-ta-min - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:356 @ 05/06/26 07:19:09.362 PipelineRun test-comp-jwrp-on-pull-request-8qgsm found for Component build-e2e-fnei/test-comp-jwrp PipelineRun test-comp-jwrp-on-pull-request-8qgsm reason: Succeeded < Exit [It] should eventually finish successfully for component with Git source URL https://github.com/redhat-appstudio-qe/devfile-sample-python-basic and Pipeline docker-build-oci-ta-min - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:356 @ 05/06/26 07:19:09.39 (28ms) > Enter [AfterEach] [build-service-suite Build templates E2E test] - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:207 @ 05/06/26 07:19:09.39 < Exit [AfterEach] [build-service-suite Build templates E2E test] - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:207 @ 05/06/26 07:19:09.39 (0s) > Enter [It] should push Dockerfile to registry - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:366 @ 05/06/26 07:19:09.39 [SKIPPED] Skipping DockerBuildOciTAMin build, which does not push Dockerfile to registry In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:369 @ 05/06/26 07:19:09.39 < Exit [It] should push Dockerfile to registry - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:366 @ 05/06/26 07:19:09.39 (0s) > Enter [AfterEach] [build-service-suite Build templates E2E test] - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:207 @ 05/06/26 07:19:09.39 < Exit [AfterEach] [build-service-suite Build templates E2E test] - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:207 @ 05/06/26 07:19:09.39 (0s) > Enter [It] floating tags are created successfully - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:378 @ 05/06/26 07:19:09.391 [SKIPPED] floating tag validation is not needed for: https://github.com/redhat-appstudio-qe/devfile-sample-python-basic In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:380 @ 05/06/26 07:19:09.391 < Exit [It] floating tags are created successfully - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:378 @ 05/06/26 07:19:09.391 (0s) > Enter [AfterEach] [build-service-suite Build templates E2E test] - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:207 @ 05/06/26 07:19:09.391 < Exit [AfterEach] [build-service-suite Build templates E2E test] - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:207 @ 05/06/26 07:19:09.391 (0s) > Enter [It] image manifest mediaType is correct - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:395 @ 05/06/26 07:19:09.391 < Exit [It] image manifest mediaType is correct - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:395 @ 05/06/26 07:19:09.711 (319ms) > Enter [AfterEach] [build-service-suite Build templates E2E test] - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:207 @ 05/06/26 07:19:09.711 < Exit [AfterEach] [build-service-suite Build templates E2E test] - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:207 @ 05/06/26 07:19:09.711 (0s) > Enter [It] check for source images if enabled in pipeline - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:420 @ 05/06/26 07:19:09.711 This is DockerBuildOciTAMin build, which does not require source container build. [SKIPPED] Skiping DockerBuildOciTAMin build test-comp-jwrp-on-pull-request-8qgsm In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:433 @ 05/06/26 07:19:09.722 < Exit [It] check for source images if enabled in pipeline - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:420 @ 05/06/26 07:19:09.722 (11ms) > Enter [AfterEach] [build-service-suite Build templates E2E test] - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:207 @ 05/06/26 07:19:09.722 < Exit [AfterEach] [build-service-suite Build templates E2E test] - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:207 @ 05/06/26 07:19:09.722 (0s) > Enter [BeforeAll] when Pipeline Results are stored for component with Git source URL https://github.com/redhat-appstudio-qe/devfile-sample-python-basic and Pipeline docker-build-oci-ta-min - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:477 @ 05/06/26 07:19:09.722 < Exit [BeforeAll] when Pipeline Results are stored for component with Git source URL https://github.com/redhat-appstudio-qe/devfile-sample-python-basic and Pipeline docker-build-oci-ta-min - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:477 @ 05/06/26 07:19:09.827 (104ms) > Enter [It] should have Pipeline Records - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:498 @ 05/06/26 07:19:09.827 records for PipelineRun test-comp-jwrp-on-pull-request-8qgsm: &{[{build-e2e-fnei/results/4ae06390-ed72-4f81-b64c-945c48341efd/records/828eeefc-00c3-4787-996d-089f179ccca5 29c3cf18-cde2-44d5-8953-bbd9d55b391b 29c3cf18-cde2-44d5-8953-bbd9d55b391b} {build-e2e-fnei/results/4ae06390-ed72-4f81-b64c-945c48341efd/records/b73b56d3-375d-4504-a619-e69137575eab 2bec4975-ebb1-4d30-9766-2560c43f830b 2bec4975-ebb1-4d30-9766-2560c43f830b} {build-e2e-fnei/results/4ae06390-ed72-4f81-b64c-945c48341efd/records/b7bfd118-fdcd-4140-a5b3-616886da7c9f 314c5370-17a5-4c0c-bcfe-768f9f84f347 314c5370-17a5-4c0c-bcfe-768f9f84f347} {build-e2e-fnei/results/4ae06390-ed72-4f81-b64c-945c48341efd/records/4ae06390-ed72-4f81-b64c-945c48341efd 41232e66-58e5-4b79-8b43-708edbba739e 41232e66-58e5-4b79-8b43-708edbba739e} {build-e2e-fnei/results/4ae06390-ed72-4f81-b64c-945c48341efd/records/7ac98121-8c3e-4030-8ac1-33198dbf7ed0 467869f1-29b7-4fd2-8dbc-d7784ea6af58 467869f1-29b7-4fd2-8dbc-d7784ea6af58} {build-e2e-fnei/results/4ae06390-ed72-4f81-b64c-945c48341efd/records/866be670-8083-4965-bd39-497828659102 63fb2235-4c80-479c-adca-57d462f81a14 63fb2235-4c80-479c-adca-57d462f81a14} {build-e2e-fnei/results/4ae06390-ed72-4f81-b64c-945c48341efd/records/cb52fcf8-ac1f-479e-9d00-d1403837f683 6480f0da-525c-453e-8552-ef5d295bc2ef 6480f0da-525c-453e-8552-ef5d295bc2ef} {build-e2e-fnei/results/4ae06390-ed72-4f81-b64c-945c48341efd/records/c1339f17-3060-4b18-9a2a-ea3c9647ab2a a77c1f65-2fe7-4329-98fa-fe8649ebcf71 a77c1f65-2fe7-4329-98fa-fe8649ebcf71} {build-e2e-fnei/results/4ae06390-ed72-4f81-b64c-945c48341efd/records/b85a4dfa-0b87-4ad3-b569-39022bc57061 b63d12c6-8ee5-4b2d-b74f-6dfd7f66d8e8 b63d12c6-8ee5-4b2d-b74f-6dfd7f66d8e8} {build-e2e-fnei/results/4ae06390-ed72-4f81-b64c-945c48341efd/records/d029eb59-7fc6-48a1-b03b-009f96cd8a65 c4808d79-619c-4904-88aa-d5dcab26ab11 c4808d79-619c-4904-88aa-d5dcab26ab11} {build-e2e-fnei/results/4ae06390-ed72-4f81-b64c-945c48341efd/records/9fc3599d-3cd8-4690-924e-9c8582296579 e90a44fd-5b4a-4022-b318-ca94a40764d3 e90a44fd-5b4a-4022-b318-ca94a40764d3} {build-e2e-fnei/results/4ae06390-ed72-4f81-b64c-945c48341efd/records/e5e30e5a-bfb6-449e-bbb0-de912520aca1 eb9f9c38-c2c9-4087-b5c0-e00305b7be46 eb9f9c38-c2c9-4087-b5c0-e00305b7be46}]} < Exit [It] should have Pipeline Records - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:498 @ 05/06/26 07:19:09.883 (56ms) > Enter [AfterEach] [build-service-suite Build templates E2E test] - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:207 @ 05/06/26 07:19:09.883 < Exit [AfterEach] [build-service-suite Build templates E2E test] - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:207 @ 05/06/26 07:19:09.883 (0s) > Enter [It] should validate tekton taskrun test results for component with Git source URL https://github.com/redhat-appstudio-qe/devfile-sample-python-basic and Pipeline docker-build-oci-ta-min - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:540 @ 05/06/26 07:19:09.883 < Exit [It] should validate tekton taskrun test results for component with Git source URL https://github.com/redhat-appstudio-qe/devfile-sample-python-basic and Pipeline docker-build-oci-ta-min - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:540 @ 05/06/26 07:19:09.908 (24ms) > Enter [AfterEach] [build-service-suite Build templates E2E test] - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:207 @ 05/06/26 07:19:09.908 < Exit [AfterEach] [build-service-suite Build templates E2E test] - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:207 @ 05/06/26 07:19:09.908 (0s) > Enter [BeforeAll] when the container image for component with Git source URL https://github.com/redhat-appstudio-qe/devfile-sample-python-basic is created and pushed to container registry - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:550 @ 05/06/26 07:19:09.909 < Exit [BeforeAll] when the container image for component with Git source URL https://github.com/redhat-appstudio-qe/devfile-sample-python-basic is created and pushed to container registry - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:550 @ 05/06/26 07:19:09.916 (7ms) > Enter [It] should have Hermeto content in the SBOM in case the build was hermetic - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:661 @ 05/06/26 07:19:09.916 [SKIPPED] Hermetic build is not enabled, skipping the test In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:663 @ 05/06/26 07:19:09.916 < Exit [It] should have Hermeto content in the SBOM in case the build was hermetic - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:661 @ 05/06/26 07:19:09.916 (0s) > Enter [AfterEach] [build-service-suite Build templates E2E test] - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:207 @ 05/06/26 07:19:09.916 < Exit [AfterEach] [build-service-suite Build templates E2E test] - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:207 @ 05/06/26 07:19:09.916 (0s) > Enter [It] pipelineRun should fail for symlink component with Git source URL https://github.com/redhat-appstudio-qe/devfile-sample-python-basic with component name test-symlink-comp-zxqf - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:816 @ 05/06/26 07:19:09.917 PipelineRun test-symlink-comp-zxqf-on-pull-request-fv2qz found for Component build-e2e-fnei/test-symlink-comp-zxqf PipelineRun test-symlink-comp-zxqf-on-pull-request-fv2qz reason: Failed attempt 1/1: PipelineRun "test-symlink-comp-zxqf-on-pull-request-fv2qz" failed: pod: test-symlink-comp-zxqf-on-p860606fe82edc37555f68bfc42821aa4-pod | init container: prepare 2026/05/06 07:04:57 Entrypoint initialization pod: test-symlink-comp-zxqf-on-p860606fe82edc37555f68bfc42821aa4-pod | init container: place-scripts 2026/05/06 07:04:58 Decoded script /tekton/scripts/script-0-hjcb2 2026/05/06 07:04:58 Decoded script /tekton/scripts/script-1-zbmqp pod: test-symlink-comp-zxqf-on-p860606fe82edc37555f68bfc42821aa4-pod | container step-clone: INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt {"level":"info","ts":1778051107.5197802,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1778051107.7577493,"caller":"git/git.go:223","msg":"Successfully cloned https://github.com/redhat-appstudio-qe/devfile-sample-python-basic @ 345ce2e175457dab78d7e761ed7afb813c73b914 (grafted, HEAD) in path /workspace/output/source"} {"level":"info","ts":1778051107.7577946,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1778051107.7826765,"caller":"git/git.go:277","msg":"Successfully initialized and updated submodules in path /workspace/output/source"} Merge option disabled. Using checked-out revision 345ce2e175457dab78d7e761ed7afb813c73b914 directly. pod: test-symlink-comp-zxqf-on-p860606fe82edc37555f68bfc42821aa4-pod | container step-symlink-check: Running symlink check The cloned repository contains symlink pointing outside of the cloned repository: /workspace/output/source/os-release-symlink pod: test-symlink-comp-zxqf-on-pull-request-fv2qz-init-pod | init container: prepare 2026/05/06 07:04:44 Entrypoint initialization pod: test-symlink-comp-zxqf-on-pull-request-fv2qz-init-pod | container step-init: time="2026-05-06T07:04:48Z" level=info msg="[param] enable: false" time="2026-05-06T07:04:48Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-05-06T07:04:48Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-05-06T07:04:48Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-05-06T07:04:48Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-05-06T07:04:48Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-05-06T07:04:48Z" level=info msg="Cache proxy is disabled via param" time="2026-05-06T07:04:48Z" level=info msg="[result] HTTP PROXY: " time="2026-05-06T07:04:48Z" level=info msg="[result] NO PROXY: " < Exit [It] pipelineRun should fail for symlink component with Git source URL https://github.com/redhat-appstudio-qe/devfile-sample-python-basic with component name test-symlink-comp-zxqf - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:816 @ 05/06/26 07:19:10.54 (623ms) > Enter [AfterAll] HACBS pipelines - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:271 @ 05/06/26 07:19:10.54 < Exit [AfterAll] HACBS pipelines - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:271 @ 05/06/26 07:19:23.4 (12.86s) > Enter [AfterEach] [build-service-suite Build templates E2E test] - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:207 @ 05/06/26 07:19:23.401 < Exit [AfterEach] [build-service-suite Build templates E2E test] - /tmp/tmp.x1MqQ7KQDy/tests/build/build_templates.go:207 @ 05/06/26 07:19:23.401 (0s) > Enter [BeforeAll] Maven project - Default build - /tmp/tmp.x1MqQ7KQDy/tests/konflux-demo/konflux-demo.go:84 @ 05/06/26 07:02:05.762 "level"=0 "msg"="Konflux demo BeforeAll: initializing framework for appappMaven project - Default build" "level"=0 "msg"="Konflux demo BeforeAll: namespacesuserNamespacekonflux-nqmnmanagedNamespacekonflux-nqmn-managed" "level"=0 "msg"="Konflux demo BeforeAll: component configcomponentNamekonflux-demo-component-mihhpacBranchNamekonflux-konflux-demo-component-mihhcomponentRepositoryNamehacbs-test-project-konflux-demo" "level"=0 "msg"="Konflux demo BeforeAll: creating release configmanagedNamespacekonflux-nqmn-manageduserNamespacekonflux-nqmn" "level"=0 "msg"="Konflux demo createReleaseConfig: creating managed namespacemanagedNamespacekonflux-nqmn-managed" "level"=0 "msg"="Konflux demo createReleaseConfig: creating release-service-accountmanagedNamespacekonflux-nqmn-managed" "level"=0 "msg"="Konflux demo createReleaseConfig: finishedmanagedNamespacekonflux-nqmn-manageduserNamespacekonflux-nqmn" "level"=0 "msg"="Konflux demo BeforeAll: created and linked release-catalog-trusted-artifacts-quay-secretmanagedNamespacekonflux-nqmn-managed" created and linked release-catalog-trusted-artifacts-quay-secret in namespace "konflux-nqmn-managed" "level"=0 "msg"="Konflux demo BeforeAll: setup completeappMaven project - Default buildcomponentNamekonflux-demo-component-mihh" < Exit [BeforeAll] Maven project - Default build - /tmp/tmp.x1MqQ7KQDy/tests/konflux-demo/konflux-demo.go:84 @ 05/06/26 07:03:05.081 (59.319s) > Enter [It] creates an application - /tmp/tmp.x1MqQ7KQDy/tests/konflux-demo/konflux-demo.go:189 @ 05/06/26 07:03:05.081 "level"=0 "msg"="Konflux demo: creating applicationapplicationNamekonflux-demo-appnamespacekonflux-nqmn" "level"=0 "msg"="Konflux demo: application createdapplicationNamekonflux-demo-app" < Exit [It] creates an application - /tmp/tmp.x1MqQ7KQDy/tests/konflux-demo/konflux-demo.go:189 @ 05/06/26 07:03:05.184 (103ms) > Enter [It] creates an IntegrationTestScenario for the app - /tmp/tmp.x1MqQ7KQDy/tests/konflux-demo/konflux-demo.go:202 @ 05/06/26 07:03:05.185 "level"=0 "msg"="Konflux demo: creating IntegrationTestScenarioapplicationNamekonflux-demo-appnamespacekonflux-nqmn" "level"=0 "msg"="Konflux demo: IntegrationTestScenario createdscenariomy-integration-test-xmfc" < Exit [It] creates an IntegrationTestScenario for the app - /tmp/tmp.x1MqQ7KQDy/tests/konflux-demo/konflux-demo.go:202 @ 05/06/26 07:03:05.26 (75ms) > Enter [It] creates new branch for the build - /tmp/tmp.x1MqQ7KQDy/tests/konflux-demo/konflux-demo.go:218 @ 05/06/26 07:03:05.26 "level"=0 "msg"="Konflux demo: creating branch for buildrepohacbs-test-project-konflux-demobranchbase-whzujhfrommain" < Exit [It] creates new branch for the build - /tmp/tmp.x1MqQ7KQDy/tests/konflux-demo/konflux-demo.go:218 @ 05/06/26 07:03:05.954 (694ms) > Enter [It] creates component konflux-demo-component (private: false) from git source https://github.com/redhat-appstudio-qe/hacbs-test-project-konflux-demo - /tmp/tmp.x1MqQ7KQDy/tests/konflux-demo/konflux-demo.go:233 @ 05/06/26 07:03:05.955 "level"=0 "msg"="Konflux demo: creating componentcomponentNamekonflux-demo-component-mihhapplicationNamekonflux-demo-appnamespacekonflux-nqmnrevisionbase-whzujh" Image repository for component konflux-demo-component-mihh in namespace konflux-nqmn do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. Image repository for component konflux-demo-component-mihh in namespace konflux-nqmn do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. Image repository for component konflux-demo-component-mihh in namespace konflux-nqmn do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. Image repository for component konflux-demo-component-mihh in namespace konflux-nqmn do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. "level"=0 "msg"="Konflux demo: component createdcomponentNamekonflux-demo-component-mihh" < Exit [It] creates component konflux-demo-component (private: false) from git source https://github.com/redhat-appstudio-qe/hacbs-test-project-konflux-demo - /tmp/tmp.x1MqQ7KQDy/tests/konflux-demo/konflux-demo.go:233 @ 05/06/26 07:03:46.113 (40.158s) > Enter [It] triggers creation of a PR in the sample repo - /tmp/tmp.x1MqQ7KQDy/tests/konflux-demo/konflux-demo.go:259 @ 05/06/26 07:03:46.114 "level"=0 "msg"="Konflux demo: waiting for PaC PRrepohacbs-test-project-konflux-demopacBranchNamekonflux-konflux-demo-component-mihh" "msg"="Konflux demo: could not get the expected PaC branch name konflux-konflux-demo-component-mihh (found 5 PRs)" "error"=null "msg"="Konflux demo: could not get the expected PaC branch name konflux-konflux-demo-component-mihh (found 5 PRs)" "error"=null "msg"="Konflux demo: could not get the expected PaC branch name konflux-konflux-demo-component-mihh (found 5 PRs)" "error"=null "msg"="Konflux demo: could not get the expected PaC branch name konflux-konflux-demo-component-mihh (found 5 PRs)" "error"=null "msg"="Konflux demo: could not get the expected PaC branch name konflux-konflux-demo-component-mihh (found 5 PRs)" "error"=null "msg"="Konflux demo: could not get the expected PaC branch name konflux-konflux-demo-component-mihh (found 5 PRs)" "error"=null "msg"="Konflux demo: could not get the expected PaC branch name konflux-konflux-demo-component-mihh (found 5 PRs)" "error"=null "msg"="Konflux demo: could not get the expected PaC branch name konflux-konflux-demo-component-mihh (found 5 PRs)" "error"=null "msg"="Konflux demo: could not get the expected PaC branch name konflux-konflux-demo-component-mihh (found 5 PRs)" "error"=null "msg"="Konflux demo: could not get the expected PaC branch name konflux-konflux-demo-component-mihh (found 5 PRs)" "error"=null "msg"="Konflux demo: could not get the expected PaC branch name konflux-konflux-demo-component-mihh (found 5 PRs)" "error"=null "level"=0 "msg"="Konflux demo: PaC PR createdprNumber29601prSHA2583ac1fdce95f04171007afe59a4b1b82b09503" "level"=0 "msg"="Konflux demo: waiting for pull-request PipelineRun to appear (will delete it)componentkonflux-demo-component-mihhprSHA2583ac1fdce95f04171007afe59a4b1b82b09503" PipelineRun not found yet for component konflux-nqmn/konflux-demo-component-mihh prSHA 2583ac1fdce95f04171007afe59a4b1b82b09503: no pipelinerun found for component konflux-demo-component-mihh < Exit [It] triggers creation of a PR in the sample repo - /tmp/tmp.x1MqQ7KQDy/tests/konflux-demo/konflux-demo.go:259 @ 05/06/26 07:04:31.425 (45.311s) > Enter [It] verifies component build status - /tmp/tmp.x1MqQ7KQDy/tests/konflux-demo/konflux-demo.go:297 @ 05/06/26 07:04:31.425 "level"=0 "msg"="Konflux demo: verifying component build status (PaC enabled)componentkonflux-demo-component-mihhnamespacekonflux-nqmn" state: enabled mergeUrl: https://github.com/redhat-appstudio-qe/hacbs-test-project-konflux-demo/pull/29601 errId: 0 errMessage: configurationTime: Wed, 06 May 2026 07:04:10 UTC < Exit [It] verifies component build status - /tmp/tmp.x1MqQ7KQDy/tests/konflux-demo/konflux-demo.go:297 @ 05/06/26 07:04:31.464 (39ms) > Enter [It] should eventually lead to triggering a 'push' event type PipelineRun after merging the PaC init branch - /tmp/tmp.x1MqQ7KQDy/tests/konflux-demo/konflux-demo.go:335 @ 05/06/26 07:04:31.464 "level"=0 "msg"="Konflux demo: merging PaC PRrepohacbs-test-project-konflux-demoprNumber29601" "level"=0 "msg"="Konflux demo: PaC PR mergedheadSHA00775aff393ad7f166602cdc0ae09d8b098fdac5" "level"=0 "msg"="Konflux demo: waiting for push PipelineRun to startcomponentkonflux-demo-component-mihhheadSHA00775aff393ad7f166602cdc0ae09d8b098fdac5" PipelineRun has not been created yet for component konflux-nqmn/konflux-demo-component-mihh "msg"="Konflux demo: GetComponentPipelineRun failed: no pipelinerun found for component konflux-demo-component-mihh" "error"=null "level"=0 "msg"="Konflux demo: push PipelineRun startedpipelineRunkonflux-demo-component-mihh-on-push-h5kr7" < Exit [It] should eventually lead to triggering a 'push' event type PipelineRun after merging the PaC init branch - /tmp/tmp.x1MqQ7KQDy/tests/konflux-demo/konflux-demo.go:335 @ 05/06/26 07:04:53.56 (22.096s) > Enter [It] does not contain an annotation with a Snapshot Name - /tmp/tmp.x1MqQ7KQDy/tests/konflux-demo/konflux-demo.go:369 @ 05/06/26 07:04:53.561 "level"=0 "msg"="Konflux demo: checking build PipelineRun has no snapshot annotationpipelineRunkonflux-demo-component-mihh-on-push-h5kr7" < Exit [It] does not contain an annotation with a Snapshot Name - /tmp/tmp.x1MqQ7KQDy/tests/konflux-demo/konflux-demo.go:369 @ 05/06/26 07:04:53.561 (0s) > Enter [It] should eventually complete successfully - /tmp/tmp.x1MqQ7KQDy/tests/konflux-demo/konflux-demo.go:373 @ 05/06/26 07:04:53.561 "level"=0 "msg"="Konflux demo: waiting for build PipelineRun to finishpipelineRunkonflux-demo-component-mihh-on-push-h5kr7componentkonflux-demo-component-mihhheadSHA00775aff393ad7f166602cdc0ae09d8b098fdac5" PipelineRun konflux-demo-component-mihh-on-push-h5kr7 found for Component konflux-nqmn/konflux-demo-component-mihh PipelineRun konflux-demo-component-mihh-on-push-h5kr7 reason: ResolvingTaskRef PipelineRun konflux-demo-component-mihh-on-push-h5kr7 reason: Running PipelineRun konflux-demo-component-mihh-on-push-h5kr7 reason: Running PipelineRun konflux-demo-component-mihh-on-push-h5kr7 reason: Running PipelineRun konflux-demo-component-mihh-on-push-h5kr7 reason: Running PipelineRun konflux-demo-component-mihh-on-push-h5kr7 reason: Running PipelineRun konflux-demo-component-mihh-on-push-h5kr7 reason: Running PipelineRun konflux-demo-component-mihh-on-push-h5kr7 reason: Running PipelineRun konflux-demo-component-mihh-on-push-h5kr7 reason: Running PipelineRun konflux-demo-component-mihh-on-push-h5kr7 reason: Running PipelineRun konflux-demo-component-mihh-on-push-h5kr7 reason: Running PipelineRun konflux-demo-component-mihh-on-push-h5kr7 reason: Running PipelineRun konflux-demo-component-mihh-on-push-h5kr7 reason: Running PipelineRun konflux-demo-component-mihh-on-push-h5kr7 reason: Running PipelineRun konflux-demo-component-mihh-on-push-h5kr7 reason: Running PipelineRun konflux-demo-component-mihh-on-push-h5kr7 reason: Running PipelineRun konflux-demo-component-mihh-on-push-h5kr7 reason: Running PipelineRun konflux-demo-component-mihh-on-push-h5kr7 reason: PipelineRunStopping PipelineRun konflux-demo-component-mihh-on-push-h5kr7 reason: PipelineRunStopping PipelineRun konflux-demo-component-mihh-on-push-h5kr7 reason: PipelineRunStopping PipelineRun konflux-demo-component-mihh-on-push-h5kr7 reason: PipelineRunStopping PipelineRun konflux-demo-component-mihh-on-push-h5kr7 reason: Failed attempt 1/6: PipelineRun "konflux-demo-component-mihh-on-push-h5kr7" failed: pod: konflux-demo-component-mihh-on-push-h5kr7-apply-tags-pod | init container: prepare 2026/05/06 07:09:35 Entrypoint initialization pod: konflux-demo-component-mihh-on-push-h5kr7-apply-tags-pod | container step-apply-additional-tags: time="2026-05-06T07:09:38Z" level=info msg="[param] image-url: quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh:00775aff393ad7f166602cdc0ae09d8b098fdac5" time="2026-05-06T07:09:38Z" level=info msg="[param] digest: sha256:853c6d340b1a68458402543a8ae375a9546ffc35dc8d00ad1d5811b792b4452c" time="2026-05-06T07:09:38Z" level=info msg="[param] tags-from-image-label: konflux.additional-tags" time="2026-05-06T07:09:39Z" level=warning msg="No tags given in 'konflux.additional-tags' image label" {"tags":[]} pod: konflux-demo-component-mihh-on-push-h5kr7-build-container-pod | init container: prepare 2026/05/06 07:06:03 Entrypoint initialization pod: konflux-demo-component-mihh-on-push-h5kr7-build-container-pod | init container: place-scripts 2026/05/06 07:06:04 Decoded script /tekton/scripts/script-1-gck44 2026/05/06 07:06:04 Decoded script /tekton/scripts/script-2-djc7n 2026/05/06 07:06:04 Decoded script /tekton/scripts/script-3-k6xz8 2026/05/06 07:06:04 Decoded script /tekton/scripts/script-4-np9ht 2026/05/06 07:06:04 Decoded script /tekton/scripts/script-5-qssz2 pod: konflux-demo-component-mihh-on-push-h5kr7-build-container-pod | container step-use-trusted-artifact: Using token for quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh Executing: oras blob fetch --registry-config /tmp/use-oci.sh.vDKink/auth-zXHlDD.json quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh@sha256:d00067650ac6c5dc7b74ea544d566868d34e69d3841c5e8c02d1c8059c59e73b --output - Restored artifact quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh@sha256:d00067650ac6c5dc7b74ea544d566868d34e69d3841c5e8c02d1c8059c59e73b to /var/workdir/source WARN: artifact URI not provided, (given: =/var/workdir/cachi2) pod: konflux-demo-component-mihh-on-push-h5kr7-build-container-pod | container step-build: [2026-05-06T07:06:09,235422449+00:00] Validate context path [2026-05-06T07:06:09,238629386+00:00] Update CA trust [2026-05-06T07:06:09,239741667+00:00] Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-05-06T07:06:11,952501514+00:00] Prepare Dockerfile Checking if /var/workdir/cachi2/output/bom.json exists. Could not find prefetched sbom. No content_sets found for ICM [2026-05-06T07:06:11,958011957+00:00] Prepare system (architecture: x86_64) [2026-05-06T07:06:11,969764085+00:00] Setup prefetched Trying to pull registry.access.redhat.com/ubi8/openjdk-17-runtime:1.23... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc Copying blob sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e Copying config sha256:8979a2d87e9502962b699677c4df3cb444e670d02cddf2f83fd6da795feab96e Writing manifest to image destination Storing signatures [2026-05-06T07:06:17,852559274+00:00] Unsetting proxy { "architecture": "x86_64", "build-date": "2026-05-06T07:06:11Z", "com.redhat.component": "openjdk-17-runtime-ubi8-container", "com.redhat.license_terms": "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI", "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream", "description": "Image for Red Hat OpenShift providing OpenJDK 17 runtime", "distribution-scope": "public", "io.buildah.version": "1.42.2", "io.cekit.version": "4.13.0.dev0", "io.k8s.description": "Platform for running plain Java applications (fat-jar and flat classpath)", "io.k8s.display-name": "Java Applications", "io.openshift.expose-services": "", "io.openshift.tags": "java", "maintainer": "Red Hat OpenJDK <openjdk@redhat.com>", "name": "ubi8/openjdk-17-runtime", "org.jboss.product": "openjdk", "org.jboss.product.openjdk.version": "17", "org.jboss.product.version": "17", "org.opencontainers.image.created": "2026-05-06T07:06:11Z", "org.opencontainers.image.documentation": "https://rh-openjdk.github.io/redhat-openjdk-containers/", "org.opencontainers.image.revision": "00775aff393ad7f166602cdc0ae09d8b098fdac5", "release": "4.1777859697", "summary": "Image for Red Hat OpenShift providing OpenJDK 17 runtime", "url": "https://access.redhat.com/containers/#/registry.access.redhat.com/ubi8/openjdk-17-runtime/images/1.23-4.1777859697", "usage": "https://rh-openjdk.github.io/redhat-openjdk-containers/", "vcs-ref": "00775aff393ad7f166602cdc0ae09d8b098fdac5", "vcs-type": "git", "vendor": "Red Hat, Inc.", "version": "1.23", "org.opencontainers.image.source": "https://github.com/redhat-appstudio-qe/hacbs-test-project-konflux-demo" } [2026-05-06T07:06:17,897007540+00:00] Register sub-man Adding the entitlement to the build [2026-05-06T07:06:17,900221125+00:00] Add secrets [2026-05-06T07:06:17,907353737+00:00] Run buildah build [2026-05-06T07:06:17,908407336+00:00] buildah build --volume /tmp/entitlement:/etc/pki/entitlement --security-opt=unmask=/proc/interrupts --label architecture=x86_64 --label vcs-type=git --label vcs-ref=00775aff393ad7f166602cdc0ae09d8b098fdac5 --label org.opencontainers.image.revision=00775aff393ad7f166602cdc0ae09d8b098fdac5 --label org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/hacbs-test-project-konflux-demo --label build-date=2026-05-06T07:06:11Z --label org.opencontainers.image.created=2026-05-06T07:06:11Z --annotation org.opencontainers.image.revision=00775aff393ad7f166602cdc0ae09d8b098fdac5 --annotation org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/hacbs-test-project-konflux-demo --annotation org.opencontainers.image.created=2026-05-06T07:06:11Z --tls-verify=true --no-cache --ulimit nofile=4096:4096 --http-proxy=false -f /tmp/Dockerfile.2KzMaO -t quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh:00775aff393ad7f166602cdc0ae09d8b098fdac5 . [1/2] STEP 1/5: FROM registry.access.redhat.com/ubi8/openjdk-17:1.23 AS builder Trying to pull registry.access.redhat.com/ubi8/openjdk-17:1.23... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:a12a82751b6fcca1bc1b9cde9e1848176a23a409694729a4a814f963fc33fb81 Copying blob sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e Copying config sha256:575ea09fb2e3a7e2587a6187fc17be1a0a5da89bcb3f41e3dd33087a2ffc3bcb Writing manifest to image destination Storing signatures [1/2] STEP 2/5: WORKDIR /work [1/2] STEP 3/5: COPY . . [1/2] STEP 4/5: USER 0 [1/2] STEP 5/5: RUN mvn clean package -DskipTests -DskipDocsGen [INFO] Scanning for projects... [INFO] [INFO] ------------------< org.example:simple-java-project >------------------- [INFO] Building simple-java-project 1.0-SNAPSHOT [INFO] --------------------------------[ jar ]--------------------------------- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-shade-plugin/3.2.4/maven-shade-plugin-3.2.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-shade-plugin/3.2.4/maven-shade-plugin-3.2.4.pom (11 kB at 55 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/34/maven-plugins-34.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/34/maven-plugins-34.pom (11 kB at 281 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/34/maven-parent-34.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 43 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/34/maven-parent-34.pom (43 kB at 1.1 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/23/apache-23.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 18 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/23/apache-23.pom (18 kB at 485 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-shade-plugin/3.2.4/maven-shade-plugin-3.2.4.jar Progress (1): 2.3/134 kB Progress (1): 5.0/134 kB Progress (1): 7.7/134 kB Progress (1): 10/134 kB Progress (1): 13/134 kB Progress (1): 16/134 kB Progress (1): 19/134 kB Progress (1): 21/134 kB Progress (1): 26/134 kB Progress (1): 30/134 kB Progress (1): 32/134 kB Progress (1): 36/134 kB Progress (1): 40/134 kB Progress (1): 44/134 kB Progress (1): 48/134 kB Progress (1): 52/134 kB Progress (1): 56/134 kB Progress (1): 61/134 kB Progress (1): 65/134 kB Progress (1): 69/134 kB Progress (1): 73/134 kB Progress (1): 77/134 kB Progress (1): 81/134 kB Progress (1): 85/134 kB Progress (1): 89/134 kB Progress (1): 93/134 kB Progress (1): 97/134 kB Progress (1): 100/134 kB Progress (1): 104/134 kB Progress (1): 108/134 kB Progress (1): 112/134 kB Progress (1): 116/134 kB Progress (1): 120/134 kB Progress (1): 124/134 kB Progress (1): 128/134 kB Progress (1): 132/134 kB Progress (1): 134 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-shade-plugin/3.2.4/maven-shade-plugin-3.2.4.jar (134 kB at 2.6 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.5/maven-clean-plugin-2.5.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.5/maven-clean-plugin-2.5.pom (3.9 kB at 69 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/22/maven-plugins-22.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/22/maven-plugins-22.pom (13 kB at 362 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/21/maven-parent-21.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 26 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/21/maven-parent-21.pom (26 kB at 694 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/10/apache-10.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/10/apache-10.pom (15 kB at 423 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.5/maven-clean-plugin-2.5.jar Progress (1): 4.1/25 kB Progress (1): 7.3/25 kB Progress (1): 11/25 kB Progress (1): 15/25 kB Progress (1): 20/25 kB Progress (1): 24/25 kB Progress (1): 25 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.5/maven-clean-plugin-2.5.jar (25 kB at 849 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.pom Progress (1): 4.1 kB Progress (1): 8.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.pom (8.1 kB at 189 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/23/maven-plugins-23.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/23/maven-plugins-23.pom (9.2 kB at 242 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/22/maven-parent-22.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 30 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/22/maven-parent-22.pom (30 kB at 875 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/11/apache-11.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/11/apache-11.pom (15 kB at 197 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.jar Progress (1): 4.1/30 kB Progress (1): 7.7/30 kB Progress (1): 11/30 kB Progress (1): 15/30 kB Progress (1): 20/30 kB Progress (1): 24/30 kB Progress (1): 28/30 kB Progress (1): 30 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.jar (30 kB at 922 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.1/maven-compiler-plugin-3.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 10 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.1/maven-compiler-plugin-3.1.pom (10 kB at 319 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/24/maven-plugins-24.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/24/maven-plugins-24.pom (11 kB at 360 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/23/maven-parent-23.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/23/maven-parent-23.pom (33 kB at 905 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/13/apache-13.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/13/apache-13.pom (14 kB at 368 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.1/maven-compiler-plugin-3.1.jar Progress (1): 4.1/43 kB Progress (1): 7.7/43 kB Progress (1): 12/43 kB Progress (1): 16/43 kB Progress (1): 20/43 kB Progress (1): 24/43 kB Progress (1): 28/43 kB Progress (1): 32/43 kB Progress (1): 36/43 kB Progress (1): 40/43 kB Progress (1): 43 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.1/maven-compiler-plugin-3.1.jar (43 kB at 1.4 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-surefire-plugin/2.12.4/maven-surefire-plugin-2.12.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 10 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-surefire-plugin/2.12.4/maven-surefire-plugin-2.12.4.pom (10 kB at 269 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire/2.12.4/surefire-2.12.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire/2.12.4/surefire-2.12.4.pom (14 kB at 354 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-surefire-plugin/2.12.4/maven-surefire-plugin-2.12.4.jar Progress (1): 4.1/30 kB Progress (1): 7.7/30 kB Progress (1): 12/30 kB Progress (1): 16/30 kB Progress (1): 20/30 kB Progress (1): 24/30 kB Progress (1): 28/30 kB Progress (1): 30 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-surefire-plugin/2.12.4/maven-surefire-plugin-2.12.4.jar (30 kB at 896 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.3.0/maven-jar-plugin-3.3.0.pom Progress (1): 4.1 kB Progress (1): 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.3.0/maven-jar-plugin-3.3.0.pom (6.8 kB at 183 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/37/maven-plugins-37.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/37/maven-plugins-37.pom (9.9 kB at 291 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/37/maven-parent-37.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 46 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/37/maven-parent-37.pom (46 kB at 1.3 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/27/apache-27.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/27/apache-27.pom (20 kB at 636 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.3.0/maven-jar-plugin-3.3.0.jar Progress (1): 4.1/27 kB Progress (1): 7.7/27 kB Progress (1): 12/27 kB Progress (1): 15/27 kB Progress (1): 20/27 kB Progress (1): 24/27 kB Progress (1): 27 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.3.0/maven-jar-plugin-3.3.0.jar (27 kB at 719 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk17/0.1.2/simple-jdk17-0.1.2.pom Progress (1): 3.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk17/0.1.2/simple-jdk17-0.1.2.pom (3.6 kB at 81 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/shaded/shaded-jdk11/1.9/shaded-jdk11-1.9.pom Progress (1): 4.1 kB Progress (1): 5.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/shaded/shaded-jdk11/1.9/shaded-jdk11-1.9.pom (5.0 kB at 152 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk8/1.2.4/simple-jdk8-1.2.4.pom Progress (1): 3.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk8/1.2.4/simple-jdk8-1.2.4.pom (3.6 kB at 98 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/gradle/hacbs-test-simple-gradle-jdk8/1.1/hacbs-test-simple-gradle-jdk8-1.1.pom Progress (1): 1.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/gradle/hacbs-test-simple-gradle-jdk8/1.1/hacbs-test-simple-gradle-jdk8-1.1.pom (1.8 kB at 42 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk17/0.1.2/simple-jdk17-0.1.2.jar Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/shaded/shaded-jdk11/1.9/shaded-jdk11-1.9.jar Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk8/1.2.4/simple-jdk8-1.2.4.jar Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/gradle/hacbs-test-simple-gradle-jdk8/1.1/hacbs-test-simple-gradle-jdk8-1.1.jar Progress (1): 4.1/7.1 kB Progress (1): 7.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/shaded/shaded-jdk11/1.9/shaded-jdk11-1.9.jar (7.1 kB at 168 kB/s) Progress (1): 2.3/3.6 kB Progress (2): 2.3/3.6 kB | 2.0 kB Progress (2): 3.6 kB | 2.0 kB Progress (3): 3.6 kB | 2.0 kB | 2.3/3.6 kB Progress (3): 3.6 kB | 2.0 kB | 3.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk8/1.2.4/simple-jdk8-1.2.4.jar (3.6 kB at 58 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/gradle/hacbs-test-simple-gradle-jdk8/1.1/hacbs-test-simple-gradle-jdk8-1.1.jar (2.0 kB at 32 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk17/0.1.2/simple-jdk17-0.1.2.jar (3.6 kB at 42 kB/s) [INFO] [INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.6/maven-plugin-api-2.0.6.pom Progress (1): 1.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.6/maven-plugin-api-2.0.6.pom (1.5 kB at 29 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0.6/maven-2.0.6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0.6/maven-2.0.6.pom (9.0 kB at 192 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/5/maven-parent-5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/5/maven-parent-5.pom (15 kB at 331 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/3/apache-3.pom Progress (1): 3.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/3/apache-3.pom (3.4 kB at 84 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0/plexus-utils-3.0.pom Progress (1): 4.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0/plexus-utils-3.0.pom (4.1 kB at 102 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/16/spice-parent-16.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/16/spice-parent-16.pom (8.4 kB at 167 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/5/forge-parent-5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/5/forge-parent-5.pom (8.4 kB at 190 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.6/maven-plugin-api-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0/plexus-utils-3.0.jar Progress (1): 2.3/226 kB Progress (1): 5.0/226 kB Progress (1): 7.7/226 kB Progress (1): 10/226 kB Progress (1): 13/226 kB Progress (1): 16/226 kB Progress (1): 19/226 kB Progress (1): 21/226 kB Progress (1): 24/226 kB Progress (1): 27/226 kB Progress (1): 30/226 kB Progress (1): 32/226 kB Progress (1): 35/226 kB Progress (1): 37/226 kB Progress (1): 40/226 kB Progress (1): 43/226 kB Progress (1): 46/226 kB Progress (1): 48/226 kB Progress (1): 52/226 kB Progress (1): 56/226 kB Progress (1): 61/226 kB Progress (1): 65/226 kB Progress (1): 69/226 kB Progress (1): 73/226 kB Progress (2): 73/226 kB | 2.3/13 kB Progress (2): 75/226 kB | 2.3/13 kB Progress (2): 75/226 kB | 5.0/13 kB Progress (2): 79/226 kB | 5.0/13 kB Progress (2): 79/226 kB | 7.7/13 kB Progress (2): 83/226 kB | 7.7/13 kB Progress (2): 83/226 kB | 10/13 kB Progress (2): 87/226 kB | 10/13 kB Progress (2): 87/226 kB | 13 kB Progress (2): 91/226 kB | 13 kB Progress (2): 96/226 kB | 13 kB Progress (2): 100/226 kB | 13 kB Progress (2): 104/226 kB | 13 kB Progress (2): 108/226 kB | 13 kB Progress (2): 112/226 kB | 13 kB Progress (2): 116/226 kB | 13 kB Progress (2): 120/226 kB | 13 kB Progress (2): 124/226 kB | 13 kB Progress (2): 128/226 kB | 13 kB Progress (2): 132/226 kB | 13 kB Progress (2): 136/226 kB | 13 kB Progress (2): 141/226 kB | 13 kB Progress (2): 143/226 kB | 13 kB Progress (2): 147/226 kB | 13 kB Progress (2): 151/226 kB | 13 kB Progress (2): 155/226 kB | 13 kB Progress (2): 159/226 kB | 13 kB Progress (2): 163/226 kB | 13 kB Progress (2): 167/226 kB | 13 kB Progress (2): 171/226 kB | 13 kB Progress (2): 175/226 kB | 13 kB Progress (2): 179/226 kB | 13 kB Progress (2): 183/226 kB | 13 kB Progress (2): 188/226 kB | 13 kB Progress (2): 192/226 kB | 13 kB Progress (2): 196/226 kB | 13 kB Progress (2): 200/226 kB | 13 kB Progress (2): 204/226 kB | 13 kB Progress (2): 208/226 kB | 13 kB Progress (2): 212/226 kB | 13 kB Progress (2): 216/226 kB | 13 kB Progress (2): 220/226 kB | 13 kB Progress (2): 224/226 kB | 13 kB Progress (2): 226 kB | 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.6/maven-plugin-api-2.0.6.jar (13 kB at 314 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0/plexus-utils-3.0.jar (226 kB at 5.0 MB/s) [INFO] [INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.6/maven-project-2.0.6.pom Progress (1): 2.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.6/maven-project-2.0.6.pom (2.6 kB at 78 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.pom (2.0 kB at 59 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.6/maven-model-2.0.6.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.6/maven-model-2.0.6.pom (3.0 kB at 66 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.4.1/plexus-utils-1.4.1.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.4.1/plexus-utils-1.4.1.pom (1.9 kB at 49 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.11/plexus-1.0.11.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.11/plexus-1.0.11.pom (9.0 kB at 176 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.pom (3.9 kB at 132 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.0.3/plexus-containers-1.0.3.pom Progress (1): 492 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.0.3/plexus-containers-1.0.3.pom (492 B at 16 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.4/plexus-1.0.4.pom Progress (1): 4.1 kB Progress (1): 5.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.4/plexus-1.0.4.pom (5.7 kB at 155 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.1/junit-3.8.1.pom Progress (1): 998 B Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.1/junit-3.8.1.pom (998 B at 34 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.0.4/plexus-utils-1.0.4.pom Progress (1): 4.1 kB Progress (1): 6.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.0.4/plexus-utils-1.0.4.pom (6.9 kB at 236 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1-alpha-2/classworlds-1.1-alpha-2.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1-alpha-2/classworlds-1.1-alpha-2.pom (3.1 kB at 104 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.6/maven-profile-2.0.6.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.6/maven-profile-2.0.6.pom (2.0 kB at 66 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.6/maven-artifact-manager-2.0.6.pom Progress (1): 2.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.6/maven-artifact-manager-2.0.6.pom (2.6 kB at 85 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.6/maven-repository-metadata-2.0.6.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.6/maven-repository-metadata-2.0.6.pom (1.9 kB at 62 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.6/maven-artifact-2.0.6.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.6/maven-artifact-2.0.6.pom (1.6 kB at 66 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.6/maven-plugin-registry-2.0.6.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.6/maven-plugin-registry-2.0.6.pom (1.9 kB at 65 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.6/maven-core-2.0.6.pom Progress (1): 4.1 kB Progress (1): 6.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.6/maven-core-2.0.6.pom (6.7 kB at 231 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.6/maven-plugin-parameter-documenter-2.0.6.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.6/maven-plugin-parameter-documenter-2.0.6.pom (1.9 kB at 58 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.6/maven-reporting-api-2.0.6.pom Progress (1): 1.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.6/maven-reporting-api-2.0.6.pom (1.8 kB at 53 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting/2.0.6/maven-reporting-2.0.6.pom Progress (1): 1.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting/2.0.6/maven-reporting-2.0.6.pom (1.4 kB at 48 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0-alpha-7/doxia-sink-api-1.0-alpha-7.pom Progress (1): 424 B Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0-alpha-7/doxia-sink-api-1.0-alpha-7.pom (424 B at 14 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia/1.0-alpha-7/doxia-1.0-alpha-7.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia/1.0-alpha-7/doxia-1.0-alpha-7.pom (3.9 kB at 140 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.6/maven-error-diagnostics-2.0.6.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.6/maven-error-diagnostics-2.0.6.pom (1.7 kB at 61 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-cli/commons-cli/1.0/commons-cli-1.0.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-cli/commons-cli/1.0/commons-cli-1.0.pom (2.1 kB at 73 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.6/maven-plugin-descriptor-2.0.6.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.6/maven-plugin-descriptor-2.0.6.pom (2.0 kB at 78 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.pom Progress (1): 4.1 kB Progress (1): 7.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.pom (7.1 kB at 236 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.6/maven-monitor-2.0.6.pom Progress (1): 1.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.6/maven-monitor-2.0.6.pom (1.3 kB at 46 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1/classworlds-1.1.pom Progress (1): 3.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1/classworlds-1.1.pom (3.3 kB at 104 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.5/plexus-utils-2.0.5.pom Progress (1): 3.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.5/plexus-utils-2.0.5.pom (3.3 kB at 123 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.6/plexus-2.0.6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 17 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.6/plexus-2.0.6.pom (17 kB at 559 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-filtering/1.1/maven-filtering-1.1.pom Progress (1): 4.1 kB Progress (1): 5.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-filtering/1.1/maven-filtering-1.1.pom (5.8 kB at 175 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/17/maven-shared-components-17.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/17/maven-shared-components-17.pom (8.7 kB at 311 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.15/plexus-utils-1.5.15.pom Progress (1): 4.1 kB Progress (1): 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.15/plexus-utils-1.5.15.pom (6.8 kB at 214 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.2/plexus-2.0.2.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.2/plexus-2.0.2.pom (12 kB at 363 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.12/plexus-interpolation-1.12.pom Progress (1): 889 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.12/plexus-interpolation-1.12.pom (889 B at 32 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.14/plexus-components-1.1.14.pom Progress (1): 4.1 kB Progress (1): 5.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.14/plexus-components-1.1.14.pom (5.8 kB at 209 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-build-api/0.0.4/plexus-build-api-0.0.4.pom Progress (1): 2.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-build-api/0.0.4/plexus-build-api-0.0.4.pom (2.9 kB at 87 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/10/spice-parent-10.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/10/spice-parent-10.pom (3.0 kB at 104 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/3/forge-parent-3.pom Progress (1): 4.1 kB Progress (1): 5.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/3/forge-parent-3.pom (5.0 kB at 168 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.8/plexus-utils-1.5.8.pom Progress (1): 4.1 kB Progress (1): 8.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.8/plexus-utils-1.5.8.pom (8.1 kB at 323 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.13/plexus-interpolation-1.13.pom Progress (1): 890 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.13/plexus-interpolation-1.13.pom (890 B at 39 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.15/plexus-components-1.1.15.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.15/plexus-components-1.1.15.pom (2.8 kB at 119 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.3/plexus-2.0.3.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.3/plexus-2.0.3.pom (15 kB at 533 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.6/maven-project-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.6/maven-profile-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.6/maven-artifact-manager-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.6/maven-plugin-registry-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.6/maven-core-2.0.6.jar Progress (1): 4.1/116 kB Progress (1): 7.7/116 kB Progress (1): 12/116 kB Progress (1): 16/116 kB Progress (1): 20/116 kB Progress (1): 24/116 kB Progress (1): 28/116 kB Progress (1): 32/116 kB Progress (1): 36/116 kB Progress (1): 40/116 kB Progress (1): 45/116 kB Progress (1): 49/116 kB Progress (1): 53/116 kB Progress (1): 57/116 kB Progress (1): 61/116 kB Progress (2): 61/116 kB | 2.3/57 kB Progress (2): 61/116 kB | 5.0/57 kB Progress (2): 61/116 kB | 7.7/57 kB Progress (3): 61/116 kB | 7.7/57 kB | 4.1/29 kB Progress (3): 61/116 kB | 10/57 kB | 4.1/29 kB Progress (3): 61/116 kB | 10/57 kB | 7.7/29 kB Progress (3): 61/116 kB | 10/57 kB | 12/29 kB Progress (3): 61/116 kB | 13/57 kB | 12/29 kB Progress (3): 65/116 kB | 13/57 kB | 12/29 kB Progress (3): 65/116 kB | 13/57 kB | 16/29 kB Progress (3): 65/116 kB | 16/57 kB | 16/29 kB Progress (3): 69/116 kB | 16/57 kB | 16/29 kB Progress (3): 73/116 kB | 16/57 kB | 16/29 kB Progress (3): 77/116 kB | 16/57 kB | 16/29 kB Progress (3): 77/116 kB | 19/57 kB | 16/29 kB Progress (3): 77/116 kB | 19/57 kB | 20/29 kB Progress (3): 77/116 kB | 19/57 kB | 24/29 kB Progress (3): 77/116 kB | 21/57 kB | 24/29 kB Progress (3): 77/116 kB | 21/57 kB | 28/29 kB Progress (3): 77/116 kB | 24/57 kB | 28/29 kB Progress (3): 81/116 kB | 24/57 kB | 28/29 kB Progress (3): 81/116 kB | 24/57 kB | 29 kB Progress (3): 81/116 kB | 27/57 kB | 29 kB Progress (3): 86/116 kB | 27/57 kB | 29 kB Progress (3): 90/116 kB | 27/57 kB | 29 kB Progress (3): 90/116 kB | 30/57 kB | 29 kB Progress (3): 94/116 kB | 30/57 kB | 29 kB Progress (3): 94/116 kB | 32/57 kB | 29 kB Progress (3): 94/116 kB | 35/57 kB | 29 kB Progress (3): 94/116 kB | 38/57 kB | 29 kB Progress (3): 94/116 kB | 41/57 kB | 29 kB Progress (3): 94/116 kB | 43/57 kB | 29 kB Progress (3): 94/116 kB | 46/57 kB | 29 kB Progress (3): 94/116 kB | 49/57 kB | 29 kB Progress (3): 98/116 kB | 49/57 kB | 29 kB Progress (3): 102/116 kB | 49/57 kB | 29 kB Progress (3): 102/116 kB | 51/57 kB | 29 kB Progress (3): 106/116 kB | 51/57 kB | 29 kB Progress (3): 110/116 kB | 51/57 kB | 29 kB Progress (3): 110/116 kB | 56/57 kB | 29 kB Progress (3): 110/116 kB | 57 kB | 29 kB Progress (3): 114/116 kB | 57 kB | 29 kB Progress (3): 116 kB | 57 kB | 29 kB Progress (4): 116 kB | 57 kB | 29 kB | 3.8/35 kB Progress (4): 116 kB | 57 kB | 29 kB | 7.8/35 kB Progress (4): 116 kB | 57 kB | 29 kB | 11/35 kB Progress (4): 116 kB | 57 kB | 29 kB | 15/35 kB Progress (4): 116 kB | 57 kB | 29 kB | 20/35 kB Progress (4): 116 kB | 57 kB | 29 kB | 24/35 kB Progress (4): 116 kB | 57 kB | 29 kB | 28/35 kB Progress (4): 116 kB | 57 kB | 29 kB | 32/35 kB Progress (4): 116 kB | 57 kB | 29 kB | 35 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.6/maven-plugin-registry-2.0.6.jar (29 kB at 904 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.6/maven-plugin-parameter-documenter-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.6/maven-project-2.0.6.jar (116 kB at 3.4 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.6/maven-reporting-api-2.0.6.jar Progress (3): 57 kB | 35 kB | 2.3/152 kB Progress (3): 57 kB | 35 kB | 5.0/152 kB Progress (3): 57 kB | 35 kB | 7.7/152 kB Progress (3): 57 kB | 35 kB | 10/152 kB Progress (3): 57 kB | 35 kB | 13/152 kB Progress (3): 57 kB | 35 kB | 16/152 kB Progress (3): 57 kB | 35 kB | 19/152 kB Progress (3): 57 kB | 35 kB | 21/152 kB Progress (3): 57 kB | 35 kB | 24/152 kB Progress (3): 57 kB | 35 kB | 27/152 kB Progress (3): 57 kB | 35 kB | 30/152 kB Progress (3): 57 kB | 35 kB | 33/152 kB Progress (3): 57 kB | 35 kB | 36/152 kB Progress (3): 57 kB | 35 kB | 38/152 kB Progress (3): 57 kB | 35 kB | 41/152 kB Progress (3): 57 kB | 35 kB | 44/152 kB Progress (3): 57 kB | 35 kB | 46/152 kB Progress (3): 57 kB | 35 kB | 49/152 kB Progress (3): 57 kB | 35 kB | 52/152 kB Progress (3): 57 kB | 35 kB | 55/152 kB Progress (4): 57 kB | 35 kB | 55/152 kB | 4.1/21 kB Progress (4): 57 kB | 35 kB | 59/152 kB | 4.1/21 kB Progress (4): 57 kB | 35 kB | 59/152 kB | 7.7/21 kB Progress (4): 57 kB | 35 kB | 59/152 kB | 12/21 kB Progress (4): 57 kB | 35 kB | 63/152 kB | 12/21 kB Progress (4): 57 kB | 35 kB | 63/152 kB | 15/21 kB Progress (5): 57 kB | 35 kB | 63/152 kB | 15/21 kB | 4.1/9.9 kB Progress (5): 57 kB | 35 kB | 63/152 kB | 15/21 kB | 7.7/9.9 kB Progress (5): 57 kB | 35 kB | 63/152 kB | 20/21 kB | 7.7/9.9 kB Progress (5): 57 kB | 35 kB | 63/152 kB | 20/21 kB | 9.9 kB Progress (5): 57 kB | 35 kB | 63/152 kB | 21 kB | 9.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.6/maven-profile-2.0.6.jar (35 kB at 734 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0-alpha-7/doxia-sink-api-1.0-alpha-7.jar Progress (4): 57 kB | 67/152 kB | 21 kB | 9.9 kB Progress (4): 57 kB | 71/152 kB | 21 kB | 9.9 kB Progress (4): 57 kB | 75/152 kB | 21 kB | 9.9 kB Progress (4): 57 kB | 79/152 kB | 21 kB | 9.9 kB Progress (4): 57 kB | 83/152 kB | 21 kB | 9.9 kB Progress (4): 57 kB | 87/152 kB | 21 kB | 9.9 kB Progress (4): 57 kB | 92/152 kB | 21 kB | 9.9 kB Progress (4): 57 kB | 96/152 kB | 21 kB | 9.9 kB Progress (4): 57 kB | 100/152 kB | 21 kB | 9.9 kB Progress (4): 57 kB | 104/152 kB | 21 kB | 9.9 kB Progress (4): 57 kB | 108/152 kB | 21 kB | 9.9 kB Progress (4): 57 kB | 112/152 kB | 21 kB | 9.9 kB Progress (4): 57 kB | 116/152 kB | 21 kB | 9.9 kB Progress (4): 57 kB | 120/152 kB | 21 kB | 9.9 kB Progress (4): 57 kB | 122/152 kB | 21 kB | 9.9 kB Progress (4): 57 kB | 126/152 kB | 21 kB | 9.9 kB Progress (4): 57 kB | 131/152 kB | 21 kB | 9.9 kB Progress (4): 57 kB | 135/152 kB | 21 kB | 9.9 kB Progress (4): 57 kB | 139/152 kB | 21 kB | 9.9 kB Progress (4): 57 kB | 143/152 kB | 21 kB | 9.9 kB Progress (4): 57 kB | 147/152 kB | 21 kB | 9.9 kB Progress (4): 57 kB | 151/152 kB | 21 kB | 9.9 kB Progress (4): 57 kB | 152 kB | 21 kB | 9.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.6/maven-plugin-parameter-documenter-2.0.6.jar (21 kB at 352 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.6/maven-repository-metadata-2.0.6.jar Progress (4): 57 kB | 152 kB | 9.9 kB | 4.1/5.9 kB Progress (4): 57 kB | 152 kB | 9.9 kB | 5.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.6/maven-core-2.0.6.jar (152 kB at 2.1 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.6/maven-error-diagnostics-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.6/maven-reporting-api-2.0.6.jar (9.9 kB at 138 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-cli/commons-cli/1.0/commons-cli-1.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0-alpha-7/doxia-sink-api-1.0-alpha-7.jar (5.9 kB at 73 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.6/maven-plugin-descriptor-2.0.6.jar Progress (2): 57 kB | 3.8/30 kB Progress (2): 57 kB | 7.8/30 kB Progress (2): 57 kB | 12/30 kB Progress (2): 57 kB | 16/30 kB Progress (2): 57 kB | 20/30 kB Progress (2): 57 kB | 24/30 kB Progress (2): 57 kB | 28/30 kB Progress (2): 57 kB | 30 kB Progress (3): 57 kB | 30 kB | 4.1/37 kB Progress (3): 57 kB | 30 kB | 7.7/37 kB Progress (3): 57 kB | 30 kB | 12/37 kB Progress (3): 57 kB | 30 kB | 16/37 kB Progress (3): 57 kB | 30 kB | 20/37 kB Progress (3): 57 kB | 30 kB | 24/37 kB Progress (3): 57 kB | 30 kB | 28/37 kB Progress (3): 57 kB | 30 kB | 32/37 kB Progress (3): 57 kB | 30 kB | 36/37 kB Progress (3): 57 kB | 30 kB | 37 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.6/maven-plugin-descriptor-2.0.6.jar (37 kB at 329 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.jar Downloaded from central: https://repo.maven.apache.org/maven2/commons-cli/commons-cli/1.0/commons-cli-1.0.jar (30 kB at 267 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1/classworlds-1.1.jar Progress (2): 57 kB | 4.1/24 kB Progress (2): 57 kB | 7.7/24 kB Progress (2): 57 kB | 12/24 kB Progress (2): 57 kB | 15/24 kB Progress (2): 57 kB | 20/24 kB Progress (2): 57 kB | 24/24 kB Progress (2): 57 kB | 24 kB Progress (3): 57 kB | 24 kB | 3.8/14 kB Progress (3): 57 kB | 24 kB | 7.8/14 kB Progress (3): 57 kB | 24 kB | 12/14 kB Progress (3): 57 kB | 24 kB | 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.6/maven-artifact-manager-2.0.6.jar (57 kB at 463 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.6/maven-artifact-2.0.6.jar Progress (3): 24 kB | 14 kB | 4.1/13 kB Progress (3): 24 kB | 14 kB | 7.7/13 kB Progress (3): 24 kB | 14 kB | 11/13 kB Progress (3): 24 kB | 14 kB | 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.6/maven-error-diagnostics-2.0.6.jar (14 kB at 107 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.6/maven-repository-metadata-2.0.6.jar (24 kB at 190 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.6/maven-model-2.0.6.jar Progress (2): 13 kB | 3.8/38 kB Progress (2): 13 kB | 7.8/38 kB Progress (2): 13 kB | 12/38 kB Progress (2): 13 kB | 16/38 kB Progress (2): 13 kB | 20/38 kB Progress (2): 13 kB | 24/38 kB Progress (2): 13 kB | 28/38 kB Progress (2): 13 kB | 32/38 kB Progress (2): 13 kB | 37/38 kB Progress (2): 13 kB | 38 kB Progress (3): 13 kB | 38 kB | 3.8/49 kB Progress (3): 13 kB | 38 kB | 7.8/49 kB Progress (3): 13 kB | 38 kB | 12/49 kB Progress (3): 13 kB | 38 kB | 16/49 kB Progress (4): 13 kB | 38 kB | 16/49 kB | 3.8/87 kB Progress (4): 13 kB | 38 kB | 20/49 kB | 3.8/87 kB Progress (4): 13 kB | 38 kB | 20/49 kB | 7.8/87 kB Progress (4): 13 kB | 38 kB | 24/49 kB | 7.8/87 kB Progress (4): 13 kB | 38 kB | 24/49 kB | 12/87 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.jar (13 kB at 95 kB/s) Progress (4): 38 kB | 24/49 kB | 12/87 kB | 4.1/86 kB Progress (4): 38 kB | 28/49 kB | 12/87 kB | 4.1/86 kB Progress (4): 38 kB | 28/49 kB | 16/87 kB | 4.1/86 kB Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.6/maven-monitor-2.0.6.jar Progress (4): 38 kB | 32/49 kB | 16/87 kB | 4.1/86 kB Progress (4): 38 kB | 32/49 kB | 20/87 kB | 4.1/86 kB Progress (4): 38 kB | 32/49 kB | 20/87 kB | 7.7/86 kB Progress (4): 38 kB | 32/49 kB | 20/87 kB | 12/86 kB Progress (4): 38 kB | 32/49 kB | 24/87 kB | 12/86 kB Progress (4): 38 kB | 36/49 kB | 24/87 kB | 12/86 kB Progress (4): 38 kB | 36/49 kB | 24/87 kB | 16/86 kB Progress (4): 38 kB | 36/49 kB | 28/87 kB | 16/86 kB Progress (4): 38 kB | 40/49 kB | 28/87 kB | 16/86 kB Progress (4): 38 kB | 40/49 kB | 32/87 kB | 16/86 kB Progress (4): 38 kB | 44/49 kB | 32/87 kB | 16/86 kB Progress (4): 38 kB | 44/49 kB | 32/87 kB | 20/86 kB Progress (4): 38 kB | 44/49 kB | 36/87 kB | 20/86 kB Progress (4): 38 kB | 44/49 kB | 36/87 kB | 24/86 kB Progress (4): 38 kB | 44/49 kB | 36/87 kB | 28/86 kB Progress (4): 38 kB | 48/49 kB | 36/87 kB | 28/86 kB Progress (4): 38 kB | 48/49 kB | 40/87 kB | 28/86 kB Progress (4): 38 kB | 49 kB | 40/87 kB | 28/86 kB Progress (4): 38 kB | 49 kB | 44/87 kB | 28/86 kB Progress (4): 38 kB | 49 kB | 44/87 kB | 32/86 kB Progress (4): 38 kB | 49 kB | 48/87 kB | 32/86 kB Progress (4): 38 kB | 49 kB | 48/87 kB | 36/86 kB Progress (4): 38 kB | 49 kB | 48/87 kB | 40/86 kB Progress (4): 38 kB | 49 kB | 52/87 kB | 40/86 kB Progress (4): 38 kB | 49 kB | 52/87 kB | 45/86 kB Progress (4): 38 kB | 49 kB | 56/87 kB | 45/86 kB Progress (4): 38 kB | 49 kB | 61/87 kB | 45/86 kB Progress (4): 38 kB | 49 kB | 61/87 kB | 49/86 kB Progress (4): 38 kB | 49 kB | 61/87 kB | 53/86 kB Progress (4): 38 kB | 49 kB | 61/87 kB | 57/86 kB Progress (4): 38 kB | 49 kB | 61/87 kB | 61/86 kB Progress (4): 38 kB | 49 kB | 65/87 kB | 61/86 kB Progress (4): 38 kB | 49 kB | 69/87 kB | 61/86 kB Progress (4): 38 kB | 49 kB | 73/87 kB | 61/86 kB Progress (4): 38 kB | 49 kB | 77/87 kB | 61/86 kB Progress (4): 38 kB | 49 kB | 81/87 kB | 61/86 kB Progress (4): 38 kB | 49 kB | 85/87 kB | 61/86 kB Progress (4): 38 kB | 49 kB | 85/87 kB | 65/86 kB Progress (4): 38 kB | 49 kB | 87 kB | 65/86 kB Progress (4): 38 kB | 49 kB | 87 kB | 69/86 kB Progress (4): 38 kB | 49 kB | 87 kB | 73/86 kB Progress (4): 38 kB | 49 kB | 87 kB | 77/86 kB Progress (4): 38 kB | 49 kB | 87 kB | 81/86 kB Progress (4): 38 kB | 49 kB | 87 kB | 86/86 kB Progress (4): 38 kB | 49 kB | 87 kB | 86 kB Downloaded from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1/classworlds-1.1.jar (38 kB at 251 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.jar Progress (4): 49 kB | 87 kB | 86 kB | 4.1/10 kB Progress (4): 49 kB | 87 kB | 86 kB | 7.7/10 kB Progress (4): 49 kB | 87 kB | 86 kB | 10 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.6/maven-model-2.0.6.jar (86 kB at 557 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.1/junit-3.8.1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.jar (49 kB at 317 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.5/plexus-utils-2.0.5.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.6/maven-artifact-2.0.6.jar (87 kB at 543 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-filtering/1.1/maven-filtering-1.1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.6/maven-monitor-2.0.6.jar (10 kB at 62 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-build-api/0.0.4/plexus-build-api-0.0.4.jar Progress (1): 4.1/223 kB Progress (1): 7.7/223 kB Progress (1): 12/223 kB Progress (1): 16/223 kB Progress (1): 20/223 kB Progress (1): 24/223 kB Progress (1): 28/223 kB Progress (1): 32/223 kB Progress (1): 36/223 kB Progress (1): 40/223 kB Progress (2): 40/223 kB | 3.8/121 kB Progress (2): 40/223 kB | 7.8/121 kB Progress (2): 45/223 kB | 7.8/121 kB Progress (2): 45/223 kB | 12/121 kB Progress (2): 49/223 kB | 12/121 kB Progress (2): 53/223 kB | 12/121 kB Progress (2): 57/223 kB | 12/121 kB Progress (2): 57/223 kB | 16/121 kB Progress (2): 57/223 kB | 20/121 kB Progress (2): 61/223 kB | 20/121 kB Progress (2): 65/223 kB | 20/121 kB Progress (2): 69/223 kB | 20/121 kB Progress (2): 69/223 kB | 24/121 kB Progress (2): 73/223 kB | 24/121 kB Progress (2): 73/223 kB | 28/121 kB Progress (2): 73/223 kB | 32/121 kB Progress (2): 73/223 kB | 36/121 kB Progress (2): 77/223 kB | 36/121 kB Progress (2): 81/223 kB | 36/121 kB Progress (2): 81/223 kB | 40/121 kB Progress (2): 86/223 kB | 40/121 kB Progress (2): 90/223 kB | 40/121 kB Progress (2): 90/223 kB | 45/121 kB Progress (2): 90/223 kB | 49/121 kB Progress (2): 90/223 kB | 53/121 kB Progress (2): 90/223 kB | 57/121 kB Progress (2): 94/223 kB | 57/121 kB Progress (2): 98/223 kB | 57/121 kB Progress (2): 98/223 kB | 61/121 kB Progress (2): 102/223 kB | 61/121 kB Progress (2): 106/223 kB | 61/121 kB Progress (2): 106/223 kB | 65/121 kB Progress (2): 106/223 kB | 69/121 kB Progress (2): 106/223 kB | 73/121 kB Progress (2): 106/223 kB | 77/121 kB Progress (2): 110/223 kB | 77/121 kB Progress (2): 114/223 kB | 77/121 kB Progress (3): 114/223 kB | 77/121 kB | 3.8/194 kB Progress (3): 118/223 kB | 77/121 kB | 3.8/194 kB Progress (3): 122/223 kB | 77/121 kB | 3.8/194 kB Progress (3): 122/223 kB | 81/121 kB | 3.8/194 kB Progress (3): 122/223 kB | 81/121 kB | 7.8/194 kB Progress (3): 122/223 kB | 86/121 kB | 7.8/194 kB Progress (3): 122/223 kB | 90/121 kB | 7.8/194 kB Progress (3): 126/223 kB | 90/121 kB | 7.8/194 kB Progress (3): 126/223 kB | 90/121 kB | 12/194 kB Progress (3): 126/223 kB | 94/121 kB | 12/194 kB Progress (3): 131/223 kB | 94/121 kB | 12/194 kB Progress (3): 131/223 kB | 94/121 kB | 16/194 kB Progress (3): 131/223 kB | 94/121 kB | 20/194 kB Progress (3): 131/223 kB | 94/121 kB | 24/194 kB Progress (3): 135/223 kB | 94/121 kB | 24/194 kB Progress (3): 139/223 kB | 94/121 kB | 24/194 kB Progress (3): 143/223 kB | 94/121 kB | 24/194 kB Progress (3): 147/223 kB | 94/121 kB | 24/194 kB Progress (3): 147/223 kB | 98/121 kB | 24/194 kB Progress (3): 147/223 kB | 98/121 kB | 28/194 kB Progress (3): 147/223 kB | 102/121 kB | 28/194 kB Progress (3): 147/223 kB | 102/121 kB | 32/194 kB Progress (3): 147/223 kB | 106/121 kB | 32/194 kB Progress (3): 147/223 kB | 106/121 kB | 37/194 kB Progress (3): 147/223 kB | 110/121 kB | 37/194 kB Progress (3): 147/223 kB | 110/121 kB | 41/194 kB Progress (3): 151/223 kB | 110/121 kB | 41/194 kB Progress (3): 155/223 kB | 110/121 kB | 41/194 kB Progress (3): 159/223 kB | 110/121 kB | 41/194 kB Progress (3): 163/223 kB | 110/121 kB | 41/194 kB Progress (3): 163/223 kB | 114/121 kB | 41/194 kB Progress (3): 163/223 kB | 114/121 kB | 45/194 kB Progress (3): 163/223 kB | 118/121 kB | 45/194 kB Progress (3): 163/223 kB | 118/121 kB | 49/194 kB Progress (3): 163/223 kB | 121 kB | 49/194 kB Progress (3): 167/223 kB | 121 kB | 49/194 kB Progress (3): 167/223 kB | 121 kB | 53/194 kB Progress (3): 172/223 kB | 121 kB | 53/194 kB Progress (3): 172/223 kB | 121 kB | 57/194 kB Progress (3): 176/223 kB | 121 kB | 57/194 kB Progress (3): 180/223 kB | 121 kB | 57/194 kB Progress (3): 180/223 kB | 121 kB | 61/194 kB Progress (3): 180/223 kB | 121 kB | 65/194 kB Progress (3): 180/223 kB | 121 kB | 69/194 kB Progress (3): 184/223 kB | 121 kB | 69/194 kB Progress (3): 184/223 kB | 121 kB | 73/194 kB Progress (3): 188/223 kB | 121 kB | 73/194 kB Progress (3): 192/223 kB | 121 kB | 73/194 kB Progress (3): 196/223 kB | 121 kB | 73/194 kB Progress (3): 200/223 kB | 121 kB | 73/194 kB Progress (3): 204/223 kB | 121 kB | 73/194 kB Progress (3): 204/223 kB | 121 kB | 77/194 kB Progress (3): 208/223 kB | 121 kB | 77/194 kB Progress (3): 208/223 kB | 121 kB | 82/194 kB Progress (3): 213/223 kB | 121 kB | 82/194 kB Progress (3): 213/223 kB | 121 kB | 86/194 kB Progress (3): 213/223 kB | 121 kB | 90/194 kB Progress (3): 217/223 kB | 121 kB | 90/194 kB Progress (3): 221/223 kB | 121 kB | 90/194 kB Progress (3): 223 kB | 121 kB | 90/194 kB Progress (3): 223 kB | 121 kB | 94/194 kB Progress (3): 223 kB | 121 kB | 98/194 kB Progress (3): 223 kB | 121 kB | 102/194 kB Progress (3): 223 kB | 121 kB | 106/194 kB Progress (3): 223 kB | 121 kB | 110/194 kB Progress (3): 223 kB | 121 kB | 114/194 kB Progress (3): 223 kB | 121 kB | 118/194 kB Progress (3): 223 kB | 121 kB | 123/194 kB Progress (3): 223 kB | 121 kB | 127/194 kB Progress (3): 223 kB | 121 kB | 131/194 kB Progress (3): 223 kB | 121 kB | 135/194 kB Progress (3): 223 kB | 121 kB | 139/194 kB Progress (3): 223 kB | 121 kB | 143/194 kB Progress (3): 223 kB | 121 kB | 147/194 kB Progress (3): 223 kB | 121 kB | 151/194 kB Progress (3): 223 kB | 121 kB | 155/194 kB Progress (3): 223 kB | 121 kB | 159/194 kB Progress (3): 223 kB | 121 kB | 163/194 kB Progress (4): 223 kB | 121 kB | 163/194 kB | 3.2/6.8 kB Progress (4): 223 kB | 121 kB | 167/194 kB | 3.2/6.8 kB Progress (4): 223 kB | 121 kB | 172/194 kB | 3.2/6.8 kB Progress (4): 223 kB | 121 kB | 176/194 kB | 3.2/6.8 kB Progress (4): 223 kB | 121 kB | 180/194 kB | 3.2/6.8 kB Progress (4): 223 kB | 121 kB | 180/194 kB | 6.8 kB Progress (4): 223 kB | 121 kB | 184/194 kB | 6.8 kB Progress (4): 223 kB | 121 kB | 188/194 kB | 6.8 kB Progress (4): 223 kB | 121 kB | 192/194 kB | 6.8 kB Progress (4): 223 kB | 121 kB | 194 kB | 6.8 kB Progress (5): 223 kB | 121 kB | 194 kB | 6.8 kB | 4.1/43 kB Progress (5): 223 kB | 121 kB | 194 kB | 6.8 kB | 7.7/43 kB Progress (5): 223 kB | 121 kB | 194 kB | 6.8 kB | 12/43 kB Progress (5): 223 kB | 121 kB | 194 kB | 6.8 kB | 15/43 kB Progress (5): 223 kB | 121 kB | 194 kB | 6.8 kB | 20/43 kB Progress (5): 223 kB | 121 kB | 194 kB | 6.8 kB | 24/43 kB Progress (5): 223 kB | 121 kB | 194 kB | 6.8 kB | 28/43 kB Progress (5): 223 kB | 121 kB | 194 kB | 6.8 kB | 32/43 kB Progress (5): 223 kB | 121 kB | 194 kB | 6.8 kB | 36/43 kB Progress (5): 223 kB | 121 kB | 194 kB | 6.8 kB | 40/43 kB Progress (5): 223 kB | 121 kB | 194 kB | 6.8 kB | 43 kB Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.1/junit-3.8.1.jar (121 kB at 637 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.13/plexus-interpolation-1.13.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.5/plexus-utils-2.0.5.jar (223 kB at 1.2 MB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-build-api/0.0.4/plexus-build-api-0.0.4.jar (6.8 kB at 35 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.jar (194 kB at 971 kB/s) Progress (2): 43 kB | 4.1/61 kB Progress (2): 43 kB | 7.7/61 kB Progress (2): 43 kB | 12/61 kB Progress (2): 43 kB | 16/61 kB Progress (2): 43 kB | 20/61 kB Progress (2): 43 kB | 24/61 kB Progress (2): 43 kB | 28/61 kB Progress (2): 43 kB | 32/61 kB Progress (2): 43 kB | 36/61 kB Progress (2): 43 kB | 40/61 kB Progress (2): 43 kB | 45/61 kB Progress (2): 43 kB | 49/61 kB Progress (2): 43 kB | 53/61 kB Progress (2): 43 kB | 57/61 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-filtering/1.1/maven-filtering-1.1.jar (43 kB at 210 kB/s) Progress (1): 61/61 kB Progress (1): 61 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.13/plexus-interpolation-1.13.jar (61 kB at 281 kB/s) [WARNING] Using platform encoding (UTF-8 actually) to copy filtered resources, i.e. build is platform dependent! [INFO] skip non existing resourceDirectory /work/src/main/resources [INFO] [INFO] --- maven-compiler-plugin:3.1:compile (default-compile) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.9/maven-plugin-api-2.0.9.pom Progress (1): 1.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.9/maven-plugin-api-2.0.9.pom (1.5 kB at 57 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0.9/maven-2.0.9.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 19 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0.9/maven-2.0.9.pom (19 kB at 450 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/8/maven-parent-8.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 24 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/8/maven-parent-8.pom (24 kB at 804 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/4/apache-4.pom Progress (1): 4.1 kB Progress (1): 4.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/4/apache-4.pom (4.5 kB at 173 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.9/maven-artifact-2.0.9.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.9/maven-artifact-2.0.9.pom (1.6 kB at 60 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.1/plexus-utils-1.5.1.pom Progress (1): 2.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.1/plexus-utils-1.5.1.pom (2.3 kB at 88 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.9/maven-core-2.0.9.pom Progress (1): 4.1 kB Progress (1): 7.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.9/maven-core-2.0.9.pom (7.8 kB at 311 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.9/maven-settings-2.0.9.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.9/maven-settings-2.0.9.pom (2.1 kB at 74 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.9/maven-model-2.0.9.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.9/maven-model-2.0.9.pom (3.1 kB at 116 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.9/maven-plugin-parameter-documenter-2.0.9.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.9/maven-plugin-parameter-documenter-2.0.9.pom (2.0 kB at 79 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.9/maven-profile-2.0.9.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.9/maven-profile-2.0.9.pom (2.0 kB at 66 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.9/maven-repository-metadata-2.0.9.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.9/maven-repository-metadata-2.0.9.pom (1.9 kB at 68 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.9/maven-error-diagnostics-2.0.9.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.9/maven-error-diagnostics-2.0.9.pom (1.7 kB at 65 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.9/maven-project-2.0.9.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.9/maven-project-2.0.9.pom (2.7 kB at 90 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.9/maven-artifact-manager-2.0.9.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.9/maven-artifact-manager-2.0.9.pom (2.7 kB at 96 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.9/maven-plugin-registry-2.0.9.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.9/maven-plugin-registry-2.0.9.pom (2.0 kB at 68 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.9/maven-plugin-descriptor-2.0.9.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.9/maven-plugin-descriptor-2.0.9.pom (2.1 kB at 74 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.9/maven-monitor-2.0.9.pom Progress (1): 1.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.9/maven-monitor-2.0.9.pom (1.3 kB at 48 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/1.0/maven-toolchain-1.0.pom Progress (1): 3.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/1.0/maven-toolchain-1.0.pom (3.4 kB at 110 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.1/maven-shared-utils-0.1.pom Progress (1): 4.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.1/maven-shared-utils-0.1.pom (4.0 kB at 150 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/18/maven-shared-components-18.pom Progress (1): 4.1 kB Progress (1): 4.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/18/maven-shared-components-18.pom (4.9 kB at 206 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.pom Progress (1): 965 B Downloaded from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.pom (965 B at 36 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.pom Progress (1): 4.1 kB Progress (1): 4.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.pom (4.7 kB at 176 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/19/maven-shared-components-19.pom Progress (1): 4.1 kB Progress (1): 6.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/19/maven-shared-components-19.pom (6.4 kB at 245 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.2.1/maven-plugin-api-2.2.1.pom Progress (1): 1.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.2.1/maven-plugin-api-2.2.1.pom (1.5 kB at 54 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.2.1/maven-2.2.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 22 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.2.1/maven-2.2.1.pom (22 kB at 830 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/11/maven-parent-11.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 32 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/11/maven-parent-11.pom (32 kB at 1.2 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/5/apache-5.pom Progress (1): 4.1 kB Progress (1): 4.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/5/apache-5.pom (4.1 kB at 152 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.2.1/maven-core-2.2.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.2.1/maven-core-2.2.1.pom (12 kB at 388 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.2.1/maven-settings-2.2.1.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.2.1/maven-settings-2.2.1.pom (2.2 kB at 81 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.2.1/maven-model-2.2.1.pom Progress (1): 3.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.2.1/maven-model-2.2.1.pom (3.2 kB at 120 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.11/plexus-interpolation-1.11.pom Progress (1): 889 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.11/plexus-interpolation-1.11.pom (889 B at 36 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.2.1/maven-plugin-parameter-documenter-2.2.1.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.2.1/maven-plugin-parameter-documenter-2.2.1.pom (2.0 kB at 75 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-jdk14/1.5.6/slf4j-jdk14-1.5.6.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-jdk14/1.5.6/slf4j-jdk14-1.5.6.pom (1.9 kB at 63 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.5.6/slf4j-parent-1.5.6.pom Progress (1): 4.1 kB Progress (1): 7.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.5.6/slf4j-parent-1.5.6.pom (7.9 kB at 203 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.5.6/slf4j-api-1.5.6.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.5.6/slf4j-api-1.5.6.pom (3.0 kB at 107 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/jcl-over-slf4j/1.5.6/jcl-over-slf4j-1.5.6.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/jcl-over-slf4j/1.5.6/jcl-over-slf4j-1.5.6.pom (2.2 kB at 70 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.2.1/maven-profile-2.2.1.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.2.1/maven-profile-2.2.1.pom (2.2 kB at 78 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.2.1/maven-artifact-2.2.1.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.2.1/maven-artifact-2.2.1.pom (1.6 kB at 56 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.2.1/maven-repository-metadata-2.2.1.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.2.1/maven-repository-metadata-2.2.1.pom (1.9 kB at 69 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.2.1/maven-error-diagnostics-2.2.1.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.2.1/maven-error-diagnostics-2.2.1.pom (1.7 kB at 61 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.2.1/maven-project-2.2.1.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.2.1/maven-project-2.2.1.pom (2.8 kB at 92 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.2.1/maven-artifact-manager-2.2.1.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.2.1/maven-artifact-manager-2.2.1.pom (3.1 kB at 111 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/backport-util-concurrent/backport-util-concurrent/3.1/backport-util-concurrent-3.1.pom Progress (1): 880 B Downloaded from central: https://repo.maven.apache.org/maven2/backport-util-concurrent/backport-util-concurrent/3.1/backport-util-concurrent-3.1.pom (880 B at 31 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.2.1/maven-plugin-registry-2.2.1.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.2.1/maven-plugin-registry-2.2.1.pom (1.9 kB at 74 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.2.1/maven-plugin-descriptor-2.2.1.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.2.1/maven-plugin-descriptor-2.2.1.pom (2.1 kB at 86 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.2.1/maven-monitor-2.2.1.pom Progress (1): 1.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.2.1/maven-monitor-2.2.1.pom (1.3 kB at 43 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.pom (3.0 kB at 90 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/12/spice-parent-12.pom Progress (1): 4.1 kB Progress (1): 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/12/spice-parent-12.pom (6.8 kB at 283 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/4/forge-parent-4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/4/forge-parent-4.pom (8.4 kB at 323 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.5/plexus-utils-1.5.5.pom Progress (1): 4.1 kB Progress (1): 5.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.5/plexus-utils-1.5.5.pom (5.1 kB at 214 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.pom (2.1 kB at 86 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.pom Progress (1): 815 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.pom (815 B at 28 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.5.5/plexus-containers-1.5.5.pom Progress (1): 4.1 kB Progress (1): 4.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.5.5/plexus-containers-1.5.5.pom (4.2 kB at 141 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.7/plexus-2.0.7.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 17 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.7/plexus-2.0.7.pom (17 kB at 618 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-api/2.2/plexus-compiler-api-2.2.pom Progress (1): 865 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-api/2.2/plexus-compiler-api-2.2.pom (865 B at 35 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler/2.2/plexus-compiler-2.2.pom Progress (1): 3.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler/2.2/plexus-compiler-2.2.pom (3.6 kB at 117 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.3.1/plexus-components-1.3.1.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.3.1/plexus-components-1.3.1.pom (3.1 kB at 79 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.3.1/plexus-3.3.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.3.1/plexus-3.3.1.pom (20 kB at 818 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/17/spice-parent-17.pom Progress (1): 4.1 kB Progress (1): 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/17/spice-parent-17.pom (6.8 kB at 241 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/10/forge-parent-10.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/10/forge-parent-10.pom (14 kB at 565 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.8/plexus-utils-3.0.8.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.8/plexus-utils-3.0.8.pom (3.1 kB at 116 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.2/plexus-3.2.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 19 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.2/plexus-3.2.pom (19 kB at 721 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-manager/2.2/plexus-compiler-manager-2.2.pom Progress (1): 690 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-manager/2.2/plexus-compiler-manager-2.2.pom (690 B at 24 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.2/plexus-compiler-javac-2.2.pom Progress (1): 769 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.2/plexus-compiler-javac-2.2.pom (769 B at 26 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compilers/2.2/plexus-compilers-2.2.pom Progress (1): 1.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compilers/2.2/plexus-compilers-2.2.pom (1.2 kB at 48 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.5.5/plexus-container-default-1.5.5.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.5.5/plexus-container-default-1.5.5.pom (2.8 kB at 102 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.4.5/plexus-utils-1.4.5.pom Progress (1): 2.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.4.5/plexus-utils-1.4.5.pom (2.3 kB at 91 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.2/plexus-classworlds-2.2.2.pom Progress (1): 4.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.2/plexus-classworlds-2.2.2.pom (4.0 kB at 139 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean-reflect/3.4/xbean-reflect-3.4.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean-reflect/3.4/xbean-reflect-3.4.pom (2.8 kB at 97 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean/3.4/xbean-3.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 19 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean/3.4/xbean-3.4.pom (19 kB at 686 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.pom Progress (1): 145 B Downloaded from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.pom (145 B at 4.5 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.pom Progress (1): 4.1 kB Progress (1): 5.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.pom (5.3 kB at 198 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/collections/google-collections/1.0/google-collections-1.0.pom Progress (1): 2.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/collections/google-collections/1.0/google-collections-1.0.pom (2.5 kB at 83 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/google/1/google-1.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/google/1/google-1.pom (1.6 kB at 68 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.2/junit-3.8.2.pom Progress (1): 747 B Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.2/junit-3.8.2.pom (747 B at 28 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.9/maven-plugin-api-2.0.9.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.9/maven-artifact-2.0.9.jar Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.1/plexus-utils-1.5.1.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.9/maven-core-2.0.9.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.9/maven-settings-2.0.9.jar Progress (1): 4.1/13 kB Progress (1): 7.3/13 kB Progress (1): 11/13 kB Progress (1): 13 kB Progress (2): 13 kB | 4.1/49 kB Progress (2): 13 kB | 7.7/49 kB Progress (2): 13 kB | 12/49 kB Progress (2): 13 kB | 16/49 kB Progress (2): 13 kB | 20/49 kB Progress (2): 13 kB | 24/49 kB Progress (2): 13 kB | 28/49 kB Progress (2): 13 kB | 32/49 kB Progress (2): 13 kB | 36/49 kB Progress (2): 13 kB | 40/49 kB Progress (2): 13 kB | 45/49 kB Progress (2): 13 kB | 49/49 kB Progress (2): 13 kB | 49 kB Progress (3): 13 kB | 49 kB | 4.1/160 kB Progress (3): 13 kB | 49 kB | 7.7/160 kB Progress (3): 13 kB | 49 kB | 12/160 kB Progress (3): 13 kB | 49 kB | 16/160 kB Progress (3): 13 kB | 49 kB | 20/160 kB Progress (3): 13 kB | 49 kB | 24/160 kB Progress (3): 13 kB | 49 kB | 28/160 kB Progress (3): 13 kB | 49 kB | 32/160 kB Progress (3): 13 kB | 49 kB | 36/160 kB Progress (3): 13 kB | 49 kB | 40/160 kB Progress (3): 13 kB | 49 kB | 45/160 kB Progress (3): 13 kB | 49 kB | 49/160 kB Progress (3): 13 kB | 49 kB | 53/160 kB Progress (3): 13 kB | 49 kB | 57/160 kB Progress (3): 13 kB | 49 kB | 61/160 kB Progress (3): 13 kB | 49 kB | 65/160 kB Progress (3): 13 kB | 49 kB | 69/160 kB Progress (3): 13 kB | 49 kB | 73/160 kB Progress (3): 13 kB | 49 kB | 77/160 kB Progress (3): 13 kB | 49 kB | 81/160 kB Progress (3): 13 kB | 49 kB | 86/160 kB Progress (3): 13 kB | 49 kB | 90/160 kB Progress (3): 13 kB | 49 kB | 94/160 kB Progress (3): 13 kB | 49 kB | 98/160 kB Progress (3): 13 kB | 49 kB | 102/160 kB Progress (3): 13 kB | 49 kB | 106/160 kB Progress (3): 13 kB | 49 kB | 110/160 kB Progress (3): 13 kB | 49 kB | 114/160 kB Progress (3): 13 kB | 49 kB | 118/160 kB Progress (3): 13 kB | 49 kB | 122/160 kB Progress (3): 13 kB | 49 kB | 126/160 kB Progress (3): 13 kB | 49 kB | 131/160 kB Progress (3): 13 kB | 49 kB | 135/160 kB Progress (3): 13 kB | 49 kB | 139/160 kB Progress (3): 13 kB | 49 kB | 143/160 kB Progress (3): 13 kB | 49 kB | 147/160 kB Progress (3): 13 kB | 49 kB | 151/160 kB Progress (3): 13 kB | 49 kB | 155/160 kB Progress (3): 13 kB | 49 kB | 159/160 kB Progress (3): 13 kB | 49 kB | 160 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.9/maven-plugin-api-2.0.9.jar (13 kB at 477 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.9/maven-plugin-parameter-documenter-2.0.9.jar Progress (3): 49 kB | 160 kB | 4.1/211 kB Progress (3): 49 kB | 160 kB | 7.7/211 kB Progress (3): 49 kB | 160 kB | 12/211 kB Progress (3): 49 kB | 160 kB | 16/211 kB Progress (3): 49 kB | 160 kB | 20/211 kB Progress (3): 49 kB | 160 kB | 24/211 kB Progress (3): 49 kB | 160 kB | 28/211 kB Progress (3): 49 kB | 160 kB | 32/211 kB Progress (3): 49 kB | 160 kB | 36/211 kB Progress (3): 49 kB | 160 kB | 40/211 kB Progress (3): 49 kB | 160 kB | 44/211 kB Progress (3): 49 kB | 160 kB | 48/211 kB Progress (3): 49 kB | 160 kB | 52/211 kB Progress (3): 49 kB | 160 kB | 56/211 kB Progress (3): 49 kB | 160 kB | 61/211 kB Progress (3): 49 kB | 160 kB | 65/211 kB Progress (3): 49 kB | 160 kB | 69/211 kB Progress (3): 49 kB | 160 kB | 73/211 kB Progress (3): 49 kB | 160 kB | 77/211 kB Progress (3): 49 kB | 160 kB | 81/211 kB Progress (3): 49 kB | 160 kB | 85/211 kB Progress (3): 49 kB | 160 kB | 89/211 kB Progress (3): 49 kB | 160 kB | 93/211 kB Progress (3): 49 kB | 160 kB | 97/211 kB Progress (3): 49 kB | 160 kB | 102/211 kB Progress (3): 49 kB | 160 kB | 106/211 kB Progress (3): 49 kB | 160 kB | 110/211 kB Progress (4): 49 kB | 160 kB | 110/211 kB | 4.1/89 kB Progress (4): 49 kB | 160 kB | 114/211 kB | 4.1/89 kB Progress (4): 49 kB | 160 kB | 114/211 kB | 7.7/89 kB Progress (4): 49 kB | 160 kB | 114/211 kB | 12/89 kB Progress (4): 49 kB | 160 kB | 114/211 kB | 16/89 kB Progress (4): 49 kB | 160 kB | 118/211 kB | 16/89 kB Progress (4): 49 kB | 160 kB | 122/211 kB | 16/89 kB Progress (4): 49 kB | 160 kB | 126/211 kB | 16/89 kB Progress (4): 49 kB | 160 kB | 126/211 kB | 20/89 kB Progress (4): 49 kB | 160 kB | 130/211 kB | 20/89 kB Progress (4): 49 kB | 160 kB | 130/211 kB | 24/89 kB Progress (4): 49 kB | 160 kB | 134/211 kB | 24/89 kB Progress (4): 49 kB | 160 kB | 134/211 kB | 28/89 kB Progress (4): 49 kB | 160 kB | 134/211 kB | 32/89 kB Progress (4): 49 kB | 160 kB | 134/211 kB | 36/89 kB Progress (4): 49 kB | 160 kB | 134/211 kB | 40/89 kB Progress (4): 49 kB | 160 kB | 138/211 kB | 40/89 kB Progress (4): 49 kB | 160 kB | 138/211 kB | 45/89 kB Progress (4): 49 kB | 160 kB | 142/211 kB | 45/89 kB Progress (4): 49 kB | 160 kB | 142/211 kB | 49/89 kB Progress (4): 49 kB | 160 kB | 147/211 kB | 49/89 kB Progress (4): 49 kB | 160 kB | 147/211 kB | 53/89 kB Progress (4): 49 kB | 160 kB | 147/211 kB | 57/89 kB Progress (4): 49 kB | 160 kB | 151/211 kB | 57/89 kB Progress (4): 49 kB | 160 kB | 155/211 kB | 57/89 kB Progress (4): 49 kB | 160 kB | 155/211 kB | 61/89 kB Progress (4): 49 kB | 160 kB | 159/211 kB | 61/89 kB Progress (4): 49 kB | 160 kB | 159/211 kB | 65/89 kB Progress (4): 49 kB | 160 kB | 163/211 kB | 65/89 kB Progress (4): 49 kB | 160 kB | 163/211 kB | 69/89 kB Progress (4): 49 kB | 160 kB | 163/211 kB | 73/89 kB Progress (4): 49 kB | 160 kB | 167/211 kB | 73/89 kB Progress (4): 49 kB | 160 kB | 171/211 kB | 73/89 kB Progress (4): 49 kB | 160 kB | 175/211 kB | 73/89 kB Progress (4): 49 kB | 160 kB | 179/211 kB | 73/89 kB Progress (4): 49 kB | 160 kB | 179/211 kB | 77/89 kB Progress (4): 49 kB | 160 kB | 179/211 kB | 81/89 kB Progress (4): 49 kB | 160 kB | 179/211 kB | 86/89 kB Progress (4): 49 kB | 160 kB | 183/211 kB | 86/89 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.9/maven-settings-2.0.9.jar (49 kB at 1.6 MB/s) Progress (3): 160 kB | 183/211 kB | 89 kB Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.9/maven-profile-2.0.9.jar Progress (3): 160 kB | 188/211 kB | 89 kB Progress (3): 160 kB | 192/211 kB | 89 kB Progress (3): 160 kB | 196/211 kB | 89 kB Progress (3): 160 kB | 200/211 kB | 89 kB Progress (3): 160 kB | 204/211 kB | 89 kB Progress (3): 160 kB | 208/211 kB | 89 kB Progress (3): 160 kB | 211 kB | 89 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.9/maven-core-2.0.9.jar (160 kB at 4.3 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.9/maven-model-2.0.9.jar Progress (3): 211 kB | 89 kB | 3.2/21 kB Progress (3): 211 kB | 89 kB | 7.3/21 kB Progress (3): 211 kB | 89 kB | 11/21 kB Progress (3): 211 kB | 89 kB | 15/21 kB Progress (3): 211 kB | 89 kB | 20/21 kB Progress (3): 211 kB | 89 kB | 21 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.1/plexus-utils-1.5.1.jar (211 kB at 4.3 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.9/maven-repository-metadata-2.0.9.jar Progress (3): 89 kB | 21 kB | 4.1/87 kB Progress (3): 89 kB | 21 kB | 7.7/87 kB Progress (3): 89 kB | 21 kB | 12/87 kB Progress (3): 89 kB | 21 kB | 15/87 kB Progress (3): 89 kB | 21 kB | 20/87 kB Progress (3): 89 kB | 21 kB | 24/87 kB Progress (3): 89 kB | 21 kB | 28/87 kB Progress (3): 89 kB | 21 kB | 32/87 kB Progress (3): 89 kB | 21 kB | 36/87 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.9/maven-plugin-parameter-documenter-2.0.9.jar (21 kB at 394 kB/s) Progress (2): 89 kB | 40/87 kB Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.9/maven-error-diagnostics-2.0.9.jar Progress (2): 89 kB | 44/87 kB Progress (2): 89 kB | 48/87 kB Progress (2): 89 kB | 52/87 kB Progress (2): 89 kB | 56/87 kB Progress (2): 89 kB | 61/87 kB Progress (2): 89 kB | 65/87 kB Progress (3): 89 kB | 65/87 kB | 4.1/35 kB Progress (3): 89 kB | 65/87 kB | 7.7/35 kB Progress (3): 89 kB | 65/87 kB | 12/35 kB Progress (3): 89 kB | 65/87 kB | 15/35 kB Progress (3): 89 kB | 65/87 kB | 20/35 kB Progress (3): 89 kB | 65/87 kB | 24/35 kB Progress (3): 89 kB | 69/87 kB | 24/35 kB Progress (3): 89 kB | 69/87 kB | 28/35 kB Progress (3): 89 kB | 73/87 kB | 28/35 kB Progress (3): 89 kB | 73/87 kB | 32/35 kB Progress (3): 89 kB | 77/87 kB | 32/35 kB Progress (3): 89 kB | 81/87 kB | 32/35 kB Progress (3): 89 kB | 81/87 kB | 35 kB Progress (3): 89 kB | 85/87 kB | 35 kB Progress (3): 89 kB | 87 kB | 35 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.9/maven-artifact-2.0.9.jar (89 kB at 1.6 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.9/maven-project-2.0.9.jar Progress (3): 87 kB | 35 kB | 4.1/25 kB Progress (3): 87 kB | 35 kB | 7.7/25 kB Progress (3): 87 kB | 35 kB | 12/25 kB Progress (3): 87 kB | 35 kB | 15/25 kB Progress (3): 87 kB | 35 kB | 20/25 kB Progress (3): 87 kB | 35 kB | 24/25 kB Progress (3): 87 kB | 35 kB | 25 kB Progress (4): 87 kB | 35 kB | 25 kB | 4.1/14 kB Progress (4): 87 kB | 35 kB | 25 kB | 7.3/14 kB Progress (4): 87 kB | 35 kB | 25 kB | 11/14 kB Progress (4): 87 kB | 35 kB | 25 kB | 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.9/maven-profile-2.0.9.jar (35 kB at 512 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.9/maven-plugin-registry-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.9/maven-model-2.0.9.jar (87 kB at 1.2 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.9/maven-plugin-descriptor-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.9/maven-repository-metadata-2.0.9.jar (25 kB at 311 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.9/maven-artifact-manager-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.9/maven-error-diagnostics-2.0.9.jar (14 kB at 175 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.9/maven-monitor-2.0.9.jar Progress (1): 3.2/29 kB Progress (1): 7.3/29 kB Progress (1): 11/29 kB Progress (1): 15/29 kB Progress (1): 20/29 kB Progress (1): 24/29 kB Progress (1): 28/29 kB Progress (1): 29 kB Progress (2): 29 kB | 4.1/122 kB Progress (2): 29 kB | 7.7/122 kB Progress (2): 29 kB | 11/122 kB Progress (2): 29 kB | 15/122 kB Progress (2): 29 kB | 20/122 kB Progress (2): 29 kB | 24/122 kB Progress (2): 29 kB | 28/122 kB Progress (2): 29 kB | 32/122 kB Progress (2): 29 kB | 36/122 kB Progress (2): 29 kB | 40/122 kB Progress (2): 29 kB | 44/122 kB Progress (2): 29 kB | 48/122 kB Progress (2): 29 kB | 52/122 kB Progress (2): 29 kB | 56/122 kB Progress (2): 29 kB | 61/122 kB Progress (2): 29 kB | 65/122 kB Progress (2): 29 kB | 69/122 kB Progress (2): 29 kB | 73/122 kB Progress (2): 29 kB | 77/122 kB Progress (2): 29 kB | 81/122 kB Progress (2): 29 kB | 85/122 kB Progress (2): 29 kB | 89/122 kB Progress (2): 29 kB | 93/122 kB Progress (2): 29 kB | 97/122 kB Progress (2): 29 kB | 102/122 kB Progress (2): 29 kB | 106/122 kB Progress (2): 29 kB | 110/122 kB Progress (2): 29 kB | 114/122 kB Progress (2): 29 kB | 118/122 kB Progress (2): 29 kB | 122 kB Progress (3): 29 kB | 122 kB | 4.1/58 kB Progress (3): 29 kB | 122 kB | 7.7/58 kB Progress (3): 29 kB | 122 kB | 12/58 kB Progress (3): 29 kB | 122 kB | 16/58 kB Progress (3): 29 kB | 122 kB | 20/58 kB Progress (3): 29 kB | 122 kB | 24/58 kB Progress (3): 29 kB | 122 kB | 28/58 kB Progress (3): 29 kB | 122 kB | 32/58 kB Progress (3): 29 kB | 122 kB | 36/58 kB Progress (3): 29 kB | 122 kB | 40/58 kB Progress (3): 29 kB | 122 kB | 45/58 kB Progress (3): 29 kB | 122 kB | 49/58 kB Progress (3): 29 kB | 122 kB | 53/58 kB Progress (3): 29 kB | 122 kB | 57/58 kB Progress (3): 29 kB | 122 kB | 58 kB Progress (4): 29 kB | 122 kB | 58 kB | 4.1/10 kB Progress (4): 29 kB | 122 kB | 58 kB | 7.7/10 kB Progress (4): 29 kB | 122 kB | 58 kB | 10 kB Progress (5): 29 kB | 122 kB | 58 kB | 10 kB | 4.1/37 kB Progress (5): 29 kB | 122 kB | 58 kB | 10 kB | 7.7/37 kB Progress (5): 29 kB | 122 kB | 58 kB | 10 kB | 12/37 kB Progress (5): 29 kB | 122 kB | 58 kB | 10 kB | 16/37 kB Progress (5): 29 kB | 122 kB | 58 kB | 10 kB | 20/37 kB Progress (5): 29 kB | 122 kB | 58 kB | 10 kB | 24/37 kB Progress (5): 29 kB | 122 kB | 58 kB | 10 kB | 28/37 kB Progress (5): 29 kB | 122 kB | 58 kB | 10 kB | 32/37 kB Progress (5): 29 kB | 122 kB | 58 kB | 10 kB | 36/37 kB Progress (5): 29 kB | 122 kB | 58 kB | 10 kB | 37 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.9/maven-artifact-manager-2.0.9.jar (58 kB at 551 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/1.0/maven-toolchain-1.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.9/maven-plugin-registry-2.0.9.jar (29 kB at 274 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.1/maven-shared-utils-0.1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.9/maven-monitor-2.0.9.jar (10 kB at 96 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.9/maven-project-2.0.9.jar (122 kB at 1.1 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.9/maven-plugin-descriptor-2.0.9.jar (37 kB at 325 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.jar Progress (1): 4.1/155 kB Progress (1): 7.7/155 kB Progress (1): 12/155 kB Progress (1): 16/155 kB Progress (1): 20/155 kB Progress (1): 24/155 kB Progress (1): 28/155 kB Progress (1): 32/155 kB Progress (1): 36/155 kB Progress (1): 40/155 kB Progress (1): 45/155 kB Progress (1): 49/155 kB Progress (1): 53/155 kB Progress (1): 57/155 kB Progress (1): 61/155 kB Progress (1): 65/155 kB Progress (1): 69/155 kB Progress (1): 73/155 kB Progress (1): 77/155 kB Progress (2): 77/155 kB | 4.1/32 kB Progress (2): 77/155 kB | 7.7/32 kB Progress (2): 77/155 kB | 12/32 kB Progress (2): 77/155 kB | 16/32 kB Progress (2): 77/155 kB | 20/32 kB Progress (2): 77/155 kB | 24/32 kB Progress (2): 77/155 kB | 28/32 kB Progress (2): 77/155 kB | 32 kB Progress (2): 81/155 kB | 32 kB Progress (2): 86/155 kB | 32 kB Progress (2): 90/155 kB | 32 kB Progress (2): 94/155 kB | 32 kB Progress (2): 98/155 kB | 32 kB Progress (2): 102/155 kB | 32 kB Progress (2): 106/155 kB | 32 kB Progress (2): 110/155 kB | 32 kB Progress (2): 114/155 kB | 32 kB Progress (2): 118/155 kB | 32 kB Progress (2): 122/155 kB | 32 kB Progress (2): 126/155 kB | 32 kB Progress (2): 131/155 kB | 32 kB Progress (2): 135/155 kB | 32 kB Progress (2): 139/155 kB | 32 kB Progress (2): 143/155 kB | 32 kB Progress (2): 147/155 kB | 32 kB Progress (2): 151/155 kB | 32 kB Progress (2): 155 kB | 32 kB Progress (3): 155 kB | 32 kB | 4.1/33 kB Progress (3): 155 kB | 32 kB | 7.7/33 kB Progress (3): 155 kB | 32 kB | 12/33 kB Progress (3): 155 kB | 32 kB | 16/33 kB Progress (3): 155 kB | 32 kB | 20/33 kB Progress (3): 155 kB | 32 kB | 24/33 kB Progress (3): 155 kB | 32 kB | 28/33 kB Progress (3): 155 kB | 32 kB | 32/33 kB Progress (3): 155 kB | 32 kB | 33 kB Progress (4): 155 kB | 32 kB | 33 kB | 4.1/4.2 kB Progress (4): 155 kB | 32 kB | 33 kB | 4.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.jar (32 kB at 233 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-api/2.2/plexus-compiler-api-2.2.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.1/maven-shared-utils-0.1.jar (155 kB at 1.1 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-manager/2.2/plexus-compiler-manager-2.2.jar Progress (3): 33 kB | 4.2 kB | 4.1/14 kB Progress (3): 33 kB | 4.2 kB | 7.7/14 kB Progress (3): 33 kB | 4.2 kB | 12/14 kB Progress (3): 33 kB | 4.2 kB | 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/1.0/maven-toolchain-1.0.jar (33 kB at 237 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.2/plexus-compiler-javac-2.2.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.jar (4.2 kB at 28 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.5.5/plexus-container-default-1.5.5.jar Progress (2): 14 kB | 4.1/19 kB Progress (2): 14 kB | 7.7/19 kB Progress (2): 14 kB | 12/19 kB Progress (2): 14 kB | 15/19 kB Progress (3): 14 kB | 15/19 kB | 4.1/25 kB Progress (3): 14 kB | 19 kB | 4.1/25 kB Progress (3): 14 kB | 19 kB | 7.7/25 kB Progress (3): 14 kB | 19 kB | 12/25 kB Progress (3): 14 kB | 19 kB | 16/25 kB Progress (3): 14 kB | 19 kB | 20/25 kB Progress (3): 14 kB | 19 kB | 24/25 kB Progress (3): 14 kB | 19 kB | 25 kB Progress (4): 14 kB | 19 kB | 25 kB | 3.2/4.6 kB Progress (4): 14 kB | 19 kB | 25 kB | 4.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.jar (14 kB at 84 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.2/plexus-classworlds-2.2.2.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.2/plexus-compiler-javac-2.2.jar (19 kB at 116 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean-reflect/3.4/xbean-reflect-3.4.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-manager/2.2/plexus-compiler-manager-2.2.jar (4.6 kB at 27 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-api/2.2/plexus-compiler-api-2.2.jar (25 kB at 151 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.jar Progress (1): 4.1/217 kB Progress (1): 7.7/217 kB Progress (1): 12/217 kB Progress (1): 16/217 kB Progress (1): 20/217 kB Progress (1): 24/217 kB Progress (1): 28/217 kB Progress (1): 32/217 kB Progress (1): 36/217 kB Progress (1): 40/217 kB Progress (1): 44/217 kB Progress (1): 48/217 kB Progress (1): 52/217 kB Progress (1): 56/217 kB Progress (1): 61/217 kB Progress (1): 65/217 kB Progress (1): 69/217 kB Progress (1): 73/217 kB Progress (1): 77/217 kB Progress (1): 81/217 kB Progress (1): 85/217 kB Progress (1): 89/217 kB Progress (1): 93/217 kB Progress (1): 97/217 kB Progress (1): 101/217 kB Progress (1): 106/217 kB Progress (1): 110/217 kB Progress (1): 114/217 kB Progress (1): 118/217 kB Progress (1): 122/217 kB Progress (1): 126/217 kB Progress (1): 130/217 kB Progress (1): 134/217 kB Progress (1): 138/217 kB Progress (1): 142/217 kB Progress (1): 147/217 kB Progress (1): 151/217 kB Progress (1): 155/217 kB Progress (1): 159/217 kB Progress (1): 163/217 kB Progress (1): 167/217 kB Progress (1): 171/217 kB Progress (1): 175/217 kB Progress (1): 179/217 kB Progress (1): 183/217 kB Progress (1): 187/217 kB Progress (1): 192/217 kB Progress (1): 196/217 kB Progress (1): 200/217 kB Progress (1): 204/217 kB Progress (1): 208/217 kB Progress (1): 212/217 kB Progress (1): 216/217 kB Progress (1): 217 kB Progress (2): 217 kB | 4.1/134 kB Progress (2): 217 kB | 7.7/134 kB Progress (2): 217 kB | 12/134 kB Progress (2): 217 kB | 16/134 kB Progress (2): 217 kB | 20/134 kB Progress (2): 217 kB | 24/134 kB Progress (2): 217 kB | 28/134 kB Progress (2): 217 kB | 32/134 kB Progress (2): 217 kB | 36/134 kB Progress (2): 217 kB | 40/134 kB Progress (2): 217 kB | 45/134 kB Progress (2): 217 kB | 49/134 kB Progress (2): 217 kB | 53/134 kB Progress (2): 217 kB | 57/134 kB Progress (2): 217 kB | 61/134 kB Progress (2): 217 kB | 65/134 kB Progress (2): 217 kB | 69/134 kB Progress (2): 217 kB | 73/134 kB Progress (2): 217 kB | 77/134 kB Progress (2): 217 kB | 81/134 kB Progress (2): 217 kB | 86/134 kB Progress (2): 217 kB | 90/134 kB Progress (2): 217 kB | 94/134 kB Progress (2): 217 kB | 98/134 kB Progress (2): 217 kB | 102/134 kB Progress (2): 217 kB | 106/134 kB Progress (2): 217 kB | 110/134 kB Progress (2): 217 kB | 114/134 kB Progress (2): 217 kB | 118/134 kB Progress (2): 217 kB | 122/134 kB Progress (2): 217 kB | 126/134 kB Progress (2): 217 kB | 131/134 kB Progress (2): 217 kB | 134 kB Progress (3): 217 kB | 134 kB | 3.2/358 kB Progress (3): 217 kB | 134 kB | 7.3/358 kB Progress (3): 217 kB | 134 kB | 11/358 kB Progress (3): 217 kB | 134 kB | 15/358 kB Progress (3): 217 kB | 134 kB | 20/358 kB Progress (3): 217 kB | 134 kB | 24/358 kB Progress (3): 217 kB | 134 kB | 28/358 kB Progress (3): 217 kB | 134 kB | 32/358 kB Progress (3): 217 kB | 134 kB | 36/358 kB Progress (3): 217 kB | 134 kB | 40/358 kB Progress (3): 217 kB | 134 kB | 44/358 kB Progress (3): 217 kB | 134 kB | 48/358 kB Progress (3): 217 kB | 134 kB | 52/358 kB Progress (3): 217 kB | 134 kB | 56/358 kB Progress (3): 217 kB | 134 kB | 61/358 kB Progress (3): 217 kB | 134 kB | 65/358 kB Progress (3): 217 kB | 134 kB | 69/358 kB Progress (3): 217 kB | 134 kB | 73/358 kB Progress (3): 217 kB | 134 kB | 77/358 kB Progress (3): 217 kB | 134 kB | 81/358 kB Progress (3): 217 kB | 134 kB | 85/358 kB Progress (3): 217 kB | 134 kB | 89/358 kB Progress (3): 217 kB | 134 kB | 93/358 kB Progress (3): 217 kB | 134 kB | 97/358 kB Progress (3): 217 kB | 134 kB | 102/358 kB Progress (3): 217 kB | 134 kB | 106/358 kB Progress (3): 217 kB | 134 kB | 110/358 kB Progress (3): 217 kB | 134 kB | 114/358 kB Progress (3): 217 kB | 134 kB | 118/358 kB Progress (3): 217 kB | 134 kB | 122/358 kB Progress (3): 217 kB | 134 kB | 126/358 kB Progress (3): 217 kB | 134 kB | 130/358 kB Progress (3): 217 kB | 134 kB | 134/358 kB Progress (3): 217 kB | 134 kB | 138/358 kB Progress (3): 217 kB | 134 kB | 142/358 kB Progress (3): 217 kB | 134 kB | 147/358 kB Progress (3): 217 kB | 134 kB | 151/358 kB Progress (3): 217 kB | 134 kB | 155/358 kB Progress (4): 217 kB | 134 kB | 155/358 kB | 4.1/45 kB Progress (4): 217 kB | 134 kB | 159/358 kB | 4.1/45 kB Progress (4): 217 kB | 134 kB | 159/358 kB | 7.7/45 kB Progress (4): 217 kB | 134 kB | 159/358 kB | 12/45 kB Progress (4): 217 kB | 134 kB | 159/358 kB | 15/45 kB Progress (4): 217 kB | 134 kB | 159/358 kB | 20/45 kB Progress (4): 217 kB | 134 kB | 159/358 kB | 24/45 kB Progress (4): 217 kB | 134 kB | 159/358 kB | 28/45 kB Progress (4): 217 kB | 134 kB | 159/358 kB | 32/45 kB Progress (4): 217 kB | 134 kB | 159/358 kB | 36/45 kB Progress (4): 217 kB | 134 kB | 159/358 kB | 40/45 kB Progress (4): 217 kB | 134 kB | 159/358 kB | 44/45 kB Progress (4): 217 kB | 134 kB | 159/358 kB | 45 kB Progress (4): 217 kB | 134 kB | 163/358 kB | 45 kB Progress (4): 217 kB | 134 kB | 167/358 kB | 45 kB Progress (4): 217 kB | 134 kB | 171/358 kB | 45 kB Progress (4): 217 kB | 134 kB | 175/358 kB | 45 kB Progress (4): 217 kB | 134 kB | 179/358 kB | 45 kB Progress (5): 217 kB | 134 kB | 179/358 kB | 45 kB | 4.1/46 kB Progress (5): 217 kB | 134 kB | 183/358 kB | 45 kB | 4.1/46 kB Progress (5): 217 kB | 134 kB | 183/358 kB | 45 kB | 7.7/46 kB Progress (5): 217 kB | 134 kB | 187/358 kB | 45 kB | 7.7/46 kB Progress (5): 217 kB | 134 kB | 187/358 kB | 45 kB | 12/46 kB Progress (5): 217 kB | 134 kB | 191/358 kB | 45 kB | 12/46 kB Progress (5): 217 kB | 134 kB | 191/358 kB | 45 kB | 15/46 kB Progress (5): 217 kB | 134 kB | 195/358 kB | 45 kB | 15/46 kB Progress (5): 217 kB | 134 kB | 195/358 kB | 45 kB | 20/46 kB Progress (5): 217 kB | 134 kB | 195/358 kB | 45 kB | 24/46 kB Progress (5): 217 kB | 134 kB | 195/358 kB | 45 kB | 28/46 kB Progress (5): 217 kB | 134 kB | 195/358 kB | 45 kB | 32/46 kB Progress (5): 217 kB | 134 kB | 195/358 kB | 45 kB | 36/46 kB Progress (5): 217 kB | 134 kB | 195/358 kB | 45 kB | 40/46 kB Progress (5): 217 kB | 134 kB | 195/358 kB | 45 kB | 44/46 kB Progress (5): 217 kB | 134 kB | 195/358 kB | 45 kB | 46 kB Progress (5): 217 kB | 134 kB | 199/358 kB | 45 kB | 46 kB Progress (5): 217 kB | 134 kB | 204/358 kB | 45 kB | 46 kB Progress (5): 217 kB | 134 kB | 208/358 kB | 45 kB | 46 kB Progress (5): 217 kB | 134 kB | 212/358 kB | 45 kB | 46 kB Progress (5): 217 kB | 134 kB | 216/358 kB | 45 kB | 46 kB Progress (5): 217 kB | 134 kB | 220/358 kB | 45 kB | 46 kB Progress (5): 217 kB | 134 kB | 224/358 kB | 45 kB | 46 kB Progress (5): 217 kB | 134 kB | 228/358 kB | 45 kB | 46 kB Progress (5): 217 kB | 134 kB | 232/358 kB | 45 kB | 46 kB Progress (5): 217 kB | 134 kB | 236/358 kB | 45 kB | 46 kB Progress (5): 217 kB | 134 kB | 240/358 kB | 45 kB | 46 kB Progress (5): 217 kB | 134 kB | 245/358 kB | 45 kB | 46 kB Progress (5): 217 kB | 134 kB | 249/358 kB | 45 kB | 46 kB Progress (5): 217 kB | 134 kB | 253/358 kB | 45 kB | 46 kB Progress (5): 217 kB | 134 kB | 257/358 kB | 45 kB | 46 kB Progress (5): 217 kB | 134 kB | 261/358 kB | 45 kB | 46 kB Progress (5): 217 kB | 134 kB | 265/358 kB | 45 kB | 46 kB Progress (5): 217 kB | 134 kB | 269/358 kB | 45 kB | 46 kB Progress (5): 217 kB | 134 kB | 273/358 kB | 45 kB | 46 kB Progress (5): 217 kB | 134 kB | 277/358 kB | 45 kB | 46 kB Progress (5): 217 kB | 134 kB | 281/358 kB | 45 kB | 46 kB Progress (5): 217 kB | 134 kB | 286/358 kB | 45 kB | 46 kB Progress (5): 217 kB | 134 kB | 290/358 kB | 45 kB | 46 kB Progress (5): 217 kB | 134 kB | 294/358 kB | 45 kB | 46 kB Progress (5): 217 kB | 134 kB | 298/358 kB | 45 kB | 46 kB Progress (5): 217 kB | 134 kB | 302/358 kB | 45 kB | 46 kB Progress (5): 217 kB | 134 kB | 306/358 kB | 45 kB | 46 kB Progress (5): 217 kB | 134 kB | 310/358 kB | 45 kB | 46 kB Progress (5): 217 kB | 134 kB | 314/358 kB | 45 kB | 46 kB Progress (5): 217 kB | 134 kB | 318/358 kB | 45 kB | 46 kB Progress (5): 217 kB | 134 kB | 322/358 kB | 45 kB | 46 kB Progress (5): 217 kB | 134 kB | 326/358 kB | 45 kB | 46 kB Progress (5): 217 kB | 134 kB | 331/358 kB | 45 kB | 46 kB Progress (5): 217 kB | 134 kB | 335/358 kB | 45 kB | 46 kB Progress (5): 217 kB | 134 kB | 339/358 kB | 45 kB | 46 kB Progress (5): 217 kB | 134 kB | 343/358 kB | 45 kB | 46 kB Progress (5): 217 kB | 134 kB | 347/358 kB | 45 kB | 46 kB Progress (5): 217 kB | 134 kB | 351/358 kB | 45 kB | 46 kB Progress (5): 217 kB | 134 kB | 355/358 kB | 45 kB | 46 kB Progress (5): 217 kB | 134 kB | 358 kB | 45 kB | 46 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean-reflect/3.4/xbean-reflect-3.4.jar (134 kB at 697 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/collections/google-collections/1.0/google-collections-1.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.5.5/plexus-container-default-1.5.5.jar (217 kB at 1.1 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.2/junit-3.8.2.jar Downloaded from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.jar (45 kB at 224 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.jar (358 kB at 1.8 MB/s) Progress (2): 46 kB | 4.1/640 kB Progress (2): 46 kB | 7.7/640 kB Progress (2): 46 kB | 12/640 kB Progress (2): 46 kB | 16/640 kB Progress (2): 46 kB | 20/640 kB Progress (2): 46 kB | 24/640 kB Progress (2): 46 kB | 28/640 kB Progress (2): 46 kB | 32/640 kB Progress (2): 46 kB | 36/640 kB Progress (2): 46 kB | 40/640 kB Progress (2): 46 kB | 45/640 kB Progress (2): 46 kB | 49/640 kB Progress (2): 46 kB | 53/640 kB Progress (2): 46 kB | 57/640 kB Progress (2): 46 kB | 61/640 kB Progress (2): 46 kB | 65/640 kB Progress (2): 46 kB | 69/640 kB Progress (2): 46 kB | 73/640 kB Progress (2): 46 kB | 77/640 kB Progress (2): 46 kB | 81/640 kB Progress (2): 46 kB | 86/640 kB Progress (2): 46 kB | 90/640 kB Progress (2): 46 kB | 94/640 kB Progress (2): 46 kB | 98/640 kB Progress (2): 46 kB | 102/640 kB Progress (2): 46 kB | 106/640 kB Progress (2): 46 kB | 110/640 kB Progress (2): 46 kB | 114/640 kB Progress (2): 46 kB | 118/640 kB Progress (2): 46 kB | 122/640 kB Progress (2): 46 kB | 126/640 kB Progress (2): 46 kB | 131/640 kB Progress (2): 46 kB | 135/640 kB Progress (2): 46 kB | 139/640 kB Progress (2): 46 kB | 143/640 kB Progress (2): 46 kB | 147/640 kB Progress (2): 46 kB | 151/640 kB Progress (2): 46 kB | 155/640 kB Progress (2): 46 kB | 159/640 kB Progress (2): 46 kB | 163/640 kB Progress (2): 46 kB | 167/640 kB Progress (2): 46 kB | 172/640 kB Progress (2): 46 kB | 176/640 kB Progress (2): 46 kB | 180/640 kB Progress (2): 46 kB | 184/640 kB Progress (2): 46 kB | 188/640 kB Progress (2): 46 kB | 192/640 kB Progress (2): 46 kB | 196/640 kB Progress (2): 46 kB | 200/640 kB Progress (2): 46 kB | 204/640 kB Progress (2): 46 kB | 208/640 kB Progress (2): 46 kB | 213/640 kB Progress (2): 46 kB | 217/640 kB Progress (2): 46 kB | 221/640 kB Progress (2): 46 kB | 225/640 kB Progress (2): 46 kB | 229/640 kB Progress (2): 46 kB | 233/640 kB Progress (2): 46 kB | 237/640 kB Progress (2): 46 kB | 241/640 kB Progress (2): 46 kB | 245/640 kB Progress (2): 46 kB | 249/640 kB Progress (2): 46 kB | 253/640 kB Progress (2): 46 kB | 258/640 kB Progress (2): 46 kB | 262/640 kB Progress (2): 46 kB | 266/640 kB Progress (2): 46 kB | 270/640 kB Progress (2): 46 kB | 274/640 kB Progress (2): 46 kB | 278/640 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.2/plexus-classworlds-2.2.2.jar (46 kB at 218 kB/s) Progress (1): 282/640 kB Progress (1): 286/640 kB Progress (1): 290/640 kB Progress (1): 294/640 kB Progress (1): 299/640 kB Progress (1): 303/640 kB Progress (1): 307/640 kB Progress (1): 311/640 kB Progress (1): 315/640 kB Progress (1): 319/640 kB Progress (1): 323/640 kB Progress (1): 327/640 kB Progress (1): 331/640 kB Progress (1): 335/640 kB Progress (1): 339/640 kB Progress (1): 344/640 kB Progress (1): 348/640 kB Progress (1): 352/640 kB Progress (1): 356/640 kB Progress (1): 360/640 kB Progress (1): 364/640 kB Progress (1): 368/640 kB Progress (1): 372/640 kB Progress (1): 376/640 kB Progress (1): 380/640 kB Progress (1): 385/640 kB Progress (1): 389/640 kB Progress (1): 393/640 kB Progress (1): 397/640 kB Progress (1): 401/640 kB Progress (1): 405/640 kB Progress (1): 409/640 kB Progress (1): 413/640 kB Progress (1): 417/640 kB Progress (1): 421/640 kB Progress (1): 426/640 kB Progress (1): 430/640 kB Progress (1): 434/640 kB Progress (1): 438/640 kB Progress (1): 442/640 kB Progress (1): 446/640 kB Progress (1): 450/640 kB Progress (1): 454/640 kB Progress (1): 458/640 kB Progress (1): 462/640 kB Progress (1): 466/640 kB Progress (1): 471/640 kB Progress (1): 475/640 kB Progress (1): 479/640 kB Progress (1): 483/640 kB Progress (1): 487/640 kB Progress (1): 491/640 kB Progress (1): 495/640 kB Progress (1): 499/640 kB Progress (1): 503/640 kB Progress (1): 507/640 kB Progress (1): 512/640 kB Progress (1): 516/640 kB Progress (1): 520/640 kB Progress (1): 524/640 kB Progress (1): 528/640 kB Progress (1): 532/640 kB Progress (1): 536/640 kB Progress (1): 540/640 kB Progress (1): 544/640 kB Progress (1): 548/640 kB Progress (1): 552/640 kB Progress (1): 557/640 kB Progress (1): 561/640 kB Progress (1): 565/640 kB Progress (1): 569/640 kB Progress (1): 573/640 kB Progress (1): 577/640 kB Progress (1): 581/640 kB Progress (1): 585/640 kB Progress (1): 589/640 kB Progress (1): 593/640 kB Progress (1): 598/640 kB Progress (1): 602/640 kB Progress (1): 606/640 kB Progress (2): 606/640 kB | 4.1/121 kB Progress (2): 606/640 kB | 7.7/121 kB Progress (2): 610/640 kB | 7.7/121 kB Progress (2): 610/640 kB | 12/121 kB Progress (2): 614/640 kB | 12/121 kB Progress (2): 614/640 kB | 15/121 kB Progress (2): 618/640 kB | 15/121 kB Progress (2): 622/640 kB | 15/121 kB Progress (2): 622/640 kB | 20/121 kB Progress (2): 626/640 kB | 20/121 kB Progress (2): 626/640 kB | 24/121 kB Progress (2): 630/640 kB | 24/121 kB Progress (2): 630/640 kB | 28/121 kB Progress (2): 634/640 kB | 28/121 kB Progress (2): 634/640 kB | 32/121 kB Progress (2): 638/640 kB | 32/121 kB Progress (2): 640 kB | 32/121 kB Progress (2): 640 kB | 36/121 kB Progress (2): 640 kB | 40/121 kB Progress (2): 640 kB | 44/121 kB Progress (2): 640 kB | 48/121 kB Progress (2): 640 kB | 52/121 kB Progress (2): 640 kB | 56/121 kB Progress (2): 640 kB | 61/121 kB Progress (2): 640 kB | 65/121 kB Progress (2): 640 kB | 69/121 kB Progress (2): 640 kB | 73/121 kB Progress (2): 640 kB | 77/121 kB Progress (2): 640 kB | 81/121 kB Progress (2): 640 kB | 85/121 kB Progress (2): 640 kB | 89/121 kB Progress (2): 640 kB | 93/121 kB Progress (2): 640 kB | 97/121 kB Progress (2): 640 kB | 102/121 kB Progress (2): 640 kB | 106/121 kB Progress (2): 640 kB | 110/121 kB Progress (2): 640 kB | 114/121 kB Progress (2): 640 kB | 118/121 kB Progress (2): 640 kB | 121 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/collections/google-collections/1.0/google-collections-1.0.jar (640 kB at 2.8 MB/s) Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.2/junit-3.8.2.jar (121 kB at 511 kB/s) [INFO] Changes detected - recompiling the module! [WARNING] File encoding has not been set, using platform encoding UTF-8, i.e. build is platform dependent! [INFO] Compiling 1 source file to /work/target/classes [INFO] [INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ simple-java-project --- [WARNING] Using platform encoding (UTF-8 actually) to copy filtered resources, i.e. build is platform dependent! [INFO] skip non existing resourceDirectory /work/src/test/resources [INFO] [INFO] --- maven-compiler-plugin:3.1:testCompile (default-testCompile) @ simple-java-project --- [INFO] No sources to compile [INFO] [INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-booter/2.12.4/surefire-booter-2.12.4.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-booter/2.12.4/surefire-booter-2.12.4.pom (3.0 kB at 72 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-api/2.12.4/surefire-api-2.12.4.pom Progress (1): 2.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-api/2.12.4/surefire-api-2.12.4.pom (2.5 kB at 62 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/maven-surefire-common/2.12.4/maven-surefire-common-2.12.4.pom Progress (1): 4.1 kB Progress (1): 5.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/maven-surefire-common/2.12.4/maven-surefire-common-2.12.4.pom (5.5 kB at 142 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-annotations/3.1/maven-plugin-annotations-3.1.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-annotations/3.1/maven-plugin-annotations-3.1.pom (1.6 kB at 35 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-tools/3.1/maven-plugin-tools-3.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-tools/3.1/maven-plugin-tools-3.1.pom (16 kB at 395 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.9/maven-reporting-api-2.0.9.pom Progress (1): 1.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.9/maven-reporting-api-2.0.9.pom (1.8 kB at 43 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting/2.0.9/maven-reporting-2.0.9.pom Progress (1): 1.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting/2.0.9/maven-reporting-2.0.9.pom (1.5 kB at 31 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/2.0.9/maven-toolchain-2.0.9.pom Progress (1): 3.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/2.0.9/maven-toolchain-2.0.9.pom (3.5 kB at 87 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.1/commons-lang3-3.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 17 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.1/commons-lang3-3.1.pom (17 kB at 440 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/22/commons-parent-22.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 42 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/22/commons-parent-22.pom (42 kB at 953 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/9/apache-9.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/9/apache-9.pom (15 kB at 379 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/1.3/maven-common-artifact-filters-1.3.pom Progress (1): 3.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/1.3/maven-common-artifact-filters-1.3.pom (3.7 kB at 74 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/12/maven-shared-components-12.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/12/maven-shared-components-12.pom (9.3 kB at 233 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/13/maven-parent-13.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 23 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/13/maven-parent-13.pom (23 kB at 539 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/6/apache-6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/6/apache-6.pom (13 kB at 291 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9/plexus-container-default-1.0-alpha-9.pom Progress (1): 1.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9/plexus-container-default-1.0-alpha-9.pom (1.2 kB at 29 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-booter/2.12.4/surefire-booter-2.12.4.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-api/2.12.4/surefire-api-2.12.4.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/maven-surefire-common/2.12.4/maven-surefire-common-2.12.4.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.1/commons-lang3-3.1.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/1.3/maven-common-artifact-filters-1.3.jar Progress (1): 4.1/118 kB Progress (2): 4.1/118 kB | 4.1/31 kB Progress (2): 7.7/118 kB | 4.1/31 kB Progress (2): 7.7/118 kB | 7.7/31 kB Progress (2): 12/118 kB | 7.7/31 kB Progress (2): 12/118 kB | 12/31 kB Progress (2): 16/118 kB | 12/31 kB Progress (2): 16/118 kB | 16/31 kB Progress (2): 16/118 kB | 20/31 kB Progress (2): 20/118 kB | 20/31 kB Progress (2): 20/118 kB | 24/31 kB Progress (2): 24/118 kB | 24/31 kB Progress (2): 24/118 kB | 28/31 kB Progress (2): 28/118 kB | 28/31 kB Progress (2): 28/118 kB | 31 kB Progress (2): 32/118 kB | 31 kB Progress (2): 36/118 kB | 31 kB Progress (2): 40/118 kB | 31 kB Progress (2): 45/118 kB | 31 kB Progress (2): 49/118 kB | 31 kB Progress (2): 53/118 kB | 31 kB Progress (2): 57/118 kB | 31 kB Progress (2): 61/118 kB | 31 kB Progress (2): 65/118 kB | 31 kB Progress (2): 69/118 kB | 31 kB Progress (2): 73/118 kB | 31 kB Progress (2): 77/118 kB | 31 kB Progress (2): 81/118 kB | 31 kB Progress (2): 86/118 kB | 31 kB Progress (2): 90/118 kB | 31 kB Progress (2): 94/118 kB | 31 kB Progress (2): 98/118 kB | 31 kB Progress (2): 102/118 kB | 31 kB Progress (2): 106/118 kB | 31 kB Progress (2): 110/118 kB | 31 kB Progress (2): 114/118 kB | 31 kB Progress (2): 118 kB | 31 kB Progress (3): 118 kB | 31 kB | 4.1/316 kB Progress (3): 118 kB | 31 kB | 7.7/316 kB Progress (3): 118 kB | 31 kB | 12/316 kB Progress (3): 118 kB | 31 kB | 15/316 kB Progress (3): 118 kB | 31 kB | 20/316 kB Progress (3): 118 kB | 31 kB | 24/316 kB Progress (3): 118 kB | 31 kB | 28/316 kB Progress (3): 118 kB | 31 kB | 32/316 kB Progress (3): 118 kB | 31 kB | 36/316 kB Progress (3): 118 kB | 31 kB | 40/316 kB Progress (3): 118 kB | 31 kB | 44/316 kB Progress (3): 118 kB | 31 kB | 48/316 kB Progress (3): 118 kB | 31 kB | 52/316 kB Progress (3): 118 kB | 31 kB | 56/316 kB Progress (3): 118 kB | 31 kB | 61/316 kB Progress (3): 118 kB | 31 kB | 65/316 kB Progress (3): 118 kB | 31 kB | 69/316 kB Progress (3): 118 kB | 31 kB | 73/316 kB Progress (3): 118 kB | 31 kB | 77/316 kB Progress (3): 118 kB | 31 kB | 81/316 kB Progress (3): 118 kB | 31 kB | 85/316 kB Progress (3): 118 kB | 31 kB | 89/316 kB Progress (3): 118 kB | 31 kB | 93/316 kB Progress (3): 118 kB | 31 kB | 97/316 kB Progress (3): 118 kB | 31 kB | 102/316 kB Progress (3): 118 kB | 31 kB | 106/316 kB Progress (3): 118 kB | 31 kB | 110/316 kB Progress (3): 118 kB | 31 kB | 114/316 kB Progress (3): 118 kB | 31 kB | 118/316 kB Progress (3): 118 kB | 31 kB | 122/316 kB Progress (3): 118 kB | 31 kB | 126/316 kB Progress (3): 118 kB | 31 kB | 130/316 kB Progress (3): 118 kB | 31 kB | 134/316 kB Progress (4): 118 kB | 31 kB | 134/316 kB | 4.1/35 kB Progress (4): 118 kB | 31 kB | 138/316 kB | 4.1/35 kB Progress (4): 118 kB | 31 kB | 138/316 kB | 7.7/35 kB Progress (4): 118 kB | 31 kB | 142/316 kB | 7.7/35 kB Progress (4): 118 kB | 31 kB | 142/316 kB | 12/35 kB Progress (4): 118 kB | 31 kB | 147/316 kB | 12/35 kB Progress (4): 118 kB | 31 kB | 147/316 kB | 16/35 kB Progress (4): 118 kB | 31 kB | 151/316 kB | 16/35 kB Progress (4): 118 kB | 31 kB | 155/316 kB | 16/35 kB Progress (4): 118 kB | 31 kB | 155/316 kB | 20/35 kB Progress (4): 118 kB | 31 kB | 159/316 kB | 20/35 kB Progress (4): 118 kB | 31 kB | 159/316 kB | 24/35 kB Progress (4): 118 kB | 31 kB | 163/316 kB | 24/35 kB Progress (4): 118 kB | 31 kB | 163/316 kB | 28/35 kB Progress (4): 118 kB | 31 kB | 163/316 kB | 32/35 kB Progress (4): 118 kB | 31 kB | 167/316 kB | 32/35 kB Progress (4): 118 kB | 31 kB | 167/316 kB | 35 kB Progress (4): 118 kB | 31 kB | 171/316 kB | 35 kB Progress (4): 118 kB | 31 kB | 175/316 kB | 35 kB Progress (4): 118 kB | 31 kB | 179/316 kB | 35 kB Progress (4): 118 kB | 31 kB | 183/316 kB | 35 kB Progress (4): 118 kB | 31 kB | 188/316 kB | 35 kB Progress (4): 118 kB | 31 kB | 192/316 kB | 35 kB Progress (4): 118 kB | 31 kB | 196/316 kB | 35 kB Progress (5): 118 kB | 31 kB | 196/316 kB | 35 kB | 4.1/263 kB Progress (5): 118 kB | 31 kB | 196/316 kB | 35 kB | 7.7/263 kB Progress (5): 118 kB | 31 kB | 200/316 kB | 35 kB | 7.7/263 kB Progress (5): 118 kB | 31 kB | 200/316 kB | 35 kB | 12/263 kB Progress (5): 118 kB | 31 kB | 200/316 kB | 35 kB | 16/263 kB Progress (5): 118 kB | 31 kB | 200/316 kB | 35 kB | 20/263 kB Progress (5): 118 kB | 31 kB | 204/316 kB | 35 kB | 20/263 kB Progress (5): 118 kB | 31 kB | 204/316 kB | 35 kB | 24/263 kB Progress (5): 118 kB | 31 kB | 204/316 kB | 35 kB | 28/263 kB Progress (5): 118 kB | 31 kB | 208/316 kB | 35 kB | 28/263 kB Progress (5): 118 kB | 31 kB | 208/316 kB | 35 kB | 32/263 kB Progress (5): 118 kB | 31 kB | 212/316 kB | 35 kB | 32/263 kB Progress (5): 118 kB | 31 kB | 212/316 kB | 35 kB | 36/263 kB Progress (5): 118 kB | 31 kB | 216/316 kB | 35 kB | 36/263 kB Progress (5): 118 kB | 31 kB | 220/316 kB | 35 kB | 36/263 kB Progress (5): 118 kB | 31 kB | 220/316 kB | 35 kB | 40/263 kB Progress (5): 118 kB | 31 kB | 224/316 kB | 35 kB | 40/263 kB Progress (5): 118 kB | 31 kB | 224/316 kB | 35 kB | 44/263 kB Progress (5): 118 kB | 31 kB | 228/316 kB | 35 kB | 44/263 kB Progress (5): 118 kB | 31 kB | 228/316 kB | 35 kB | 48/263 kB Progress (5): 118 kB | 31 kB | 233/316 kB | 35 kB | 48/263 kB Progress (5): 118 kB | 31 kB | 233/316 kB | 35 kB | 52/263 kB Progress (5): 118 kB | 31 kB | 237/316 kB | 35 kB | 52/263 kB Progress (5): 118 kB | 31 kB | 237/316 kB | 35 kB | 56/263 kB Progress (5): 118 kB | 31 kB | 237/316 kB | 35 kB | 61/263 kB Progress (5): 118 kB | 31 kB | 237/316 kB | 35 kB | 65/263 kB Progress (5): 118 kB | 31 kB | 237/316 kB | 35 kB | 69/263 kB Progress (5): 118 kB | 31 kB | 237/316 kB | 35 kB | 73/263 kB Progress (5): 118 kB | 31 kB | 237/316 kB | 35 kB | 77/263 kB Progress (5): 118 kB | 31 kB | 237/316 kB | 35 kB | 81/263 kB Progress (5): 118 kB | 31 kB | 237/316 kB | 35 kB | 85/263 kB Progress (5): 118 kB | 31 kB | 237/316 kB | 35 kB | 89/263 kB Progress (5): 118 kB | 31 kB | 241/316 kB | 35 kB | 89/263 kB Progress (5): 118 kB | 31 kB | 241/316 kB | 35 kB | 93/263 kB Progress (5): 118 kB | 31 kB | 245/316 kB | 35 kB | 93/263 kB Progress (5): 118 kB | 31 kB | 245/316 kB | 35 kB | 97/263 kB Progress (5): 118 kB | 31 kB | 249/316 kB | 35 kB | 97/263 kB Progress (5): 118 kB | 31 kB | 249/316 kB | 35 kB | 101/263 kB Progress (5): 118 kB | 31 kB | 253/316 kB | 35 kB | 101/263 kB Progress (5): 118 kB | 31 kB | 253/316 kB | 35 kB | 106/263 kB Progress (5): 118 kB | 31 kB | 257/316 kB | 35 kB | 106/263 kB Progress (5): 118 kB | 31 kB | 257/316 kB | 35 kB | 110/263 kB Progress (5): 118 kB | 31 kB | 261/316 kB | 35 kB | 110/263 kB Progress (5): 118 kB | 31 kB | 265/316 kB | 35 kB | 110/263 kB Progress (5): 118 kB | 31 kB | 269/316 kB | 35 kB | 110/263 kB Progress (5): 118 kB | 31 kB | 274/316 kB | 35 kB | 110/263 kB Progress (5): 118 kB | 31 kB | 274/316 kB | 35 kB | 114/263 kB Progress (5): 118 kB | 31 kB | 278/316 kB | 35 kB | 114/263 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/1.3/maven-common-artifact-filters-1.3.jar (31 kB at 1.0 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.8/plexus-utils-3.0.8.jar Progress (4): 118 kB | 282/316 kB | 35 kB | 114/263 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-api/2.12.4/surefire-api-2.12.4.jar (118 kB at 3.8 MB/s) Progress (3): 282/316 kB | 35 kB | 118/263 kB Progress (3): 282/316 kB | 35 kB | 122/263 kB Progress (3): 282/316 kB | 35 kB | 126/263 kB Progress (3): 282/316 kB | 35 kB | 130/263 kB Progress (3): 282/316 kB | 35 kB | 134/263 kB Progress (3): 282/316 kB | 35 kB | 138/263 kB Progress (3): 282/316 kB | 35 kB | 142/263 kB Progress (3): 282/316 kB | 35 kB | 147/263 kB Progress (3): 282/316 kB | 35 kB | 151/263 kB Progress (3): 282/316 kB | 35 kB | 155/263 kB Progress (3): 282/316 kB | 35 kB | 159/263 kB Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.9/maven-reporting-api-2.0.9.jar Progress (3): 286/316 kB | 35 kB | 159/263 kB Progress (3): 290/316 kB | 35 kB | 159/263 kB Progress (3): 294/316 kB | 35 kB | 159/263 kB Progress (3): 298/316 kB | 35 kB | 159/263 kB Progress (3): 302/316 kB | 35 kB | 159/263 kB Progress (3): 306/316 kB | 35 kB | 159/263 kB Progress (3): 310/316 kB | 35 kB | 159/263 kB Progress (3): 314/316 kB | 35 kB | 159/263 kB Progress (3): 316 kB | 35 kB | 159/263 kB Progress (3): 316 kB | 35 kB | 163/263 kB Progress (3): 316 kB | 35 kB | 167/263 kB Progress (3): 316 kB | 35 kB | 171/263 kB Progress (3): 316 kB | 35 kB | 175/263 kB Progress (3): 316 kB | 35 kB | 179/263 kB Progress (3): 316 kB | 35 kB | 183/263 kB Progress (3): 316 kB | 35 kB | 187/263 kB Progress (3): 316 kB | 35 kB | 192/263 kB Progress (3): 316 kB | 35 kB | 196/263 kB Progress (3): 316 kB | 35 kB | 200/263 kB Progress (3): 316 kB | 35 kB | 204/263 kB Progress (3): 316 kB | 35 kB | 208/263 kB Progress (3): 316 kB | 35 kB | 212/263 kB Progress (3): 316 kB | 35 kB | 216/263 kB Progress (3): 316 kB | 35 kB | 220/263 kB Progress (3): 316 kB | 35 kB | 224/263 kB Progress (3): 316 kB | 35 kB | 228/263 kB Progress (3): 316 kB | 35 kB | 233/263 kB Progress (3): 316 kB | 35 kB | 237/263 kB Progress (3): 316 kB | 35 kB | 241/263 kB Progress (3): 316 kB | 35 kB | 245/263 kB Progress (3): 316 kB | 35 kB | 249/263 kB Progress (3): 316 kB | 35 kB | 253/263 kB Progress (3): 316 kB | 35 kB | 257/263 kB Progress (3): 316 kB | 35 kB | 261/263 kB Progress (3): 316 kB | 35 kB | 263 kB Progress (4): 316 kB | 35 kB | 263 kB | 4.1/232 kB Progress (4): 316 kB | 35 kB | 263 kB | 7.7/232 kB Progress (4): 316 kB | 35 kB | 263 kB | 12/232 kB Progress (4): 316 kB | 35 kB | 263 kB | 16/232 kB Progress (4): 316 kB | 35 kB | 263 kB | 20/232 kB Progress (4): 316 kB | 35 kB | 263 kB | 24/232 kB Progress (4): 316 kB | 35 kB | 263 kB | 28/232 kB Progress (4): 316 kB | 35 kB | 263 kB | 32/232 kB Progress (4): 316 kB | 35 kB | 263 kB | 36/232 kB Progress (4): 316 kB | 35 kB | 263 kB | 40/232 kB Progress (4): 316 kB | 35 kB | 263 kB | 45/232 kB Progress (4): 316 kB | 35 kB | 263 kB | 49/232 kB Progress (4): 316 kB | 35 kB | 263 kB | 53/232 kB Progress (4): 316 kB | 35 kB | 263 kB | 57/232 kB Progress (4): 316 kB | 35 kB | 263 kB | 61/232 kB Progress (4): 316 kB | 35 kB | 263 kB | 65/232 kB Progress (4): 316 kB | 35 kB | 263 kB | 69/232 kB Progress (4): 316 kB | 35 kB | 263 kB | 73/232 kB Progress (4): 316 kB | 35 kB | 263 kB | 77/232 kB Progress (4): 316 kB | 35 kB | 263 kB | 81/232 kB Progress (4): 316 kB | 35 kB | 263 kB | 86/232 kB Progress (4): 316 kB | 35 kB | 263 kB | 90/232 kB Progress (4): 316 kB | 35 kB | 263 kB | 94/232 kB Progress (4): 316 kB | 35 kB | 263 kB | 98/232 kB Progress (4): 316 kB | 35 kB | 263 kB | 102/232 kB Progress (4): 316 kB | 35 kB | 263 kB | 106/232 kB Progress (4): 316 kB | 35 kB | 263 kB | 110/232 kB Progress (4): 316 kB | 35 kB | 263 kB | 114/232 kB Progress (4): 316 kB | 35 kB | 263 kB | 118/232 kB Progress (4): 316 kB | 35 kB | 263 kB | 122/232 kB Progress (4): 316 kB | 35 kB | 263 kB | 126/232 kB Progress (4): 316 kB | 35 kB | 263 kB | 131/232 kB Progress (4): 316 kB | 35 kB | 263 kB | 135/232 kB Progress (4): 316 kB | 35 kB | 263 kB | 139/232 kB Progress (4): 316 kB | 35 kB | 263 kB | 143/232 kB Progress (4): 316 kB | 35 kB | 263 kB | 147/232 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-booter/2.12.4/surefire-booter-2.12.4.jar (35 kB at 754 kB/s) Progress (3): 316 kB | 263 kB | 151/232 kB Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/2.0.9/maven-toolchain-2.0.9.jar Progress (3): 316 kB | 263 kB | 155/232 kB Progress (3): 316 kB | 263 kB | 159/232 kB Progress (3): 316 kB | 263 kB | 163/232 kB Progress (3): 316 kB | 263 kB | 167/232 kB Progress (3): 316 kB | 263 kB | 172/232 kB Progress (3): 316 kB | 263 kB | 176/232 kB Progress (3): 316 kB | 263 kB | 180/232 kB Progress (3): 316 kB | 263 kB | 184/232 kB Progress (3): 316 kB | 263 kB | 188/232 kB Progress (3): 316 kB | 263 kB | 192/232 kB Progress (3): 316 kB | 263 kB | 196/232 kB Progress (3): 316 kB | 263 kB | 200/232 kB Progress (3): 316 kB | 263 kB | 204/232 kB Progress (3): 316 kB | 263 kB | 208/232 kB Progress (3): 316 kB | 263 kB | 213/232 kB Progress (3): 316 kB | 263 kB | 217/232 kB Progress (3): 316 kB | 263 kB | 221/232 kB Progress (3): 316 kB | 263 kB | 225/232 kB Progress (3): 316 kB | 263 kB | 229/232 kB Progress (3): 316 kB | 263 kB | 232 kB Progress (4): 316 kB | 263 kB | 232 kB | 4.1/10 kB Progress (4): 316 kB | 263 kB | 232 kB | 7.3/10 kB Progress (4): 316 kB | 263 kB | 232 kB | 10 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.1/commons-lang3-3.1.jar (316 kB at 6.7 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-annotations/3.1/maven-plugin-annotations-3.1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/maven-surefire-common/2.12.4/maven-surefire-common-2.12.4.jar (263 kB at 4.8 MB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.8/plexus-utils-3.0.8.jar (232 kB at 4.0 MB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.9/maven-reporting-api-2.0.9.jar (10 kB at 169 kB/s) Progress (1): 4.1/14 kB Progress (1): 7.7/14 kB Progress (1): 12/14 kB Progress (1): 14 kB Progress (2): 14 kB | 4.1/38 kB Progress (2): 14 kB | 7.7/38 kB Progress (2): 14 kB | 12/38 kB Progress (2): 14 kB | 16/38 kB Progress (2): 14 kB | 20/38 kB Progress (2): 14 kB | 24/38 kB Progress (2): 14 kB | 28/38 kB Progress (2): 14 kB | 32/38 kB Progress (2): 14 kB | 36/38 kB Progress (2): 14 kB | 38 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-annotations/3.1/maven-plugin-annotations-3.1.jar (14 kB at 171 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/2.0.9/maven-toolchain-2.0.9.jar (38 kB at 417 kB/s) [INFO] Tests are skipped. [INFO] [INFO] --- maven-jar-plugin:3.3.0:jar (default-jar) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/file-management/3.1.0/file-management-3.1.0.pom Progress (1): 4.1 kB Progress (1): 4.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/file-management/3.1.0/file-management-3.1.0.pom (4.5 kB at 90 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/36/maven-shared-components-36.pom Progress (1): 4.1 kB Progress (1): 4.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/36/maven-shared-components-36.pom (4.9 kB at 111 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/36/maven-parent-36.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 45 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/36/maven-parent-36.pom (45 kB at 968 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/26/apache-26.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 21 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/26/apache-26.pom (21 kB at 437 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.pom (2.7 kB at 64 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.36/slf4j-parent-1.7.36.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.36/slf4j-parent-1.7.36.pom (14 kB at 344 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.3.0/plexus-utils-3.3.0.pom Progress (1): 4.1 kB Progress (1): 5.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.3.0/plexus-utils-3.3.0.pom (5.2 kB at 130 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/5.1/plexus-5.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 23 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/5.1/plexus-5.1.pom (23 kB at 536 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.11.0/commons-io-2.11.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.11.0/commons-io-2.11.0.pom (20 kB at 459 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/52/commons-parent-52.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 49 kB Progress (1): 53 kB Progress (1): 57 kB Progress (1): 61 kB Progress (1): 66 kB Progress (1): 70 kB Progress (1): 74 kB Progress (1): 78 kB Progress (1): 79 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/52/commons-parent-52.pom (79 kB at 1.7 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/junit/junit-bom/5.7.2/junit-bom-5.7.2.pom Progress (1): 4.1 kB Progress (1): 5.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/junit/junit-bom/5.7.2/junit-bom-5.7.2.pom (5.1 kB at 100 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-archiver/3.6.0/maven-archiver-3.6.0.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-archiver/3.6.0/maven-archiver-3.6.0.pom (3.9 kB at 89 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/3.4.0/plexus-io-3.4.0.pom Progress (1): 4.1 kB Progress (1): 6.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/3.4.0/plexus-io-3.4.0.pom (6.0 kB at 109 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/10/plexus-10.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 25 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/10/plexus-10.pom (25 kB at 552 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/javax/inject/javax.inject/1/javax.inject-1.pom Progress (1): 612 B Downloaded from central: https://repo.maven.apache.org/maven2/javax/inject/javax.inject/1/javax.inject-1.pom (612 B at 14 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/4.4.0/plexus-archiver-4.4.0.pom Progress (1): 4.1 kB Progress (1): 6.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/4.4.0/plexus-archiver-4.4.0.pom (6.3 kB at 136 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.21/commons-compress-1.21.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.21/commons-compress-1.21.pom (20 kB at 437 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/iq80/snappy/snappy/0.4/snappy-0.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/iq80/snappy/snappy/0.4/snappy-0.4.pom (15 kB at 309 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.9/xz-1.9.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.9/xz-1.9.pom (2.0 kB at 51 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.pom (2.7 kB at 68 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.4.2/plexus-utils-3.4.2.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.4.2/plexus-utils-3.4.2.pom (8.2 kB at 216 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/8/plexus-8.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 25 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/8/plexus-8.pom (25 kB at 578 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/file-management/3.1.0/file-management-3.1.0.jar Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.jar Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.11.0/commons-io-2.11.0.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-archiver/3.6.0/maven-archiver-3.6.0.jar Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/3.4.0/plexus-io-3.4.0.jar Progress (1): 4.1/41 kB Progress (1): 7.7/41 kB Progress (1): 12/41 kB Progress (1): 15/41 kB Progress (1): 20/41 kB Progress (1): 24/41 kB Progress (1): 28/41 kB Progress (1): 32/41 kB Progress (1): 36/41 kB Progress (1): 40/41 kB Progress (2): 40/41 kB | 4.1/327 kB Progress (2): 41 kB | 4.1/327 kB Progress (2): 41 kB | 7.7/327 kB Progress (2): 41 kB | 11/327 kB Progress (2): 41 kB | 15/327 kB Progress (2): 41 kB | 20/327 kB Progress (2): 41 kB | 24/327 kB Progress (2): 41 kB | 28/327 kB Progress (2): 41 kB | 32/327 kB Progress (2): 41 kB | 36/327 kB Progress (2): 41 kB | 40/327 kB Progress (2): 41 kB | 44/327 kB Progress (2): 41 kB | 48/327 kB Progress (2): 41 kB | 52/327 kB Progress (2): 41 kB | 56/327 kB Progress (2): 41 kB | 61/327 kB Progress (2): 41 kB | 65/327 kB Progress (2): 41 kB | 69/327 kB Progress (2): 41 kB | 73/327 kB Progress (2): 41 kB | 77/327 kB Progress (2): 41 kB | 81/327 kB Progress (2): 41 kB | 85/327 kB Progress (2): 41 kB | 89/327 kB Progress (2): 41 kB | 93/327 kB Progress (2): 41 kB | 97/327 kB Progress (2): 41 kB | 102/327 kB Progress (2): 41 kB | 106/327 kB Progress (2): 41 kB | 110/327 kB Progress (2): 41 kB | 114/327 kB Progress (2): 41 kB | 118/327 kB Progress (2): 41 kB | 122/327 kB Progress (2): 41 kB | 126/327 kB Progress (2): 41 kB | 130/327 kB Progress (2): 41 kB | 134/327 kB Progress (2): 41 kB | 138/327 kB Progress (2): 41 kB | 142/327 kB Progress (2): 41 kB | 147/327 kB Progress (2): 41 kB | 151/327 kB Progress (2): 41 kB | 155/327 kB Progress (2): 41 kB | 159/327 kB Progress (2): 41 kB | 163/327 kB Progress (2): 41 kB | 167/327 kB Progress (2): 41 kB | 171/327 kB Progress (2): 41 kB | 175/327 kB Progress (2): 41 kB | 179/327 kB Progress (2): 41 kB | 183/327 kB Progress (2): 41 kB | 188/327 kB Progress (2): 41 kB | 192/327 kB Progress (2): 41 kB | 196/327 kB Progress (2): 41 kB | 200/327 kB Progress (2): 41 kB | 204/327 kB Progress (2): 41 kB | 208/327 kB Progress (2): 41 kB | 212/327 kB Progress (2): 41 kB | 216/327 kB Progress (2): 41 kB | 220/327 kB Progress (2): 41 kB | 224/327 kB Progress (2): 41 kB | 228/327 kB Progress (2): 41 kB | 233/327 kB Progress (2): 41 kB | 237/327 kB Progress (2): 41 kB | 241/327 kB Progress (2): 41 kB | 245/327 kB Progress (2): 41 kB | 249/327 kB Progress (2): 41 kB | 253/327 kB Progress (2): 41 kB | 257/327 kB Progress (2): 41 kB | 261/327 kB Progress (2): 41 kB | 265/327 kB Progress (2): 41 kB | 269/327 kB Progress (2): 41 kB | 274/327 kB Progress (2): 41 kB | 278/327 kB Progress (2): 41 kB | 282/327 kB Progress (2): 41 kB | 286/327 kB Progress (2): 41 kB | 290/327 kB Progress (2): 41 kB | 294/327 kB Progress (2): 41 kB | 298/327 kB Progress (2): 41 kB | 302/327 kB Progress (2): 41 kB | 306/327 kB Progress (2): 41 kB | 310/327 kB Progress (2): 41 kB | 314/327 kB Progress (2): 41 kB | 319/327 kB Progress (2): 41 kB | 323/327 kB Progress (2): 41 kB | 327/327 kB Progress (2): 41 kB | 327 kB Progress (3): 41 kB | 327 kB | 4.1/26 kB Progress (3): 41 kB | 327 kB | 8.2/26 kB Progress (3): 41 kB | 327 kB | 12/26 kB Progress (3): 41 kB | 327 kB | 16/26 kB Progress (3): 41 kB | 327 kB | 20/26 kB Progress (3): 41 kB | 327 kB | 25/26 kB Progress (3): 41 kB | 327 kB | 26 kB Progress (4): 41 kB | 327 kB | 26 kB | 4.1/36 kB Progress (4): 41 kB | 327 kB | 26 kB | 7.7/36 kB Progress (4): 41 kB | 327 kB | 26 kB | 12/36 kB Progress (4): 41 kB | 327 kB | 26 kB | 15/36 kB Progress (4): 41 kB | 327 kB | 26 kB | 20/36 kB Progress (4): 41 kB | 327 kB | 26 kB | 24/36 kB Progress (4): 41 kB | 327 kB | 26 kB | 28/36 kB Progress (4): 41 kB | 327 kB | 26 kB | 32/36 kB Progress (4): 41 kB | 327 kB | 26 kB | 36/36 kB Progress (4): 41 kB | 327 kB | 26 kB | 36 kB Progress (5): 41 kB | 327 kB | 26 kB | 36 kB | 4.1/79 kB Progress (5): 41 kB | 327 kB | 26 kB | 36 kB | 7.7/79 kB Progress (5): 41 kB | 327 kB | 26 kB | 36 kB | 12/79 kB Progress (5): 41 kB | 327 kB | 26 kB | 36 kB | 16/79 kB Progress (5): 41 kB | 327 kB | 26 kB | 36 kB | 20/79 kB Progress (5): 41 kB | 327 kB | 26 kB | 36 kB | 24/79 kB Progress (5): 41 kB | 327 kB | 26 kB | 36 kB | 28/79 kB Progress (5): 41 kB | 327 kB | 26 kB | 36 kB | 32/79 kB Progress (5): 41 kB | 327 kB | 26 kB | 36 kB | 36/79 kB Progress (5): 41 kB | 327 kB | 26 kB | 36 kB | 40/79 kB Progress (5): 41 kB | 327 kB | 26 kB | 36 kB | 44/79 kB Progress (5): 41 kB | 327 kB | 26 kB | 36 kB | 48/79 kB Progress (5): 41 kB | 327 kB | 26 kB | 36 kB | 52/79 kB Progress (5): 41 kB | 327 kB | 26 kB | 36 kB | 56/79 kB Progress (5): 41 kB | 327 kB | 26 kB | 36 kB | 61/79 kB Progress (5): 41 kB | 327 kB | 26 kB | 36 kB | 65/79 kB Progress (5): 41 kB | 327 kB | 26 kB | 36 kB | 69/79 kB Progress (5): 41 kB | 327 kB | 26 kB | 36 kB | 73/79 kB Progress (5): 41 kB | 327 kB | 26 kB | 36 kB | 77/79 kB Progress (5): 41 kB | 327 kB | 26 kB | 36 kB | 79 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.jar (41 kB at 1.5 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/javax/inject/javax.inject/1/javax.inject-1.jar Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.11.0/commons-io-2.11.0.jar (327 kB at 11 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/4.4.0/plexus-archiver-4.4.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-archiver/3.6.0/maven-archiver-3.6.0.jar (26 kB at 750 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.21/commons-compress-1.21.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/file-management/3.1.0/file-management-3.1.0.jar (36 kB at 931 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/iq80/snappy/snappy/0.4/snappy-0.4.jar Progress (2): 79 kB | 2.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/3.4.0/plexus-io-3.4.0.jar (79 kB at 1.9 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.9/xz-1.9.jar Progress (2): 2.5 kB | 4.1/211 kB Progress (2): 2.5 kB | 7.7/211 kB Progress (2): 2.5 kB | 12/211 kB Progress (2): 2.5 kB | 16/211 kB Progress (2): 2.5 kB | 20/211 kB Progress (2): 2.5 kB | 24/211 kB Progress (2): 2.5 kB | 28/211 kB Progress (2): 2.5 kB | 32/211 kB Progress (2): 2.5 kB | 36/211 kB Progress (2): 2.5 kB | 40/211 kB Progress (2): 2.5 kB | 45/211 kB Progress (2): 2.5 kB | 49/211 kB Progress (2): 2.5 kB | 53/211 kB Progress (2): 2.5 kB | 57/211 kB Progress (2): 2.5 kB | 61/211 kB Progress (2): 2.5 kB | 65/211 kB Progress (2): 2.5 kB | 69/211 kB Progress (2): 2.5 kB | 73/211 kB Progress (2): 2.5 kB | 77/211 kB Progress (2): 2.5 kB | 81/211 kB Progress (2): 2.5 kB | 86/211 kB Progress (2): 2.5 kB | 90/211 kB Progress (2): 2.5 kB | 94/211 kB Progress (2): 2.5 kB | 98/211 kB Progress (2): 2.5 kB | 102/211 kB Progress (2): 2.5 kB | 106/211 kB Progress (2): 2.5 kB | 110/211 kB Progress (2): 2.5 kB | 114/211 kB Progress (2): 2.5 kB | 118/211 kB Progress (2): 2.5 kB | 122/211 kB Progress (2): 2.5 kB | 126/211 kB Progress (2): 2.5 kB | 131/211 kB Progress (2): 2.5 kB | 135/211 kB Progress (2): 2.5 kB | 139/211 kB Progress (2): 2.5 kB | 143/211 kB Progress (2): 2.5 kB | 147/211 kB Progress (2): 2.5 kB | 151/211 kB Progress (2): 2.5 kB | 155/211 kB Progress (2): 2.5 kB | 159/211 kB Progress (2): 2.5 kB | 163/211 kB Progress (2): 2.5 kB | 167/211 kB Progress (2): 2.5 kB | 172/211 kB Progress (2): 2.5 kB | 176/211 kB Progress (2): 2.5 kB | 180/211 kB Progress (2): 2.5 kB | 184/211 kB Progress (2): 2.5 kB | 188/211 kB Progress (2): 2.5 kB | 192/211 kB Progress (2): 2.5 kB | 196/211 kB Progress (2): 2.5 kB | 200/211 kB Progress (2): 2.5 kB | 204/211 kB Progress (2): 2.5 kB | 208/211 kB Progress (2): 2.5 kB | 211 kB Progress (3): 2.5 kB | 211 kB | 0/1.0 MB Progress (3): 2.5 kB | 211 kB | 0/1.0 MB Progress (3): 2.5 kB | 211 kB | 0/1.0 MB Progress (3): 2.5 kB | 211 kB | 0/1.0 MB Progress (3): 2.5 kB | 211 kB | 0/1.0 MB Progress (3): 2.5 kB | 211 kB | 0/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.1/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.1/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.1/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.1/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.1/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.1/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.1/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.1/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.1/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.1/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.1/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.1/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.2/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.2/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.2/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.2/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.2/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.2/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.2/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.2/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.2/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.2/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.2/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.2/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.3/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.3/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.3/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.3/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.3/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.3/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.3/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.3/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.3/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.3/1.0 MB Downloaded from central: https://repo.maven.apache.org/maven2/javax/inject/javax.inject/1/javax.inject-1.jar (2.5 kB at 44 kB/s) Progress (2): 211 kB | 0.3/1.0 MB Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.jar Progress (2): 211 kB | 0.3/1.0 MB Progress (2): 211 kB | 0.4/1.0 MB Progress (2): 211 kB | 0.4/1.0 MB Progress (2): 211 kB | 0.4/1.0 MB Progress (2): 211 kB | 0.4/1.0 MB Progress (2): 211 kB | 0.4/1.0 MB Progress (2): 211 kB | 0.4/1.0 MB Progress (2): 211 kB | 0.4/1.0 MB Progress (2): 211 kB | 0.4/1.0 MB Progress (2): 211 kB | 0.4/1.0 MB Progress (2): 211 kB | 0.4/1.0 MB Progress (2): 211 kB | 0.4/1.0 MB Progress (2): 211 kB | 0.4/1.0 MB Progress (2): 211 kB | 0.5/1.0 MB Progress (2): 211 kB | 0.5/1.0 MB Progress (2): 211 kB | 0.5/1.0 MB Progress (2): 211 kB | 0.5/1.0 MB Progress (2): 211 kB | 0.5/1.0 MB Progress (2): 211 kB | 0.5/1.0 MB Progress (2): 211 kB | 0.5/1.0 MB Progress (2): 211 kB | 0.5/1.0 MB Progress (2): 211 kB | 0.5/1.0 MB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/4.4.0/plexus-archiver-4.4.0.jar (211 kB at 3.6 MB/s) Progress (1): 0.5/1.0 MB Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.4.2/plexus-utils-3.4.2.jar Progress (1): 0.5/1.0 MB Progress (1): 0.5/1.0 MB Progress (1): 0.5/1.0 MB Progress (1): 0.6/1.0 MB Progress (1): 0.6/1.0 MB Progress (1): 0.6/1.0 MB Progress (1): 0.6/1.0 MB Progress (1): 0.6/1.0 MB Progress (1): 0.6/1.0 MB Progress (1): 0.6/1.0 MB Progress (1): 0.6/1.0 MB Progress (2): 0.6/1.0 MB | 4.1/58 kB Progress (2): 0.6/1.0 MB | 4.1/58 kB Progress (2): 0.6/1.0 MB | 7.7/58 kB Progress (2): 0.6/1.0 MB | 7.7/58 kB Progress (2): 0.6/1.0 MB | 12/58 kB Progress (2): 0.6/1.0 MB | 16/58 kB Progress (2): 0.6/1.0 MB | 16/58 kB Progress (2): 0.6/1.0 MB | 16/58 kB Progress (2): 0.6/1.0 MB | 20/58 kB Progress (2): 0.7/1.0 MB | 20/58 kB Progress (2): 0.7/1.0 MB | 20/58 kB Progress (2): 0.7/1.0 MB | 24/58 kB Progress (2): 0.7/1.0 MB | 24/58 kB Progress (2): 0.7/1.0 MB | 28/58 kB Progress (2): 0.7/1.0 MB | 28/58 kB Progress (2): 0.7/1.0 MB | 32/58 kB Progress (2): 0.7/1.0 MB | 32/58 kB Progress (2): 0.7/1.0 MB | 36/58 kB Progress (2): 0.7/1.0 MB | 36/58 kB Progress (2): 0.7/1.0 MB | 40/58 kB Progress (2): 0.7/1.0 MB | 45/58 kB Progress (2): 0.7/1.0 MB | 45/58 kB Progress (2): 0.7/1.0 MB | 49/58 kB Progress (2): 0.7/1.0 MB | 49/58 kB Progress (2): 0.7/1.0 MB | 53/58 kB Progress (2): 0.7/1.0 MB | 53/58 kB Progress (2): 0.7/1.0 MB | 57/58 kB Progress (2): 0.7/1.0 MB | 57/58 kB Progress (2): 0.7/1.0 MB | 58 kB Progress (2): 0.7/1.0 MB | 58 kB Progress (2): 0.7/1.0 MB | 58 kB Progress (2): 0.8/1.0 MB | 58 kB Progress (2): 0.8/1.0 MB | 58 kB Progress (2): 0.8/1.0 MB | 58 kB Progress (2): 0.8/1.0 MB | 58 kB Progress (2): 0.8/1.0 MB | 58 kB Progress (2): 0.8/1.0 MB | 58 kB Progress (2): 0.8/1.0 MB | 58 kB Progress (2): 0.8/1.0 MB | 58 kB Progress (2): 0.8/1.0 MB | 58 kB Progress (2): 0.8/1.0 MB | 58 kB Progress (2): 0.8/1.0 MB | 58 kB Progress (2): 0.8/1.0 MB | 58 kB Progress (2): 0.9/1.0 MB | 58 kB Progress (2): 0.9/1.0 MB | 58 kB Progress (2): 0.9/1.0 MB | 58 kB Progress (2): 0.9/1.0 MB | 58 kB Progress (2): 0.9/1.0 MB | 58 kB Progress (2): 0.9/1.0 MB | 58 kB Progress (2): 0.9/1.0 MB | 58 kB Progress (2): 0.9/1.0 MB | 58 kB Progress (2): 0.9/1.0 MB | 58 kB Progress (2): 0.9/1.0 MB | 58 kB Progress (2): 0.9/1.0 MB | 58 kB Progress (2): 0.9/1.0 MB | 58 kB Progress (2): 0.9/1.0 MB | 58 kB Progress (2): 1.0/1.0 MB | 58 kB Progress (2): 1.0/1.0 MB | 58 kB Progress (2): 1.0/1.0 MB | 58 kB Progress (2): 1.0/1.0 MB | 58 kB Progress (2): 1.0/1.0 MB | 58 kB Progress (2): 1.0/1.0 MB | 58 kB Progress (2): 1.0/1.0 MB | 58 kB Progress (2): 1.0/1.0 MB | 58 kB Progress (2): 1.0 MB | 58 kB Progress (3): 1.0 MB | 58 kB | 4.1/116 kB Progress (3): 1.0 MB | 58 kB | 7.7/116 kB Progress (3): 1.0 MB | 58 kB | 12/116 kB Progress (3): 1.0 MB | 58 kB | 15/116 kB Progress (3): 1.0 MB | 58 kB | 20/116 kB Progress (3): 1.0 MB | 58 kB | 24/116 kB Progress (3): 1.0 MB | 58 kB | 28/116 kB Progress (3): 1.0 MB | 58 kB | 32/116 kB Progress (3): 1.0 MB | 58 kB | 36/116 kB Progress (3): 1.0 MB | 58 kB | 40/116 kB Progress (3): 1.0 MB | 58 kB | 44/116 kB Progress (3): 1.0 MB | 58 kB | 48/116 kB Progress (3): 1.0 MB | 58 kB | 52/116 kB Progress (3): 1.0 MB | 58 kB | 56/116 kB Progress (3): 1.0 MB | 58 kB | 61/116 kB Progress (3): 1.0 MB | 58 kB | 65/116 kB Progress (3): 1.0 MB | 58 kB | 69/116 kB Progress (3): 1.0 MB | 58 kB | 73/116 kB Progress (3): 1.0 MB | 58 kB | 77/116 kB Progress (3): 1.0 MB | 58 kB | 81/116 kB Progress (3): 1.0 MB | 58 kB | 85/116 kB Progress (3): 1.0 MB | 58 kB | 89/116 kB Progress (3): 1.0 MB | 58 kB | 93/116 kB Progress (3): 1.0 MB | 58 kB | 97/116 kB Progress (3): 1.0 MB | 58 kB | 102/116 kB Progress (3): 1.0 MB | 58 kB | 106/116 kB Progress (3): 1.0 MB | 58 kB | 110/116 kB Progress (3): 1.0 MB | 58 kB | 114/116 kB Progress (3): 1.0 MB | 58 kB | 116 kB Progress (4): 1.0 MB | 58 kB | 116 kB | 4.1/85 kB Progress (4): 1.0 MB | 58 kB | 116 kB | 7.7/85 kB Progress (4): 1.0 MB | 58 kB | 116 kB | 12/85 kB Progress (4): 1.0 MB | 58 kB | 116 kB | 16/85 kB Progress (4): 1.0 MB | 58 kB | 116 kB | 20/85 kB Progress (4): 1.0 MB | 58 kB | 116 kB | 24/85 kB Progress (4): 1.0 MB | 58 kB | 116 kB | 28/85 kB Progress (4): 1.0 MB | 58 kB | 116 kB | 32/85 kB Progress (4): 1.0 MB | 58 kB | 116 kB | 36/85 kB Progress (4): 1.0 MB | 58 kB | 116 kB | 40/85 kB Progress (4): 1.0 MB | 58 kB | 116 kB | 45/85 kB Progress (4): 1.0 MB | 58 kB | 116 kB | 49/85 kB Progress (4): 1.0 MB | 58 kB | 116 kB | 53/85 kB Progress (4): 1.0 MB | 58 kB | 116 kB | 57/85 kB Progress (4): 1.0 MB | 58 kB | 116 kB | 61/85 kB Progress (4): 1.0 MB | 58 kB | 116 kB | 65/85 kB Progress (4): 1.0 MB | 58 kB | 116 kB | 69/85 kB Progress (4): 1.0 MB | 58 kB | 116 kB | 73/85 kB Progress (4): 1.0 MB | 58 kB | 116 kB | 77/85 kB Progress (4): 1.0 MB | 58 kB | 116 kB | 81/85 kB Progress (4): 1.0 MB | 58 kB | 116 kB | 85 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 4.1/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 7.7/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 12/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 16/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 20/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 24/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 28/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 32/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 36/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 40/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 45/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 49/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 53/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 57/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 61/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 65/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 69/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 73/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 77/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 81/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 86/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 90/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 94/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 98/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 102/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 106/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 110/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 114/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 118/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 122/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 126/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 131/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 135/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 139/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 143/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 147/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 151/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 155/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 159/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 163/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 167/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 172/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 176/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 180/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 184/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 188/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 192/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 196/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 200/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 204/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 208/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 213/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 217/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 221/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 225/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 229/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 233/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 237/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 241/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 245/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 249/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 253/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 258/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 262/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 266/267 kB Progress (5): 1.0 MB | 58 kB | 116 kB | 85 kB | 267 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.21/commons-compress-1.21.jar (1.0 MB at 13 MB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.jar (85 kB at 1.0 MB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.9/xz-1.9.jar (116 kB at 1.3 MB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/iq80/snappy/snappy/0.4/snappy-0.4.jar (58 kB at 644 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.4.2/plexus-utils-3.4.2.jar (267 kB at 2.9 MB/s) [INFO] Building jar: /work/target/hacbs-test.jar [INFO] [INFO] --- maven-shade-plugin:3.2.4:shade (default) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/3.0/maven-plugin-api-3.0.pom Progress (1): 2.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/3.0/maven-plugin-api-3.0.pom (2.3 kB at 72 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/3.0/maven-3.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 22 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/3.0/maven-3.0.pom (22 kB at 625 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/15/maven-parent-15.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 24 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/15/maven-parent-15.pom (24 kB at 828 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/3.0/maven-model-3.0.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/3.0/maven-model-3.0.pom (3.9 kB at 134 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.4/plexus-utils-2.0.4.pom Progress (1): 3.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.4/plexus-utils-2.0.4.pom (3.3 kB at 123 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.0/maven-artifact-3.0.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.0/maven-artifact-3.0.pom (1.9 kB at 57 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-plexus/1.4.2/sisu-inject-plexus-1.4.2.pom Progress (1): 4.1 kB Progress (1): 5.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-plexus/1.4.2/sisu-inject-plexus-1.4.2.pom (5.4 kB at 199 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/inject/guice-plexus/1.4.2/guice-plexus-1.4.2.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/inject/guice-plexus/1.4.2/guice-plexus-1.4.2.pom (3.1 kB at 125 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/inject/guice-bean/1.4.2/guice-bean-1.4.2.pom Progress (1): 2.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/inject/guice-bean/1.4.2/guice-bean-1.4.2.pom (2.6 kB at 97 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject/1.4.2/sisu-inject-1.4.2.pom Progress (1): 1.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject/1.4.2/sisu-inject-1.4.2.pom (1.2 kB at 46 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-parent/1.4.2/sisu-parent-1.4.2.pom Progress (1): 4.1 kB Progress (1): 7.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-parent/1.4.2/sisu-parent-1.4.2.pom (7.8 kB at 222 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/6/forge-parent-6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/6/forge-parent-6.pom (11 kB at 307 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.pom Progress (1): 750 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.pom (750 B at 31 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/2.0.0/plexus-containers-2.0.0.pom Progress (1): 4.1 kB Progress (1): 4.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/2.0.0/plexus-containers-2.0.0.pom (4.8 kB at 172 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.3/plexus-classworlds-2.2.3.pom Progress (1): 4.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.3/plexus-classworlds-2.2.3.pom (4.0 kB at 160 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-bean/1.4.2/sisu-inject-bean-1.4.2.pom Progress (1): 4.1 kB Progress (1): 5.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-bean/1.4.2/sisu-inject-bean-1.4.2.pom (5.5 kB at 202 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-guice/2.1.7/sisu-guice-2.1.7.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-guice/2.1.7/sisu-guice-2.1.7.pom (11 kB at 395 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/3.0/maven-core-3.0.pom Progress (1): 4.1 kB Progress (1): 6.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/3.0/maven-core-3.0.pom (6.6 kB at 189 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/3.0/maven-settings-3.0.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/3.0/maven-settings-3.0.pom (1.9 kB at 72 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings-builder/3.0/maven-settings-builder-3.0.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings-builder/3.0/maven-settings-builder-3.0.pom (2.2 kB at 65 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.pom Progress (1): 910 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.pom (910 B at 31 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.18/plexus-components-1.1.18.pom Progress (1): 4.1 kB Progress (1): 5.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.18/plexus-components-1.1.18.pom (5.4 kB at 214 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/3.0/maven-repository-metadata-3.0.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/3.0/maven-repository-metadata-3.0.pom (1.9 kB at 69 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model-builder/3.0/maven-model-builder-3.0.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model-builder/3.0/maven-model-builder-3.0.pom (2.2 kB at 80 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-aether-provider/3.0/maven-aether-provider-3.0.pom Progress (1): 2.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-aether-provider/3.0/maven-aether-provider-3.0.pom (2.5 kB at 80 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-api/1.7/aether-api-1.7.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-api/1.7/aether-api-1.7.pom (1.7 kB at 49 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-parent/1.7/aether-parent-1.7.pom Progress (1): 4.1 kB Progress (1): 7.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-parent/1.7/aether-parent-1.7.pom (7.7 kB at 297 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-util/1.7/aether-util-1.7.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-util/1.7/aether-util-1.7.pom (2.1 kB at 82 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-impl/1.7/aether-impl-1.7.pom Progress (1): 3.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-impl/1.7/aether-impl-1.7.pom (3.7 kB at 142 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-spi/1.7/aether-spi-1.7.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-spi/1.7/aether-spi-1.7.pom (1.7 kB at 67 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-artifact-transfer/0.12.0/maven-artifact-transfer-0.12.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-artifact-transfer/0.12.0/maven-artifact-transfer-0.12.0.pom (11 kB at 363 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/33/maven-shared-components-33.pom Progress (1): 4.1 kB Progress (1): 5.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/33/maven-shared-components-33.pom (5.1 kB at 189 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/33/maven-parent-33.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 44 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/33/maven-parent-33.pom (44 kB at 1.5 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/21/apache-21.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 17 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/21/apache-21.pom (17 kB at 658 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.0.1/maven-common-artifact-filters-3.0.1.pom Progress (1): 4.1 kB Progress (1): 4.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.0.1/maven-common-artifact-filters-3.0.1.pom (4.8 kB at 151 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/30/maven-shared-components-30.pom Progress (1): 4.1 kB Progress (1): 4.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/30/maven-shared-components-30.pom (4.6 kB at 164 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/30/maven-parent-30.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 41 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/30/maven-parent-30.pom (41 kB at 1.4 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/18/apache-18.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/18/apache-18.pom (16 kB at 560 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.1.0/maven-shared-utils-3.1.0.pom Progress (1): 4.1 kB Progress (1): 5.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.1.0/maven-shared-utils-3.1.0.pom (5.0 kB at 172 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.5/commons-io-2.5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.5/commons-io-2.5.pom (13 kB at 475 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/39/commons-parent-39.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 49 kB Progress (1): 53 kB Progress (1): 57 kB Progress (1): 61 kB Progress (1): 62 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/39/commons-parent-39.pom (62 kB at 1.9 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/16/apache-16.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/16/apache-16.pom (15 kB at 513 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.1.1/plexus-utils-3.1.1.pom Progress (1): 4.1 kB Progress (1): 5.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.1.1/plexus-utils-3.1.1.pom (5.1 kB at 158 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/4.0/plexus-4.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 22 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/4.0/plexus-4.0.pom (22 kB at 717 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.pom (14 kB at 517 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/42/commons-parent-42.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 49 kB Progress (1): 53 kB Progress (1): 57 kB Progress (1): 61 kB Progress (1): 66 kB Progress (1): 68 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/42/commons-parent-42.pom (68 kB at 2.1 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.5/slf4j-api-1.7.5.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.5/slf4j-api-1.7.5.pom (2.7 kB at 108 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.5/slf4j-parent-1.7.5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.5/slf4j-parent-1.7.5.pom (12 kB at 407 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/8.0/asm-8.0.pom Progress (1): 2.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/8.0/asm-8.0.pom (2.9 kB at 98 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/ow2/1.5/ow2-1.5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/ow2/1.5/ow2-1.5.pom (11 kB at 362 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-commons/8.0/asm-commons-8.0.pom Progress (1): 3.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-commons/8.0/asm-commons-8.0.pom (3.7 kB at 131 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-tree/8.0/asm-tree-8.0.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-tree/8.0/asm-tree-8.0.pom (3.1 kB at 116 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-analysis/8.0/asm-analysis-8.0.pom Progress (1): 3.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-analysis/8.0/asm-analysis-8.0.pom (3.2 kB at 113 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/jdom/jdom2/2.0.6/jdom2-2.0.6.pom Progress (1): 4.1 kB Progress (1): 4.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/jdom/jdom2/2.0.6/jdom2-2.0.6.pom (4.6 kB at 164 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-tree/3.0.1/maven-dependency-tree-3.0.1.pom Progress (1): 4.1 kB Progress (1): 7.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-tree/3.0.1/maven-dependency-tree-3.0.1.pom (7.5 kB at 227 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether-util/0.9.0.M2/aether-util-0.9.0.M2.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether-util/0.9.0.M2/aether-util-0.9.0.M2.pom (2.0 kB at 73 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether/0.9.0.M2/aether-0.9.0.M2.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 28 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether/0.9.0.M2/aether-0.9.0.M2.pom (28 kB at 961 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.6/commons-io-2.6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.6/commons-io-2.6.pom (14 kB at 492 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/vafer/jdependency/2.4.0/jdependency-2.4.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/vafer/jdependency/2.4.0/jdependency-2.4.0.pom (15 kB at 359 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-util/8.0/asm-util-8.0.pom Progress (1): 3.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-util/8.0/asm-util-8.0.pom (3.7 kB at 122 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/guava/28.2-android/guava-28.2-android.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/guava/28.2-android/guava-28.2-android.pom (11 kB at 364 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/guava-parent/28.2-android/guava-parent-28.2-android.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/guava-parent/28.2-android/guava-parent-28.2-android.pom (13 kB at 461 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.pom Progress (1): 2.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.pom (2.4 kB at 86 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/guava-parent/26.0-android/guava-parent-26.0-android.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 10 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/guava-parent/26.0-android/guava-parent-26.0-android.pom (10 kB at 377 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/9/oss-parent-9.pom Progress (1): 4.1 kB Progress (1): 6.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/9/oss-parent-9.pom (6.6 kB at 227 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.pom Progress (1): 2.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.pom (2.3 kB at 71 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.pom Progress (1): 4.1 kB Progress (1): 4.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.pom (4.3 kB at 148 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/7/oss-parent-7.pom Progress (1): 4.1 kB Progress (1): 4.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/7/oss-parent-7.pom (4.8 kB at 186 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.pom (2.7 kB at 110 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_annotations/2.3.4/error_prone_annotations-2.3.4.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_annotations/2.3.4/error_prone_annotations-2.3.4.pom (2.1 kB at 81 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_parent/2.3.4/error_prone_parent-2.3.4.pom Progress (1): 4.1 kB Progress (1): 5.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_parent/2.3.4/error_prone_parent-2.3.4.pom (5.4 kB at 201 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.pom (2.8 kB at 110 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.7/commons-lang3-3.7.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 28 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.7/commons-lang3-3.7.pom (28 kB at 949 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/3.0/maven-plugin-api-3.0.jar Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-plexus/1.4.2/sisu-inject-plexus-1.4.2.jar Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-bean/1.4.2/sisu-inject-bean-1.4.2.jar Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-guice/2.1.7/sisu-guice-2.1.7-noaop.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/3.0/maven-model-3.0.jar Progress (1): 4.1/49 kB Progress (1): 7.7/49 kB Progress (1): 12/49 kB Progress (1): 15/49 kB Progress (1): 20/49 kB Progress (1): 24/49 kB Progress (1): 28/49 kB Progress (1): 32/49 kB Progress (1): 36/49 kB Progress (1): 40/49 kB Progress (1): 44/49 kB Progress (1): 48/49 kB Progress (1): 49 kB Progress (2): 49 kB | 4.1/472 kB Progress (3): 49 kB | 4.1/472 kB | 4.1/165 kB Progress (3): 49 kB | 7.7/472 kB | 4.1/165 kB Progress (3): 49 kB | 12/472 kB | 4.1/165 kB Progress (3): 49 kB | 12/472 kB | 7.7/165 kB Progress (3): 49 kB | 16/472 kB | 7.7/165 kB Progress (3): 49 kB | 16/472 kB | 12/165 kB Progress (3): 49 kB | 20/472 kB | 12/165 kB Progress (3): 49 kB | 20/472 kB | 15/165 kB Progress (3): 49 kB | 24/472 kB | 15/165 kB Progress (3): 49 kB | 24/472 kB | 20/165 kB Progress (3): 49 kB | 28/472 kB | 20/165 kB Progress (3): 49 kB | 28/472 kB | 24/165 kB Progress (3): 49 kB | 32/472 kB | 24/165 kB Progress (3): 49 kB | 32/472 kB | 28/165 kB Progress (3): 49 kB | 32/472 kB | 32/165 kB Progress (3): 49 kB | 36/472 kB | 32/165 kB Progress (3): 49 kB | 40/472 kB | 32/165 kB Progress (3): 49 kB | 40/472 kB | 36/165 kB Progress (3): 49 kB | 45/472 kB | 36/165 kB Progress (3): 49 kB | 45/472 kB | 40/165 kB Progress (3): 49 kB | 49/472 kB | 40/165 kB Progress (3): 49 kB | 49/472 kB | 44/165 kB Progress (3): 49 kB | 49/472 kB | 48/165 kB Progress (3): 49 kB | 53/472 kB | 48/165 kB Progress (3): 49 kB | 53/472 kB | 52/165 kB Progress (3): 49 kB | 57/472 kB | 52/165 kB Progress (3): 49 kB | 57/472 kB | 56/165 kB Progress (3): 49 kB | 61/472 kB | 56/165 kB Progress (3): 49 kB | 61/472 kB | 61/165 kB Progress (3): 49 kB | 65/472 kB | 61/165 kB Progress (3): 49 kB | 65/472 kB | 65/165 kB Progress (3): 49 kB | 69/472 kB | 65/165 kB Progress (3): 49 kB | 69/472 kB | 69/165 kB Progress (3): 49 kB | 69/472 kB | 73/165 kB Progress (3): 49 kB | 73/472 kB | 73/165 kB Progress (3): 49 kB | 73/472 kB | 77/165 kB Progress (3): 49 kB | 77/472 kB | 77/165 kB Progress (3): 49 kB | 77/472 kB | 81/165 kB Progress (3): 49 kB | 81/472 kB | 81/165 kB Progress (3): 49 kB | 85/472 kB | 81/165 kB Progress (3): 49 kB | 89/472 kB | 81/165 kB Progress (3): 49 kB | 93/472 kB | 81/165 kB Progress (3): 49 kB | 97/472 kB | 81/165 kB Progress (3): 49 kB | 102/472 kB | 81/165 kB Progress (3): 49 kB | 106/472 kB | 81/165 kB Progress (3): 49 kB | 110/472 kB | 81/165 kB Progress (3): 49 kB | 114/472 kB | 81/165 kB Progress (3): 49 kB | 118/472 kB | 81/165 kB Progress (3): 49 kB | 122/472 kB | 81/165 kB Progress (3): 49 kB | 126/472 kB | 81/165 kB Progress (3): 49 kB | 130/472 kB | 81/165 kB Progress (3): 49 kB | 134/472 kB | 81/165 kB Progress (3): 49 kB | 138/472 kB | 81/165 kB Progress (3): 49 kB | 142/472 kB | 81/165 kB Progress (3): 49 kB | 147/472 kB | 81/165 kB Progress (3): 49 kB | 151/472 kB | 81/165 kB Progress (3): 49 kB | 155/472 kB | 81/165 kB Progress (3): 49 kB | 159/472 kB | 81/165 kB Progress (3): 49 kB | 163/472 kB | 81/165 kB Progress (3): 49 kB | 167/472 kB | 81/165 kB Progress (3): 49 kB | 167/472 kB | 85/165 kB Progress (3): 49 kB | 171/472 kB | 85/165 kB Progress (3): 49 kB | 171/472 kB | 89/165 kB Progress (3): 49 kB | 175/472 kB | 89/165 kB Progress (3): 49 kB | 175/472 kB | 93/165 kB Progress (3): 49 kB | 175/472 kB | 97/165 kB Progress (3): 49 kB | 179/472 kB | 97/165 kB Progress (3): 49 kB | 183/472 kB | 97/165 kB Progress (3): 49 kB | 183/472 kB | 101/165 kB Progress (3): 49 kB | 188/472 kB | 101/165 kB Progress (3): 49 kB | 188/472 kB | 106/165 kB Progress (3): 49 kB | 192/472 kB | 106/165 kB Progress (3): 49 kB | 192/472 kB | 110/165 kB Progress (3): 49 kB | 192/472 kB | 114/165 kB Progress (3): 49 kB | 196/472 kB | 114/165 kB Progress (3): 49 kB | 196/472 kB | 118/165 kB Progress (3): 49 kB | 200/472 kB | 118/165 kB Progress (3): 49 kB | 200/472 kB | 122/165 kB Progress (3): 49 kB | 204/472 kB | 122/165 kB Progress (3): 49 kB | 204/472 kB | 126/165 kB Progress (3): 49 kB | 208/472 kB | 126/165 kB Progress (3): 49 kB | 212/472 kB | 126/165 kB Progress (3): 49 kB | 212/472 kB | 130/165 kB Progress (3): 49 kB | 212/472 kB | 134/165 kB Progress (3): 49 kB | 216/472 kB | 134/165 kB Progress (3): 49 kB | 216/472 kB | 138/165 kB Progress (3): 49 kB | 220/472 kB | 138/165 kB Progress (3): 49 kB | 224/472 kB | 138/165 kB Progress (3): 49 kB | 224/472 kB | 142/165 kB Progress (3): 49 kB | 224/472 kB | 147/165 kB Progress (3): 49 kB | 228/472 kB | 147/165 kB Progress (3): 49 kB | 233/472 kB | 147/165 kB Progress (3): 49 kB | 233/472 kB | 151/165 kB Progress (3): 49 kB | 237/472 kB | 151/165 kB Progress (3): 49 kB | 237/472 kB | 155/165 kB Progress (3): 49 kB | 237/472 kB | 159/165 kB Progress (3): 49 kB | 241/472 kB | 159/165 kB Progress (3): 49 kB | 241/472 kB | 163/165 kB Progress (3): 49 kB | 245/472 kB | 163/165 kB Progress (3): 49 kB | 245/472 kB | 165 kB Progress (3): 49 kB | 249/472 kB | 165 kB Progress (3): 49 kB | 253/472 kB | 165 kB Progress (3): 49 kB | 257/472 kB | 165 kB Progress (3): 49 kB | 261/472 kB | 165 kB Progress (3): 49 kB | 265/472 kB | 165 kB Progress (3): 49 kB | 269/472 kB | 165 kB Progress (3): 49 kB | 274/472 kB | 165 kB Progress (3): 49 kB | 278/472 kB | 165 kB Progress (3): 49 kB | 282/472 kB | 165 kB Progress (3): 49 kB | 286/472 kB | 165 kB Progress (3): 49 kB | 290/472 kB | 165 kB Progress (3): 49 kB | 294/472 kB | 165 kB Progress (3): 49 kB | 298/472 kB | 165 kB Progress (3): 49 kB | 302/472 kB | 165 kB Progress (3): 49 kB | 306/472 kB | 165 kB Progress (3): 49 kB | 310/472 kB | 165 kB Progress (3): 49 kB | 314/472 kB | 165 kB Progress (3): 49 kB | 319/472 kB | 165 kB Progress (3): 49 kB | 323/472 kB | 165 kB Progress (3): 49 kB | 327/472 kB | 165 kB Progress (3): 49 kB | 331/472 kB | 165 kB Progress (3): 49 kB | 335/472 kB | 165 kB Progress (3): 49 kB | 339/472 kB | 165 kB Progress (3): 49 kB | 343/472 kB | 165 kB Progress (3): 49 kB | 347/472 kB | 165 kB Progress (3): 49 kB | 351/472 kB | 165 kB Progress (3): 49 kB | 355/472 kB | 165 kB Progress (3): 49 kB | 360/472 kB | 165 kB Progress (4): 49 kB | 360/472 kB | 165 kB | 4.1/202 kB Progress (4): 49 kB | 364/472 kB | 165 kB | 4.1/202 kB Progress (4): 49 kB | 368/472 kB | 165 kB | 4.1/202 kB Progress (4): 49 kB | 368/472 kB | 165 kB | 7.7/202 kB Progress (4): 49 kB | 372/472 kB | 165 kB | 7.7/202 kB Progress (4): 49 kB | 372/472 kB | 165 kB | 12/202 kB Progress (4): 49 kB | 376/472 kB | 165 kB | 12/202 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/3.0/maven-plugin-api-3.0.jar (49 kB at 2.0 MB/s) Progress (3): 380/472 kB | 165 kB | 12/202 kB Progress (3): 380/472 kB | 165 kB | 16/202 kB Progress (3): 380/472 kB | 165 kB | 20/202 kB Progress (3): 380/472 kB | 165 kB | 24/202 kB Progress (3): 384/472 kB | 165 kB | 24/202 kB Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/3.0/maven-core-3.0.jar Progress (3): 384/472 kB | 165 kB | 28/202 kB Progress (3): 388/472 kB | 165 kB | 28/202 kB Progress (3): 388/472 kB | 165 kB | 32/202 kB Progress (3): 388/472 kB | 165 kB | 36/202 kB Progress (3): 388/472 kB | 165 kB | 40/202 kB Progress (3): 388/472 kB | 165 kB | 45/202 kB Progress (3): 392/472 kB | 165 kB | 45/202 kB Progress (3): 392/472 kB | 165 kB | 49/202 kB Progress (3): 396/472 kB | 165 kB | 49/202 kB Progress (3): 396/472 kB | 165 kB | 53/202 kB Progress (3): 401/472 kB | 165 kB | 53/202 kB Progress (3): 401/472 kB | 165 kB | 57/202 kB Progress (3): 401/472 kB | 165 kB | 61/202 kB Progress (3): 405/472 kB | 165 kB | 61/202 kB Progress (3): 409/472 kB | 165 kB | 61/202 kB Progress (3): 409/472 kB | 165 kB | 65/202 kB Progress (3): 413/472 kB | 165 kB | 65/202 kB Progress (3): 413/472 kB | 165 kB | 69/202 kB Progress (3): 417/472 kB | 165 kB | 69/202 kB Progress (3): 417/472 kB | 165 kB | 73/202 kB Progress (3): 421/472 kB | 165 kB | 73/202 kB Progress (3): 421/472 kB | 165 kB | 77/202 kB Progress (3): 425/472 kB | 165 kB | 77/202 kB Progress (3): 425/472 kB | 165 kB | 81/202 kB Progress (3): 429/472 kB | 165 kB | 81/202 kB Progress (3): 429/472 kB | 165 kB | 86/202 kB Progress (3): 433/472 kB | 165 kB | 86/202 kB Progress (3): 433/472 kB | 165 kB | 90/202 kB Progress (3): 437/472 kB | 165 kB | 90/202 kB Progress (3): 437/472 kB | 165 kB | 94/202 kB Progress (3): 441/472 kB | 165 kB | 94/202 kB Progress (3): 446/472 kB | 165 kB | 94/202 kB Progress (3): 446/472 kB | 165 kB | 98/202 kB Progress (3): 450/472 kB | 165 kB | 98/202 kB Progress (3): 450/472 kB | 165 kB | 102/202 kB Progress (3): 454/472 kB | 165 kB | 102/202 kB Progress (3): 454/472 kB | 165 kB | 106/202 kB Progress (3): 458/472 kB | 165 kB | 106/202 kB Progress (3): 458/472 kB | 165 kB | 110/202 kB Progress (3): 462/472 kB | 165 kB | 110/202 kB Progress (3): 462/472 kB | 165 kB | 114/202 kB Progress (3): 466/472 kB | 165 kB | 114/202 kB Progress (3): 466/472 kB | 165 kB | 118/202 kB Progress (3): 470/472 kB | 165 kB | 118/202 kB Progress (3): 470/472 kB | 165 kB | 122/202 kB Progress (3): 472 kB | 165 kB | 122/202 kB Progress (3): 472 kB | 165 kB | 126/202 kB Progress (3): 472 kB | 165 kB | 131/202 kB Progress (3): 472 kB | 165 kB | 135/202 kB Progress (3): 472 kB | 165 kB | 139/202 kB Progress (3): 472 kB | 165 kB | 143/202 kB Progress (3): 472 kB | 165 kB | 147/202 kB Progress (3): 472 kB | 165 kB | 151/202 kB Progress (3): 472 kB | 165 kB | 155/202 kB Progress (3): 472 kB | 165 kB | 159/202 kB Progress (3): 472 kB | 165 kB | 163/202 kB Progress (3): 472 kB | 165 kB | 167/202 kB Progress (3): 472 kB | 165 kB | 172/202 kB Progress (3): 472 kB | 165 kB | 176/202 kB Progress (3): 472 kB | 165 kB | 180/202 kB Progress (3): 472 kB | 165 kB | 184/202 kB Progress (3): 472 kB | 165 kB | 188/202 kB Progress (3): 472 kB | 165 kB | 192/202 kB Progress (3): 472 kB | 165 kB | 196/202 kB Progress (3): 472 kB | 165 kB | 200/202 kB Progress (3): 472 kB | 165 kB | 202 kB Progress (4): 472 kB | 165 kB | 202 kB | 4.1/153 kB Progress (4): 472 kB | 165 kB | 202 kB | 7.7/153 kB Progress (4): 472 kB | 165 kB | 202 kB | 12/153 kB Progress (4): 472 kB | 165 kB | 202 kB | 16/153 kB Progress (4): 472 kB | 165 kB | 202 kB | 20/153 kB Progress (4): 472 kB | 165 kB | 202 kB | 24/153 kB Progress (4): 472 kB | 165 kB | 202 kB | 28/153 kB Progress (4): 472 kB | 165 kB | 202 kB | 32/153 kB Progress (4): 472 kB | 165 kB | 202 kB | 36/153 kB Progress (4): 472 kB | 165 kB | 202 kB | 40/153 kB Progress (4): 472 kB | 165 kB | 202 kB | 45/153 kB Progress (4): 472 kB | 165 kB | 202 kB | 49/153 kB Progress (4): 472 kB | 165 kB | 202 kB | 53/153 kB Progress (4): 472 kB | 165 kB | 202 kB | 57/153 kB Progress (4): 472 kB | 165 kB | 202 kB | 61/153 kB Progress (4): 472 kB | 165 kB | 202 kB | 65/153 kB Progress (4): 472 kB | 165 kB | 202 kB | 69/153 kB Progress (4): 472 kB | 165 kB | 202 kB | 73/153 kB Progress (4): 472 kB | 165 kB | 202 kB | 77/153 kB Progress (4): 472 kB | 165 kB | 202 kB | 81/153 kB Progress (4): 472 kB | 165 kB | 202 kB | 86/153 kB Progress (4): 472 kB | 165 kB | 202 kB | 90/153 kB Progress (4): 472 kB | 165 kB | 202 kB | 94/153 kB Progress (4): 472 kB | 165 kB | 202 kB | 98/153 kB Progress (4): 472 kB | 165 kB | 202 kB | 102/153 kB Progress (4): 472 kB | 165 kB | 202 kB | 106/153 kB Progress (4): 472 kB | 165 kB | 202 kB | 110/153 kB Progress (4): 472 kB | 165 kB | 202 kB | 114/153 kB Progress (4): 472 kB | 165 kB | 202 kB | 118/153 kB Progress (4): 472 kB | 165 kB | 202 kB | 122/153 kB Progress (4): 472 kB | 165 kB | 202 kB | 126/153 kB Progress (4): 472 kB | 165 kB | 202 kB | 131/153 kB Progress (4): 472 kB | 165 kB | 202 kB | 135/153 kB Progress (4): 472 kB | 165 kB | 202 kB | 139/153 kB Progress (4): 472 kB | 165 kB | 202 kB | 143/153 kB Progress (4): 472 kB | 165 kB | 202 kB | 147/153 kB Progress (4): 472 kB | 165 kB | 202 kB | 151/153 kB Progress (4): 472 kB | 165 kB | 202 kB | 153 kB Progress (5): 472 kB | 165 kB | 202 kB | 153 kB | 4.1/527 kB Progress (5): 472 kB | 165 kB | 202 kB | 153 kB | 7.7/527 kB Progress (5): 472 kB | 165 kB | 202 kB | 153 kB | 12/527 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/3.0/maven-model-3.0.jar (165 kB at 4.5 MB/s) Progress (4): 472 kB | 202 kB | 153 kB | 15/527 kB Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/3.0/maven-settings-3.0.jar Progress (4): 472 kB | 202 kB | 153 kB | 20/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 24/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 28/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 32/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 36/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 40/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 44/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 48/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 52/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 56/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 61/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 65/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 69/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 73/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 77/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 81/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 85/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 89/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 93/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 97/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 102/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 106/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 110/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 114/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 118/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 122/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 126/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 130/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 134/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 138/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 142/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 147/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 151/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 155/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 159/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 163/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 167/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 171/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 175/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 179/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 183/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 188/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 192/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 196/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 200/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 204/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 208/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 212/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 216/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 220/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 224/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 228/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 233/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 237/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 241/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 245/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 249/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 253/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 257/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 261/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 265/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 269/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 274/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 278/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 282/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 286/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 290/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 294/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 298/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 302/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 306/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 310/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 314/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 319/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 323/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 327/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 331/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 335/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 339/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 343/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 347/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 351/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 355/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 360/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 364/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 368/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 372/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 376/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 380/527 kB Progress (4): 472 kB | 202 kB | 153 kB | 384/527 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-guice/2.1.7/sisu-guice-2.1.7-noaop.jar (472 kB at 11 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings-builder/3.0/maven-settings-builder-3.0.jar Progress (3): 202 kB | 153 kB | 388/527 kB Progress (3): 202 kB | 153 kB | 392/527 kB Progress (3): 202 kB | 153 kB | 396/527 kB Progress (3): 202 kB | 153 kB | 401/527 kB Progress (3): 202 kB | 153 kB | 405/527 kB Progress (3): 202 kB | 153 kB | 409/527 kB Progress (3): 202 kB | 153 kB | 413/527 kB Progress (3): 202 kB | 153 kB | 417/527 kB Progress (3): 202 kB | 153 kB | 421/527 kB Progress (3): 202 kB | 153 kB | 425/527 kB Progress (3): 202 kB | 153 kB | 429/527 kB Progress (3): 202 kB | 153 kB | 433/527 kB Progress (3): 202 kB | 153 kB | 437/527 kB Progress (3): 202 kB | 153 kB | 441/527 kB Progress (3): 202 kB | 153 kB | 446/527 kB Progress (3): 202 kB | 153 kB | 450/527 kB Progress (3): 202 kB | 153 kB | 454/527 kB Progress (3): 202 kB | 153 kB | 458/527 kB Progress (3): 202 kB | 153 kB | 462/527 kB Progress (3): 202 kB | 153 kB | 466/527 kB Progress (3): 202 kB | 153 kB | 470/527 kB Progress (3): 202 kB | 153 kB | 474/527 kB Progress (3): 202 kB | 153 kB | 478/527 kB Progress (3): 202 kB | 153 kB | 482/527 kB Progress (3): 202 kB | 153 kB | 487/527 kB Progress (3): 202 kB | 153 kB | 491/527 kB Progress (3): 202 kB | 153 kB | 495/527 kB Progress (3): 202 kB | 153 kB | 499/527 kB Progress (3): 202 kB | 153 kB | 503/527 kB Progress (3): 202 kB | 153 kB | 507/527 kB Progress (3): 202 kB | 153 kB | 511/527 kB Progress (3): 202 kB | 153 kB | 515/527 kB Progress (3): 202 kB | 153 kB | 519/527 kB Progress (3): 202 kB | 153 kB | 523/527 kB Progress (3): 202 kB | 153 kB | 527 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-plexus/1.4.2/sisu-inject-plexus-1.4.2.jar (202 kB at 4.2 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/3.0/maven-repository-metadata-3.0.jar Progress (3): 153 kB | 527 kB | 4.1/47 kB Progress (3): 153 kB | 527 kB | 7.7/47 kB Progress (3): 153 kB | 527 kB | 12/47 kB Progress (3): 153 kB | 527 kB | 16/47 kB Progress (3): 153 kB | 527 kB | 20/47 kB Progress (3): 153 kB | 527 kB | 24/47 kB Progress (3): 153 kB | 527 kB | 28/47 kB Progress (3): 153 kB | 527 kB | 32/47 kB Progress (3): 153 kB | 527 kB | 36/47 kB Progress (3): 153 kB | 527 kB | 40/47 kB Progress (3): 153 kB | 527 kB | 45/47 kB Progress (3): 153 kB | 527 kB | 47 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-bean/1.4.2/sisu-inject-bean-1.4.2.jar (153 kB at 2.8 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model-builder/3.0/maven-model-builder-3.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/3.0/maven-core-3.0.jar (527 kB at 9.2 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-aether-provider/3.0/maven-aether-provider-3.0.jar Progress (2): 47 kB | 4.1/38 kB Progress (2): 47 kB | 7.7/38 kB Progress (2): 47 kB | 12/38 kB Progress (2): 47 kB | 16/38 kB Progress (2): 47 kB | 20/38 kB Progress (2): 47 kB | 24/38 kB Progress (2): 47 kB | 28/38 kB Progress (2): 47 kB | 32/38 kB Progress (2): 47 kB | 36/38 kB Progress (2): 47 kB | 38 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/3.0/maven-settings-3.0.jar (47 kB at 697 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-impl/1.7/aether-impl-1.7.jar Progress (2): 38 kB | 4.1/51 kB Progress (2): 38 kB | 7.7/51 kB Progress (2): 38 kB | 12/51 kB Progress (2): 38 kB | 15/51 kB Progress (2): 38 kB | 20/51 kB Progress (2): 38 kB | 24/51 kB Progress (2): 38 kB | 28/51 kB Progress (2): 38 kB | 32/51 kB Progress (2): 38 kB | 36/51 kB Progress (2): 38 kB | 40/51 kB Progress (2): 38 kB | 44/51 kB Progress (2): 38 kB | 48/51 kB Progress (2): 38 kB | 51 kB Progress (3): 38 kB | 51 kB | 4.1/30 kB Progress (3): 38 kB | 51 kB | 7.7/30 kB Progress (3): 38 kB | 51 kB | 12/30 kB Progress (3): 38 kB | 51 kB | 16/30 kB Progress (3): 38 kB | 51 kB | 20/30 kB Progress (3): 38 kB | 51 kB | 24/30 kB Progress (3): 38 kB | 51 kB | 28/30 kB Progress (3): 38 kB | 51 kB | 30 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings-builder/3.0/maven-settings-builder-3.0.jar (38 kB at 511 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-spi/1.7/aether-spi-1.7.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-aether-provider/3.0/maven-aether-provider-3.0.jar (51 kB at 624 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-api/1.7/aether-api-1.7.jar Progress (2): 30 kB | 4.1/106 kB Progress (2): 30 kB | 7.7/106 kB Progress (3): 30 kB | 7.7/106 kB | 3.2/148 kB Progress (3): 30 kB | 12/106 kB | 3.2/148 kB Progress (3): 30 kB | 12/106 kB | 7.3/148 kB Progress (3): 30 kB | 16/106 kB | 7.3/148 kB Progress (3): 30 kB | 16/106 kB | 11/148 kB Progress (3): 30 kB | 20/106 kB | 11/148 kB Progress (3): 30 kB | 20/106 kB | 15/148 kB Progress (3): 30 kB | 24/106 kB | 15/148 kB Progress (3): 30 kB | 24/106 kB | 20/148 kB Progress (3): 30 kB | 28/106 kB | 20/148 kB Progress (3): 30 kB | 28/106 kB | 24/148 kB Progress (3): 30 kB | 28/106 kB | 28/148 kB Progress (3): 30 kB | 32/106 kB | 28/148 kB Progress (3): 30 kB | 36/106 kB | 28/148 kB Progress (3): 30 kB | 36/106 kB | 32/148 kB Progress (3): 30 kB | 40/106 kB | 32/148 kB Progress (3): 30 kB | 40/106 kB | 36/148 kB Progress (3): 30 kB | 45/106 kB | 36/148 kB Progress (3): 30 kB | 45/106 kB | 40/148 kB Progress (3): 30 kB | 49/106 kB | 40/148 kB Progress (3): 30 kB | 49/106 kB | 44/148 kB Progress (3): 30 kB | 53/106 kB | 44/148 kB Progress (3): 30 kB | 57/106 kB | 44/148 kB Progress (3): 30 kB | 57/106 kB | 48/148 kB Progress (3): 30 kB | 61/106 kB | 48/148 kB Progress (3): 30 kB | 61/106 kB | 52/148 kB Progress (3): 30 kB | 65/106 kB | 52/148 kB Progress (3): 30 kB | 65/106 kB | 56/148 kB Progress (3): 30 kB | 69/106 kB | 56/148 kB Progress (3): 30 kB | 69/106 kB | 61/148 kB Progress (3): 30 kB | 73/106 kB | 61/148 kB Progress (3): 30 kB | 73/106 kB | 65/148 kB Progress (3): 30 kB | 73/106 kB | 69/148 kB Progress (3): 30 kB | 73/106 kB | 73/148 kB Progress (3): 30 kB | 73/106 kB | 77/148 kB Progress (3): 30 kB | 73/106 kB | 81/148 kB Progress (3): 30 kB | 73/106 kB | 85/148 kB Progress (3): 30 kB | 73/106 kB | 89/148 kB Progress (3): 30 kB | 73/106 kB | 93/148 kB Progress (3): 30 kB | 73/106 kB | 97/148 kB Progress (3): 30 kB | 73/106 kB | 102/148 kB Progress (3): 30 kB | 77/106 kB | 102/148 kB Progress (3): 30 kB | 77/106 kB | 106/148 kB Progress (3): 30 kB | 81/106 kB | 106/148 kB Progress (3): 30 kB | 81/106 kB | 110/148 kB Progress (3): 30 kB | 86/106 kB | 110/148 kB Progress (3): 30 kB | 90/106 kB | 110/148 kB Progress (3): 30 kB | 90/106 kB | 114/148 kB Progress (3): 30 kB | 94/106 kB | 114/148 kB Progress (3): 30 kB | 94/106 kB | 118/148 kB Progress (3): 30 kB | 94/106 kB | 122/148 kB Progress (3): 30 kB | 98/106 kB | 122/148 kB Progress (3): 30 kB | 98/106 kB | 126/148 kB Progress (3): 30 kB | 102/106 kB | 126/148 kB Progress (3): 30 kB | 102/106 kB | 130/148 kB Progress (3): 30 kB | 106/106 kB | 130/148 kB Progress (3): 30 kB | 106/106 kB | 134/148 kB Progress (3): 30 kB | 106 kB | 134/148 kB Progress (3): 30 kB | 106 kB | 138/148 kB Progress (3): 30 kB | 106 kB | 142/148 kB Progress (3): 30 kB | 106 kB | 147/148 kB Progress (3): 30 kB | 106 kB | 148 kB Progress (4): 30 kB | 106 kB | 148 kB | 4.1/14 kB Progress (4): 30 kB | 106 kB | 148 kB | 7.7/14 kB Progress (4): 30 kB | 106 kB | 148 kB | 12/14 kB Progress (4): 30 kB | 106 kB | 148 kB | 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/3.0/maven-repository-metadata-3.0.jar (30 kB at 331 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-util/1.7/aether-util-1.7.jar Progress (4): 106 kB | 148 kB | 14 kB | 4.1/74 kB Progress (4): 106 kB | 148 kB | 14 kB | 7.7/74 kB Progress (4): 106 kB | 148 kB | 14 kB | 12/74 kB Progress (4): 106 kB | 148 kB | 14 kB | 16/74 kB Progress (4): 106 kB | 148 kB | 14 kB | 20/74 kB Progress (4): 106 kB | 148 kB | 14 kB | 24/74 kB Progress (4): 106 kB | 148 kB | 14 kB | 28/74 kB Progress (4): 106 kB | 148 kB | 14 kB | 32/74 kB Progress (4): 106 kB | 148 kB | 14 kB | 36/74 kB Progress (4): 106 kB | 148 kB | 14 kB | 40/74 kB Progress (4): 106 kB | 148 kB | 14 kB | 45/74 kB Progress (4): 106 kB | 148 kB | 14 kB | 49/74 kB Progress (4): 106 kB | 148 kB | 14 kB | 53/74 kB Progress (4): 106 kB | 148 kB | 14 kB | 57/74 kB Progress (4): 106 kB | 148 kB | 14 kB | 61/74 kB Progress (4): 106 kB | 148 kB | 14 kB | 65/74 kB Progress (4): 106 kB | 148 kB | 14 kB | 69/74 kB Progress (4): 106 kB | 148 kB | 14 kB | 73/74 kB Progress (4): 106 kB | 148 kB | 14 kB | 74 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model-builder/3.0/maven-model-builder-3.0.jar (148 kB at 1.5 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-spi/1.7/aether-spi-1.7.jar (14 kB at 132 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.3/plexus-classworlds-2.2.3.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-api/1.7/aether-api-1.7.jar (74 kB at 674 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.jar Progress (2): 106 kB | 4.1/108 kB Progress (2): 106 kB | 7.7/108 kB Progress (2): 106 kB | 12/108 kB Progress (2): 106 kB | 16/108 kB Progress (2): 106 kB | 20/108 kB Progress (2): 106 kB | 24/108 kB Progress (2): 106 kB | 28/108 kB Progress (2): 106 kB | 32/108 kB Progress (2): 106 kB | 36/108 kB Progress (2): 106 kB | 40/108 kB Progress (2): 106 kB | 45/108 kB Progress (2): 106 kB | 49/108 kB Progress (2): 106 kB | 53/108 kB Progress (2): 106 kB | 57/108 kB Progress (2): 106 kB | 61/108 kB Progress (2): 106 kB | 65/108 kB Progress (2): 106 kB | 69/108 kB Progress (2): 106 kB | 73/108 kB Progress (2): 106 kB | 77/108 kB Progress (2): 106 kB | 81/108 kB Progress (2): 106 kB | 86/108 kB Progress (2): 106 kB | 90/108 kB Progress (2): 106 kB | 94/108 kB Progress (2): 106 kB | 98/108 kB Progress (2): 106 kB | 102/108 kB Progress (2): 106 kB | 106/108 kB Progress (2): 106 kB | 108 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-impl/1.7/aether-impl-1.7.jar (106 kB at 908 kB/s) Progress (2): 108 kB | 4.1/61 kB Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.jar Progress (2): 108 kB | 7.7/61 kB Progress (2): 108 kB | 12/61 kB Progress (2): 108 kB | 16/61 kB Progress (2): 108 kB | 20/61 kB Progress (2): 108 kB | 24/61 kB Progress (3): 108 kB | 24/61 kB | 4.1/46 kB Progress (3): 108 kB | 24/61 kB | 7.7/46 kB Progress (3): 108 kB | 24/61 kB | 12/46 kB Progress (3): 108 kB | 24/61 kB | 16/46 kB Progress (3): 108 kB | 24/61 kB | 20/46 kB Progress (3): 108 kB | 24/61 kB | 24/46 kB Progress (3): 108 kB | 28/61 kB | 24/46 kB Progress (3): 108 kB | 28/61 kB | 28/46 kB Progress (3): 108 kB | 28/61 kB | 32/46 kB Progress (3): 108 kB | 28/61 kB | 36/46 kB Progress (3): 108 kB | 32/61 kB | 36/46 kB Progress (3): 108 kB | 32/61 kB | 40/46 kB Progress (3): 108 kB | 36/61 kB | 40/46 kB Progress (3): 108 kB | 36/61 kB | 45/46 kB Progress (3): 108 kB | 36/61 kB | 46 kB Progress (3): 108 kB | 40/61 kB | 46 kB Progress (3): 108 kB | 45/61 kB | 46 kB Progress (3): 108 kB | 49/61 kB | 46 kB Progress (3): 108 kB | 53/61 kB | 46 kB Progress (3): 108 kB | 57/61 kB | 46 kB Progress (3): 108 kB | 61/61 kB | 46 kB Progress (3): 108 kB | 61 kB | 46 kB Progress (4): 108 kB | 61 kB | 46 kB | 4.1/4.2 kB Progress (4): 108 kB | 61 kB | 46 kB | 4.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.jar (61 kB at 463 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.3/plexus-classworlds-2.2.3.jar (46 kB at 349 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.0/maven-artifact-3.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-util/1.7/aether-util-1.7.jar (108 kB at 812 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.3.0/plexus-utils-3.3.0.jar Progress (2): 4.2 kB | 4.1/29 kB Progress (2): 4.2 kB | 7.7/29 kB Progress (2): 4.2 kB | 12/29 kB Progress (2): 4.2 kB | 15/29 kB Progress (2): 4.2 kB | 20/29 kB Progress (2): 4.2 kB | 24/29 kB Progress (2): 4.2 kB | 28/29 kB Progress (2): 4.2 kB | 29 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.jar (29 kB at 167 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-artifact-transfer/0.12.0/maven-artifact-transfer-0.12.0.jar Progress (2): 4.2 kB | 4.1/120 kB Progress (2): 4.2 kB | 7.7/120 kB Progress (2): 4.2 kB | 11/120 kB Progress (2): 4.2 kB | 15/120 kB Progress (2): 4.2 kB | 20/120 kB Progress (2): 4.2 kB | 24/120 kB Progress (2): 4.2 kB | 28/120 kB Progress (2): 4.2 kB | 32/120 kB Progress (2): 4.2 kB | 36/120 kB Progress (2): 4.2 kB | 40/120 kB Progress (2): 4.2 kB | 44/120 kB Progress (2): 4.2 kB | 48/120 kB Progress (2): 4.2 kB | 52/120 kB Progress (2): 4.2 kB | 56/120 kB Progress (2): 4.2 kB | 61/120 kB Progress (2): 4.2 kB | 65/120 kB Progress (2): 4.2 kB | 69/120 kB Progress (2): 4.2 kB | 73/120 kB Progress (2): 4.2 kB | 77/120 kB Progress (2): 4.2 kB | 81/120 kB Progress (2): 4.2 kB | 85/120 kB Progress (2): 4.2 kB | 89/120 kB Progress (2): 4.2 kB | 93/120 kB Progress (2): 4.2 kB | 97/120 kB Progress (2): 4.2 kB | 102/120 kB Progress (2): 4.2 kB | 106/120 kB Progress (2): 4.2 kB | 110/120 kB Progress (2): 4.2 kB | 114/120 kB Progress (2): 4.2 kB | 118/120 kB Progress (2): 4.2 kB | 120 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.jar (4.2 kB at 19 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.0.1/maven-common-artifact-filters-3.0.1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-artifact-transfer/0.12.0/maven-artifact-transfer-0.12.0.jar (120 kB at 547 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.1.0/maven-shared-utils-3.1.0.jar Progress (1): 4.1/52 kB Progress (1): 7.7/52 kB Progress (1): 11/52 kB Progress (1): 15/52 kB Progress (1): 20/52 kB Progress (1): 24/52 kB Progress (1): 28/52 kB Progress (1): 32/52 kB Progress (1): 36/52 kB Progress (1): 40/52 kB Progress (1): 44/52 kB Progress (1): 48/52 kB Progress (1): 52 kB Progress (2): 52 kB | 4.1/263 kB Progress (2): 52 kB | 7.7/263 kB Progress (2): 52 kB | 12/263 kB Progress (2): 52 kB | 16/263 kB Progress (2): 52 kB | 20/263 kB Progress (2): 52 kB | 24/263 kB Progress (2): 52 kB | 28/263 kB Progress (2): 52 kB | 32/263 kB Progress (2): 52 kB | 36/263 kB Progress (2): 52 kB | 40/263 kB Progress (2): 52 kB | 45/263 kB Progress (2): 52 kB | 49/263 kB Progress (2): 52 kB | 53/263 kB Progress (2): 52 kB | 57/263 kB Progress (2): 52 kB | 61/263 kB Progress (2): 52 kB | 65/263 kB Progress (3): 52 kB | 65/263 kB | 4.1/61 kB Progress (3): 52 kB | 65/263 kB | 7.7/61 kB Progress (3): 52 kB | 65/263 kB | 12/61 kB Progress (3): 52 kB | 65/263 kB | 16/61 kB Progress (3): 52 kB | 65/263 kB | 20/61 kB Progress (3): 52 kB | 65/263 kB | 24/61 kB Progress (3): 52 kB | 65/263 kB | 28/61 kB Progress (3): 52 kB | 65/263 kB | 32/61 kB Progress (3): 52 kB | 65/263 kB | 36/61 kB Progress (3): 52 kB | 65/263 kB | 40/61 kB Progress (3): 52 kB | 65/263 kB | 45/61 kB Progress (3): 52 kB | 65/263 kB | 49/61 kB Progress (3): 52 kB | 69/263 kB | 49/61 kB Progress (3): 52 kB | 69/263 kB | 53/61 kB Progress (3): 52 kB | 73/263 kB | 53/61 kB Progress (3): 52 kB | 73/263 kB | 57/61 kB Progress (3): 52 kB | 77/263 kB | 57/61 kB Progress (3): 52 kB | 77/263 kB | 61/61 kB Progress (3): 52 kB | 81/263 kB | 61/61 kB Progress (3): 52 kB | 81/263 kB | 61 kB Progress (3): 52 kB | 86/263 kB | 61 kB Progress (3): 52 kB | 90/263 kB | 61 kB Progress (3): 52 kB | 94/263 kB | 61 kB Progress (3): 52 kB | 98/263 kB | 61 kB Progress (3): 52 kB | 102/263 kB | 61 kB Progress (3): 52 kB | 106/263 kB | 61 kB Progress (3): 52 kB | 110/263 kB | 61 kB Progress (3): 52 kB | 114/263 kB | 61 kB Progress (3): 52 kB | 118/263 kB | 61 kB Progress (3): 52 kB | 122/263 kB | 61 kB Progress (3): 52 kB | 126/263 kB | 61 kB Progress (3): 52 kB | 131/263 kB | 61 kB Progress (3): 52 kB | 135/263 kB | 61 kB Progress (3): 52 kB | 139/263 kB | 61 kB Progress (3): 52 kB | 143/263 kB | 61 kB Progress (3): 52 kB | 147/263 kB | 61 kB Progress (3): 52 kB | 151/263 kB | 61 kB Progress (3): 52 kB | 155/263 kB | 61 kB Progress (3): 52 kB | 159/263 kB | 61 kB Progress (3): 52 kB | 163/263 kB | 61 kB Progress (3): 52 kB | 167/263 kB | 61 kB Progress (3): 52 kB | 172/263 kB | 61 kB Progress (3): 52 kB | 176/263 kB | 61 kB Progress (3): 52 kB | 180/263 kB | 61 kB Progress (3): 52 kB | 184/263 kB | 61 kB Progress (3): 52 kB | 188/263 kB | 61 kB Progress (3): 52 kB | 192/263 kB | 61 kB Progress (3): 52 kB | 196/263 kB | 61 kB Progress (3): 52 kB | 200/263 kB | 61 kB Progress (3): 52 kB | 204/263 kB | 61 kB Progress (3): 52 kB | 208/263 kB | 61 kB Progress (3): 52 kB | 213/263 kB | 61 kB Progress (3): 52 kB | 217/263 kB | 61 kB Progress (3): 52 kB | 221/263 kB | 61 kB Progress (3): 52 kB | 225/263 kB | 61 kB Progress (3): 52 kB | 229/263 kB | 61 kB Progress (3): 52 kB | 233/263 kB | 61 kB Progress (3): 52 kB | 237/263 kB | 61 kB Progress (3): 52 kB | 241/263 kB | 61 kB Progress (3): 52 kB | 245/263 kB | 61 kB Progress (3): 52 kB | 249/263 kB | 61 kB Progress (3): 52 kB | 253/263 kB | 61 kB Progress (3): 52 kB | 258/263 kB | 61 kB Progress (3): 52 kB | 262/263 kB | 61 kB Progress (3): 52 kB | 263 kB | 61 kB Progress (4): 52 kB | 263 kB | 61 kB | 4.1/13 kB Progress (4): 52 kB | 263 kB | 61 kB | 7.7/13 kB Progress (4): 52 kB | 263 kB | 61 kB | 12/13 kB Progress (4): 52 kB | 263 kB | 61 kB | 13 kB Progress (5): 52 kB | 263 kB | 61 kB | 13 kB | 4.1/164 kB Progress (5): 52 kB | 263 kB | 61 kB | 13 kB | 7.7/164 kB Progress (5): 52 kB | 263 kB | 61 kB | 13 kB | 12/164 kB Progress (5): 52 kB | 263 kB | 61 kB | 13 kB | 16/164 kB Progress (5): 52 kB | 263 kB | 61 kB | 13 kB | 20/164 kB Progress (5): 52 kB | 263 kB | 61 kB | 13 kB | 24/164 kB Progress (5): 52 kB | 263 kB | 61 kB | 13 kB | 28/164 kB Progress (5): 52 kB | 263 kB | 61 kB | 13 kB | 32/164 kB Progress (5): 52 kB | 263 kB | 61 kB | 13 kB | 36/164 kB Progress (5): 52 kB | 263 kB | 61 kB | 13 kB | 40/164 kB Progress (5): 52 kB | 263 kB | 61 kB | 13 kB | 45/164 kB Progress (5): 52 kB | 263 kB | 61 kB | 13 kB | 49/164 kB Progress (5): 52 kB | 263 kB | 61 kB | 13 kB | 53/164 kB Progress (5): 52 kB | 263 kB | 61 kB | 13 kB | 57/164 kB Progress (5): 52 kB | 263 kB | 61 kB | 13 kB | 61/164 kB Progress (5): 52 kB | 263 kB | 61 kB | 13 kB | 65/164 kB Progress (5): 52 kB | 263 kB | 61 kB | 13 kB | 69/164 kB Progress (5): 52 kB | 263 kB | 61 kB | 13 kB | 73/164 kB Progress (5): 52 kB | 263 kB | 61 kB | 13 kB | 77/164 kB Progress (5): 52 kB | 263 kB | 61 kB | 13 kB | 81/164 kB Progress (5): 52 kB | 263 kB | 61 kB | 13 kB | 86/164 kB Progress (5): 52 kB | 263 kB | 61 kB | 13 kB | 90/164 kB Progress (5): 52 kB | 263 kB | 61 kB | 13 kB | 94/164 kB Progress (5): 52 kB | 263 kB | 61 kB | 13 kB | 98/164 kB Progress (5): 52 kB | 263 kB | 61 kB | 13 kB | 102/164 kB Progress (5): 52 kB | 263 kB | 61 kB | 13 kB | 106/164 kB Progress (5): 52 kB | 263 kB | 61 kB | 13 kB | 110/164 kB Progress (5): 52 kB | 263 kB | 61 kB | 13 kB | 114/164 kB Progress (5): 52 kB | 263 kB | 61 kB | 13 kB | 118/164 kB Progress (5): 52 kB | 263 kB | 61 kB | 13 kB | 122/164 kB Progress (5): 52 kB | 263 kB | 61 kB | 13 kB | 126/164 kB Progress (5): 52 kB | 263 kB | 61 kB | 13 kB | 131/164 kB Progress (5): 52 kB | 263 kB | 61 kB | 13 kB | 135/164 kB Progress (5): 52 kB | 263 kB | 61 kB | 13 kB | 139/164 kB Progress (5): 52 kB | 263 kB | 61 kB | 13 kB | 143/164 kB Progress (5): 52 kB | 263 kB | 61 kB | 13 kB | 147/164 kB Progress (5): 52 kB | 263 kB | 61 kB | 13 kB | 151/164 kB Progress (5): 52 kB | 263 kB | 61 kB | 13 kB | 155/164 kB Progress (5): 52 kB | 263 kB | 61 kB | 13 kB | 159/164 kB Progress (5): 52 kB | 263 kB | 61 kB | 13 kB | 163/164 kB Progress (5): 52 kB | 263 kB | 61 kB | 13 kB | 164 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.0/maven-artifact-3.0.jar (52 kB at 211 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.0.1/maven-common-artifact-filters-3.0.1.jar (61 kB at 244 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.5/slf4j-api-1.7.5.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.3.0/plexus-utils-3.3.0.jar (263 kB at 1.0 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/8.0/asm-8.0.jar Progress (3): 13 kB | 164 kB | 4.1/335 kB Progress (3): 13 kB | 164 kB | 7.7/335 kB Progress (3): 13 kB | 164 kB | 12/335 kB Progress (3): 13 kB | 164 kB | 16/335 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.jar (13 kB at 52 kB/s) Progress (2): 164 kB | 20/335 kB Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-commons/8.0/asm-commons-8.0.jar Progress (2): 164 kB | 24/335 kB Progress (2): 164 kB | 28/335 kB Progress (2): 164 kB | 32/335 kB Progress (2): 164 kB | 36/335 kB Progress (2): 164 kB | 40/335 kB Progress (2): 164 kB | 45/335 kB Progress (2): 164 kB | 49/335 kB Progress (2): 164 kB | 53/335 kB Progress (2): 164 kB | 57/335 kB Progress (2): 164 kB | 61/335 kB Progress (2): 164 kB | 65/335 kB Progress (2): 164 kB | 69/335 kB Progress (2): 164 kB | 73/335 kB Progress (2): 164 kB | 77/335 kB Progress (2): 164 kB | 81/335 kB Progress (2): 164 kB | 86/335 kB Progress (2): 164 kB | 90/335 kB Progress (2): 164 kB | 94/335 kB Progress (2): 164 kB | 98/335 kB Progress (2): 164 kB | 102/335 kB Progress (2): 164 kB | 106/335 kB Progress (2): 164 kB | 110/335 kB Progress (2): 164 kB | 114/335 kB Progress (2): 164 kB | 118/335 kB Progress (2): 164 kB | 122/335 kB Progress (2): 164 kB | 126/335 kB Progress (2): 164 kB | 131/335 kB Progress (2): 164 kB | 135/335 kB Progress (2): 164 kB | 139/335 kB Progress (2): 164 kB | 143/335 kB Progress (2): 164 kB | 147/335 kB Progress (2): 164 kB | 151/335 kB Progress (2): 164 kB | 155/335 kB Progress (2): 164 kB | 159/335 kB Progress (2): 164 kB | 163/335 kB Progress (2): 164 kB | 167/335 kB Progress (2): 164 kB | 172/335 kB Progress (2): 164 kB | 176/335 kB Progress (2): 164 kB | 180/335 kB Progress (2): 164 kB | 184/335 kB Progress (2): 164 kB | 188/335 kB Progress (2): 164 kB | 192/335 kB Progress (2): 164 kB | 196/335 kB Progress (2): 164 kB | 200/335 kB Progress (2): 164 kB | 204/335 kB Progress (2): 164 kB | 208/335 kB Progress (2): 164 kB | 213/335 kB Progress (2): 164 kB | 217/335 kB Progress (2): 164 kB | 221/335 kB Progress (2): 164 kB | 225/335 kB Progress (2): 164 kB | 229/335 kB Progress (2): 164 kB | 233/335 kB Progress (2): 164 kB | 237/335 kB Progress (2): 164 kB | 241/335 kB Progress (2): 164 kB | 245/335 kB Progress (2): 164 kB | 249/335 kB Progress (2): 164 kB | 253/335 kB Progress (2): 164 kB | 258/335 kB Progress (2): 164 kB | 262/335 kB Progress (2): 164 kB | 266/335 kB Progress (2): 164 kB | 270/335 kB Progress (2): 164 kB | 274/335 kB Progress (2): 164 kB | 278/335 kB Progress (2): 164 kB | 282/335 kB Progress (2): 164 kB | 286/335 kB Progress (2): 164 kB | 290/335 kB Progress (3): 164 kB | 290/335 kB | 4.1/122 kB Progress (3): 164 kB | 294/335 kB | 4.1/122 kB Progress (3): 164 kB | 294/335 kB | 7.7/122 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.1.0/maven-shared-utils-3.1.0.jar (164 kB at 618 kB/s) Progress (2): 299/335 kB | 7.7/122 kB Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-tree/8.0/asm-tree-8.0.jar Progress (2): 303/335 kB | 7.7/122 kB Progress (2): 303/335 kB | 12/122 kB Progress (2): 303/335 kB | 16/122 kB Progress (2): 307/335 kB | 16/122 kB Progress (2): 307/335 kB | 20/122 kB Progress (2): 311/335 kB | 20/122 kB Progress (2): 315/335 kB | 20/122 kB Progress (2): 315/335 kB | 24/122 kB Progress (2): 319/335 kB | 24/122 kB Progress (2): 319/335 kB | 28/122 kB Progress (2): 323/335 kB | 28/122 kB Progress (2): 323/335 kB | 32/122 kB Progress (2): 327/335 kB | 32/122 kB Progress (2): 327/335 kB | 36/122 kB Progress (2): 331/335 kB | 36/122 kB Progress (2): 331/335 kB | 40/122 kB Progress (3): 331/335 kB | 40/122 kB | 4.1/26 kB Progress (3): 335 kB | 40/122 kB | 4.1/26 kB Progress (3): 335 kB | 45/122 kB | 4.1/26 kB Progress (3): 335 kB | 45/122 kB | 7.7/26 kB Progress (3): 335 kB | 49/122 kB | 7.7/26 kB Progress (3): 335 kB | 53/122 kB | 7.7/26 kB Progress (3): 335 kB | 53/122 kB | 12/26 kB Progress (3): 335 kB | 57/122 kB | 12/26 kB Progress (3): 335 kB | 57/122 kB | 16/26 kB Progress (3): 335 kB | 61/122 kB | 16/26 kB Progress (3): 335 kB | 61/122 kB | 20/26 kB Progress (3): 335 kB | 61/122 kB | 24/26 kB Progress (3): 335 kB | 65/122 kB | 24/26 kB Progress (3): 335 kB | 65/122 kB | 26 kB Progress (3): 335 kB | 69/122 kB | 26 kB Progress (3): 335 kB | 73/122 kB | 26 kB Progress (3): 335 kB | 77/122 kB | 26 kB Progress (3): 335 kB | 81/122 kB | 26 kB Progress (3): 335 kB | 86/122 kB | 26 kB Progress (3): 335 kB | 90/122 kB | 26 kB Progress (3): 335 kB | 94/122 kB | 26 kB Progress (3): 335 kB | 98/122 kB | 26 kB Progress (3): 335 kB | 102/122 kB | 26 kB Progress (3): 335 kB | 106/122 kB | 26 kB Progress (3): 335 kB | 110/122 kB | 26 kB Progress (3): 335 kB | 114/122 kB | 26 kB Progress (3): 335 kB | 118/122 kB | 26 kB Progress (3): 335 kB | 122 kB | 26 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/8.0/asm-8.0.jar (122 kB at 439 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-analysis/8.0/asm-analysis-8.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.jar (335 kB at 1.2 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/jdom/jdom2/2.0.6/jdom2-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.5/slf4j-api-1.7.5.jar (26 kB at 93 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-tree/3.0.1/maven-dependency-tree-3.0.1.jar Progress (1): 4.1/72 kB Progress (1): 7.7/72 kB Progress (1): 12/72 kB Progress (1): 16/72 kB Progress (1): 20/72 kB Progress (1): 24/72 kB Progress (1): 28/72 kB Progress (1): 32/72 kB Progress (1): 36/72 kB Progress (1): 40/72 kB Progress (1): 45/72 kB Progress (1): 49/72 kB Progress (1): 53/72 kB Progress (1): 57/72 kB Progress (1): 61/72 kB Progress (1): 65/72 kB Progress (1): 69/72 kB Progress (1): 72 kB Progress (2): 72 kB | 4.1/53 kB Progress (2): 72 kB | 7.7/53 kB Progress (2): 72 kB | 12/53 kB Progress (2): 72 kB | 16/53 kB Progress (2): 72 kB | 20/53 kB Progress (2): 72 kB | 24/53 kB Progress (2): 72 kB | 28/53 kB Progress (3): 72 kB | 28/53 kB | 4.1/33 kB Progress (3): 72 kB | 32/53 kB | 4.1/33 kB Progress (3): 72 kB | 32/53 kB | 7.7/33 kB Progress (3): 72 kB | 32/53 kB | 11/33 kB Progress (3): 72 kB | 36/53 kB | 11/33 kB Progress (3): 72 kB | 40/53 kB | 11/33 kB Progress (3): 72 kB | 40/53 kB | 15/33 kB Progress (3): 72 kB | 45/53 kB | 15/33 kB Progress (3): 72 kB | 45/53 kB | 20/33 kB Progress (3): 72 kB | 49/53 kB | 20/33 kB Progress (3): 72 kB | 49/53 kB | 24/33 kB Progress (3): 72 kB | 53 kB | 24/33 kB Progress (3): 72 kB | 53 kB | 28/33 kB Progress (3): 72 kB | 53 kB | 32/33 kB Progress (3): 72 kB | 53 kB | 33 kB Progress (4): 72 kB | 53 kB | 33 kB | 3.2/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 7.3/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 11/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 15/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 20/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 24/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 28/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 32/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 36/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 40/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 44/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 48/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 52/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 56/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 61/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 65/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 69/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 73/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 77/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 81/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 85/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 89/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 93/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 97/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 102/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 106/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 110/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 114/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 118/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 122/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 126/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 130/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 134/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 138/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 142/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 147/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 151/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 155/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 159/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 163/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 167/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 171/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 175/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 179/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 183/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 188/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 192/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 196/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 200/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 204/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 208/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 212/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 216/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 220/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 224/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 228/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 233/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 237/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 241/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 245/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 249/305 kB Progress (5): 72 kB | 53 kB | 33 kB | 249/305 kB | 4.1/37 kB Progress (5): 72 kB | 53 kB | 33 kB | 253/305 kB | 4.1/37 kB Progress (5): 72 kB | 53 kB | 33 kB | 253/305 kB | 7.7/37 kB Progress (5): 72 kB | 53 kB | 33 kB | 257/305 kB | 7.7/37 kB Progress (5): 72 kB | 53 kB | 33 kB | 257/305 kB | 12/37 kB Progress (5): 72 kB | 53 kB | 33 kB | 257/305 kB | 15/37 kB Progress (5): 72 kB | 53 kB | 33 kB | 261/305 kB | 15/37 kB Progress (5): 72 kB | 53 kB | 33 kB | 265/305 kB | 15/37 kB Progress (5): 72 kB | 53 kB | 33 kB | 265/305 kB | 20/37 kB Progress (5): 72 kB | 53 kB | 33 kB | 269/305 kB | 20/37 kB Progress (5): 72 kB | 53 kB | 33 kB | 269/305 kB | 24/37 kB Progress (5): 72 kB | 53 kB | 33 kB | 274/305 kB | 24/37 kB Progress (5): 72 kB | 53 kB | 33 kB | 274/305 kB | 28/37 kB Progress (5): 72 kB | 53 kB | 33 kB | 274/305 kB | 32/37 kB Progress (5): 72 kB | 53 kB | 33 kB | 278/305 kB | 32/37 kB Progress (5): 72 kB | 53 kB | 33 kB | 278/305 kB | 36/37 kB Progress (5): 72 kB | 53 kB | 33 kB | 282/305 kB | 36/37 kB Progress (5): 72 kB | 53 kB | 33 kB | 282/305 kB | 37 kB Progress (5): 72 kB | 53 kB | 33 kB | 286/305 kB | 37 kB Progress (5): 72 kB | 53 kB | 33 kB | 290/305 kB | 37 kB Progress (5): 72 kB | 53 kB | 33 kB | 294/305 kB | 37 kB Progress (5): 72 kB | 53 kB | 33 kB | 298/305 kB | 37 kB Progress (5): 72 kB | 53 kB | 33 kB | 302/305 kB | 37 kB Progress (5): 72 kB | 53 kB | 33 kB | 305 kB | 37 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-tree/8.0/asm-tree-8.0.jar (53 kB at 175 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether-util/0.9.0.M2/aether-util-0.9.0.M2.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-commons/8.0/asm-commons-8.0.jar (72 kB at 236 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.6/commons-io-2.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-tree/3.0.1/maven-dependency-tree-3.0.1.jar (37 kB at 119 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/vafer/jdependency/2.4.0/jdependency-2.4.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/jdom/jdom2/2.0.6/jdom2-2.0.6.jar (305 kB at 987 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-util/8.0/asm-util-8.0.jar Progress (2): 33 kB | 4.1/134 kB Progress (2): 33 kB | 7.7/134 kB Progress (2): 33 kB | 12/134 kB Progress (2): 33 kB | 16/134 kB Progress (2): 33 kB | 20/134 kB Progress (2): 33 kB | 24/134 kB Progress (2): 33 kB | 28/134 kB Progress (2): 33 kB | 32/134 kB Progress (2): 33 kB | 36/134 kB Progress (2): 33 kB | 40/134 kB Progress (2): 33 kB | 45/134 kB Progress (2): 33 kB | 49/134 kB Progress (2): 33 kB | 53/134 kB Progress (2): 33 kB | 57/134 kB Progress (2): 33 kB | 61/134 kB Progress (2): 33 kB | 65/134 kB Progress (2): 33 kB | 69/134 kB Progress (2): 33 kB | 73/134 kB Progress (2): 33 kB | 77/134 kB Progress (2): 33 kB | 81/134 kB Progress (2): 33 kB | 86/134 kB Progress (2): 33 kB | 90/134 kB Progress (2): 33 kB | 94/134 kB Progress (2): 33 kB | 98/134 kB Progress (2): 33 kB | 102/134 kB Progress (2): 33 kB | 106/134 kB Progress (2): 33 kB | 110/134 kB Progress (2): 33 kB | 114/134 kB Progress (2): 33 kB | 118/134 kB Progress (2): 33 kB | 122/134 kB Progress (2): 33 kB | 126/134 kB Progress (2): 33 kB | 131/134 kB Progress (2): 33 kB | 134 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-analysis/8.0/asm-analysis-8.0.jar (33 kB at 104 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/guava/28.2-android/guava-28.2-android.jar Progress (2): 134 kB | 4.1/180 kB Progress (2): 134 kB | 7.7/180 kB Progress (2): 134 kB | 12/180 kB Progress (2): 134 kB | 16/180 kB Progress (2): 134 kB | 20/180 kB Progress (2): 134 kB | 24/180 kB Progress (2): 134 kB | 28/180 kB Progress (2): 134 kB | 32/180 kB Progress (2): 134 kB | 36/180 kB Progress (2): 134 kB | 40/180 kB Progress (2): 134 kB | 45/180 kB Progress (2): 134 kB | 49/180 kB Progress (2): 134 kB | 53/180 kB Progress (2): 134 kB | 57/180 kB Progress (2): 134 kB | 61/180 kB Progress (2): 134 kB | 65/180 kB Progress (2): 134 kB | 69/180 kB Progress (2): 134 kB | 73/180 kB Progress (2): 134 kB | 77/180 kB Progress (2): 134 kB | 81/180 kB Progress (2): 134 kB | 86/180 kB Progress (2): 134 kB | 90/180 kB Progress (2): 134 kB | 94/180 kB Progress (2): 134 kB | 98/180 kB Progress (2): 134 kB | 102/180 kB Progress (2): 134 kB | 106/180 kB Progress (2): 134 kB | 110/180 kB Progress (2): 134 kB | 114/180 kB Progress (2): 134 kB | 118/180 kB Progress (2): 134 kB | 122/180 kB Progress (2): 134 kB | 126/180 kB Progress (2): 134 kB | 131/180 kB Progress (2): 134 kB | 135/180 kB Progress (2): 134 kB | 139/180 kB Progress (2): 134 kB | 143/180 kB Progress (2): 134 kB | 147/180 kB Progress (2): 134 kB | 151/180 kB Progress (2): 134 kB | 155/180 kB Progress (2): 134 kB | 159/180 kB Progress (2): 134 kB | 163/180 kB Progress (2): 134 kB | 167/180 kB Progress (2): 134 kB | 172/180 kB Progress (2): 134 kB | 176/180 kB Progress (2): 134 kB | 180/180 kB Progress (2): 134 kB | 180 kB Progress (3): 134 kB | 180 kB | 4.1/215 kB Progress (4): 134 kB | 180 kB | 4.1/215 kB | 3.2/85 kB Progress (4): 134 kB | 180 kB | 7.7/215 kB | 3.2/85 kB Progress (4): 134 kB | 180 kB | 12/215 kB | 3.2/85 kB Progress (4): 134 kB | 180 kB | 16/215 kB | 3.2/85 kB Progress (4): 134 kB | 180 kB | 16/215 kB | 7.3/85 kB Progress (4): 134 kB | 180 kB | 16/215 kB | 11/85 kB Progress (4): 134 kB | 180 kB | 20/215 kB | 11/85 kB Progress (4): 134 kB | 180 kB | 20/215 kB | 15/85 kB Progress (4): 134 kB | 180 kB | 24/215 kB | 15/85 kB Progress (4): 134 kB | 180 kB | 24/215 kB | 20/85 kB Progress (4): 134 kB | 180 kB | 28/215 kB | 20/85 kB Progress (4): 134 kB | 180 kB | 32/215 kB | 20/85 kB Progress (4): 134 kB | 180 kB | 32/215 kB | 24/85 kB Progress (4): 134 kB | 180 kB | 32/215 kB | 28/85 kB Progress (4): 134 kB | 180 kB | 36/215 kB | 28/85 kB Progress (4): 134 kB | 180 kB | 36/215 kB | 32/85 kB Progress (4): 134 kB | 180 kB | 40/215 kB | 32/85 kB Progress (4): 134 kB | 180 kB | 40/215 kB | 36/85 kB Progress (4): 134 kB | 180 kB | 45/215 kB | 36/85 kB Progress (4): 134 kB | 180 kB | 45/215 kB | 40/85 kB Progress (4): 134 kB | 180 kB | 49/215 kB | 40/85 kB Progress (4): 134 kB | 180 kB | 49/215 kB | 44/85 kB Progress (4): 134 kB | 180 kB | 53/215 kB | 44/85 kB Progress (4): 134 kB | 180 kB | 53/215 kB | 48/85 kB Progress (4): 134 kB | 180 kB | 57/215 kB | 48/85 kB Progress (4): 134 kB | 180 kB | 57/215 kB | 52/85 kB Progress (4): 134 kB | 180 kB | 61/215 kB | 52/85 kB Progress (4): 134 kB | 180 kB | 61/215 kB | 56/85 kB Progress (4): 134 kB | 180 kB | 65/215 kB | 56/85 kB Progress (4): 134 kB | 180 kB | 65/215 kB | 61/85 kB Progress (4): 134 kB | 180 kB | 69/215 kB | 61/85 kB Progress (4): 134 kB | 180 kB | 69/215 kB | 65/85 kB Progress (4): 134 kB | 180 kB | 73/215 kB | 65/85 kB Progress (4): 134 kB | 180 kB | 73/215 kB | 69/85 kB Progress (4): 134 kB | 180 kB | 77/215 kB | 69/85 kB Progress (4): 134 kB | 180 kB | 77/215 kB | 73/85 kB Progress (4): 134 kB | 180 kB | 81/215 kB | 73/85 kB Progress (4): 134 kB | 180 kB | 81/215 kB | 77/85 kB Progress (4): 134 kB | 180 kB | 86/215 kB | 77/85 kB Progress (4): 134 kB | 180 kB | 86/215 kB | 81/85 kB Progress (4): 134 kB | 180 kB | 90/215 kB | 81/85 kB Progress (4): 134 kB | 180 kB | 90/215 kB | 85 kB Progress (4): 134 kB | 180 kB | 94/215 kB | 85 kB Progress (4): 134 kB | 180 kB | 98/215 kB | 85 kB Progress (4): 134 kB | 180 kB | 102/215 kB | 85 kB Progress (4): 134 kB | 180 kB | 106/215 kB | 85 kB Progress (4): 134 kB | 180 kB | 110/215 kB | 85 kB Progress (4): 134 kB | 180 kB | 114/215 kB | 85 kB Progress (4): 134 kB | 180 kB | 118/215 kB | 85 kB Progress (4): 134 kB | 180 kB | 122/215 kB | 85 kB Progress (4): 134 kB | 180 kB | 126/215 kB | 85 kB Progress (4): 134 kB | 180 kB | 131/215 kB | 85 kB Progress (4): 134 kB | 180 kB | 135/215 kB | 85 kB Progress (4): 134 kB | 180 kB | 139/215 kB | 85 kB Progress (4): 134 kB | 180 kB | 143/215 kB | 85 kB Progress (4): 134 kB | 180 kB | 147/215 kB | 85 kB Progress (4): 134 kB | 180 kB | 151/215 kB | 85 kB Progress (4): 134 kB | 180 kB | 155/215 kB | 85 kB Progress (4): 134 kB | 180 kB | 159/215 kB | 85 kB Progress (4): 134 kB | 180 kB | 163/215 kB | 85 kB Progress (4): 134 kB | 180 kB | 167/215 kB | 85 kB Progress (4): 134 kB | 180 kB | 172/215 kB | 85 kB Progress (4): 134 kB | 180 kB | 176/215 kB | 85 kB Progress (4): 134 kB | 180 kB | 180/215 kB | 85 kB Progress (4): 134 kB | 180 kB | 184/215 kB | 85 kB Progress (4): 134 kB | 180 kB | 188/215 kB | 85 kB Progress (4): 134 kB | 180 kB | 192/215 kB | 85 kB Progress (4): 134 kB | 180 kB | 196/215 kB | 85 kB Progress (4): 134 kB | 180 kB | 200/215 kB | 85 kB Progress (4): 134 kB | 180 kB | 204/215 kB | 85 kB Progress (4): 134 kB | 180 kB | 208/215 kB | 85 kB Progress (4): 134 kB | 180 kB | 212/215 kB | 85 kB Progress (4): 134 kB | 180 kB | 215 kB | 85 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether-util/0.9.0.M2/aether-util-0.9.0.M2.jar (134 kB at 405 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/vafer/jdependency/2.4.0/jdependency-2.4.0.jar (180 kB at 531 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-util/8.0/asm-util-8.0.jar (85 kB at 249 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar Progress (2): 215 kB | 0/2.6 MB Progress (2): 215 kB | 0/2.6 MB Progress (2): 215 kB | 0/2.6 MB Progress (2): 215 kB | 0.1/2.6 MB Progress (2): 215 kB | 0.1/2.6 MB Progress (2): 215 kB | 0.1/2.6 MB Progress (2): 215 kB | 0.1/2.6 MB Progress (2): 215 kB | 0.1/2.6 MB Progress (2): 215 kB | 0.1/2.6 MB Progress (2): 215 kB | 0.2/2.6 MB Progress (2): 215 kB | 0.2/2.6 MB Progress (2): 215 kB | 0.2/2.6 MB Progress (2): 215 kB | 0.2/2.6 MB Progress (2): 215 kB | 0.2/2.6 MB Progress (3): 215 kB | 0.2/2.6 MB | 4.1/4.6 kB Progress (3): 215 kB | 0.2/2.6 MB | 4.1/4.6 kB Progress (3): 215 kB | 0.2/2.6 MB | 4.6 kB Progress (3): 215 kB | 0.3/2.6 MB | 4.6 kB Progress (3): 215 kB | 0.3/2.6 MB | 4.6 kB Progress (3): 215 kB | 0.3/2.6 MB | 4.6 kB Progress (3): 215 kB | 0.3/2.6 MB | 4.6 kB Progress (3): 215 kB | 0.3/2.6 MB | 4.6 kB Progress (3): 215 kB | 0.3/2.6 MB | 4.6 kB Progress (3): 215 kB | 0.4/2.6 MB | 4.6 kB Progress (3): 215 kB | 0.4/2.6 MB | 4.6 kB Progress (3): 215 kB | 0.4/2.6 MB | 4.6 kB Progress (3): 215 kB | 0.4/2.6 MB | 4.6 kB Progress (3): 215 kB | 0.4/2.6 MB | 4.6 kB Progress (3): 215 kB | 0.4/2.6 MB | 4.6 kB Progress (3): 215 kB | 0.5/2.6 MB | 4.6 kB Progress (3): 215 kB | 0.5/2.6 MB | 4.6 kB Progress (3): 215 kB | 0.5/2.6 MB | 4.6 kB Progress (3): 215 kB | 0.5/2.6 MB | 4.6 kB Progress (3): 215 kB | 0.5/2.6 MB | 4.6 kB Progress (3): 215 kB | 0.5/2.6 MB | 4.6 kB Progress (3): 215 kB | 0.6/2.6 MB | 4.6 kB Progress (3): 215 kB | 0.6/2.6 MB | 4.6 kB Progress (3): 215 kB | 0.6/2.6 MB | 4.6 kB Progress (3): 215 kB | 0.6/2.6 MB | 4.6 kB Progress (3): 215 kB | 0.6/2.6 MB | 4.6 kB Progress (3): 215 kB | 0.6/2.6 MB | 4.6 kB Progress (3): 215 kB | 0.7/2.6 MB | 4.6 kB Progress (3): 215 kB | 0.7/2.6 MB | 4.6 kB Progress (3): 215 kB | 0.7/2.6 MB | 4.6 kB Progress (3): 215 kB | 0.7/2.6 MB | 4.6 kB Progress (3): 215 kB | 0.7/2.6 MB | 4.6 kB Progress (3): 215 kB | 0.7/2.6 MB | 4.6 kB Progress (3): 215 kB | 0.8/2.6 MB | 4.6 kB Progress (3): 215 kB | 0.8/2.6 MB | 4.6 kB Progress (3): 215 kB | 0.8/2.6 MB | 4.6 kB Progress (3): 215 kB | 0.8/2.6 MB | 4.6 kB Progress (3): 215 kB | 0.8/2.6 MB | 4.6 kB Progress (3): 215 kB | 0.8/2.6 MB | 4.6 kB Progress (3): 215 kB | 0.9/2.6 MB | 4.6 kB Progress (3): 215 kB | 0.9/2.6 MB | 4.6 kB Progress (3): 215 kB | 0.9/2.6 MB | 4.6 kB Progress (3): 215 kB | 0.9/2.6 MB | 4.6 kB Progress (3): 215 kB | 0.9/2.6 MB | 4.6 kB Progress (3): 215 kB | 0.9/2.6 MB | 4.6 kB Progress (3): 215 kB | 1.0/2.6 MB | 4.6 kB Progress (3): 215 kB | 1.0/2.6 MB | 4.6 kB Progress (3): 215 kB | 1.0/2.6 MB | 4.6 kB Progress (3): 215 kB | 1.0/2.6 MB | 4.6 kB Progress (3): 215 kB | 1.0/2.6 MB | 4.6 kB Progress (3): 215 kB | 1.0/2.6 MB | 4.6 kB Progress (3): 215 kB | 1.0/2.6 MB | 4.6 kB Progress (3): 215 kB | 1.1/2.6 MB | 4.6 kB Progress (3): 215 kB | 1.1/2.6 MB | 4.6 kB Progress (3): 215 kB | 1.1/2.6 MB | 4.6 kB Progress (3): 215 kB | 1.1/2.6 MB | 4.6 kB Progress (3): 215 kB | 1.1/2.6 MB | 4.6 kB Progress (3): 215 kB | 1.1/2.6 MB | 4.6 kB Progress (3): 215 kB | 1.2/2.6 MB | 4.6 kB Progress (3): 215 kB | 1.2/2.6 MB | 4.6 kB Progress (3): 215 kB | 1.2/2.6 MB | 4.6 kB Progress (3): 215 kB | 1.2/2.6 MB | 4.6 kB Progress (3): 215 kB | 1.2/2.6 MB | 4.6 kB Progress (3): 215 kB | 1.2/2.6 MB | 4.6 kB Progress (4): 215 kB | 1.2/2.6 MB | 4.6 kB | 4.1/20 kB Progress (4): 215 kB | 1.3/2.6 MB | 4.6 kB | 4.1/20 kB Progress (4): 215 kB | 1.3/2.6 MB | 4.6 kB | 7.7/20 kB Progress (4): 215 kB | 1.3/2.6 MB | 4.6 kB | 12/20 kB Progress (4): 215 kB | 1.3/2.6 MB | 4.6 kB | 12/20 kB Progress (4): 215 kB | 1.3/2.6 MB | 4.6 kB | 15/20 kB Progress (4): 215 kB | 1.3/2.6 MB | 4.6 kB | 15/20 kB Progress (4): 215 kB | 1.3/2.6 MB | 4.6 kB | 20/20 kB Progress (4): 215 kB | 1.3/2.6 MB | 4.6 kB | 20 kB Progress (4): 215 kB | 1.3/2.6 MB | 4.6 kB | 20 kB Progress (4): 215 kB | 1.3/2.6 MB | 4.6 kB | 20 kB Progress (4): 215 kB | 1.3/2.6 MB | 4.6 kB | 20 kB Progress (4): 215 kB | 1.4/2.6 MB | 4.6 kB | 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.6/commons-io-2.6.jar (215 kB at 608 kB/s) Progress (3): 1.4/2.6 MB | 4.6 kB | 20 kB Downloading from central: https://repo.maven.apache.org/maven2/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.jar Progress (3): 1.4/2.6 MB | 4.6 kB | 20 kB Progress (3): 1.4/2.6 MB | 4.6 kB | 20 kB Progress (3): 1.4/2.6 MB | 4.6 kB | 20 kB Progress (3): 1.4/2.6 MB | 4.6 kB | 20 kB Progress (3): 1.5/2.6 MB | 4.6 kB | 20 kB Progress (3): 1.5/2.6 MB | 4.6 kB | 20 kB Progress (3): 1.5/2.6 MB | 4.6 kB | 20 kB Progress (3): 1.5/2.6 MB | 4.6 kB | 20 kB Progress (3): 1.5/2.6 MB | 4.6 kB | 20 kB Progress (3): 1.5/2.6 MB | 4.6 kB | 20 kB Progress (3): 1.6/2.6 MB | 4.6 kB | 20 kB Progress (3): 1.6/2.6 MB | 4.6 kB | 20 kB Progress (3): 1.6/2.6 MB | 4.6 kB | 20 kB Progress (3): 1.6/2.6 MB | 4.6 kB | 20 kB Progress (3): 1.6/2.6 MB | 4.6 kB | 20 kB Progress (3): 1.6/2.6 MB | 4.6 kB | 20 kB Progress (3): 1.6/2.6 MB | 4.6 kB | 20 kB Progress (3): 1.7/2.6 MB | 4.6 kB | 20 kB Progress (4): 1.7/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 1.7/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 1.7/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 1.7/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 1.7/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 1.7/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 1.8/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 1.8/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 1.8/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 1.8/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 1.8/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 1.8/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 1.9/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 1.9/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 1.9/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 1.9/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 1.9/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 1.9/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.0/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.0/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.0/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.0/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.0/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.0/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.1/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.1/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.1/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.1/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.1/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.1/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.2/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.2/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar (4.6 kB at 13 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_annotations/2.3.4/error_prone_annotations-2.3.4.jar Progress (3): 2.2/2.6 MB | 20 kB | 2.2 kB Progress (3): 2.2/2.6 MB | 20 kB | 2.2 kB Progress (3): 2.2/2.6 MB | 20 kB | 2.2 kB Progress (3): 2.2/2.6 MB | 20 kB | 2.2 kB Progress (3): 2.3/2.6 MB | 20 kB | 2.2 kB Progress (3): 2.3/2.6 MB | 20 kB | 2.2 kB Progress (3): 2.3/2.6 MB | 20 kB | 2.2 kB Progress (3): 2.3/2.6 MB | 20 kB | 2.2 kB Progress (3): 2.3/2.6 MB | 20 kB | 2.2 kB Progress (3): 2.3/2.6 MB | 20 kB | 2.2 kB Progress (3): 2.4/2.6 MB | 20 kB | 2.2 kB Progress (3): 2.4/2.6 MB | 20 kB | 2.2 kB Progress (3): 2.4/2.6 MB | 20 kB | 2.2 kB Progress (3): 2.4/2.6 MB | 20 kB | 2.2 kB Progress (3): 2.4/2.6 MB | 20 kB | 2.2 kB Progress (3): 2.4/2.6 MB | 20 kB | 2.2 kB Progress (3): 2.5/2.6 MB | 20 kB | 2.2 kB Progress (3): 2.5/2.6 MB | 20 kB | 2.2 kB Progress (3): 2.5/2.6 MB | 20 kB | 2.2 kB Progress (3): 2.5/2.6 MB | 20 kB | 2.2 kB Progress (3): 2.5/2.6 MB | 20 kB | 2.2 kB Progress (3): 2.5/2.6 MB | 20 kB | 2.2 kB Progress (3): 2.5/2.6 MB | 20 kB | 2.2 kB Progress (3): 2.6/2.6 MB | 20 kB | 2.2 kB Progress (3): 2.6/2.6 MB | 20 kB | 2.2 kB Progress (3): 2.6/2.6 MB | 20 kB | 2.2 kB Progress (3): 2.6/2.6 MB | 20 kB | 2.2 kB Progress (3): 2.6 MB | 20 kB | 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar (2.2 kB at 6.0 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.jar Progress (3): 2.6 MB | 20 kB | 4.1/5.9 kB Progress (3): 2.6 MB | 20 kB | 5.9 kB Progress (4): 2.6 MB | 20 kB | 5.9 kB | 4.1/14 kB Progress (4): 2.6 MB | 20 kB | 5.9 kB | 7.7/14 kB Progress (4): 2.6 MB | 20 kB | 5.9 kB | 12/14 kB Progress (4): 2.6 MB | 20 kB | 5.9 kB | 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar (20 kB at 54 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.7/commons-lang3-3.7.jar Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/guava/28.2-android/guava-28.2-android.jar (2.6 MB at 6.9 MB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.jar (5.9 kB at 15 kB/s) Progress (2): 14 kB | 4.1/8.8 kB Progress (2): 14 kB | 7.7/8.8 kB Progress (2): 14 kB | 8.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_annotations/2.3.4/error_prone_annotations-2.3.4.jar (14 kB at 36 kB/s) Progress (2): 8.8 kB | 4.1/500 kB Progress (2): 8.8 kB | 7.7/500 kB Progress (2): 8.8 kB | 12/500 kB Progress (2): 8.8 kB | 16/500 kB Progress (2): 8.8 kB | 20/500 kB Progress (2): 8.8 kB | 24/500 kB Progress (2): 8.8 kB | 28/500 kB Progress (2): 8.8 kB | 32/500 kB Progress (2): 8.8 kB | 36/500 kB Progress (2): 8.8 kB | 40/500 kB Progress (2): 8.8 kB | 45/500 kB Progress (2): 8.8 kB | 49/500 kB Progress (2): 8.8 kB | 53/500 kB Progress (2): 8.8 kB | 57/500 kB Progress (2): 8.8 kB | 61/500 kB Progress (2): 8.8 kB | 65/500 kB Progress (2): 8.8 kB | 69/500 kB Progress (2): 8.8 kB | 73/500 kB Progress (2): 8.8 kB | 77/500 kB Progress (2): 8.8 kB | 81/500 kB Progress (2): 8.8 kB | 86/500 kB Progress (2): 8.8 kB | 90/500 kB Progress (2): 8.8 kB | 94/500 kB Progress (2): 8.8 kB | 98/500 kB Progress (2): 8.8 kB | 102/500 kB Progress (2): 8.8 kB | 106/500 kB Progress (2): 8.8 kB | 110/500 kB Progress (2): 8.8 kB | 114/500 kB Progress (2): 8.8 kB | 118/500 kB Progress (2): 8.8 kB | 122/500 kB Progress (2): 8.8 kB | 126/500 kB Progress (2): 8.8 kB | 131/500 kB Progress (2): 8.8 kB | 135/500 kB Progress (2): 8.8 kB | 139/500 kB Progress (2): 8.8 kB | 143/500 kB Progress (2): 8.8 kB | 147/500 kB Progress (2): 8.8 kB | 151/500 kB Progress (2): 8.8 kB | 155/500 kB Progress (2): 8.8 kB | 159/500 kB Progress (2): 8.8 kB | 163/500 kB Progress (2): 8.8 kB | 167/500 kB Progress (2): 8.8 kB | 172/500 kB Progress (2): 8.8 kB | 176/500 kB Progress (2): 8.8 kB | 180/500 kB Progress (2): 8.8 kB | 184/500 kB Progress (2): 8.8 kB | 188/500 kB Progress (2): 8.8 kB | 192/500 kB Progress (2): 8.8 kB | 196/500 kB Progress (2): 8.8 kB | 200/500 kB Progress (2): 8.8 kB | 204/500 kB Progress (2): 8.8 kB | 208/500 kB Progress (2): 8.8 kB | 213/500 kB Progress (2): 8.8 kB | 217/500 kB Progress (2): 8.8 kB | 221/500 kB Progress (2): 8.8 kB | 225/500 kB Progress (2): 8.8 kB | 229/500 kB Progress (2): 8.8 kB | 233/500 kB Progress (2): 8.8 kB | 237/500 kB Progress (2): 8.8 kB | 241/500 kB Progress (2): 8.8 kB | 245/500 kB Progress (2): 8.8 kB | 249/500 kB Progress (2): 8.8 kB | 253/500 kB Progress (2): 8.8 kB | 258/500 kB Progress (2): 8.8 kB | 262/500 kB Progress (2): 8.8 kB | 266/500 kB Progress (2): 8.8 kB | 270/500 kB Progress (2): 8.8 kB | 274/500 kB Progress (2): 8.8 kB | 278/500 kB Progress (2): 8.8 kB | 282/500 kB Progress (2): 8.8 kB | 286/500 kB Progress (2): 8.8 kB | 290/500 kB Progress (2): 8.8 kB | 294/500 kB Progress (2): 8.8 kB | 299/500 kB Progress (2): 8.8 kB | 303/500 kB Progress (2): 8.8 kB | 307/500 kB Progress (2): 8.8 kB | 311/500 kB Progress (2): 8.8 kB | 315/500 kB Progress (2): 8.8 kB | 319/500 kB Progress (2): 8.8 kB | 323/500 kB Progress (2): 8.8 kB | 327/500 kB Progress (2): 8.8 kB | 331/500 kB Progress (2): 8.8 kB | 335/500 kB Progress (2): 8.8 kB | 339/500 kB Progress (2): 8.8 kB | 344/500 kB Progress (2): 8.8 kB | 348/500 kB Progress (2): 8.8 kB | 352/500 kB Progress (2): 8.8 kB | 356/500 kB Progress (2): 8.8 kB | 360/500 kB Progress (2): 8.8 kB | 364/500 kB Progress (2): 8.8 kB | 368/500 kB Progress (2): 8.8 kB | 372/500 kB Progress (2): 8.8 kB | 376/500 kB Progress (2): 8.8 kB | 380/500 kB Progress (2): 8.8 kB | 385/500 kB Progress (2): 8.8 kB | 389/500 kB Progress (2): 8.8 kB | 393/500 kB Progress (2): 8.8 kB | 397/500 kB Progress (2): 8.8 kB | 401/500 kB Progress (2): 8.8 kB | 405/500 kB Progress (2): 8.8 kB | 409/500 kB Progress (2): 8.8 kB | 413/500 kB Progress (2): 8.8 kB | 417/500 kB Progress (2): 8.8 kB | 421/500 kB Progress (2): 8.8 kB | 426/500 kB Progress (2): 8.8 kB | 430/500 kB Progress (2): 8.8 kB | 434/500 kB Progress (2): 8.8 kB | 438/500 kB Progress (2): 8.8 kB | 442/500 kB Progress (2): 8.8 kB | 446/500 kB Progress (2): 8.8 kB | 450/500 kB Progress (2): 8.8 kB | 454/500 kB Progress (2): 8.8 kB | 458/500 kB Progress (2): 8.8 kB | 462/500 kB Progress (2): 8.8 kB | 466/500 kB Progress (2): 8.8 kB | 471/500 kB Progress (2): 8.8 kB | 475/500 kB Progress (2): 8.8 kB | 479/500 kB Progress (2): 8.8 kB | 481/500 kB Progress (2): 8.8 kB | 486/500 kB Progress (2): 8.8 kB | 490/500 kB Progress (2): 8.8 kB | 494/500 kB Progress (2): 8.8 kB | 498/500 kB Progress (2): 8.8 kB | 500 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.jar (8.8 kB at 22 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.7/commons-lang3-3.7.jar (500 kB at 1.2 MB/s) [INFO] Including io.github.stuartwdouglas.hacbs-test.simple:simple-jdk17:jar:0.1.2 in the shaded jar. [INFO] Including io.github.stuartwdouglas.hacbs-test.shaded:shaded-jdk11:jar:1.9 in the shaded jar. [INFO] Including io.github.stuartwdouglas.hacbs-test.simple:simple-jdk8:jar:1.2.4 in the shaded jar. [INFO] Including io.github.stuartwdouglas.hacbs-test.gradle:hacbs-test-simple-gradle-jdk8:jar:1.1 in the shaded jar. [WARNING] hacbs-test-simple-gradle-jdk8-1.1.jar, hacbs-test.jar, shaded-jdk11-1.9.jar, simple-jdk17-0.1.2.jar, simple-jdk8-1.2.4.jar define 1 overlapping resource: [WARNING] - META-INF/MANIFEST.MF [WARNING] shaded-jdk11-1.9.jar, simple-jdk8-1.2.4.jar define 3 overlapping classes and resources: [WARNING] - META-INF/maven/io.github.stuartwdouglas.hacbs-test.simple/simple-jdk8/pom.properties [WARNING] - META-INF/maven/io.github.stuartwdouglas.hacbs-test.simple/simple-jdk8/pom.xml [WARNING] - io.github.stuartwdouglas.hacbstest.simple.simplejdk8.Placeholder [WARNING] maven-shade-plugin has detected that some class files are [WARNING] present in two or more JARs. When this happens, only one [WARNING] single version of the class is copied to the uber jar. [WARNING] Usually this is not harmful and you can skip these warnings, [WARNING] otherwise try to manually exclude artifacts based on [WARNING] mvn dependency:tree -Ddetail=true and the above output. [WARNING] See http://maven.apache.org/plugins/maven-shade-plugin/ [INFO] Replacing original artifact with shaded artifact. [INFO] Replacing /work/target/hacbs-test.jar with /work/target/simple-java-project-1.0-SNAPSHOT-shaded.jar [INFO] ------------------------------------------------------------------------ [INFO] BUILD SUCCESS [INFO] ------------------------------------------------------------------------ [INFO] Total time: 13.239 s [INFO] Finished at: 2026-05-06T07:06:37Z [INFO] ------------------------------------------------------------------------ [2/2] STEP 1/10: FROM registry.access.redhat.com/ubi8/openjdk-17-runtime:1.23 [2/2] STEP 2/10: USER 185 [2/2] STEP 3/10: WORKDIR /work/ [2/2] STEP 4/10: COPY --from=builder /work/target/hacbs-test.jar /deployments [2/2] STEP 5/10: EXPOSE 8081 [2/2] STEP 6/10: ENV AB_JOLOKIA_OFF="" [2/2] STEP 7/10: ENV JAVA_APP_JAR="/deployments/hacbs-test.jar" [2/2] STEP 8/10: COPY labels.json /usr/share/buildinfo/labels.json [2/2] STEP 9/10: COPY labels.json /root/buildinfo/labels.json [2/2] STEP 10/10: LABEL "architecture"="x86_64" "vcs-type"="git" "vcs-ref"="00775aff393ad7f166602cdc0ae09d8b098fdac5" "org.opencontainers.image.revision"="00775aff393ad7f166602cdc0ae09d8b098fdac5" "org.opencontainers.image.source"="https://github.com/redhat-appstudio-qe/hacbs-test-project-konflux-demo" "build-date"="2026-05-06T07:06:11Z" "org.opencontainers.image.created"="2026-05-06T07:06:11Z" [2/2] COMMIT quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh:00775aff393ad7f166602cdc0ae09d8b098fdac5 --> 0f97adb4a2b5 Successfully tagged quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh:00775aff393ad7f166602cdc0ae09d8b098fdac5 0f97adb4a2b5d0e83f4301cb519d9da46972843ab2541462f39833b0ed45be45 [2026-05-06T07:06:39,103236472+00:00] Unsetting proxy [2026-05-06T07:06:39,104523142+00:00] Add metadata Recording base image digests used registry.access.redhat.com/ubi8/openjdk-17:1.23 registry.access.redhat.com/ubi8/openjdk-17:1.23@sha256:6b594556530fc1f7e56ec1a798f27cfc87e328923d71a15b3a625cc0fc57618b registry.access.redhat.com/ubi8/openjdk-17-runtime:1.23 registry.access.redhat.com/ubi8/openjdk-17-runtime:1.23@sha256:d1c41a39da6dd219a2c002e604e9412ecc1d8635533da3aadfbcf4d2a6878e92 Getting image source signatures Copying blob sha256:5bd6594c895f98246729592cb36ec9c9920a4846dd674e84343b1ab8964bf471 Copying blob sha256:4fbd9e6ac35fac37ebf8cf165f41281d51056114cf97527414fa90b32b5d14d6 Copying blob sha256:5dbea8ad0b8fafeea55704769972b289a91254713435480168ce69a7d81ee19e Copying config sha256:0f97adb4a2b5d0e83f4301cb519d9da46972843ab2541462f39833b0ed45be45 Writing manifest to image destination [2026-05-06T07:06:43,265196961+00:00] End build pod: konflux-demo-component-mihh-on-push-h5kr7-build-container-pod | container step-push: [2026-05-06T07:06:43,341021939+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-05-06T07:06:45,946698267+00:00] Convert image [2026-05-06T07:06:45,947888314+00:00] Push image with unique tag Pushing to quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh:konflux-demo-component-mihh-on-push-h5kr7-build-container [retry] executing: buildah push --format=docker --retry 3 --tls-verify=true quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh:00775aff393ad7f166602cdc0ae09d8b098fdac5 docker://quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh:konflux-demo-component-mihh-on-push-h5kr7-build-container Getting image source signatures Copying blob sha256:5bd6594c895f98246729592cb36ec9c9920a4846dd674e84343b1ab8964bf471 Copying blob sha256:4fbd9e6ac35fac37ebf8cf165f41281d51056114cf97527414fa90b32b5d14d6 Copying blob sha256:5dbea8ad0b8fafeea55704769972b289a91254713435480168ce69a7d81ee19e Copying config sha256:0f97adb4a2b5d0e83f4301cb519d9da46972843ab2541462f39833b0ed45be45 Writing manifest to image destination [2026-05-06T07:07:49,847059522+00:00] Push image with git revision Pushing to quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh:00775aff393ad7f166602cdc0ae09d8b098fdac5 [retry] executing: buildah push --format=docker --retry 3 --tls-verify=true --digestfile /var/workdir/image-digest quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh:00775aff393ad7f166602cdc0ae09d8b098fdac5 docker://quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh:00775aff393ad7f166602cdc0ae09d8b098fdac5 Getting image source signatures Copying blob sha256:5bd6594c895f98246729592cb36ec9c9920a4846dd674e84343b1ab8964bf471 Copying blob sha256:4fbd9e6ac35fac37ebf8cf165f41281d51056114cf97527414fa90b32b5d14d6 Copying blob sha256:5dbea8ad0b8fafeea55704769972b289a91254713435480168ce69a7d81ee19e Copying config sha256:0f97adb4a2b5d0e83f4301cb519d9da46972843ab2541462f39833b0ed45be45 Writing manifest to image destination sha256:853c6d340b1a68458402543a8ae375a9546ffc35dc8d00ad1d5811b792b4452cquay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh:00775aff393ad7f166602cdc0ae09d8b098fdac5 [retry] executing: kubectl get configmap cluster-config -n konflux-info -o json Keyless signing is disabled (none of rekorInternalUrl, fulcioInternalUrl, defaultOIDCIssuer, tufInternalUrl are configured in the konflux-info/cluster-config configmap) [2026-05-06T07:07:50,617767349+00:00] End push pod: konflux-demo-component-mihh-on-push-h5kr7-build-container-pod | container step-sbom-syft-generate: [2026-05-06T07:07:51,465345399+00:00] Generate SBOM Running syft on the image Running syft on the source code [0000] WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal) [2026-05-06T07:08:01,231709537+00:00] End sbom-syft-generate pod: konflux-demo-component-mihh-on-push-h5kr7-build-container-pod | container step-prepare-sboms: [2026-05-06T07:08:01,645415089+00:00] Prepare SBOM [2026-05-06T07:08:01,649840484+00:00] Generate SBOM with mobster Skipping SBOM validation 2026-05-06 07:08:02,988 [INFO] mobster.log: Logging level set to 20 2026-05-06 07:08:03,141 [INFO] mobster.oci: Fetching manifest for registry.access.redhat.com/ubi8/openjdk-17-runtime@sha256:d1c41a39da6dd219a2c002e604e9412ecc1d8635533da3aadfbcf4d2a6878e92 2026-05-06 07:08:03,758 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type spdxjson failed for registry.access.redhat.com/ubi8/openjdk-17-runtime@sha256:afcb4b2ab317e980bff127ff13e046c2a485f3eaaee0e82896c66fdd5be54988 with output b"Error: no attestations with predicate type 'https://spdx.dev/Document' found\nerror during command execution: no attestations with predicate type 'https://spdx.dev/Document' found\n" 2026-05-06 07:08:03,951 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type cyclonedx failed for registry.access.redhat.com/ubi8/openjdk-17-runtime@sha256:afcb4b2ab317e980bff127ff13e046c2a485f3eaaee0e82896c66fdd5be54988 with output b"Error: no attestations with predicate type 'https://cyclonedx.org/bom' found\nerror during command execution: no attestations with predicate type 'https://cyclonedx.org/bom' found\n" 2026-05-06 07:08:04,375 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type spdxjson failed for registry.access.redhat.com/ubi8/openjdk-17-runtime@sha256:afcb4b2ab317e980bff127ff13e046c2a485f3eaaee0e82896c66fdd5be54988 with output b"Error: no attestations with predicate type 'https://spdx.dev/Document' found\nerror during command execution: no attestations with predicate type 'https://spdx.dev/Document' found\n" 2026-05-06 07:08:04,616 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type cyclonedx failed for registry.access.redhat.com/ubi8/openjdk-17-runtime@sha256:afcb4b2ab317e980bff127ff13e046c2a485f3eaaee0e82896c66fdd5be54988 with output b"Error: no attestations with predicate type 'https://cyclonedx.org/bom' found\nerror during command execution: no attestations with predicate type 'https://cyclonedx.org/bom' found\n" 2026-05-06 07:08:05,031 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type spdxjson failed for registry.access.redhat.com/ubi8/openjdk-17-runtime@sha256:afcb4b2ab317e980bff127ff13e046c2a485f3eaaee0e82896c66fdd5be54988 with output b"Error: no attestations with predicate type 'https://spdx.dev/Document' found\nerror during command execution: no attestations with predicate type 'https://spdx.dev/Document' found\n" 2026-05-06 07:08:05,228 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type cyclonedx failed for registry.access.redhat.com/ubi8/openjdk-17-runtime@sha256:afcb4b2ab317e980bff127ff13e046c2a485f3eaaee0e82896c66fdd5be54988 with output b"Error: no attestations with predicate type 'https://cyclonedx.org/bom' found\nerror during command execution: no attestations with predicate type 'https://cyclonedx.org/bom' found\n" 2026-05-06 07:08:05,626 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type spdxjson failed for registry.access.redhat.com/ubi8/openjdk-17-runtime@sha256:afcb4b2ab317e980bff127ff13e046c2a485f3eaaee0e82896c66fdd5be54988 with output b"Error: no attestations with predicate type 'https://spdx.dev/Document' found\nerror during command execution: no attestations with predicate type 'https://spdx.dev/Document' found\n" 2026-05-06 07:08:05,845 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type cyclonedx failed for registry.access.redhat.com/ubi8/openjdk-17-runtime@sha256:afcb4b2ab317e980bff127ff13e046c2a485f3eaaee0e82896c66fdd5be54988 with output b"Error: no attestations with predicate type 'https://cyclonedx.org/bom' found\nerror during command execution: no attestations with predicate type 'https://cyclonedx.org/bom' found\n" 2026-05-06 07:08:05,846 [INFO] mobster.cmd.generate.oci_image.contextual_sbom.contextualize: Contextual mechanism won't be used, there is no parent image SBOM. 2026-05-06 07:08:05,846 [INFO] mobster.cmd.generate.oci_image: Contextual SBOM workflow finished successfully. 2026-05-06 07:08:05,846 [INFO] mobster.log: Contextual workflow completed in 2.73s 2026-05-06 07:08:05,880 [INFO] mobster.main: Exiting with code 0. [2026-05-06T07:08:05,944260486+00:00] End prepare-sboms pod: konflux-demo-component-mihh-on-push-h5kr7-build-container-pod | container step-upload-sbom: [2026-05-06T07:08:06,715850507+00:00] Upload SBOM INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' Using token for quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh Pushing sbom to registry [retry] executing: cosign attach sbom --sbom sbom.json --type spdx quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh:00775aff393ad7f166602cdc0ae09d8b098fdac5@sha256:853c6d340b1a68458402543a8ae375a9546ffc35dc8d00ad1d5811b792b4452c WARNING: SBOM attachments are deprecated and support will be removed in a Cosign release soon after 2024-02-22 (see https://github.com/sigstore/cosign/issues/2755). Instead, please use SBOM attestations. WARNING: Attaching SBOMs this way does not sign them. To sign them, use 'cosign attest --predicate sbom.json --key <key path>'. Uploading SBOM file for [quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh@sha256:853c6d340b1a68458402543a8ae375a9546ffc35dc8d00ad1d5811b792b4452c] to [quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh:sha256-853c6d340b1a68458402543a8ae375a9546ffc35dc8d00ad1d5811b792b4452c.sbom] with mediaType [text/spdx+json]. quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh@sha256:e61c77c1eb39a2188e61c7d35f884996119017d9789f14df993e8f4a726e234b [2026-05-06T07:08:10,627032776+00:00] End upload-sbom pod: konflux-demo-component-mihh-on-push-h5kr7-build-image-index-pod | init container: prepare 2026/05/06 07:08:27 Entrypoint initialization pod: konflux-demo-component-mihh-on-push-h5kr7-build-image-index-pod | init container: place-scripts 2026/05/06 07:08:28 Decoded script /tekton/scripts/script-0-wlkw4 2026/05/06 07:08:28 Decoded script /tekton/scripts/script-1-wq75v 2026/05/06 07:08:29 Decoded script /tekton/scripts/script-2-wzh8b pod: konflux-demo-component-mihh-on-push-h5kr7-build-image-index-pod | container step-build: [2026-05-06T07:08:48,179153692+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' Running konflux-build-cli time="2026-05-06T07:08:50Z" level=info msg="[param] image: quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh:00775aff393ad7f166602cdc0ae09d8b098fdac5" time="2026-05-06T07:08:50Z" level=info msg="[param] images: [quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh:00775aff393ad7f166602cdc0ae09d8b098fdac5@sha256:853c6d340b1a68458402543a8ae375a9546ffc35dc8d00ad1d5811b792b4452c]" time="2026-05-06T07:08:50Z" level=info msg="[param] buildah-format: docker" time="2026-05-06T07:08:50Z" level=info msg="[param] always-build-index: false" time="2026-05-06T07:08:50Z" level=info msg="[param] additional-tags: [konflux-demo-component-mihh-on-push-h5kr7-build-image-index]" time="2026-05-06T07:08:50Z" level=info msg="[param] output-manifest-path: /index-build-data/manifest_data.json" time="2026-05-06T07:08:50Z" level=info msg="[param] result-path-image-digest: /tekton/results/IMAGE_DIGEST" time="2026-05-06T07:08:50Z" level=info msg="[param] result-path-image-url: /tekton/results/IMAGE_URL" time="2026-05-06T07:08:50Z" level=info msg="[param] result-path-image-ref: /tekton/results/IMAGE_REF" time="2026-05-06T07:08:50Z" level=info msg="[param] result-path-images: /tekton/results/IMAGES" time="2026-05-06T07:08:50Z" level=info msg="Creating manifest list: quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh:00775aff393ad7f166602cdc0ae09d8b098fdac5" time="2026-05-06T07:08:50Z" level=info msg="buildah [stdout] 8601f17bc57b192958784626b24d73bcf1caf289f3b95fb144e50200e5e77e5a" logger=CliExecutor time="2026-05-06T07:08:50Z" level=info msg="Skipping image index generation. Returning results for single image." {"image_digest":"sha256:853c6d340b1a68458402543a8ae375a9546ffc35dc8d00ad1d5811b792b4452c","image_url":"quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh:00775aff393ad7f166602cdc0ae09d8b098fdac5","image_ref":"quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh@sha256:853c6d340b1a68458402543a8ae375a9546ffc35dc8d00ad1d5811b792b4452c","images":"quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh@sha256:853c6d340b1a68458402543a8ae375a9546ffc35dc8d00ad1d5811b792b4452c"} pod: konflux-demo-component-mihh-on-push-h5kr7-build-image-index-pod | container step-create-sbom: The manifest_data.json file does not exist. Skipping the SBOM creation... pod: konflux-demo-component-mihh-on-push-h5kr7-build-image-index-pod | container step-upload-sbom: [2026-05-06T07:08:51,670196227+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' The index.spdx.json file does not exists. Skipping the SBOM upload... pod: konflux-demo-component-mihh-on-push-h5kr7-clamav-scan-pod | init container: prepare 2026/05/06 07:10:03 Entrypoint initialization pod: konflux-demo-component-mihh-on-push-h5kr7-clamav-scan-pod | init container: place-scripts 2026/05/06 07:10:04 Decoded script /tekton/scripts/script-0-rp5n9 2026/05/06 07:10:04 Decoded script /tekton/scripts/script-1-ml5kw pod: konflux-demo-component-mihh-on-push-h5kr7-clamav-scan-pod | container step-extract-and-scan-image: Starting clamd ... clamd is ready! Detecting artifact type for quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh@sha256:853c6d340b1a68458402543a8ae375a9546ffc35dc8d00ad1d5811b792b4452c. Detected container image. Processing image manifests. Running "oc image extract" on image of arch amd64 Scanning image for arch amd64. This operation may take a while. ----------- SCAN SUMMARY ----------- Infected files: 0 Time: 46.670 sec (0 m 46 s) Start Date: 2026:05:06 07:10:21 End Date: 2026:05:06 07:11:08 Executed-on: Scan was executed on clamsdcan version - ClamAV 1.4.3/27992/Tue May 5 06:26:41 2026 Database version: 27992 [ { "filename": "/work/logs/clamscan-result-log-amd64.json", "namespace": "required_checks", "successes": 2 } ] {"timestamp":"1778051468","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1778051468","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1778051468","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh:00775aff393ad7f166602cdc0ae09d8b098fdac5", "digests": ["sha256:853c6d340b1a68458402543a8ae375a9546ffc35dc8d00ad1d5811b792b4452c"]}} pod: konflux-demo-component-mihh-on-push-h5kr7-clamav-scan-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh Attaching to quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh:00775aff393ad7f166602cdc0ae09d8b098fdac5 Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/vnd.clamav quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh:00775aff393ad7f166602cdc0ae09d8b098fdac5@sha256:853c6d340b1a68458402543a8ae375a9546ffc35dc8d00ad1d5811b792b4452c clamscan-result-amd64.log:text/vnd.clamav clamscan-ec-test-amd64.json:application/vnd.konflux.test_output+json Preparing clamscan-result-amd64.log Preparing clamscan-ec-test-amd64.json Uploading d6196719fa5f clamscan-ec-test-amd64.json Uploading e49181513e9d clamscan-result-amd64.log Exists 44136fa355b3 application/vnd.oci.empty.v1+json Uploaded e49181513e9d clamscan-result-amd64.log Uploaded d6196719fa5f clamscan-ec-test-amd64.json Uploading b4e583f75d19 application/vnd.oci.image.manifest.v1+json Uploaded b4e583f75d19 application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh:00775aff393ad7f166602cdc0ae09d8b098fdac5@sha256:853c6d340b1a68458402543a8ae375a9546ffc35dc8d00ad1d5811b792b4452c Digest: sha256:b4e583f75d19cb0074cdf6ebb6cc60839aa4d412659078ad80d5ed55c49d46f1 pod: konflux-demo-component-mihh-on-push-h5kr7-clone-repository-pod | init container: prepare 2026/05/06 07:05:35 Entrypoint initialization pod: konflux-demo-component-mihh-on-push-h5kr7-clone-repository-pod | init container: place-scripts 2026/05/06 07:05:36 Decoded script /tekton/scripts/script-0-d95vt 2026/05/06 07:05:36 Decoded script /tekton/scripts/script-1-z57gn pod: konflux-demo-component-mihh-on-push-h5kr7-clone-repository-pod | container step-clone: INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt {"level":"info","ts":1778051141.9047983,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1778051142.1439512,"caller":"git/git.go:223","msg":"Successfully cloned https://github.com/redhat-appstudio-qe/hacbs-test-project-konflux-demo @ 00775aff393ad7f166602cdc0ae09d8b098fdac5 (grafted, HEAD) in path /var/workdir/source"} {"level":"info","ts":1778051142.1440122,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1778051142.176169,"caller":"git/git.go:277","msg":"Successfully initialized and updated submodules in path /var/workdir/source"} Merge option disabled. Using checked-out revision 00775aff393ad7f166602cdc0ae09d8b098fdac5 directly. pod: konflux-demo-component-mihh-on-push-h5kr7-clone-repository-pod | container step-symlink-check: Running symlink check pod: konflux-demo-component-mihh-on-push-h5kr7-clone-repository-pod | container step-create-trusted-artifact: Prepared artifact from /var/workdir/source (sha256:d00067650ac6c5dc7b74ea544d566868d34e69d3841c5e8c02d1c8059c59e73b) Using token for quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh Executing: oras push --registry-config /tmp/create-oci.sh.8JPrDA/auth-RcmVaF.json quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh:00775aff393ad7f166602cdc0ae09d8b098fdac5.git SOURCE_ARTIFACT Uploading d00067650ac6 SOURCE_ARTIFACT Uploaded d00067650ac6 SOURCE_ARTIFACT Pushed [registry] quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh:00775aff393ad7f166602cdc0ae09d8b098fdac5.git ArtifactType: application/vnd.unknown.artifact.v1 Digest: sha256:04d1d547249ce68f9c6a0102cfce064cfc3adbf078717a1eef0aa2497a8d1697 Artifacts created pod: konflux-demo-component-mihh-on-push-h5kr7-init-pod | init container: prepare 2026/05/06 07:04:57 Entrypoint initialization pod: konflux-demo-component-mihh-on-push-h5kr7-init-pod | container step-init: time="2026-05-06T07:05:00Z" level=info msg="[param] enable: false" time="2026-05-06T07:05:00Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-05-06T07:05:00Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-05-06T07:05:00Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-05-06T07:05:00Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-05-06T07:05:00Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-05-06T07:05:00Z" level=info msg="Cache proxy is disabled via param" time="2026-05-06T07:05:00Z" level=info msg="[result] HTTP PROXY: " time="2026-05-06T07:05:00Z" level=info msg="[result] NO PROXY: " pod: konflux-demo-component-mihh-on-push-h5kr7-push-dockerfile-pod | init container: prepare 2026/05/06 07:09:44 Entrypoint initialization pod: konflux-demo-component-mihh-on-push-h5kr7-push-dockerfile-pod | container step-use-trusted-artifact: Using token for quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh Executing: oras blob fetch --registry-config /tmp/use-oci.sh.bQVxMx/auth-moUSua.json quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh@sha256:d00067650ac6c5dc7b74ea544d566868d34e69d3841c5e8c02d1c8059c59e73b --output - Restored artifact quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh@sha256:d00067650ac6c5dc7b74ea544d566868d34e69d3841c5e8c02d1c8059c59e73b to /var/workdir/source pod: konflux-demo-component-mihh-on-push-h5kr7-push-dockerfile-pod | container step-push: time="2026-05-06T07:09:49Z" level=info msg="[param] image-url: quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh:00775aff393ad7f166602cdc0ae09d8b098fdac5" time="2026-05-06T07:09:49Z" level=info msg="[param] image-digest: sha256:853c6d340b1a68458402543a8ae375a9546ffc35dc8d00ad1d5811b792b4452c" time="2026-05-06T07:09:49Z" level=info msg="[param] containerfile: Dockerfile" time="2026-05-06T07:09:49Z" level=info msg="[param] context: ." time="2026-05-06T07:09:49Z" level=info msg="[param] tag-suffix: .dockerfile" time="2026-05-06T07:09:49Z" level=info msg="[param] artifact-type: application/vnd.konflux.dockerfile" time="2026-05-06T07:09:49Z" level=info msg="[param] source: source" time="2026-05-06T07:09:49Z" level=info msg="[param] result-path-image-ref: /tekton/results/IMAGE_REF" time="2026-05-06T07:09:49Z" level=info msg="[param] alternative-filename: Dockerfile" time="2026-05-06T07:09:51Z" level=info msg="oras [stdout] quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh@sha256:97e49e871510d771d30db3418032e7ebac33999316880de264175bed0bcc6322" logger=CliExecutor time="2026-05-06T07:09:51Z" level=info msg="Containerfile '/var/workdir/source/Dockerfile' is pushed to registry with tag: sha256-853c6d340b1a68458402543a8ae375a9546ffc35dc8d00ad1d5811b792b4452c.dockerfile" {"image_ref":"quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh@sha256:97e49e871510d771d30db3418032e7ebac33999316880de264175bed0bcc6322"} pod: konflux-demo-component-mihh-on-push-h5kr7-sast-shell-check-pod | init container: prepare 2026/05/06 07:10:13 Entrypoint initialization pod: konflux-demo-component-mihh-on-push-h5kr7-sast-shell-check-pod | init container: place-scripts 2026/05/06 07:10:14 Decoded script /tekton/scripts/script-1-8l9kb 2026/05/06 07:10:14 Decoded script /tekton/scripts/script-2-5stm8 pod: konflux-demo-component-mihh-on-push-h5kr7-sast-shell-check-pod | container step-use-trusted-artifact: Using token for quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh Executing: oras blob fetch --registry-config /tmp/use-oci.sh.5I27IM/auth-sPr3Xf.json quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh@sha256:d00067650ac6c5dc7b74ea544d566868d34e69d3841c5e8c02d1c8059c59e73b --output - Restored artifact quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh@sha256:d00067650ac6c5dc7b74ea544d566868d34e69d3841c5e8c02d1c8059c59e73b to /var/workdir/source WARN: artifact URI not provided, (given: =/var/workdir/cachi2) pod: konflux-demo-component-mihh-on-push-h5kr7-sast-shell-check-pod | container step-sast-shell-check: + source /utils.sh ++ OPM_RENDER_CACHE=/tmp/konflux-test-opm-cache ++ DEFAULT_INDEX_IMAGE=registry.redhat.io/redhat/redhat-operator-index + trap 'handle_error /tekton/results/TEST_OUTPUT' EXIT + [[ -z '' ]] + PROJECT_NAME=konflux-demo-component-mihh + echo 'INFO: The PROJECT_NAME used is: konflux-demo-component-mihh' INFO: The PROJECT_NAME used is: konflux-demo-component-mihh + ca_bundle=/mnt/trusted-ca/ca-bundle.crt + '[' -f /mnt/trusted-ca/ca-bundle.crt ']' INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt + echo 'INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt' + cp -vf /mnt/trusted-ca/ca-bundle.crt /etc/pki/ca-trust/source/anchors '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' + update-ca-trust ++ rpm -q --queryformat '%{NAME}-%{VERSION}-%{RELEASE}\n' ShellCheck + PACKAGE_VERSION=ShellCheck-0.10.0-3.el9 + OUTPUT_FILE=shellcheck-results.json + SOURCE_CODE_DIR=/var/workdir/source + declare -a ALL_TARGETS + IFS=, + read -ra TARGET_ARRAY + for d in "${TARGET_ARRAY[@]}" + potential_path=/var/workdir/source/. ++ realpath -m /var/workdir/source/. + resolved_path=/var/workdir/source + [[ /var/workdir/source == \/\v\a\r\/\w\o\r\k\d\i\r\/\s\o\u\r\c\e* ]] + ALL_TARGETS+=("$resolved_path") + '[' -z '' ']' + '[' -r /sys/fs/cgroup/cpu.max ']' + read -r quota period + '[' 800000 '!=' max ']' + '[' -n 100000 ']' + '[' 100000 -gt 0 ']' + export SC_JOBS=8 + SC_JOBS=8 + echo 'INFO: Setting SC_JOBS=8 based on cgroups v2 max for run-shellcheck.sh' INFO: Setting SC_JOBS=8 based on cgroups v2 max for run-shellcheck.sh + /usr/share/csmock/scripts/run-shellcheck.sh /var/workdir/source Looking for shell scripts................ done + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/applypatch-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/commit-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/post-update.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/prepare-commit-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/pre-applypatch.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/pre-commit.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/pre-merge-commit.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/pre-push.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/pre-rebase.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/pre-receive.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/push-to-checkout.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/sendemail-validate.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/update.sample + CSGREP_OPTS=(--mode=json --strip-path-prefix="$SOURCE_CODE_DIR"/ --remove-duplicates --embed-context=3 --set-scan-prop="ShellCheck:${PACKAGE_VERSION}") + [[ true == \t\r\u\e ]] + CSGREP_EVENT_FILTER='\[SC(1020|1035|1054|1066|1068|1073|1080|1083|1099|1113|1115|1127|1128|1143|2043|2050|' + CSGREP_EVENT_FILTER+='2055|2057|2066|2069|2071|2077|2078|2091|2092|2157|2171|2193|2194|2195|2215|2216|' + CSGREP_EVENT_FILTER+='2218|2224|2225|2242|2256|2258|2261)\]$' + CSGREP_OPTS+=(--event="$CSGREP_EVENT_FILTER") + csgrep --mode=json --strip-path-prefix=/var/workdir/source/ --remove-duplicates --embed-context=3 --set-scan-prop=ShellCheck:ShellCheck-0.10.0-3.el9 '--event=\[SC(1020|1035|1054|1066|1068|1073|1080|1083|1099|1113|1115|1127|1128|1143|2043|2050|2055|2057|2066|2069|2071|2077|2078|2091|2092|2157|2171|2193|2194|2195|2215|2216|2218|2224|2225|2242|2256|2258|2261)\]$' ./shellcheck-results/empty.json ./shellcheck-results/sc-105.json ./shellcheck-results/sc-112.json ./shellcheck-results/sc-115.json ./shellcheck-results/sc-123.json ./shellcheck-results/sc-71.json ./shellcheck-results/sc-74.json ./shellcheck-results/sc-75.json ./shellcheck-results/sc-76.json ./shellcheck-results/sc-78.json ./shellcheck-results/sc-82.json + [[ SITE_DEFAULT == \S\I\T\E\_\D\E\F\A\U\L\T ]] + KFP_GIT_URL=https://gitlab.cee.redhat.com/osh/known-false-positives.git + PROBE_URL=https://gitlab.cee.redhat.com/osh/known-false-positives + KFP_DIR=known-false-positives + KFP_CLONED=0 + mkdir known-false-positives + [[ -n https://gitlab.cee.redhat.com/osh/known-false-positives.git ]] + echo -n 'INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... ' INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... + curl --fail --head --max-time 60 --no-progress-meter https://gitlab.cee.redhat.com/osh/known-false-positives ++ head -1 curl: (6) Could not resolve host: gitlab.cee.redhat.com + [[ 0 -eq 0 ]] + echo 'WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered' WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered ShellCheck results have been saved to shellcheck-results.json + echo 'ShellCheck results have been saved to shellcheck-results.json' + csgrep --mode=evtstat shellcheck-results.json + csgrep --mode=sarif shellcheck-results.json + TEST_OUTPUT= + parse_test_output sast-shell-check-oci-ta sarif shellcheck-results.sarif + TEST_NAME=sast-shell-check-oci-ta + TEST_RESULT_FORMAT=sarif + TEST_RESULT_FILE=shellcheck-results.sarif + '[' -z sast-shell-check-oci-ta ']' + '[' -z sarif ']' + '[' -z shellcheck-results.sarif ']' + '[' '!' -f shellcheck-results.sarif ']' + '[' sarif = sarif ']' +++ jq -rce '(if (.runs[].results | length > 0) then "FAILURE" else "SUCCESS" end)' shellcheck-results.sarif +++ jq -rce '(.runs[].results | length)' shellcheck-results.sarif ++ make_result_json -r SUCCESS -f 0 ++ local RESULT= ++ local SUCCESSES=0 ++ local FAILURES=0 ++ local WARNINGS=0 ++ local 'NOTE=For details, check Tekton task log.' ++ local NAMESPACE=default ++ local OUTPUT ++ local OPTIND opt ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ RESULT=SUCCESS ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ FAILURES=0 ++ getopts :r:s:f:w:t:n: opt ++ shift 4 ++ '[' -z SUCCESS ']' ++ case "${RESULT}" in ++++ date -u --iso-8601=seconds +++ jq -rce --arg date 2026-05-06T07:10:19+00:00 --arg result SUCCESS --arg note 'For details, check Tekton task log.' --arg namespace default --arg successes 0 --arg failures 0 --arg warnings 0 --null-input '{ result: $result, timestamp: $date, note: $note, namespace: $namespace, successes: $successes|tonumber, failures: $failures|tonumber, warnings: $warnings|tonumber }' ++ OUTPUT='{"result":"SUCCESS","timestamp":"2026-05-06T07:10:19+00:00","note":"For details, check Tekton task log.","namespace":"default","successes":0,"failures":0,"warnings":0}' ++ echo '{"result":"SUCCESS","timestamp":"2026-05-06T07:10:19+00:00","note":"For details, check Tekton task log.","namespace":"default","successes":0,"failures":0,"warnings":0}' + TEST_OUTPUT='{"result":"SUCCESS","timestamp":"2026-05-06T07:10:19+00:00","note":"For details, check Tekton task log.","namespace":"default","successes":0,"failures":0,"warnings":0}' ++ echo '{"result":"SUCCESS","timestamp":"2026-05-06T07:10:19+00:00","note":"For details, check Tekton task log.","namespace":"default","successes":0,"failures":0,"warnings":0}' ++ jq .failures + '[' 0 -gt 0 ']' + echo '{"result":"SUCCESS","timestamp":"2026-05-06T07:10:19+00:00","note":"For details, check Tekton task log.","namespace":"default","successes":0,"failures":0,"warnings":0}' + tee /tekton/results/TEST_OUTPUT {"result":"SUCCESS","timestamp":"2026-05-06T07:10:19+00:00","note":"For details, check Tekton task log.","namespace":"default","successes":0,"failures":0,"warnings":0} + handle_error /tekton/results/TEST_OUTPUT + exit_code=0 + '[' 0 -ne 0 ']' + exit 0 pod: konflux-demo-component-mihh-on-push-h5kr7-sast-shell-check-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh Attaching to quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh:00775aff393ad7f166602cdc0ae09d8b098fdac5 Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/sarif+json quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh:00775aff393ad7f166602cdc0ae09d8b098fdac5@sha256:853c6d340b1a68458402543a8ae375a9546ffc35dc8d00ad1d5811b792b4452c shellcheck-results.sarif:application/sarif+json Preparing shellcheck-results.sarif Exists 44136fa355b3 application/vnd.oci.empty.v1+json Uploading da808faebf6f shellcheck-results.sarif Uploaded da808faebf6f shellcheck-results.sarif Uploading 1c76d7c694da application/vnd.oci.image.manifest.v1+json Uploaded 1c76d7c694da application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh:00775aff393ad7f166602cdc0ae09d8b098fdac5@sha256:853c6d340b1a68458402543a8ae375a9546ffc35dc8d00ad1d5811b792b4452c Digest: sha256:1c76d7c694da636e54b6795b0ae143048df9e69d936c53158d5ee43a49687ec2 No excluded-findings.json exists. Skipping upload. pod: konflux-demo-component-mihh-on-push-h5kr7-sast-snyk-check-pod | init container: prepare 2026/05/06 07:09:53 Entrypoint initialization pod: konflux-demo-component-mihh-on-push-h5kr7-sast-snyk-check-pod | init container: place-scripts 2026/05/06 07:09:54 Decoded script /tekton/scripts/script-1-sr985 2026/05/06 07:09:54 Decoded script /tekton/scripts/script-2-sqwmt pod: konflux-demo-component-mihh-on-push-h5kr7-sast-snyk-check-pod | container step-use-trusted-artifact: Using token for quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh Executing: oras blob fetch --registry-config /tmp/use-oci.sh.kOE8WM/auth-i4SPG0.json quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh@sha256:d00067650ac6c5dc7b74ea544d566868d34e69d3841c5e8c02d1c8059c59e73b --output - Restored artifact quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh@sha256:d00067650ac6c5dc7b74ea544d566868d34e69d3841c5e8c02d1c8059c59e73b to /var/workdir/source WARN: artifact URI not provided, (given: =/var/workdir/cachi2) pod: konflux-demo-component-mihh-on-push-h5kr7-sast-snyk-check-pod | container step-sast-snyk-check: INFO: The PROJECT_NAME used is: konflux-demo-component-mihh INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' {"result":"SKIPPED","timestamp":"2026-05-06T07:09:59+00:00","note":"Task sast-snyk-check-oci-ta skipped: If you wish to use the Snyk code SAST task, please create a secret name snyk-secret with the key 'snyk_token' containing the Snyk token by following the steps given [here](https://konflux-ci.dev/docs/testing/build/snyk/)","namespace":"default","successes":0,"failures":0,"warnings":0} pod: konflux-demo-component-mihh-on-push-h5kr7-sast-snyk-check-pod | container step-upload: No sast_snyk_check_out.sarif exists. Skipping upload. No excluded-findings.json exists. Skipping upload. pod: konflux-demo-component-mihh1d79807a9c83a866c5958d80cb9b3f81-pod | init container: prepare 2026/05/06 07:09:40 Entrypoint initialization pod: konflux-demo-component-mihh1d79807a9c83a866c5958d80cb9b3f81-pod | init container: place-scripts 2026/05/06 07:09:41 Decoded script /tekton/scripts/script-0-m855p 2026/05/06 07:09:41 Decoded script /tekton/scripts/script-1-zkckj 2026/05/06 07:09:41 Decoded script /tekton/scripts/script-2-hjbtq 2026/05/06 07:09:41 Decoded script /tekton/scripts/script-3-c9fwp 2026/05/06 07:09:41 Decoded script /tekton/scripts/script-4-q27hx 2026/05/06 07:09:41 Decoded script /tekton/scripts/script-5-dbq4s pod: konflux-demo-component-mihh1d79807a9c83a866c5958d80cb9b3f81-pod | container step-introspect: Artifact type will be determined by introspection. Checking the media type of the OCI artifact... [retry] executing: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh:00775aff393ad7f166602cdc0ae09d8b098fdac5 The media type of the OCI artifact is application/vnd.docker.distribution.manifest.v2+json. Looking for image labels that indicate this might be an operator bundle... [retry] executing: skopeo inspect --retry-times 3 docker://quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh:00775aff393ad7f166602cdc0ae09d8b098fdac5 Found 0 matching labels. Expecting 3 or more to identify this image as an operator bundle. Introspection concludes that this artifact is of type "application". pod: konflux-demo-component-mihh1d79807a9c83a866c5958d80cb9b3f81-pod | container step-generate-container-auth: Selecting auth for quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh:00775aff393ad7f166602cdc0ae09d8b098fdac5 Using token for quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh Auth json written to "/auth/auth.json". pod: konflux-demo-component-mihh1d79807a9c83a866c5958d80cb9b3f81-pod | container step-set-skip-for-bundles: 2026/05/06 07:09:47 INFO Step was skipped due to when expressions were evaluated to false. pod: konflux-demo-component-mihh1d79807a9c83a866c5958d80cb9b3f81-pod | container step-app-check: time="2026-05-06T07:09:47Z" level=info msg="certification library version" version="1.17.2 <commit: eb87e5b2d67ad110a0afe8edfb16f445e0877c4e>" time="2026-05-06T07:09:47Z" level=info msg="running checks for quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh:00775aff393ad7f166602cdc0ae09d8b098fdac5 for platform amd64" time="2026-05-06T07:09:47Z" level=info msg="target image" image="quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh:00775aff393ad7f166602cdc0ae09d8b098fdac5" time="2026-05-06T07:09:55Z" level=info msg="warning: licenses directory does not exist or all of its children are empty directories: error when checking for /licenses: stat /tmp/preflight-3587153105/fs/licenses: no such file or directory" check=HasLicense time="2026-05-06T07:09:55Z" level=info msg="check completed" check=HasLicense result=FAILED time="2026-05-06T07:09:55Z" level=info msg="check completed" check=HasUniqueTag result=PASSED time="2026-05-06T07:09:55Z" level=info msg="check completed" check=LayerCountAcceptable result=PASSED time="2026-05-06T07:09:55Z" level=info msg="check completed" check=HasNoProhibitedPackages result=PASSED time="2026-05-06T07:09:55Z" level=info msg="check completed" check=HasRequiredLabel result=PASSED time="2026-05-06T07:09:55Z" level=info msg="USER 185 specified that is non-root" check=RunAsNonRoot time="2026-05-06T07:09:55Z" level=info msg="check completed" check=RunAsNonRoot result=PASSED time="2026-05-06T07:10:05Z" level=info msg="check completed" check=HasModifiedFiles result=PASSED time="2026-05-06T07:10:05Z" level=info msg="check completed" check=BasedOnUbi result=PASSED time="2026-05-06T07:10:05Z" level=info msg="This image's tag 00775aff393ad7f166602cdc0ae09d8b098fdac5 will be paired with digest sha256:853c6d340b1a68458402543a8ae375a9546ffc35dc8d00ad1d5811b792b4452c once this image has been published in accordance with Red Hat Certification policy. You may then add or remove any supplemental tags through your Red Hat Connect portal as you see fit." { "image": "quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh:00775aff393ad7f166602cdc0ae09d8b098fdac5", "passed": false, "test_library": { "name": "github.com/redhat-openshift-ecosystem/openshift-preflight", "version": "1.17.2", "commit": "eb87e5b2d67ad110a0afe8edfb16f445e0877c4e" }, "results": { "passed": [ { "name": "HasUniqueTag", "elapsed_time": 0, "description": "Checking if container has a tag other than 'latest', so that the image can be uniquely identified." }, { "name": "LayerCountAcceptable", "elapsed_time": 0, "description": "Checking if container has less than 40 layers. Too many layers within the container images can degrade container performance." }, { "name": "HasNoProhibitedPackages", "elapsed_time": 39, "description": "Checks to ensure that the image in use does not include prohibited packages, such as Red Hat Enterprise Linux (RHEL) kernel packages." }, { "name": "HasRequiredLabel", "elapsed_time": 0, "description": "Checking if the required labels (name, vendor, version, release, summary, description, maintainer) are present in the container metadata" }, { "name": "RunAsNonRoot", "elapsed_time": 0, "description": "Checking if container runs as the root user because a container that does not specify a non-root user will fail the automatic certification, and will be subject to a manual review before the container can be approved for publication" }, { "name": "HasModifiedFiles", "elapsed_time": 9575, "description": "Checks that no files installed via RPM in the base Red Hat layer have been modified" }, { "name": "BasedOnUbi", "elapsed_time": 149, "description": "Checking if the container's base image is based upon the Red Hat Universal Base Image (UBI)" } ], "failed": [ { "name": "HasLicense", "elapsed_time": 0, "description": "Checking if terms and conditions applicable to the software including open source licensing information are present. The license must be at /licenses", "help": "Check HasLicense encountered an error. Please review the preflight.log file for more information.", "suggestion": "Create a directory named /licenses and include all relevant licensing and/or terms and conditions as text file(s) in that directory.", "knowledgebase_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction", "check_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction" } ], "errors": [] } } time="2026-05-06T07:10:05Z" level=info msg="Preflight result: FAILED" pod: konflux-demo-component-mihh1d79807a9c83a866c5958d80cb9b3f81-pod | container step-app-set-outcome: {"result":"FAILURE","timestamp":"1778051405","note":"Task preflight is a FAILURE: Refer to Tekton task logs for more information","successes":7,"failures":1,"warnings":0}[retry] executing: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh:00775aff393ad7f166602cdc0ae09d8b098fdac5 pod: konflux-demo-component-mihh1d79807a9c83a866c5958d80cb9b3f81-pod | container step-final-outcome: + [[ ! -f /mount/konflux.results.json ]] + tee /tekton/steps/step-final-outcome/results/test-output {"result":"FAILURE","timestamp":"1778051405","note":"Task preflight is a FAILURE: Refer to Tekton task logs for more information","successes":7,"failures":1,"warnings":0} pod: konflux-demo-component-mihh793253559ca70753a34500f0d9cb606d-pod | init container: prepare 2026/05/06 07:05:51 Entrypoint initialization pod: konflux-demo-component-mihh793253559ca70753a34500f0d9cb606d-pod | init container: place-scripts 2026/05/06 07:05:52 Decoded script /tekton/scripts/script-0-g98jh 2026/05/06 07:05:52 Decoded script /tekton/scripts/script-2-nb9zz pod: konflux-demo-component-mihh793253559ca70753a34500f0d9cb606d-pod | container step-skip-ta: pod: konflux-demo-component-mihh793253559ca70753a34500f0d9cb606d-pod | container step-use-trusted-artifact: WARN: found skip file in /var/workdir/source pod: konflux-demo-component-mihh793253559ca70753a34500f0d9cb606d-pod | container step-prefetch-dependencies: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' Using mounted service CA bundle: /mnt/service-ca/ca-bundle.crt '/mnt/service-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/service-ca.crt' time="2026-05-06T07:05:58Z" level=debug msg="Starting prefetch-dependencies" time="2026-05-06T07:05:58Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-05-06T07:05:58Z" level=info msg="Not using package registry proxy because allow-package-registry-proxy is not set to `true` on the cluster level" logger=PrefetchDependencies time="2026-05-06T07:05:58Z" level=info msg="[param] source-dir: /var/workdir/source" time="2026-05-06T07:05:58Z" level=info msg="[param] output-dir: /var/workdir/cachi2/output" time="2026-05-06T07:05:58Z" level=info msg="[param] sbom-format: spdx" time="2026-05-06T07:05:58Z" level=info msg="[param] mode: strict" time="2026-05-06T07:05:58Z" level=info msg="[param] output-dir-mount-point: /cachi2/output" time="2026-05-06T07:05:58Z" level=info msg="[param] env-files: [/var/workdir/cachi2/cachi2.env /var/workdir/cachi2/prefetch.env /var/workdir/cachi2/prefetch-env.json]" time="2026-05-06T07:05:58Z" level=info msg="[param] git-auth-directory: /workspace/git-basic-auth" time="2026-05-06T07:06:00Z" level=info msg="hermeto [stdout] hermeto 0.51.0" logger=CliExecutor time="2026-05-06T07:06:00Z" level=warning msg="No input provided; skipping prefetch-dependencies" logger=PrefetchDependencies time="2026-05-06T07:06:00Z" level=debug msg="Finished prefetch-dependencies" pod: konflux-demo-component-mihh793253559ca70753a34500f0d9cb606d-pod | container step-create-trusted-artifact: WARN: found skip file in /var/workdir/source WARN: found skip file in /var/workdir/cachi2 pod: konflux-demo-component-mihhb3e9516c1c3376ad19edaa39fdcf5fc7-pod | init container: prepare 2026/05/06 07:09:44 Entrypoint initialization pod: konflux-demo-component-mihhb3e9516c1c3376ad19edaa39fdcf5fc7-pod | init container: place-scripts 2026/05/06 07:09:45 Decoded script /tekton/scripts/script-0-kjb8n 2026/05/06 07:09:45 Decoded script /tekton/scripts/script-1-srq9d pod: konflux-demo-component-mihhb3e9516c1c3376ad19edaa39fdcf5fc7-pod | container step-rpms-signature-scan: + set -o pipefail + rpm_verifier --image-url quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh:00775aff393ad7f166602cdc0ae09d8b098fdac5 --image-digest sha256:853c6d340b1a68458402543a8ae375a9546ffc35dc8d00ad1d5811b792b4452c --workdir /tmp Image: quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh@sha256:853c6d340b1a68458402543a8ae375a9546ffc35dc8d00ad1d5811b792b4452c No unsigned RPMs found {'keys': {'199e2f91fd431d51': 132, 'unsigned': 0}} ==================================== Final results: {"keys": {"199e2f91fd431d51": 132, "unsigned": 0}} Images processed: {"image": {"pullspec": "quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh:00775aff393ad7f166602cdc0ae09d8b098fdac5", "digests": ["sha256:853c6d340b1a68458402543a8ae375a9546ffc35dc8d00ad1d5811b792b4452c"]}} pod: konflux-demo-component-mihhb3e9516c1c3376ad19edaa39fdcf5fc7-pod | container step-output-results: + source /utils.sh ++ OPM_RENDER_CACHE=/tmp/konflux-test-opm-cache ++ DEFAULT_INDEX_IMAGE=registry.redhat.io/redhat/redhat-operator-index ++ cat /tmp/status + status=SUCCESS ++ cat /tmp/results + rpms_data='{"keys": {"199e2f91fd431d51": 132, "unsigned": 0}}' ++ cat /tmp/images_processed + images_processed='{"image": {"pullspec": "quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh:00775aff393ad7f166602cdc0ae09d8b098fdac5", "digests": ["sha256:853c6d340b1a68458402543a8ae375a9546ffc35dc8d00ad1d5811b792b4452c"]}}' + '[' SUCCESS == ERROR ']' + note='Task rpms-signature-scan completed successfully' ++ make_result_json -r SUCCESS -t 'Task rpms-signature-scan completed successfully' ++ local RESULT= ++ local SUCCESSES=0 ++ local FAILURES=0 ++ local WARNINGS=0 ++ local 'NOTE=For details, check Tekton task log.' ++ local NAMESPACE=default ++ local OUTPUT ++ local OPTIND opt ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ RESULT=SUCCESS ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ NOTE='Task rpms-signature-scan completed successfully' ++ getopts :r:s:f:w:t:n: opt ++ shift 4 ++ '[' -z SUCCESS ']' ++ case "${RESULT}" in ++++ date -u --iso-8601=seconds +++ jq -rce --arg date 2026-05-06T07:10:10+00:00 --arg result SUCCESS --arg note 'Task rpms-signature-scan completed successfully' --arg namespace default --arg successes 0 --arg failures 0 --arg warnings 0 --null-input '{ result: $result, timestamp: $date, note: $note, namespace: $namespace, successes: $successes|tonumber, failures: $failures|tonumber, warnings: $warnings|tonumber }' ++ OUTPUT='{"result":"SUCCESS","timestamp":"2026-05-06T07:10:10+00:00","note":"Task rpms-signature-scan completed successfully","namespace":"default","successes":0,"failures":0,"warnings":0}' ++ echo '{"result":"SUCCESS","timestamp":"2026-05-06T07:10:10+00:00","note":"Task rpms-signature-scan completed successfully","namespace":"default","successes":0,"failures":0,"warnings":0}' + TEST_OUTPUT='{"result":"SUCCESS","timestamp":"2026-05-06T07:10:10+00:00","note":"Task rpms-signature-scan completed successfully","namespace":"default","successes":0,"failures":0,"warnings":0}' + echo '{"result":"SUCCESS","timestamp":"2026-05-06T07:10:10+00:00","note":"Task rpms-signature-scan completed successfully","namespace":"default","successes":0,"failures":0,"warnings":0}' + tee /tekton/results/TEST_OUTPUT {"result":"SUCCESS","timestamp":"2026-05-06T07:10:10+00:00","note":"Task rpms-signature-scan completed successfully","namespace":"default","successes":0,"failures":0,"warnings":0} + echo '{"keys": {"199e2f91fd431d51": 132, "unsigned": 0}}' + tee /tekton/results/RPMS_DATA {"keys": {"199e2f91fd431d51": 132, "unsigned": 0}} + echo '{"image": {"pullspec": "quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh:00775aff393ad7f166602cdc0ae09d8b098fdac5", "digests": ["sha256:853c6d340b1a68458402543a8ae375a9546ffc35dc8d00ad1d5811b792b4452c"]}}' + tee /tekton/results/IMAGES_PROCESSED {"image": {"pullspec": "quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh:00775aff393ad7f166602cdc0ae09d8b098fdac5", "digests": ["sha256:853c6d340b1a68458402543a8ae375a9546ffc35dc8d00ad1d5811b792b4452c"]}} pod: konflux-demo-component-mihhb5e93b3d2a6489b545aadc52dd58a166-pod | init container: prepare 2026/05/06 07:09:36 Entrypoint initialization pod: konflux-demo-component-mihhb5e93b3d2a6489b545aadc52dd58a166-pod | init container: place-scripts 2026/05/06 07:09:38 Decoded script /tekton/scripts/script-1-99mqg 2026/05/06 07:09:38 Decoded script /tekton/scripts/script-2-b7k97 pod: konflux-demo-component-mihhb5e93b3d2a6489b545aadc52dd58a166-pod | container step-use-trusted-artifact: Using token for quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh Executing: oras blob fetch --registry-config /tmp/use-oci.sh.GE8RR6/auth-Z0XRNE.json quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh@sha256:d00067650ac6c5dc7b74ea544d566868d34e69d3841c5e8c02d1c8059c59e73b --output - Restored artifact quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh@sha256:d00067650ac6c5dc7b74ea544d566868d34e69d3841c5e8c02d1c8059c59e73b to /var/workdir/source WARN: artifact URI not provided, (given: =/var/workdir/cachi2) pod: konflux-demo-component-mihhb5e93b3d2a6489b545aadc52dd58a166-pod | container step-sast-unicode-check: + . /utils.sh ++ OPM_RENDER_CACHE=/tmp/konflux-test-opm-cache ++ DEFAULT_INDEX_IMAGE=registry.redhat.io/redhat/redhat-operator-index + trap 'handle_error /tekton/results/TEST_OUTPUT' EXIT + [[ -z '' ]] + PROJECT_NAME=konflux-demo-component-mihh + echo 'INFO: The PROJECT_NAME used is: konflux-demo-component-mihh' INFO: The PROJECT_NAME used is: konflux-demo-component-mihh + ca_bundle=/mnt/trusted-ca/ca-bundle.crt + '[' -f /mnt/trusted-ca/ca-bundle.crt ']' INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt + echo 'INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt' + cp -vf /mnt/trusted-ca/ca-bundle.crt /etc/pki/ca-trust/source/anchors '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' + update-ca-trust + SCAN_PROP=https://github.com/siddhesh/find-unicode-control.git#c2accbfbba7553a8bc1ebd97089ae08ad8347e58 + FUC_EXIT_CODE=0 + declare -a ALL_TARGETS + OLD_IFS=' ' + IFS=, + for d in $TARGET_DIRS + ALL_TARGETS+=("${SOURCE_CODE_DIR}/source/${d}") + IFS=' ' + LANG=en_US.utf8 + find_unicode_control.py -p bidi -v -d -t /var/workdir/source/. + [[ 0 -ne 0 ]] + sed -i raw_sast_unicode_check_out.txt -E -e 's|(.*:[0-9]+)(.*)|\1: warning:\2|' -e 's|^|Error: UNICONTROL_WARNING:\n|' + CSGERP_OPTS=(--mode=json --remove-duplicates --embed-context=3 --set-scan-prop="${SCAN_PROP}" --strip-path-prefix="${SOURCE_CODE_DIR}"/source/) + csgrep --mode=json --remove-duplicates --embed-context=3 --set-scan-prop=https://github.com/siddhesh/find-unicode-control.git#c2accbfbba7553a8bc1ebd97089ae08ad8347e58 --strip-path-prefix=/var/workdir/source/ raw_sast_unicode_check_out.txt + csgrep --mode=evtstat processed_sast_unicode_check_out.json + [[ SITE_DEFAULT == \S\I\T\E\_\D\E\F\A\U\L\T ]] + KFP_GIT_URL=https://gitlab.cee.redhat.com/osh/known-false-positives.git + PROBE_URL=https://gitlab.cee.redhat.com/osh/known-false-positives + KFP_DIR=known-false-positives + KFP_CLONED=0 + mkdir known-false-positives + [[ -n https://gitlab.cee.redhat.com/osh/known-false-positives.git ]] + echo -n 'INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... ' INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... + curl --fail --head --max-time 60 --no-progress-meter https://gitlab.cee.redhat.com/osh/known-false-positives ++ head -1 curl: (6) Could not resolve host: gitlab.cee.redhat.com + [[ 0 -eq 0 ]] WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered + echo 'WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered' + mv processed_sast_unicode_check_out.json sast_unicode_check_out.json + csgrep --mode=sarif sast_unicode_check_out.json + [[ 0 -eq 0 ]] + note='Task sast-unicode-check-oci-ta success: No finding was detected' ++ make_result_json -r SUCCESS -t 'Task sast-unicode-check-oci-ta success: No finding was detected' ++ local RESULT= ++ local SUCCESSES=0 ++ local FAILURES=0 ++ local WARNINGS=0 ++ local 'NOTE=For details, check Tekton task log.' ++ local NAMESPACE=default ++ local OUTPUT ++ local OPTIND opt ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ RESULT=SUCCESS ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ NOTE='Task sast-unicode-check-oci-ta success: No finding was detected' ++ getopts :r:s:f:w:t:n: opt ++ shift 4 ++ '[' -z SUCCESS ']' ++ case "${RESULT}" in ++++ date -u --iso-8601=seconds +++ jq -rce --arg date 2026-05-06T07:09:44+00:00 --arg result SUCCESS --arg note 'Task sast-unicode-check-oci-ta success: No finding was detected' --arg namespace default --arg successes 0 --arg failures 0 --arg warnings 0 --null-input '{ result: $result, timestamp: $date, note: $note, namespace: $namespace, successes: $successes|tonumber, failures: $failures|tonumber, warnings: $warnings|tonumber }' ++ OUTPUT='{"result":"SUCCESS","timestamp":"2026-05-06T07:09:44+00:00","note":"Task sast-unicode-check-oci-ta success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' ++ echo '{"result":"SUCCESS","timestamp":"2026-05-06T07:09:44+00:00","note":"Task sast-unicode-check-oci-ta success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' + ERROR_OUTPUT='{"result":"SUCCESS","timestamp":"2026-05-06T07:09:44+00:00","note":"Task sast-unicode-check-oci-ta success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' + echo '{"result":"SUCCESS","timestamp":"2026-05-06T07:09:44+00:00","note":"Task sast-unicode-check-oci-ta success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' + tee /tekton/results/TEST_OUTPUT {"result":"SUCCESS","timestamp":"2026-05-06T07:09:44+00:00","note":"Task sast-unicode-check-oci-ta success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0} + handle_error /tekton/results/TEST_OUTPUT + exit_code=0 + '[' 0 -ne 0 ']' + exit 0 pod: konflux-demo-component-mihhb5e93b3d2a6489b545aadc52dd58a166-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh Attaching to quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh:00775aff393ad7f166602cdc0ae09d8b098fdac5 Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/sarif+json quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh:00775aff393ad7f166602cdc0ae09d8b098fdac5@sha256:853c6d340b1a68458402543a8ae375a9546ffc35dc8d00ad1d5811b792b4452c sast_unicode_check_out.sarif:application/sarif+json Preparing sast_unicode_check_out.sarif Exists 44136fa355b3 application/vnd.oci.empty.v1+json Uploading 0e9806f310b4 sast_unicode_check_out.sarif Uploaded 0e9806f310b4 sast_unicode_check_out.sarif Uploading 4c631aca24f3 application/vnd.oci.image.manifest.v1+json Uploaded 4c631aca24f3 application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/konflux-nqmn/konflux-demo-component-mihh:00775aff393ad7f166602cdc0ae09d8b098fdac5@sha256:853c6d340b1a68458402543a8ae375a9546ffc35dc8d00ad1d5811b792b4452c Digest: sha256:4c631aca24f3c619ac909fac82a1440f3e4475245747b6bfbf1d98390142b825 No excluded-findings.json exists. Skipping upload. New PipelineRun konflux-demo-component-mihh-on-push-c7l9f found after retrigger for component konflux-nqmn/konflux-demo-component-mihh PipelineRun konflux-demo-component-mihh-on-push-c7l9f found for Component konflux-nqmn/konflux-demo-component-mihh PipelineRun konflux-demo-component-mihh-on-push-c7l9f reason: ResolvingTaskRef PipelineRun konflux-demo-component-mihh-on-push-c7l9f reason: Running PipelineRun konflux-demo-component-mihh-on-push-c7l9f reason: Running PipelineRun konflux-demo-component-mihh-on-push-c7l9f reason: Running PipelineRun konflux-demo-component-mihh-on-push-c7l9f reason: Running PipelineRun konflux-demo-component-mihh-on-push-c7l9f reason: Running PipelineRun konflux-demo-component-mihh-on-push-c7l9f reason: Running PipelineRun konflux-demo-component-mihh-on-push-c7l9f reason: Running PipelineRun konflux-demo-component-mihh-on-push-c7l9f reason: Running PipelineRun konflux-demo-component-mihh-on-push-c7l9f reason: Running PipelineRun konflux-demo-component-mihh-on-push-c7l9f reason: Running PipelineRun konflux-demo-component-mihh-on-push-c7l9f reason: Completed "level"=0 "msg"="Konflux demo: build PipelineRun finishedpipelineRunkonflux-demo-component-mihh-on-push-c7l9fheadSHA3769006ca8a95a3d58bcfb462f34b8e38ed72ef3" < Exit [It] should eventually complete successfully - /tmp/tmp.x1MqQ7KQDy/tests/konflux-demo/konflux-demo.go:373 @ 05/06/26 07:15:49.359 (10m55.798s) > Enter [It] should validate Tekton TaskRun test results successfully - /tmp/tmp.x1MqQ7KQDy/tests/konflux-demo/konflux-demo.go:389 @ 05/06/26 07:15:49.36 "level"=0 "msg"="Konflux demo: validating build PipelineRun TaskRun test resultscomponentkonflux-demo-component-mihhheadSHA3769006ca8a95a3d58bcfb462f34b8e38ed72ef3" < Exit [It] should validate Tekton TaskRun test results successfully - /tmp/tmp.x1MqQ7KQDy/tests/konflux-demo/konflux-demo.go:389 @ 05/06/26 07:15:49.763 (402ms) > Enter [It] should validate that the build pipelineRun is signed - /tmp/tmp.x1MqQ7KQDy/tests/konflux-demo/konflux-demo.go:403 @ 05/06/26 07:15:49.763 "level"=0 "msg"="Konflux demo: validating build PipelineRun is signedcomponentkonflux-demo-component-mihh" "level"=0 "msg"="Konflux demo: build PipelineRun is signedpipelineRunkonflux-demo-component-mihh-on-push-c7l9f" < Exit [It] should validate that the build pipelineRun is signed - /tmp/tmp.x1MqQ7KQDy/tests/konflux-demo/konflux-demo.go:403 @ 05/06/26 07:15:49.772 (9ms) > Enter [It] should find the related Snapshot CR - /tmp/tmp.x1MqQ7KQDy/tests/konflux-demo/konflux-demo.go:419 @ 05/06/26 07:15:49.773 "level"=0 "msg"="Konflux demo: waiting for Snapshot CRpipelineRunkonflux-demo-component-mihh-on-push-c7l9fnamespacekonflux-nqmn" "level"=0 "msg"="Konflux demo: Snapshot foundsnapshotkonflux-demo-app-20260506-071204-000" < Exit [It] should find the related Snapshot CR - /tmp/tmp.x1MqQ7KQDy/tests/konflux-demo/konflux-demo.go:419 @ 05/06/26 07:15:49.779 (6ms) > Enter [It] should validate that the build pipelineRun is annotated with the name of the Snapshot - /tmp/tmp.x1MqQ7KQDy/tests/konflux-demo/konflux-demo.go:432 @ 05/06/26 07:15:49.779 < Exit [It] should validate that the build pipelineRun is annotated with the name of the Snapshot - /tmp/tmp.x1MqQ7KQDy/tests/konflux-demo/konflux-demo.go:432 @ 05/06/26 07:15:49.787 (8ms) > Enter [It] should find the related Integration Test PipelineRun - /tmp/tmp.x1MqQ7KQDy/tests/konflux-demo/konflux-demo.go:441 @ 05/06/26 07:15:49.788 "level"=0 "msg"="Konflux demo: waiting for Integration Test PipelineRunscenariomy-integration-test-xmfcsnapshotkonflux-demo-app-20260506-071204-000" "level"=0 "msg"="Konflux demo: Integration Test PipelineRun foundpipelineRunmy-integration-test-xmfc-n7xl4" < Exit [It] should find the related Integration Test PipelineRun - /tmp/tmp.x1MqQ7KQDy/tests/konflux-demo/konflux-demo.go:441 @ 05/06/26 07:15:49.794 (6ms) > Enter [It] should eventually succeed - /tmp/tmp.x1MqQ7KQDy/tests/konflux-demo/konflux-demo.go:462 @ 05/06/26 07:15:49.794 "level"=0 "msg"="Konflux demo: triggering PaC build retriggercomponentkonflux-demo-component-mihh" "level"=0 "msg"="Konflux demo: waiting for retriggered PipelineRun to appearcomponentkonflux-demo-component-mihh" PipelineRun is not been retriggered yet for the component konflux-nqmn/konflux-demo-component-mihh "msg"="Konflux demo: GetComponentPipelineRunWithType (incoming) failed: no pipelinerun found for component konflux-demo-component-mihh" "error"=null "level"=0 "msg"="Konflux demo: waiting for retriggered build PipelineRun to finishpipelineRunkonflux-demo-component-mihh-on-push-g8lwd" PipelineRun konflux-demo-component-mihh-on-push-g8lwd found for Component konflux-nqmn/konflux-demo-component-mihh PipelineRun konflux-demo-component-mihh-on-push-g8lwd reason: Running PipelineRun konflux-demo-component-mihh-on-push-g8lwd reason: Running PipelineRun konflux-demo-component-mihh-on-push-g8lwd reason: Running PipelineRun konflux-demo-component-mihh-on-push-g8lwd reason: Running PipelineRun konflux-demo-component-mihh-on-push-g8lwd reason: Running PipelineRun konflux-demo-component-mihh-on-push-g8lwd reason: Running PipelineRun konflux-demo-component-mihh-on-push-g8lwd reason: Running PipelineRun konflux-demo-component-mihh-on-push-g8lwd reason: Running PipelineRun konflux-demo-component-mihh-on-push-g8lwd reason: Running PipelineRun konflux-demo-component-mihh-on-push-g8lwd reason: Completed "level"=0 "msg"="Konflux demo: retriggered build PipelineRun finishedpipelineRunkonflux-demo-component-mihh-on-push-g8lwd" < Exit [It] should eventually succeed - /tmp/tmp.x1MqQ7KQDy/tests/konflux-demo/konflux-demo.go:462 @ 05/06/26 07:19:09.902 (3m20.108s) > Enter [It] should eventually complete successfully - /tmp/tmp.x1MqQ7KQDy/tests/konflux-demo/konflux-demo.go:493 @ 05/06/26 07:19:09.902 "level"=0 "msg"="Konflux demo: waiting for Integration pipeline to finishscenariomy-integration-test-xmfcsnapshotkonflux-demo-app-20260506-071204-000" PipelineRun my-integration-test-xmfc-n7xl4 reason: Succeeded "level"=0 "msg"="Konflux demo: Integration pipeline finishedsnapshotkonflux-demo-app-20260506-071204-000" < Exit [It] should eventually complete successfully - /tmp/tmp.x1MqQ7KQDy/tests/konflux-demo/konflux-demo.go:493 @ 05/06/26 07:19:09.908 (5ms) > Enter [It] should lead to Snapshot CR being marked as passed - /tmp/tmp.x1MqQ7KQDy/tests/konflux-demo/konflux-demo.go:505 @ 05/06/26 07:19:09.908 "level"=0 "msg"="Konflux demo: waiting for Snapshot to be marked as passedpipelineRunkonflux-demo-component-mihh-on-push-c7l9f" "level"=0 "msg"="Konflux demo: Snapshot marked as passedsnapshotkonflux-demo-app-20260506-071204-000" < Exit [It] should lead to Snapshot CR being marked as passed - /tmp/tmp.x1MqQ7KQDy/tests/konflux-demo/konflux-demo.go:505 @ 05/06/26 07:19:09.914 (6ms) > Enter [It] should trigger creation of Release CR - /tmp/tmp.x1MqQ7KQDy/tests/konflux-demo/konflux-demo.go:518 @ 05/06/26 07:19:09.914 "level"=0 "msg"="Konflux demo: waiting for Release CRsnapshotkonflux-demo-app-20260506-071204-000namespacekonflux-nqmn" "level"=0 "msg"="Konflux demo: Release CR createdreleasekonflux-demo-app-20260506-071204-000-3769006-s4hc5" < Exit [It] should trigger creation of Release CR - /tmp/tmp.x1MqQ7KQDy/tests/konflux-demo/konflux-demo.go:518 @ 05/06/26 07:19:09.921 (6ms) > Enter [It] triggers creation of Release PipelineRun - /tmp/tmp.x1MqQ7KQDy/tests/konflux-demo/konflux-demo.go:533 @ 05/06/26 07:19:09.921 "level"=0 "msg"="Konflux demo: waiting for Release PipelineRun to startreleasekonflux-demo-app-20260506-071204-000-3769006-s4hc5managedNamespacekonflux-nqmn-managed" "level"=0 "msg"="Konflux demo: Release PipelineRun startedpipelineRunmanaged-rjd6r" < Exit [It] triggers creation of Release PipelineRun - /tmp/tmp.x1MqQ7KQDy/tests/konflux-demo/konflux-demo.go:533 @ 05/06/26 07:19:09.997 (75ms) > Enter [It] should eventually succeed - /tmp/tmp.x1MqQ7KQDy/tests/konflux-demo/konflux-demo.go:552 @ 05/06/26 07:19:09.997 "level"=0 "msg"="Konflux demo: waiting for Release PipelineRun to completereleasekonflux-demo-app-20260506-071204-000-3769006-s4hc5managedNamespacekonflux-nqmn-managed" "level"=0 "msg"="Konflux demo: Release PipelineRun succeededreleasekonflux-demo-app-20260506-071204-000-3769006-s4hc5" < Exit [It] should eventually succeed - /tmp/tmp.x1MqQ7KQDy/tests/konflux-demo/konflux-demo.go:552 @ 05/06/26 07:19:10.042 (45ms) > Enter [It] should lead to Release CR being marked as succeeded - /tmp/tmp.x1MqQ7KQDy/tests/konflux-demo/konflux-demo.go:578 @ 05/06/26 07:19:10.042 "level"=0 "msg"="Konflux demo: waiting for Release CR to be marked as releasedreleasekonflux-demo-app-20260506-071204-000-3769006-s4hc5namespacekonflux-nqmn" "level"=0 "msg"="Konflux demo: Release CR marked as succeededreleasekonflux-demo-app-20260506-071204-000-3769006-s4hc5" < Exit [It] should lead to Release CR being marked as succeeded - /tmp/tmp.x1MqQ7KQDy/tests/konflux-demo/konflux-demo.go:578 @ 05/06/26 07:19:10.07 (28ms) > Enter [AfterAll] Maven project - Default build - /tmp/tmp.x1MqQ7KQDy/tests/konflux-demo/konflux-demo.go:154 @ 05/06/26 07:19:10.07 "level"=0 "msg"="Konflux demo AfterAll: cleaning up namespacesuserNamespacekonflux-nqmnmanagedNamespacekonflux-nqmn-managed" "msg"="Konflux demo AfterAll: failed to delete GitHub ref konflux-konflux-demo-component-mihh in repo hacbs-test-project-konflux-demo: DELETE https://api.github.com/repos/redhat-appstudio-qe/hacbs-test-project-konflux-demo/git/refs/heads/konflux-konflux-demo-component-mihh: 422 Reference does not exist []" "error"=null "level"=0 "msg"="Konflux demo AfterAll: cleanup finishedcomponentRepositoryNamehacbs-test-project-konflux-demo" < Exit [AfterAll] Maven project - Default build - /tmp/tmp.x1MqQ7KQDy/tests/konflux-demo/konflux-demo.go:154 @ 05/06/26 07:20:30.022 (1m19.952s) > Enter [BeforeAll] component update with renovate - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:72 @ 05/06/26 07:02:05.859 ReleaseAdmissionPlan data: {"Mapping":{"Components":[{"Name":"gl-multi-component-parent-pfpc","Repository":"quay.io/redhat-appstudio-qe/release-repository"}]}} < Exit [BeforeAll] component update with renovate - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:72 @ 05/06/26 07:03:11.887 (1m6.028s) > Enter [It] creates component with nudges - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:235 @ 05/06/26 07:03:11.888 Image repository for component gl-multi-component-child-pfpc in namespace build-e2e-epcp do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. Image repository for component gl-multi-component-child-pfpc in namespace build-e2e-epcp do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. Image repository for component gl-multi-component-child-pfpc in namespace build-e2e-epcp do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. Image repository for component gl-multi-component-child-pfpc in namespace build-e2e-epcp do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. Image repository for component gl-multi-component-parent-pfpc in namespace build-e2e-epcp do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. Image repository for component gl-multi-component-parent-pfpc in namespace build-e2e-epcp do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. < Exit [It] creates component with nudges - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:235 @ 05/06/26 07:04:12.295 (1m0.407s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:28 @ 05/06/26 07:04:12.295 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:28 @ 05/06/26 07:04:12.295 (0s) > Enter [It] triggers a PipelineRun for parent component - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:259 @ 05/06/26 07:04:12.296 PipelineRun has not been created yet for the component build-e2e-epcp/gl-multi-component-parent-pfpc PipelineRun has not been created yet for the component build-e2e-epcp/gl-multi-component-parent-pfpc < Exit [It] triggers a PipelineRun for parent component - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:259 @ 05/06/26 07:04:52.494 (40.198s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:28 @ 05/06/26 07:04:52.494 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:28 @ 05/06/26 07:04:52.494 (0s) > Enter [It] the PipelineRun should eventually finish successfully for parent component - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:274 @ 05/06/26 07:04:52.494 PipelineRun gl-multi-component-parent-pfpc-on-pull-request-4xh65 found for Component build-e2e-epcp/gl-multi-component-parent-pfpc PipelineRun gl-multi-component-parent-pfpc-on-pull-request-4xh65 reason: ResolvingTaskRef PipelineRun gl-multi-component-parent-pfpc-on-pull-request-4xh65 reason: Running PipelineRun gl-multi-component-parent-pfpc-on-pull-request-4xh65 reason: Running PipelineRun gl-multi-component-parent-pfpc-on-pull-request-4xh65 reason: Running PipelineRun gl-multi-component-parent-pfpc-on-pull-request-4xh65 reason: Running PipelineRun gl-multi-component-parent-pfpc-on-pull-request-4xh65 reason: Running PipelineRun gl-multi-component-parent-pfpc-on-pull-request-4xh65 reason: Running PipelineRun gl-multi-component-parent-pfpc-on-pull-request-4xh65 reason: Running PipelineRun gl-multi-component-parent-pfpc-on-pull-request-4xh65 reason: Running PipelineRun gl-multi-component-parent-pfpc-on-pull-request-4xh65 reason: Running PipelineRun gl-multi-component-parent-pfpc-on-pull-request-4xh65 reason: Running PipelineRun gl-multi-component-parent-pfpc-on-pull-request-4xh65 reason: Running PipelineRun gl-multi-component-parent-pfpc-on-pull-request-4xh65 reason: Running PipelineRun gl-multi-component-parent-pfpc-on-pull-request-4xh65 reason: Running PipelineRun gl-multi-component-parent-pfpc-on-pull-request-4xh65 reason: Running PipelineRun gl-multi-component-parent-pfpc-on-pull-request-4xh65 reason: Running PipelineRun gl-multi-component-parent-pfpc-on-pull-request-4xh65 reason: Running PipelineRun gl-multi-component-parent-pfpc-on-pull-request-4xh65 reason: Running PipelineRun gl-multi-component-parent-pfpc-on-pull-request-4xh65 reason: Running PipelineRun gl-multi-component-parent-pfpc-on-pull-request-4xh65 reason: Running PipelineRun gl-multi-component-parent-pfpc-on-pull-request-4xh65 reason: Running PipelineRun gl-multi-component-parent-pfpc-on-pull-request-4xh65 reason: Running PipelineRun gl-multi-component-parent-pfpc-on-pull-request-4xh65 reason: Running PipelineRun gl-multi-component-parent-pfpc-on-pull-request-4xh65 reason: Running PipelineRun gl-multi-component-parent-pfpc-on-pull-request-4xh65 reason: Running PipelineRun gl-multi-component-parent-pfpc-on-pull-request-4xh65 reason: Running PipelineRun gl-multi-component-parent-pfpc-on-pull-request-4xh65 reason: Running PipelineRun gl-multi-component-parent-pfpc-on-pull-request-4xh65 reason: Running PipelineRun gl-multi-component-parent-pfpc-on-pull-request-4xh65 reason: Running PipelineRun gl-multi-component-parent-pfpc-on-pull-request-4xh65 reason: Running PipelineRun gl-multi-component-parent-pfpc-on-pull-request-4xh65 reason: Succeeded < Exit [It] the PipelineRun should eventually finish successfully for parent component - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:274 @ 05/06/26 07:14:52.519 (10m0.025s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:28 @ 05/06/26 07:14:52.519 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:28 @ 05/06/26 07:14:52.519 (0s) > Enter [It] the PipelineRun should eventually finish successfully for child component - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:285 @ 05/06/26 07:14:52.52 PipelineRun gl-multi-component-child-pfpc-on-pull-request-26l6h found for Component build-e2e-epcp/gl-multi-component-child-pfpc PipelineRun gl-multi-component-child-pfpc-on-pull-request-26l6h reason: Cancelled attempt 1/3: PipelineRun "gl-multi-component-child-pfpc-on-pull-request-26l6h" failed: pod: gl-multi-component-child-pfpc-on-pull-request-26l6h-init-pod | init container: prepare 2026/05/06 07:04:54 Entrypoint initialization pod: gl-multi-component-child-pfpc-on-pull-request-26l6h-init-pod | container step-init: time="2026-05-06T07:04:57Z" level=info msg="[param] enable: false" time="2026-05-06T07:04:57Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-05-06T07:04:57Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-05-06T07:04:57Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-05-06T07:04:57Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-05-06T07:04:57Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-05-06T07:04:57Z" level=info msg="Cache proxy is disabled via param" time="2026-05-06T07:04:57Z" level=info msg="[result] HTTP PROXY: " time="2026-05-06T07:04:57Z" level=info msg="[result] NO PROXY: " pod: gl-multi-component-child-pfpc-on-pull-request-6ng47-init-pod | init container: prepare 2026/05/06 07:06:31 Entrypoint initialization pod: gl-multi-component-child-pfpc-on-pull-request-6ng47-init-pod | container step-init: time="2026-05-06T07:06:34Z" level=info msg="[param] enable: false" time="2026-05-06T07:06:34Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-05-06T07:06:34Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-05-06T07:06:34Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-05-06T07:06:34Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-05-06T07:06:34Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-05-06T07:06:34Z" level=info msg="Cache proxy is disabled via param" time="2026-05-06T07:06:34Z" level=info msg="[result] HTTP PROXY: " time="2026-05-06T07:06:34Z" level=info msg="[result] NO PROXY: " New PipelineRun gl-multi-component-child-pfpc-on-pull-request-6ng47 found after retrigger for component build-e2e-epcp/gl-multi-component-child-pfpc PipelineRun gl-multi-component-child-pfpc-on-pull-request-wtx8n found for Component build-e2e-epcp/gl-multi-component-child-pfpc PipelineRun gl-multi-component-child-pfpc-on-pull-request-wtx8n reason: ResolvingTaskRef PipelineRun gl-multi-component-child-pfpc-on-pull-request-wtx8n reason: Running PipelineRun gl-multi-component-child-pfpc-on-pull-request-wtx8n reason: Running PipelineRun gl-multi-component-child-pfpc-on-pull-request-wtx8n reason: Running PipelineRun gl-multi-component-child-pfpc-on-pull-request-wtx8n reason: Running PipelineRun gl-multi-component-child-pfpc-on-pull-request-wtx8n reason: Running PipelineRun gl-multi-component-child-pfpc-on-pull-request-wtx8n reason: Running PipelineRun gl-multi-component-child-pfpc-on-pull-request-wtx8n reason: Running PipelineRun gl-multi-component-child-pfpc-on-pull-request-wtx8n reason: Running PipelineRun gl-multi-component-child-pfpc-on-pull-request-wtx8n reason: Running PipelineRun gl-multi-component-child-pfpc-on-pull-request-wtx8n reason: Running PipelineRun gl-multi-component-child-pfpc-on-pull-request-wtx8n reason: Running PipelineRun gl-multi-component-child-pfpc-on-pull-request-wtx8n reason: Running PipelineRun gl-multi-component-child-pfpc-on-pull-request-wtx8n reason: Running PipelineRun gl-multi-component-child-pfpc-on-pull-request-wtx8n reason: Succeeded < Exit [It] the PipelineRun should eventually finish successfully for child component - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:285 @ 05/06/26 07:19:44.504 (4m51.984s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:28 @ 05/06/26 07:19:44.505 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:28 @ 05/06/26 07:19:44.505 (0s) > Enter [It] should lead to a PaC PR creation for child component - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:289 @ 05/06/26 07:19:44.505 < Exit [It] should lead to a PaC PR creation for child component - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:289 @ 05/06/26 07:19:44.743 (238ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:28 @ 05/06/26 07:19:44.744 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:28 @ 05/06/26 07:19:44.744 (0s) > Enter [It] Merging the PaC PR should be successful for child component - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:307 @ 05/06/26 07:19:44.744 merged result sha: 1c07ce7f5033a5eb4b6355fa7e3ec38ca1460dd8 for PR #1 < Exit [It] Merging the PaC PR should be successful for child component - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:307 @ 05/06/26 07:19:46.154 (1.41s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:28 @ 05/06/26 07:19:46.154 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:28 @ 05/06/26 07:19:46.154 (0s) > Enter [It] create dockerfile and yaml manifest that references build and distribution repositories - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:318 @ 05/06/26 07:19:46.155 < Exit [It] create dockerfile and yaml manifest that references build and distribution repositories - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:318 @ 05/06/26 07:20:51.467 (1m5.312s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:28 @ 05/06/26 07:20:51.467 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:28 @ 05/06/26 07:20:51.467 (0s) > Enter [It] should lead to a PaC PR creation for parent component - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:358 @ 05/06/26 07:20:51.467 < Exit [It] should lead to a PaC PR creation for parent component - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:358 @ 05/06/26 07:20:51.688 (220ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:28 @ 05/06/26 07:20:51.688 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:28 @ 05/06/26 07:20:51.688 (0s) > Enter [It] Merging the PaC PR should be successful for parent component - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:375 @ 05/06/26 07:20:51.688 merged result sha: ef33ae3c0e7ae54ee5d484306b0b3e3c821c863f for PR #1 < Exit [It] Merging the PaC PR should be successful for parent component - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:375 @ 05/06/26 07:20:52.919 (1.231s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:28 @ 05/06/26 07:20:52.919 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:28 @ 05/06/26 07:20:52.919 (0s) > Enter [It] PR merge triggers PAC PipelineRun for parent component - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:385 @ 05/06/26 07:20:52.92 Push PipelineRun has not been created yet for the component build-e2e-epcp/gl-multi-component-parent-pfpc < Exit [It] PR merge triggers PAC PipelineRun for parent component - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:385 @ 05/06/26 07:21:12.964 (20.044s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:28 @ 05/06/26 07:21:12.964 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:28 @ 05/06/26 07:21:12.964 (0s) > Enter [It] PAC PipelineRun for parent component is successful - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:401 @ 05/06/26 07:21:12.964 PipelineRun gl-multi-component-parent-pfpc-on-push-sxc4n found for Component build-e2e-epcp/gl-multi-component-parent-pfpc PipelineRun gl-multi-component-parent-pfpc-on-push-sxc4n reason: Running PipelineRun gl-multi-component-parent-pfpc-on-push-sxc4n reason: Running PipelineRun gl-multi-component-parent-pfpc-on-push-sxc4n reason: Running PipelineRun gl-multi-component-parent-pfpc-on-push-sxc4n reason: Running PipelineRun gl-multi-component-parent-pfpc-on-push-sxc4n reason: Running PipelineRun gl-multi-component-parent-pfpc-on-push-sxc4n reason: Running PipelineRun gl-multi-component-parent-pfpc-on-push-sxc4n reason: Running PipelineRun gl-multi-component-parent-pfpc-on-push-sxc4n reason: Running PipelineRun gl-multi-component-parent-pfpc-on-push-sxc4n reason: Running PipelineRun gl-multi-component-parent-pfpc-on-push-sxc4n reason: Running PipelineRun gl-multi-component-parent-pfpc-on-push-sxc4n reason: Running PipelineRun gl-multi-component-parent-pfpc-on-push-sxc4n reason: Running PipelineRun gl-multi-component-parent-pfpc-on-push-sxc4n reason: Running PipelineRun gl-multi-component-parent-pfpc-on-push-sxc4n reason: Running PipelineRun gl-multi-component-parent-pfpc-on-push-sxc4n reason: Running PipelineRun gl-multi-component-parent-pfpc-on-push-sxc4n reason: Succeeded < Exit [It] PAC PipelineRun for parent component is successful - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:401 @ 05/06/26 07:26:12.976 (5m0.011s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:28 @ 05/06/26 07:26:12.976 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:28 @ 05/06/26 07:26:12.976 (0s) > Enter [It] should lead to a nudge PR creation for child component - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:412 @ 05/06/26 07:26:12.977 < Exit [It] should lead to a nudge PR creation for child component - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:412 @ 05/06/26 07:26:13.215 (238ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:28 @ 05/06/26 07:26:13.215 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:28 @ 05/06/26 07:26:13.215 (0s) > Enter [It] merging the PR should be successful for child component - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:429 @ 05/06/26 07:26:13.215 merged result sha: f5542a74228c834e228a281446729ccbd2057699 for PR #3 < Exit [It] merging the PR should be successful for child component - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:429 @ 05/06/26 07:26:14.535 (1.319s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:28 @ 05/06/26 07:26:14.535 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:28 @ 05/06/26 07:26:14.535 (0s) > Enter [It] Verify the nudge updated the contents - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:440 @ 05/06/26 07:26:14.535 Verifying Dockerfile.tmp updated to sha sha256:769aaf1ff2017adb758fa65ee53b2602ea3158e5b1c2c5f3a78df583b06c9399content: FROM quay.io/redhat-appstudio-qe/build-e2e-epcp/gl-multi-component-parent-pfpc@sha256:769aaf1ff2017adb758fa65ee53b2602ea3158e5b1c2c5f3a78df583b06c9399 RUN echo hello < Exit [It] Verify the nudge updated the contents - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:440 @ 05/06/26 07:26:14.902 (367ms) > Enter [AfterAll] component update with renovate - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:214 @ 05/06/26 07:26:14.902 < Exit [AfterAll] component update with renovate - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:214 @ 05/06/26 07:26:34.616 (19.714s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:28 @ 05/06/26 07:26:34.616 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:28 @ 05/06/26 07:26:34.616 (0s) > Enter [BeforeAll] PaC component build - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:54 @ 05/06/26 07:02:05.963 < Exit [BeforeAll] PaC component build - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:54 @ 05/06/26 07:02:50.069 (44.107s) > Enter [BeforeAll] when a new component without specified branch is created and with visibility private - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:117 @ 05/06/26 07:02:50.07 Image repository for component gl-test-custom-default-aosngx in namespace build-e2e-tlun do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. Image repository for component gl-test-custom-default-aosngx in namespace build-e2e-tlun do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. < Exit [BeforeAll] when a new component without specified branch is created and with visibility private - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:117 @ 05/06/26 07:03:20.105 (30.036s) > Enter [It] correctly targets the default branch (that is not named 'main') with PaC - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:136 @ 05/06/26 07:03:20.106 < Exit [It] correctly targets the default branch (that is not named 'main') with PaC - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:136 @ 05/06/26 07:03:51.341 (31.235s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:03:51.341 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:03:51.341 (0s) > Enter [It] workspace parameter is set correctly in PaC repository CR - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:153 @ 05/06/26 07:03:51.342 < Exit [It] workspace parameter is set correctly in PaC repository CR - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:153 @ 05/06/26 07:03:51.352 (10ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:03:51.352 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:03:51.352 (0s) > Enter [It] triggers a PipelineRun - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:176 @ 05/06/26 07:03:51.353 PipelineRun has not been created yet for the component build-e2e-tlun/gl-test-custom-branch-kwkepl < Exit [It] triggers a PipelineRun - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:176 @ 05/06/26 07:04:11.382 (20.029s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:04:11.382 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:04:11.382 (0s) > Enter [It] build pipeline uses the correct serviceAccount - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:191 @ 05/06/26 07:04:11.382 < Exit [It] build pipeline uses the correct serviceAccount - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:191 @ 05/06/26 07:04:11.382 (0s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:04:11.382 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:04:11.382 (0s) > Enter [It] component build status is set correctly - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:195 @ 05/06/26 07:04:11.383 build status annotation value: {"pac":{"state":"enabled","merge-url":"https://gitlab.com/konflux-qe/devfile-sample-hello-world-bquygh/-/merge_requests/1","configuration-time":"Wed, 06 May 2026 07:03:49 UTC"},"message":"done"} state: enabled mergeUrl: https://gitlab.com/konflux-qe/devfile-sample-hello-world-bquygh/-/merge_requests/1 errId: 0 errMessage: configurationTime: Wed, 06 May 2026 07:03:49 UTC < Exit [It] component build status is set correctly - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:195 @ 05/06/26 07:04:11.39 (7ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:04:11.39 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:04:11.39 (0s) > Enter [It] image repo and robot account created successfully - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:225 @ 05/06/26 07:04:11.39 < Exit [It] image repo and robot account created successfully - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:225 @ 05/06/26 07:04:12.323 (933ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:04:12.323 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:04:12.323 (0s) > Enter [It] created image repo is private - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:243 @ 05/06/26 07:04:12.324 < Exit [It] created image repo is private - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:243 @ 05/06/26 07:04:12.597 (273ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:04:12.597 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:04:12.597 (0s) > Enter [It] a related PipelineRun should be deleted after deleting the component - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:249 @ 05/06/26 07:04:12.598 < Exit [It] a related PipelineRun should be deleted after deleting the component - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:249 @ 05/06/26 07:04:33.658 (21.06s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:04:33.658 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:04:33.658 (0s) > Enter [It] PR branch should not exist in the repo - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:265 @ 05/06/26 07:04:33.659 < Exit [It] PR branch should not exist in the repo - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:265 @ 05/06/26 07:04:33.841 (182ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:04:33.842 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:04:33.842 (0s) > Enter [It] related image repo and the robot account should be deleted after deleting the component - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:278 @ 05/06/26 07:04:33.842 < Exit [It] related image repo and the robot account should be deleted after deleting the component - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:278 @ 05/06/26 07:04:34.854 (1.012s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:04:34.855 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:04:34.855 (0s) > Enter [BeforeAll] when a new Component with specified custom branch is created - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:306 @ 05/06/26 07:04:34.856 < Exit [BeforeAll] when a new Component with specified custom branch is created - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:306 @ 05/06/26 07:04:44.886 (10.03s) > Enter [It] triggers a PipelineRun - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:332 @ 05/06/26 07:04:44.886 PipelineRun has not been created yet for the component build-e2e-tlun/gl-test-custom-branch-kwkepl < Exit [It] triggers a PipelineRun - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:332 @ 05/06/26 07:05:04.917 (20.031s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:05:04.917 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:05:04.917 (0s) > Enter [It] should lead to a PaC init PR creation - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:347 @ 05/06/26 07:05:04.918 < Exit [It] should lead to a PaC init PR creation - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:347 @ 05/06/26 07:05:05.189 (271ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:05:05.189 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:05:05.189 (0s) > Enter [It] the PipelineRun should eventually finish successfully - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:365 @ 05/06/26 07:05:05.189 PipelineRun gl-test-custom-branch-kwkepl-on-pull-request-dffrr found for Component build-e2e-tlun/gl-test-custom-branch-kwkepl PipelineRun gl-test-custom-branch-kwkepl-on-pull-request-dffrr reason: Cancelled an error happened during storing pipelineRun log build-e2e-tlun:gl-test-custom-branch-kwkepl-on-pull-request-dffrr: container "prepare" in pod "gl-test-custom-branch-kwkepl-on-pull-request-pmtwb-init-pod" is waiting to start: PodInitializing failed to get logs for PipelineRun build-e2e-tlun:gl-test-custom-branch-kwkepl-on-pull-request-dffrr: container "prepare" in pod "gl-test-custom-branch-kwkepl-on-pull-request-pmtwb-init-pod" is waiting to start: PodInitializing attempt 1/3: PipelineRun "gl-test-custom-branch-kwkepl-on-pull-request-dffrr" failed: pod: gl-test-custom-branch-kwkepl-on-pull-request-pmtwb-init-pod | init container: prepare New PipelineRun gl-test-custom-branch-kwkepl-on-pull-request-h2zzk found after retrigger for component build-e2e-tlun/gl-test-custom-branch-kwkepl PipelineRun gl-test-custom-branch-kwkepl-on-pull-request-h2zzk found for Component build-e2e-tlun/gl-test-custom-branch-kwkepl PipelineRun gl-test-custom-branch-kwkepl-on-pull-request-h2zzk reason: Running PipelineRun gl-test-custom-branch-kwkepl-on-pull-request-h2zzk reason: Running PipelineRun gl-test-custom-branch-kwkepl-on-pull-request-h2zzk reason: Running PipelineRun gl-test-custom-branch-kwkepl-on-pull-request-h2zzk reason: Running PipelineRun gl-test-custom-branch-kwkepl-on-pull-request-h2zzk reason: Running PipelineRun gl-test-custom-branch-kwkepl-on-pull-request-h2zzk reason: Running PipelineRun gl-test-custom-branch-kwkepl-on-pull-request-h2zzk reason: Running PipelineRun gl-test-custom-branch-kwkepl-on-pull-request-h2zzk reason: Running PipelineRun gl-test-custom-branch-kwkepl-on-pull-request-h2zzk reason: Running PipelineRun gl-test-custom-branch-kwkepl-on-pull-request-h2zzk reason: Running PipelineRun gl-test-custom-branch-kwkepl-on-pull-request-h2zzk reason: Running PipelineRun gl-test-custom-branch-kwkepl-on-pull-request-h2zzk reason: Running PipelineRun gl-test-custom-branch-kwkepl-on-pull-request-h2zzk reason: Running PipelineRun gl-test-custom-branch-kwkepl-on-pull-request-h2zzk reason: Running PipelineRun gl-test-custom-branch-kwkepl-on-pull-request-h2zzk reason: Running PipelineRun gl-test-custom-branch-kwkepl-on-pull-request-h2zzk reason: Running PipelineRun gl-test-custom-branch-kwkepl-on-pull-request-h2zzk reason: Running PipelineRun gl-test-custom-branch-kwkepl-on-pull-request-h2zzk reason: Running PipelineRun gl-test-custom-branch-kwkepl-on-pull-request-h2zzk reason: Running PipelineRun gl-test-custom-branch-kwkepl-on-pull-request-h2zzk reason: Running PipelineRun gl-test-custom-branch-kwkepl-on-pull-request-h2zzk reason: Running PipelineRun gl-test-custom-branch-kwkepl-on-pull-request-h2zzk reason: Running PipelineRun gl-test-custom-branch-kwkepl-on-pull-request-h2zzk reason: Running PipelineRun gl-test-custom-branch-kwkepl-on-pull-request-h2zzk reason: Running PipelineRun gl-test-custom-branch-kwkepl-on-pull-request-h2zzk reason: Running PipelineRun gl-test-custom-branch-kwkepl-on-pull-request-h2zzk reason: Running PipelineRun gl-test-custom-branch-kwkepl-on-pull-request-h2zzk reason: Succeeded < Exit [It] the PipelineRun should eventually finish successfully - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:365 @ 05/06/26 07:13:56.343 (8m51.153s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:13:56.343 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:13:56.343 (0s) > Enter [It] image repo and robot account created successfully - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:371 @ 05/06/26 07:13:56.343 < Exit [It] image repo and robot account created successfully - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:371 @ 05/06/26 07:13:57.35 (1.007s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:13:57.351 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:13:57.351 (0s) > Enter [It] created image repo is public - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:390 @ 05/06/26 07:13:57.351 < Exit [It] created image repo is public - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:390 @ 05/06/26 07:13:57.64 (289ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:13:57.64 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:13:57.64 (0s) > Enter [It] image tag is updated successfully - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:396 @ 05/06/26 07:13:57.641 Image tag quay.io/redhat-appstudio-qe/build-e2e-tlun/gl-test-custom-branch-kwkepl:on-pr-994f526d1a356a4e5cbe347fadcc937539826f1a successfully found in Quay < Exit [It] image tag is updated successfully - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:396 @ 05/06/26 07:13:57.976 (335ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:13:57.976 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:13:57.976 (0s) > Enter [It] should ensure pruning labels are set - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:425 @ 05/06/26 07:13:57.977 < Exit [It] should ensure pruning labels are set - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:425 @ 05/06/26 07:13:58.52 (543ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:13:58.52 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:13:58.52 (0s) > Enter [It] eventually leads to the PipelineRun status report at Checks tab - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:439 @ 05/06/26 07:13:58.52 < Exit [It] eventually leads to the PipelineRun status report at Checks tab - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:439 @ 05/06/26 07:14:07.056 (8.535s) > Enter [AfterAll] when a new Component with specified custom branch is created - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:324 @ 05/06/26 07:14:07.056 < Exit [AfterAll] when a new Component with specified custom branch is created - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:324 @ 05/06/26 07:14:07.163 (107ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:14:07.163 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:14:07.163 (0s) > Enter [BeforeAll] when the PaC init branch is updated - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:454 @ 05/06/26 07:14:07.163 created file sha: d631d01eeec9681668a5a1547deb9bfaa4914185 < Exit [BeforeAll] when the PaC init branch is updated - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:454 @ 05/06/26 07:14:08.089 (926ms) > Enter [It] eventually leads to triggering another PipelineRun - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:464 @ 05/06/26 07:14:08.089 PipelineRun has not been created yet for the component build-e2e-tlun/gl-test-custom-branch-kwkepl < Exit [It] eventually leads to triggering another PipelineRun - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:464 @ 05/06/26 07:14:28.119 (20.03s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:14:28.119 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:14:28.119 (0s) > Enter [It] should lead to a PaC init PR update - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:479 @ 05/06/26 07:14:28.12 < Exit [It] should lead to a PaC init PR update - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:479 @ 05/06/26 07:14:28.329 (209ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:14:28.329 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:14:28.329 (0s) > Enter [It] PipelineRun should eventually finish - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:498 @ 05/06/26 07:14:28.33 PipelineRun gl-test-custom-branch-kwkepl-on-pull-request-7lgwr found for Component build-e2e-tlun/gl-test-custom-branch-kwkepl PipelineRun gl-test-custom-branch-kwkepl-on-pull-request-7lgwr reason: Running PipelineRun gl-test-custom-branch-kwkepl-on-pull-request-7lgwr reason: Running PipelineRun gl-test-custom-branch-kwkepl-on-pull-request-7lgwr reason: Running PipelineRun gl-test-custom-branch-kwkepl-on-pull-request-7lgwr reason: Running PipelineRun gl-test-custom-branch-kwkepl-on-pull-request-7lgwr reason: Running PipelineRun gl-test-custom-branch-kwkepl-on-pull-request-7lgwr reason: Running PipelineRun gl-test-custom-branch-kwkepl-on-pull-request-7lgwr reason: Running PipelineRun gl-test-custom-branch-kwkepl-on-pull-request-7lgwr reason: Running PipelineRun gl-test-custom-branch-kwkepl-on-pull-request-7lgwr reason: Running PipelineRun gl-test-custom-branch-kwkepl-on-pull-request-7lgwr reason: Running PipelineRun gl-test-custom-branch-kwkepl-on-pull-request-7lgwr reason: Running PipelineRun gl-test-custom-branch-kwkepl-on-pull-request-7lgwr reason: Running PipelineRun gl-test-custom-branch-kwkepl-on-pull-request-7lgwr reason: Running PipelineRun gl-test-custom-branch-kwkepl-on-pull-request-7lgwr reason: Running PipelineRun gl-test-custom-branch-kwkepl-on-pull-request-7lgwr reason: Running PipelineRun gl-test-custom-branch-kwkepl-on-pull-request-7lgwr reason: Succeeded < Exit [It] PipelineRun should eventually finish - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:498 @ 05/06/26 07:19:28.355 (5m0.026s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:19:28.356 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:19:28.356 (0s) > Enter [It] eventually leads to another update of a PR about the PipelineRun status report at Checks tab - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:504 @ 05/06/26 07:19:28.357 < Exit [It] eventually leads to another update of a PR about the PipelineRun status report at Checks tab - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:504 @ 05/06/26 07:19:28.685 (329ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:19:28.686 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:19:28.686 (0s) > Enter [BeforeAll] when the PaC init branch is merged - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:520 @ 05/06/26 07:19:28.687 merged result sha: cb8115a776200aa9b1f08936eb3875dfaab386a8 < Exit [BeforeAll] when the PaC init branch is merged - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:520 @ 05/06/26 07:19:29.927 (1.241s) > Enter [It] eventually leads to triggering another PipelineRun - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:530 @ 05/06/26 07:19:29.928 PipelineRun has not been created yet for the component build-e2e-tlun/gl-test-custom-branch-kwkepl < Exit [It] eventually leads to triggering another PipelineRun - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:530 @ 05/06/26 07:19:50.041 (20.113s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:19:50.041 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:19:50.041 (0s) > Enter [It] pipelineRun should eventually finish - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:546 @ 05/06/26 07:19:50.042 PipelineRun gl-test-custom-branch-kwkepl-on-push-jrhwn found for Component build-e2e-tlun/gl-test-custom-branch-kwkepl PipelineRun gl-test-custom-branch-kwkepl-on-push-jrhwn reason: Running PipelineRun gl-test-custom-branch-kwkepl-on-push-jrhwn reason: Running PipelineRun gl-test-custom-branch-kwkepl-on-push-jrhwn reason: Running PipelineRun gl-test-custom-branch-kwkepl-on-push-jrhwn reason: Running PipelineRun gl-test-custom-branch-kwkepl-on-push-jrhwn reason: Running PipelineRun gl-test-custom-branch-kwkepl-on-push-jrhwn reason: Running PipelineRun gl-test-custom-branch-kwkepl-on-push-jrhwn reason: Running PipelineRun gl-test-custom-branch-kwkepl-on-push-jrhwn reason: Running PipelineRun gl-test-custom-branch-kwkepl-on-push-jrhwn reason: Running PipelineRun gl-test-custom-branch-kwkepl-on-push-jrhwn reason: Running PipelineRun gl-test-custom-branch-kwkepl-on-push-jrhwn reason: Running PipelineRun gl-test-custom-branch-kwkepl-on-push-jrhwn reason: Running PipelineRun gl-test-custom-branch-kwkepl-on-push-jrhwn reason: Running PipelineRun gl-test-custom-branch-kwkepl-on-push-jrhwn reason: Running PipelineRun gl-test-custom-branch-kwkepl-on-push-jrhwn reason: Running PipelineRun gl-test-custom-branch-kwkepl-on-push-jrhwn reason: Succeeded < Exit [It] pipelineRun should eventually finish - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:546 @ 05/06/26 07:24:50.061 (5m0.02s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:24:50.061 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:24:50.061 (0s) > Enter [It] does not have expiration set - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:552 @ 05/06/26 07:24:50.062 < Exit [It] does not have expiration set - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:552 @ 05/06/26 07:24:50.409 (347ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:24:50.409 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:24:50.409 (0s) > Enter [It] After updating image visibility to private, it should not trigger another PipelineRun - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:564 @ 05/06/26 07:24:50.41 waiting for one minute and expecting to not trigger a PipelineRun < Exit [It] After updating image visibility to private, it should not trigger another PipelineRun - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:564 @ 05/06/26 07:26:51.46 (2m1.05s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:26:51.46 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:26:51.46 (0s) > Enter [It] image repo is updated to private - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:595 @ 05/06/26 07:26:51.46 < Exit [It] image repo is updated to private - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:595 @ 05/06/26 07:26:51.73 (270ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:26:51.73 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:26:51.73 (0s) > Enter [BeforeAll] when the component is removed - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:649 @ 05/06/26 07:26:51.731 < Exit [BeforeAll] when the component is removed - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:649 @ 05/06/26 07:26:52.759 (1.027s) > Enter [It] related image repo and robot accounts deleted - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:661 @ 05/06/26 07:26:52.759 < Exit [It] related image repo and robot accounts deleted - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:661 @ 05/06/26 07:26:58.98 (6.221s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:26:58.981 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:26:58.981 (0s) > Enter [It] purge PR is created successfully - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:679 @ 05/06/26 07:26:58.981 Found purge PR with id: 3 < Exit [It] purge PR is created successfully - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:679 @ 05/06/26 07:26:59.17 (188ms) > Enter [AfterAll] PaC component build - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:101 @ 05/06/26 07:26:59.17 < Exit [AfterAll] PaC component build - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:101 @ 05/06/26 07:27:01.498 (2.329s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:27:01.499 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:27:01.499 (0s) > Enter [BeforeAll] PaC component build - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:54 @ 05/06/26 07:02:05.962 < Exit [BeforeAll] PaC component build - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:54 @ 05/06/26 07:02:23.716 (17.754s) > Enter [BeforeAll] when a new component without specified branch is created and with visibility private - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:117 @ 05/06/26 07:02:23.717 Image repository for component gh-test-custom-default-rmvirc in namespace build-e2e-oogp do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. Image repository for component gh-test-custom-default-rmvirc in namespace build-e2e-oogp do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. < Exit [BeforeAll] when a new component without specified branch is created and with visibility private - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:117 @ 05/06/26 07:02:44.436 (20.72s) > Enter [It] correctly targets the default branch (that is not named 'main') with PaC - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:136 @ 05/06/26 07:02:44.437 < Exit [It] correctly targets the default branch (that is not named 'main') with PaC - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:136 @ 05/06/26 07:03:20.743 (36.307s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:03:20.744 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:03:20.744 (0s) > Enter [It] workspace parameter is set correctly in PaC repository CR - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:153 @ 05/06/26 07:03:20.745 < Exit [It] workspace parameter is set correctly in PaC repository CR - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:153 @ 05/06/26 07:03:20.777 (32ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:03:20.777 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:03:20.777 (0s) > Enter [It] triggers a PipelineRun - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:176 @ 05/06/26 07:03:20.777 PipelineRun has not been created yet for the component build-e2e-oogp/gh-test-custom-branch-runxvv < Exit [It] triggers a PipelineRun - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:176 @ 05/06/26 07:03:40.865 (20.088s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:03:40.865 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:03:40.865 (0s) > Enter [It] build pipeline uses the correct serviceAccount - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:191 @ 05/06/26 07:03:40.866 < Exit [It] build pipeline uses the correct serviceAccount - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:191 @ 05/06/26 07:03:40.866 (0s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:03:40.866 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:03:40.866 (0s) > Enter [It] component build status is set correctly - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:195 @ 05/06/26 07:03:40.866 build status annotation value: {"pac":{"state":"enabled","merge-url":"https://github.com/redhat-appstudio-qe/devfile-sample-hello-world-vleold/pull/1","configuration-time":"Wed, 06 May 2026 07:03:17 UTC"},"message":"done"} state: enabled mergeUrl: https://github.com/redhat-appstudio-qe/devfile-sample-hello-world-vleold/pull/1 errId: 0 errMessage: configurationTime: Wed, 06 May 2026 07:03:17 UTC < Exit [It] component build status is set correctly - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:195 @ 05/06/26 07:03:40.896 (29ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:03:40.896 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:03:40.896 (0s) > Enter [It] image repo and robot account created successfully - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:225 @ 05/06/26 07:03:40.897 < Exit [It] image repo and robot account created successfully - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:225 @ 05/06/26 07:03:42.372 (1.475s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:03:42.372 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:03:42.372 (0s) > Enter [It] created image repo is private - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:243 @ 05/06/26 07:03:42.373 < Exit [It] created image repo is private - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:243 @ 05/06/26 07:03:42.655 (283ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:03:42.655 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:03:42.655 (0s) > Enter [It] a related PipelineRun should be deleted after deleting the component - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:249 @ 05/06/26 07:03:42.656 < Exit [It] a related PipelineRun should be deleted after deleting the component - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:249 @ 05/06/26 07:03:49.748 (7.092s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:03:49.748 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:03:49.748 (0s) > Enter [It] PR branch should not exist in the repo - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:265 @ 05/06/26 07:03:49.749 < Exit [It] PR branch should not exist in the repo - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:265 @ 05/06/26 07:03:49.874 (125ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:03:49.874 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:03:49.874 (0s) > Enter [It] related image repo and the robot account should be deleted after deleting the component - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:278 @ 05/06/26 07:03:49.875 < Exit [It] related image repo and the robot account should be deleted after deleting the component - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:278 @ 05/06/26 07:04:05.36 (15.485s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:04:05.36 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:04:05.36 (0s) > Enter [BeforeAll] when a new Component with specified custom branch is created - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:306 @ 05/06/26 07:04:05.361 Image repository for component gh-test-custom-branch-runxvv in namespace build-e2e-oogp do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. Image repository for component gh-test-custom-branch-runxvv in namespace build-e2e-oogp do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. < Exit [BeforeAll] when a new Component with specified custom branch is created - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:306 @ 05/06/26 07:04:25.446 (20.085s) > Enter [It] triggers a PipelineRun - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:332 @ 05/06/26 07:04:25.446 PipelineRun has not been created yet for the component build-e2e-oogp/gh-test-custom-branch-runxvv < Exit [It] triggers a PipelineRun - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:332 @ 05/06/26 07:04:45.482 (20.036s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:04:45.482 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:04:45.482 (0s) > Enter [It] should lead to a PaC init PR creation - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:347 @ 05/06/26 07:04:45.483 < Exit [It] should lead to a PaC init PR creation - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:347 @ 05/06/26 07:04:45.751 (268ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:04:45.751 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:04:45.751 (0s) > Enter [It] the PipelineRun should eventually finish successfully - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:365 @ 05/06/26 07:04:45.752 PipelineRun gh-test-custom-branch-runxvv-on-pull-request-7pjz4 found for Component build-e2e-oogp/gh-test-custom-branch-runxvv PipelineRun gh-test-custom-branch-runxvv-on-pull-request-7pjz4 reason: ResolvingTaskRef PipelineRun gh-test-custom-branch-runxvv-on-pull-request-7pjz4 reason: Running PipelineRun gh-test-custom-branch-runxvv-on-pull-request-7pjz4 reason: Running PipelineRun gh-test-custom-branch-runxvv-on-pull-request-7pjz4 reason: Running PipelineRun gh-test-custom-branch-runxvv-on-pull-request-7pjz4 reason: Running PipelineRun gh-test-custom-branch-runxvv-on-pull-request-7pjz4 reason: Running PipelineRun gh-test-custom-branch-runxvv-on-pull-request-7pjz4 reason: Running PipelineRun gh-test-custom-branch-runxvv-on-pull-request-7pjz4 reason: Running PipelineRun gh-test-custom-branch-runxvv-on-pull-request-7pjz4 reason: Running PipelineRun gh-test-custom-branch-runxvv-on-pull-request-7pjz4 reason: Running PipelineRun gh-test-custom-branch-runxvv-on-pull-request-7pjz4 reason: Running PipelineRun gh-test-custom-branch-runxvv-on-pull-request-7pjz4 reason: Running PipelineRun gh-test-custom-branch-runxvv-on-pull-request-7pjz4 reason: Running PipelineRun gh-test-custom-branch-runxvv-on-pull-request-7pjz4 reason: Running PipelineRun gh-test-custom-branch-runxvv-on-pull-request-7pjz4 reason: Running PipelineRun gh-test-custom-branch-runxvv-on-pull-request-7pjz4 reason: Running PipelineRun gh-test-custom-branch-runxvv-on-pull-request-7pjz4 reason: Running PipelineRun gh-test-custom-branch-runxvv-on-pull-request-7pjz4 reason: Running PipelineRun gh-test-custom-branch-runxvv-on-pull-request-7pjz4 reason: Running PipelineRun gh-test-custom-branch-runxvv-on-pull-request-7pjz4 reason: Running PipelineRun gh-test-custom-branch-runxvv-on-pull-request-7pjz4 reason: Running PipelineRun gh-test-custom-branch-runxvv-on-pull-request-7pjz4 reason: Running PipelineRun gh-test-custom-branch-runxvv-on-pull-request-7pjz4 reason: Running PipelineRun gh-test-custom-branch-runxvv-on-pull-request-7pjz4 reason: Running PipelineRun gh-test-custom-branch-runxvv-on-pull-request-7pjz4 reason: Running PipelineRun gh-test-custom-branch-runxvv-on-pull-request-7pjz4 reason: Running PipelineRun gh-test-custom-branch-runxvv-on-pull-request-7pjz4 reason: Running PipelineRun gh-test-custom-branch-runxvv-on-pull-request-7pjz4 reason: Succeeded < Exit [It] the PipelineRun should eventually finish successfully - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:365 @ 05/06/26 07:13:45.769 (9m0.017s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:13:45.769 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:13:45.769 (0s) > Enter [It] image repo and robot account created successfully - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:371 @ 05/06/26 07:13:45.77 < Exit [It] image repo and robot account created successfully - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:371 @ 05/06/26 07:13:47.278 (1.509s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:13:47.279 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:13:47.279 (0s) > Enter [It] created image repo is public - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:390 @ 05/06/26 07:13:47.279 < Exit [It] created image repo is public - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:390 @ 05/06/26 07:13:47.601 (322ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:13:47.601 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:13:47.601 (0s) > Enter [It] image tag is updated successfully - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:396 @ 05/06/26 07:13:47.602 Image tag quay.io/redhat-appstudio-qe/build-e2e-oogp/gh-test-custom-branch-runxvv:on-pr-68c71a27cf8c04591cebefa1a4af281195839284 successfully found in Quay < Exit [It] image tag is updated successfully - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:396 @ 05/06/26 07:13:47.962 (360ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:13:47.962 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:13:47.962 (0s) > Enter [It] should ensure pruning labels are set - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:425 @ 05/06/26 07:13:47.962 < Exit [It] should ensure pruning labels are set - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:425 @ 05/06/26 07:13:48.516 (553ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:13:48.516 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:13:48.516 (0s) > Enter [It] eventually leads to the PipelineRun status report at Checks tab - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:439 @ 05/06/26 07:13:48.516 < Exit [It] eventually leads to the PipelineRun status report at Checks tab - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:439 @ 05/06/26 07:13:48.947 (430ms) > Enter [AfterAll] when a new Component with specified custom branch is created - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:324 @ 05/06/26 07:13:48.947 < Exit [AfterAll] when a new Component with specified custom branch is created - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:324 @ 05/06/26 07:13:49.017 (70ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:13:49.018 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:13:49.018 (0s) > Enter [BeforeAll] when the PaC init branch is updated - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:454 @ 05/06/26 07:13:49.018 created file sha: a00bbbdb0f95948790056777b5d94073af398fb4 < Exit [BeforeAll] when the PaC init branch is updated - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:454 @ 05/06/26 07:13:49.802 (784ms) > Enter [It] eventually leads to triggering another PipelineRun - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:464 @ 05/06/26 07:13:49.802 PipelineRun has not been created yet for the component build-e2e-oogp/gh-test-custom-branch-runxvv < Exit [It] eventually leads to triggering another PipelineRun - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:464 @ 05/06/26 07:14:09.822 (20.02s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:14:09.822 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:14:09.822 (0s) > Enter [It] should lead to a PaC init PR update - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:479 @ 05/06/26 07:14:09.822 < Exit [It] should lead to a PaC init PR update - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:479 @ 05/06/26 07:14:10.047 (225ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:14:10.048 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:14:10.048 (0s) > Enter [It] PipelineRun should eventually finish - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:498 @ 05/06/26 07:14:10.048 PipelineRun gh-test-custom-branch-runxvv-on-pull-request-t4lk2 found for Component build-e2e-oogp/gh-test-custom-branch-runxvv PipelineRun gh-test-custom-branch-runxvv-on-pull-request-t4lk2 reason: Running PipelineRun gh-test-custom-branch-runxvv-on-pull-request-t4lk2 reason: Running PipelineRun gh-test-custom-branch-runxvv-on-pull-request-t4lk2 reason: Running PipelineRun gh-test-custom-branch-runxvv-on-pull-request-t4lk2 reason: Running PipelineRun gh-test-custom-branch-runxvv-on-pull-request-t4lk2 reason: Running PipelineRun gh-test-custom-branch-runxvv-on-pull-request-t4lk2 reason: Running PipelineRun gh-test-custom-branch-runxvv-on-pull-request-t4lk2 reason: Running PipelineRun gh-test-custom-branch-runxvv-on-pull-request-t4lk2 reason: Running PipelineRun gh-test-custom-branch-runxvv-on-pull-request-t4lk2 reason: Running PipelineRun gh-test-custom-branch-runxvv-on-pull-request-t4lk2 reason: Running PipelineRun gh-test-custom-branch-runxvv-on-pull-request-t4lk2 reason: Running PipelineRun gh-test-custom-branch-runxvv-on-pull-request-t4lk2 reason: Running PipelineRun gh-test-custom-branch-runxvv-on-pull-request-t4lk2 reason: Running PipelineRun gh-test-custom-branch-runxvv-on-pull-request-t4lk2 reason: Running PipelineRun gh-test-custom-branch-runxvv-on-pull-request-t4lk2 reason: Running PipelineRun gh-test-custom-branch-runxvv-on-pull-request-t4lk2 reason: Succeeded < Exit [It] PipelineRun should eventually finish - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:498 @ 05/06/26 07:19:10.073 (5m0.024s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:19:10.073 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:19:10.073 (0s) > Enter [It] eventually leads to another update of a PR about the PipelineRun status report at Checks tab - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:504 @ 05/06/26 07:19:10.073 < Exit [It] eventually leads to another update of a PR about the PipelineRun status report at Checks tab - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:504 @ 05/06/26 07:19:10.57 (497ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:19:10.57 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:19:10.57 (0s) > Enter [BeforeAll] when the PaC init branch is merged - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:520 @ 05/06/26 07:19:10.571 merged result sha: 67eaa06beb8eb2a4dc3b062ddfb14680faf65a20 < Exit [BeforeAll] when the PaC init branch is merged - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:520 @ 05/06/26 07:19:13.088 (2.517s) > Enter [It] eventually leads to triggering another PipelineRun - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:530 @ 05/06/26 07:19:13.088 PipelineRun has not been created yet for the component build-e2e-oogp/gh-test-custom-branch-runxvv < Exit [It] eventually leads to triggering another PipelineRun - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:530 @ 05/06/26 07:19:33.126 (20.038s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:19:33.126 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:19:33.126 (0s) > Enter [It] pipelineRun should eventually finish - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:546 @ 05/06/26 07:19:33.127 PipelineRun gh-test-custom-branch-runxvv-on-push-rpjkc found for Component build-e2e-oogp/gh-test-custom-branch-runxvv PipelineRun gh-test-custom-branch-runxvv-on-push-rpjkc reason: Running PipelineRun gh-test-custom-branch-runxvv-on-push-rpjkc reason: Running PipelineRun gh-test-custom-branch-runxvv-on-push-rpjkc reason: Running PipelineRun gh-test-custom-branch-runxvv-on-push-rpjkc reason: Running PipelineRun gh-test-custom-branch-runxvv-on-push-rpjkc reason: Running PipelineRun gh-test-custom-branch-runxvv-on-push-rpjkc reason: Running PipelineRun gh-test-custom-branch-runxvv-on-push-rpjkc reason: Running PipelineRun gh-test-custom-branch-runxvv-on-push-rpjkc reason: Running PipelineRun gh-test-custom-branch-runxvv-on-push-rpjkc reason: Running PipelineRun gh-test-custom-branch-runxvv-on-push-rpjkc reason: Running PipelineRun gh-test-custom-branch-runxvv-on-push-rpjkc reason: Running PipelineRun gh-test-custom-branch-runxvv-on-push-rpjkc reason: Running PipelineRun gh-test-custom-branch-runxvv-on-push-rpjkc reason: Running PipelineRun gh-test-custom-branch-runxvv-on-push-rpjkc reason: Running PipelineRun gh-test-custom-branch-runxvv-on-push-rpjkc reason: Running PipelineRun gh-test-custom-branch-runxvv-on-push-rpjkc reason: Running PipelineRun gh-test-custom-branch-runxvv-on-push-rpjkc reason: Succeeded < Exit [It] pipelineRun should eventually finish - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:546 @ 05/06/26 07:24:53.423 (5m20.296s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:24:53.423 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:24:53.423 (0s) > Enter [It] does not have expiration set - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:552 @ 05/06/26 07:24:53.424 < Exit [It] does not have expiration set - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:552 @ 05/06/26 07:24:53.756 (333ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:24:53.757 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:24:53.757 (0s) > Enter [It] After updating image visibility to private, it should not trigger another PipelineRun - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:564 @ 05/06/26 07:24:53.757 waiting for one minute and expecting to not trigger a PipelineRun < Exit [It] After updating image visibility to private, it should not trigger another PipelineRun - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:564 @ 05/06/26 07:26:56.909 (2m3.151s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:26:56.909 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:26:56.909 (0s) > Enter [It] image repo is updated to private - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:595 @ 05/06/26 07:26:56.909 < Exit [It] image repo is updated to private - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:595 @ 05/06/26 07:26:57.187 (277ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:26:57.187 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:26:57.187 (0s) > Enter [BeforeAll] when the component is removed - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:649 @ 05/06/26 07:26:57.188 < Exit [BeforeAll] when the component is removed - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:649 @ 05/06/26 07:26:58.221 (1.033s) > Enter [It] related image repo and robot accounts deleted - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:661 @ 05/06/26 07:26:58.221 < Exit [It] related image repo and robot accounts deleted - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:661 @ 05/06/26 07:27:04.956 (6.735s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:27:04.956 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:27:04.956 (0s) > Enter [It] purge PR is created successfully - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:679 @ 05/06/26 07:27:04.957 Found purge PR with id: 3 < Exit [It] purge PR is created successfully - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:679 @ 05/06/26 07:27:05.237 (280ms) > Enter [AfterAll] PaC component build - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:101 @ 05/06/26 07:27:05.237 < Exit [AfterAll] PaC component build - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:101 @ 05/06/26 07:27:06.112 (875ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:27:06.112 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/pac_build.go:28 @ 05/06/26 07:27:06.112 (0s) > Enter [BeforeAll] test pac with multiple components using same repository - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:40 @ 05/06/26 07:02:05.761 < Exit [BeforeAll] test pac with multiple components using same repository - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:40 @ 05/06/26 07:02:19.398 (13.637s) > Enter [It] creates component with context directory go-component - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:106 @ 05/06/26 07:02:19.398 < Exit [It] creates component with context directory go-component - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:106 @ 05/06/26 07:02:29.435 (10.036s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:28 @ 05/06/26 07:02:29.435 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:28 @ 05/06/26 07:02:29.435 (0s) > Enter [It] triggers a PipelineRun for component go-component-xmjfha - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:125 @ 05/06/26 07:02:29.436 PipelineRun has not been created yet for the component build-e2e-svpu/go-component-xmjfha PipelineRun has not been created yet for the component build-e2e-svpu/go-component-xmjfha < Exit [It] triggers a PipelineRun for component go-component-xmjfha - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:125 @ 05/06/26 07:03:09.481 (40.046s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:28 @ 05/06/26 07:03:09.481 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:28 @ 05/06/26 07:03:09.481 (0s) > Enter [It] should lead to a PaC PR creation for component go-component-xmjfha - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:140 @ 05/06/26 07:03:09.482 < Exit [It] should lead to a PaC PR creation for component go-component-xmjfha - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:140 @ 05/06/26 07:03:09.924 (442ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:28 @ 05/06/26 07:03:09.924 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:28 @ 05/06/26 07:03:09.924 (0s) > Enter [It] the PipelineRun should eventually finish successfully for component go-component-xmjfha - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:159 @ 05/06/26 07:03:09.925 PipelineRun go-component-xmjfha-on-pull-request-cz5gt found for Component build-e2e-svpu/go-component-xmjfha PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: ResolvingTaskRef PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Running PipelineRun go-component-xmjfha-on-pull-request-cz5gt reason: Succeeded < Exit [It] the PipelineRun should eventually finish successfully for component go-component-xmjfha - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:159 @ 05/06/26 07:31:09.937 (28m0.012s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:28 @ 05/06/26 07:31:09.937 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:28 @ 05/06/26 07:31:09.937 (0s) > Enter [It] merging the PR should be successful - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:164 @ 05/06/26 07:31:09.938 merged result sha: ec76752de61822742169c18520774ce1329f711e for PR #32907 < Exit [It] merging the PR should be successful - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:164 @ 05/06/26 07:31:11.914 (1.977s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:28 @ 05/06/26 07:31:11.915 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:28 @ 05/06/26 07:31:11.915 (0s) > Enter [It] leads to triggering on push PipelineRun - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:174 @ 05/06/26 07:31:11.915 Push PipelineRun has not been created yet for the component build-e2e-svpu/go-component-xmjfha < Exit [It] leads to triggering on push PipelineRun - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:174 @ 05/06/26 07:31:31.937 (20.022s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:28 @ 05/06/26 07:31:31.938 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:28 @ 05/06/26 07:31:31.938 (0s) > Enter [It] creates component with context directory python-component - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:106 @ 05/06/26 07:31:31.938 < Exit [It] creates component with context directory python-component - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:106 @ 05/06/26 07:31:41.995 (10.056s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:28 @ 05/06/26 07:31:41.995 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:28 @ 05/06/26 07:31:41.995 (0s) > Enter [It] triggers a PipelineRun for component python-component-wdoqwb - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:125 @ 05/06/26 07:31:41.995 PipelineRun has not been created yet for the component build-e2e-svpu/python-component-wdoqwb < Exit [It] triggers a PipelineRun for component python-component-wdoqwb - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:125 @ 05/06/26 07:32:02.019 (20.023s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:28 @ 05/06/26 07:32:02.019 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:28 @ 05/06/26 07:32:02.019 (0s) > Enter [It] should lead to a PaC PR creation for component python-component-wdoqwb - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:140 @ 05/06/26 07:32:02.02 < Exit [It] should lead to a PaC PR creation for component python-component-wdoqwb - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:140 @ 05/06/26 07:32:02.394 (374ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:28 @ 05/06/26 07:32:02.394 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:28 @ 05/06/26 07:32:02.394 (0s) > Enter [It] the PipelineRun should eventually finish successfully for component python-component-wdoqwb - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:159 @ 05/06/26 07:32:02.395 PipelineRun python-component-wdoqwb-on-pull-request-prfbx found for Component build-e2e-svpu/python-component-wdoqwb PipelineRun python-component-wdoqwb-on-pull-request-prfbx reason: Running PipelineRun python-component-wdoqwb-on-pull-request-prfbx reason: Running PipelineRun python-component-wdoqwb-on-pull-request-prfbx reason: Running PipelineRun python-component-wdoqwb-on-pull-request-prfbx reason: Running PipelineRun python-component-wdoqwb-on-pull-request-prfbx reason: Running PipelineRun python-component-wdoqwb-on-pull-request-prfbx reason: Running PipelineRun python-component-wdoqwb-on-pull-request-prfbx reason: Running PipelineRun python-component-wdoqwb-on-pull-request-prfbx reason: Running PipelineRun python-component-wdoqwb-on-pull-request-prfbx reason: Running PipelineRun python-component-wdoqwb-on-pull-request-prfbx reason: Running PipelineRun python-component-wdoqwb-on-pull-request-prfbx reason: Running PipelineRun python-component-wdoqwb-on-pull-request-prfbx reason: Running PipelineRun python-component-wdoqwb-on-pull-request-prfbx reason: Running PipelineRun python-component-wdoqwb-on-pull-request-prfbx reason: Running PipelineRun python-component-wdoqwb-on-pull-request-prfbx reason: Running PipelineRun python-component-wdoqwb-on-pull-request-prfbx reason: Running PipelineRun python-component-wdoqwb-on-pull-request-prfbx reason: Running PipelineRun python-component-wdoqwb-on-pull-request-prfbx reason: Running PipelineRun python-component-wdoqwb-on-pull-request-prfbx reason: Running PipelineRun python-component-wdoqwb-on-pull-request-prfbx reason: Succeeded < Exit [It] the PipelineRun should eventually finish successfully for component python-component-wdoqwb - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:159 @ 05/06/26 07:38:22.413 (6m20.018s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:28 @ 05/06/26 07:38:22.413 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:28 @ 05/06/26 07:38:22.413 (0s) > Enter [It] merging the PR should be successful - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:164 @ 05/06/26 07:38:22.414 merged result sha: c282517481cb9c18458aec3ad205bb0042f9c570 for PR #32910 < Exit [It] merging the PR should be successful - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:164 @ 05/06/26 07:38:24.24 (1.826s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:28 @ 05/06/26 07:38:24.24 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:28 @ 05/06/26 07:38:24.24 (0s) > Enter [It] leads to triggering on push PipelineRun - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:174 @ 05/06/26 07:38:24.241 Push PipelineRun has not been created yet for the component build-e2e-svpu/python-component-wdoqwb < Exit [It] leads to triggering on push PipelineRun - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:174 @ 05/06/26 07:38:44.261 (20.02s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:28 @ 05/06/26 07:38:44.261 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:28 @ 05/06/26 07:38:44.261 (0s) > Enter [It] only one component is changed - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:190 @ 05/06/26 07:38:44.262 PR #32913 got created with sha aa9e6940b586d05c6adbcaf1da9a090cc0bfb1b4 < Exit [It] only one component is changed - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:190 @ 05/06/26 07:38:47.092 (2.831s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:28 @ 05/06/26 07:38:47.093 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:28 @ 05/06/26 07:38:47.093 (0s) > Enter [It] only related pipelinerun should be triggered - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:205 @ 05/06/26 07:38:47.093 on pull PiplelineRun has not been created yet for the PR < Exit [It] only related pipelinerun should be triggered - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:205 @ 05/06/26 07:39:07.117 (20.024s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:28 @ 05/06/26 07:39:07.117 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:28 @ 05/06/26 07:39:07.117 (0s) > Enter [BeforeAll] when a components is created with same git url in different namespace - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:223 @ 05/06/26 07:39:07.117 < Exit [BeforeAll] when a components is created with same git url in different namespace - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:223 @ 05/06/26 07:39:19.292 (12.175s) > Enter [It] should fail to configure PaC for the component - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:264 @ 05/06/26 07:39:19.292 build status annotation value: {"pac":{"state":"error","error-id":53,"error-message":"53: Git repository is already handled by Pipelines as Code"},"message":"done"} build status: &{State:error MergeUrl: ConfigurationTime: ErrorInfo:{ErrId:53 ErrMessage:53: Git repository is already handled by Pipelines as Code}} < Exit [It] should fail to configure PaC for the component - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:264 @ 05/06/26 07:39:19.301 (9ms) > Enter [AfterAll] when a components is created with same git url in different namespace - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:253 @ 05/06/26 07:39:19.301 < Exit [AfterAll] when a components is created with same git url in different namespace - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:253 @ 05/06/26 07:39:19.389 (88ms) > Enter [AfterAll] test pac with multiple components using same repository - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:68 @ 05/06/26 07:39:19.389 < Exit [AfterAll] test pac with multiple components using same repository - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:68 @ 05/06/26 07:39:27.455 (8.067s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:28 @ 05/06/26 07:39:27.456 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/multi_component.go:28 @ 05/06/26 07:39:27.456 (0s) > Enter [BeforeAll] with status reporting of Integration tests in CheckRuns - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:60 @ 05/06/26 07:02:05.866 Successfully acquired repository lock for namespace group-uztv < Exit [BeforeAll] with status reporting of Integration tests in CheckRuns - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:60 @ 05/06/26 07:02:31.466 (25.599s) > Enter [It] creates the Component A successfully - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:205 @ 05/06/26 07:02:31.466 Image repository for component go-component-dlsyll in namespace group-uztv do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. Image repository for component go-component-dlsyll in namespace group-uztv do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. < Exit [It] creates the Component A successfully - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:205 @ 05/06/26 07:03:01.51 (30.045s) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:03:01.51 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:03:01.511 (0s) > Enter [It] triggers a Build PipelineRun for componentA go-component - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:213 @ 05/06/26 07:03:01.511 Build PipelineRun has not been created yet for the componentA group-uztv/go-component-dlsyll Build PipelineRun has not been created yet for the componentA group-uztv/go-component-dlsyll < Exit [It] triggers a Build PipelineRun for componentA go-component - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:213 @ 05/06/26 07:03:41.555 (40.044s) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:03:41.556 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:03:41.556 (0s) > Enter [It] does not contain an annotation with a Snapshot Name - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:227 @ 05/06/26 07:03:41.557 < Exit [It] does not contain an annotation with a Snapshot Name - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:227 @ 05/06/26 07:03:41.557 (0s) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:03:41.557 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:03:41.557 (0s) > Enter [It] should lead to build PipelineRunA finishing successfully - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:231 @ 05/06/26 07:03:41.557 PipelineRun go-component-dlsyll-on-pull-request-j8lb7 found for Component group-uztv/go-component-dlsyll PipelineRun go-component-dlsyll-on-pull-request-j8lb7 reason: Running PipelineRun go-component-dlsyll-on-pull-request-j8lb7 reason: Running PipelineRun go-component-dlsyll-on-pull-request-j8lb7 reason: Running PipelineRun go-component-dlsyll-on-pull-request-j8lb7 reason: Running PipelineRun go-component-dlsyll-on-pull-request-j8lb7 reason: Running PipelineRun go-component-dlsyll-on-pull-request-j8lb7 reason: Running PipelineRun go-component-dlsyll-on-pull-request-j8lb7 reason: Running PipelineRun go-component-dlsyll-on-pull-request-j8lb7 reason: Running PipelineRun go-component-dlsyll-on-pull-request-j8lb7 reason: Running PipelineRun go-component-dlsyll-on-pull-request-j8lb7 reason: Running PipelineRun go-component-dlsyll-on-pull-request-j8lb7 reason: Running PipelineRun go-component-dlsyll-on-pull-request-j8lb7 reason: Running PipelineRun go-component-dlsyll-on-pull-request-j8lb7 reason: Running PipelineRun go-component-dlsyll-on-pull-request-j8lb7 reason: Running PipelineRun go-component-dlsyll-on-pull-request-j8lb7 reason: Running PipelineRun go-component-dlsyll-on-pull-request-j8lb7 reason: PipelineRunStopping PipelineRun go-component-dlsyll-on-pull-request-j8lb7 reason: PipelineRunStopping PipelineRun go-component-dlsyll-on-pull-request-j8lb7 reason: PipelineRunStopping PipelineRun go-component-dlsyll-on-pull-request-j8lb7 reason: PipelineRunStopping PipelineRun go-component-dlsyll-on-pull-request-j8lb7 reason: PipelineRunStopping PipelineRun go-component-dlsyll-on-pull-request-j8lb7 reason: PipelineRunStopping PipelineRun go-component-dlsyll-on-pull-request-j8lb7 reason: PipelineRunStopping PipelineRun go-component-dlsyll-on-pull-request-j8lb7 reason: PipelineRunStopping PipelineRun go-component-dlsyll-on-pull-request-j8lb7 reason: PipelineRunStopping PipelineRun go-component-dlsyll-on-pull-request-j8lb7 reason: PipelineRunStopping PipelineRun go-component-dlsyll-on-pull-request-j8lb7 reason: Failed attempt 1/3: PipelineRun "go-component-dlsyll-on-pull-request-j8lb7" failed: pod: go-component-dlsyll-on-pull-request-j8lb7-apply-tags-pod | init container: prepare 2026/05/06 07:07:29 Entrypoint initialization pod: go-component-dlsyll-on-pull-request-j8lb7-apply-tags-pod | container step-apply-additional-tags: time="2026-05-06T07:07:33Z" level=info msg="[param] image-url: quay.io/redhat-appstudio-qe/group-uztv/go-component-dlsyll:on-pr-a5839952a803695473c9db1daaf20da0c2f5d74b" time="2026-05-06T07:07:33Z" level=info msg="[param] digest: sha256:c053d095b5cbfcdcb81dc6c9e56b3469240fe9fb9367477d0becb289c651631d" time="2026-05-06T07:07:33Z" level=info msg="[param] tags-from-image-label: konflux.additional-tags" time="2026-05-06T07:07:34Z" level=warning msg="No tags given in 'konflux.additional-tags' image label" {"tags":[]} pod: go-component-dlsyll-on-pull-request-j8lb7-build-container-pod | init container: prepare 2026/05/06 07:04:24 Entrypoint initialization pod: go-component-dlsyll-on-pull-request-j8lb7-build-container-pod | init container: place-scripts 2026/05/06 07:04:25 Decoded script /tekton/scripts/script-0-qx2w7 2026/05/06 07:04:25 Decoded script /tekton/scripts/script-1-4fwjt 2026/05/06 07:04:25 Decoded script /tekton/scripts/script-2-4pnv4 2026/05/06 07:04:25 Decoded script /tekton/scripts/script-3-88dr7 2026/05/06 07:04:25 Decoded script /tekton/scripts/script-4-pj94w pod: go-component-dlsyll-on-pull-request-j8lb7-build-container-pod | init container: working-dir-initializer pod: go-component-dlsyll-on-pull-request-j8lb7-build-container-pod | container step-build: [2026-05-06T07:04:48,741050750+00:00] Validate context path [2026-05-06T07:04:48,744384080+00:00] Update CA trust [2026-05-06T07:04:48,745466996+00:00] Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-05-06T07:04:50,826205149+00:00] Prepare Dockerfile Checking if /var/workdir/cachi2/output/bom.json exists. Could not find prefetched sbom. No content_sets found for ICM [2026-05-06T07:04:50,832586533+00:00] Prepare system (architecture: x86_64) [2026-05-06T07:04:51,005323489+00:00] Setup prefetched Trying to pull registry.access.redhat.com/ubi9/go-toolset:1.18.9-14... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:e76793d6902ad1adb19ede3d720024cf0cd8427b3ff606554a4bcafba03dddf4 Copying blob sha256:2a625e4afab51b49edb0e5f4ff37d8afbb20ec644ed1e68641358a6305557de3 Copying blob sha256:4a13c0e9217d70e608f2d5f5d3c5ffa6d9cd16908b3f83a7a97492d355d25a09 Copying blob sha256:0ab0ba77295aca9b12f463cb7198f0b8b6990b41151dbbd4e1b224fe85244b83 Copying config sha256:391a2eac28d98dc72726df1faa77db28f6899a77c91ad40f2bdad62baf041301 Writing manifest to image destination Storing signatures [2026-05-06T07:05:33,886531865+00:00] Unsetting proxy { "architecture": "x86_64", "build-date": "2026-05-06T07:04:51Z", "com.redhat.component": "go-toolset-container", "com.redhat.license_terms": "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI", "description": "Go Toolset available as a container is a base platform for building and running various Go applications and frameworks. Go is an easy to learn, powerful, statically typed language in the C/C++ tradition with garbage collection, concurrent programming support, and memory safety features.", "distribution-scope": "public", "io.buildah.version": "1.42.2", "io.k8s.description": "Go Toolset available as a container is a base platform for building and running various Go applications and frameworks. Go is an easy to learn, powerful, statically typed language in the C/C++ tradition with garbage collection, concurrent programming support, and memory safety features.", "io.k8s.display-name": "Go 1.18.9", "io.openshift.expose-services": "", "io.openshift.s2i.scripts-url": "image:///usr/libexec/s2i", "io.openshift.tags": "builder,golang,golang118,rh-golang118,go", "io.s2i.scripts-url": "image:///usr/libexec/s2i", "maintainer": "Red Hat, Inc.", "name": "rhel9/go-toolset", "release": "14", "summary": "Platform for building and running Go Applications", "url": "https://access.redhat.com/containers/#/registry.access.redhat.com/rhel9/go-toolset/images/1.18.9-14", "vcs-ref": "a5839952a803695473c9db1daaf20da0c2f5d74b", "vcs-type": "git", "vendor": "Red Hat, Inc.", "version": "1.18.9", "org.opencontainers.image.revision": "a5839952a803695473c9db1daaf20da0c2f5d74b", "org.opencontainers.image.source": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component", "quay.expires-after": "6h", "org.opencontainers.image.created": "2026-05-06T07:04:51Z" } [2026-05-06T07:05:33,932890978+00:00] Register sub-man Adding the entitlement to the build [2026-05-06T07:05:33,936102719+00:00] Add secrets [2026-05-06T07:05:33,943273237+00:00] Run buildah build [2026-05-06T07:05:33,944300836+00:00] buildah build --volume /tmp/entitlement:/etc/pki/entitlement --security-opt=unmask=/proc/interrupts --label architecture=x86_64 --label vcs-type=git --label vcs-ref=a5839952a803695473c9db1daaf20da0c2f5d74b --label org.opencontainers.image.revision=a5839952a803695473c9db1daaf20da0c2f5d74b --label org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/group-snapshot-multi-component --label quay.expires-after=6h --label build-date=2026-05-06T07:04:51Z --label org.opencontainers.image.created=2026-05-06T07:04:51Z --annotation org.opencontainers.image.revision=a5839952a803695473c9db1daaf20da0c2f5d74b --annotation org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/group-snapshot-multi-component --annotation org.opencontainers.image.created=2026-05-06T07:04:51Z --tls-verify=true --no-cache --ulimit nofile=4096:4096 --http-proxy=false -f /tmp/Dockerfile.LG1zFp -t quay.io/redhat-appstudio-qe/group-uztv/go-component-dlsyll:on-pr-a5839952a803695473c9db1daaf20da0c2f5d74b . STEP 1/10: FROM registry.access.redhat.com/ubi9/go-toolset:1.18.9-14 STEP 2/10: COPY . . STEP 3/10: RUN go mod download go: no module dependencies to download STEP 4/10: RUN go build -o ./main STEP 5/10: ENV PORT 8081 STEP 6/10: EXPOSE 8081 STEP 7/10: CMD [ "./main" ] STEP 8/10: COPY labels.json /usr/share/buildinfo/labels.json STEP 9/10: COPY labels.json /root/buildinfo/labels.json STEP 10/10: LABEL "architecture"="x86_64" "vcs-type"="git" "vcs-ref"="a5839952a803695473c9db1daaf20da0c2f5d74b" "org.opencontainers.image.revision"="a5839952a803695473c9db1daaf20da0c2f5d74b" "org.opencontainers.image.source"="https://github.com/redhat-appstudio-qe/group-snapshot-multi-component" "quay.expires-after"="6h" "build-date"="2026-05-06T07:04:51Z" "org.opencontainers.image.created"="2026-05-06T07:04:51Z" COMMIT quay.io/redhat-appstudio-qe/group-uztv/go-component-dlsyll:on-pr-a5839952a803695473c9db1daaf20da0c2f5d74b --> b8f9381c0577 Successfully tagged quay.io/redhat-appstudio-qe/group-uztv/go-component-dlsyll:on-pr-a5839952a803695473c9db1daaf20da0c2f5d74b b8f9381c05776cbf31c5baab8faf58bdc3d217edd13e9c6f593571aa7233b214 [2026-05-06T07:05:37,718864370+00:00] Unsetting proxy [2026-05-06T07:05:37,720063460+00:00] Add metadata Recording base image digests used registry.access.redhat.com/ubi9/go-toolset:1.18.9-14 registry.access.redhat.com/ubi9/go-toolset:1.18.9-14@sha256:4e320bd8b62e406dfc567886aeab4914db125c73fe9ec308b306c72883101d51 Getting image source signatures Copying blob sha256:f7673829dcd9e303cb63e80eef1ec0fb946f4c0baff605fb7c3180cd0d6c4277 Copying blob sha256:db77b3de17313a3fab2620178c01a4ef8eb60cbe722a6e9390f3cbb1132a7d22 Copying blob sha256:a653a5ff4eaef6037f4f354414ab251ac7218d2d42fc8326743fc63ecf2cabd5 Copying blob sha256:d3f6a420cbadfb30033dc481690b39191ce6d2d841ccd54434c352f474ea54c3 Copying blob sha256:314640f419c581ddcac8f3618af39342a4571d5dc7a4e1f5b64d60f37e630b49 Copying config sha256:b8f9381c05776cbf31c5baab8faf58bdc3d217edd13e9c6f593571aa7233b214 Writing manifest to image destination [2026-05-06T07:05:44,753424521+00:00] End build pod: go-component-dlsyll-on-pull-request-j8lb7-build-container-pod | container step-push: [2026-05-06T07:05:44,857893630+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-05-06T07:05:46,855189703+00:00] Convert image [2026-05-06T07:05:46,856213107+00:00] Push image with unique tag Pushing to quay.io/redhat-appstudio-qe/group-uztv/go-component-dlsyll:go-component-dlsyll-on-pull-request-j8lb7-build-container [retry] executing: buildah push --format=docker --retry 3 --tls-verify=true quay.io/redhat-appstudio-qe/group-uztv/go-component-dlsyll:on-pr-a5839952a803695473c9db1daaf20da0c2f5d74b docker://quay.io/redhat-appstudio-qe/group-uztv/go-component-dlsyll:go-component-dlsyll-on-pull-request-j8lb7-build-container Getting image source signatures Copying blob sha256:f7673829dcd9e303cb63e80eef1ec0fb946f4c0baff605fb7c3180cd0d6c4277 Copying blob sha256:314640f419c581ddcac8f3618af39342a4571d5dc7a4e1f5b64d60f37e630b49 Copying blob sha256:a653a5ff4eaef6037f4f354414ab251ac7218d2d42fc8326743fc63ecf2cabd5 Copying blob sha256:db77b3de17313a3fab2620178c01a4ef8eb60cbe722a6e9390f3cbb1132a7d22 Copying blob sha256:d3f6a420cbadfb30033dc481690b39191ce6d2d841ccd54434c352f474ea54c3 Copying config sha256:b8f9381c05776cbf31c5baab8faf58bdc3d217edd13e9c6f593571aa7233b214 Writing manifest to image destination [2026-05-06T07:06:00,774243442+00:00] Push image with git revision Pushing to quay.io/redhat-appstudio-qe/group-uztv/go-component-dlsyll:on-pr-a5839952a803695473c9db1daaf20da0c2f5d74b [retry] executing: buildah push --format=docker --retry 3 --tls-verify=true --digestfile /workspace/source/image-digest quay.io/redhat-appstudio-qe/group-uztv/go-component-dlsyll:on-pr-a5839952a803695473c9db1daaf20da0c2f5d74b docker://quay.io/redhat-appstudio-qe/group-uztv/go-component-dlsyll:on-pr-a5839952a803695473c9db1daaf20da0c2f5d74b Getting image source signatures Copying blob sha256:f7673829dcd9e303cb63e80eef1ec0fb946f4c0baff605fb7c3180cd0d6c4277 Copying blob sha256:a653a5ff4eaef6037f4f354414ab251ac7218d2d42fc8326743fc63ecf2cabd5 Copying blob sha256:d3f6a420cbadfb30033dc481690b39191ce6d2d841ccd54434c352f474ea54c3 Copying blob sha256:314640f419c581ddcac8f3618af39342a4571d5dc7a4e1f5b64d60f37e630b49 Copying blob sha256:db77b3de17313a3fab2620178c01a4ef8eb60cbe722a6e9390f3cbb1132a7d22 Copying config sha256:b8f9381c05776cbf31c5baab8faf58bdc3d217edd13e9c6f593571aa7233b214 Writing manifest to image destination sha256:c053d095b5cbfcdcb81dc6c9e56b3469240fe9fb9367477d0becb289c651631dquay.io/redhat-appstudio-qe/group-uztv/go-component-dlsyll:on-pr-a5839952a803695473c9db1daaf20da0c2f5d74b [retry] executing: kubectl get configmap cluster-config -n konflux-info -o json Keyless signing is disabled (none of rekorInternalUrl, fulcioInternalUrl, defaultOIDCIssuer, tufInternalUrl are configured in the konflux-info/cluster-config configmap) [2026-05-06T07:06:01,576322403+00:00] End push pod: go-component-dlsyll-on-pull-request-j8lb7-build-container-pod | container step-sbom-syft-generate: [2026-05-06T07:06:01,911840150+00:00] Generate SBOM Running syft on the image Running syft on the source code [0000] WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal) [2026-05-06T07:06:22,978643480+00:00] End sbom-syft-generate pod: go-component-dlsyll-on-pull-request-j8lb7-build-container-pod | container step-prepare-sboms: [2026-05-06T07:06:23,179885689+00:00] Prepare SBOM [2026-05-06T07:06:23,183584581+00:00] Generate SBOM with mobster Skipping SBOM validation 2026-05-06 07:06:24,273 [INFO] mobster.log: Logging level set to 20 2026-05-06 07:06:24,702 [INFO] mobster.oci: Fetching manifest for registry.access.redhat.com/ubi9/go-toolset@sha256:4e320bd8b62e406dfc567886aeab4914db125c73fe9ec308b306c72883101d51 2026-05-06 07:06:25,338 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type spdxjson failed for registry.access.redhat.com/ubi9/go-toolset@sha256:0200988bf4773dad494d97be5aeceb005da3b329fe6827c035509a3f6eec1ef1 with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-05-06 07:06:25,470 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type cyclonedx failed for registry.access.redhat.com/ubi9/go-toolset@sha256:0200988bf4773dad494d97be5aeceb005da3b329fe6827c035509a3f6eec1ef1 with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-05-06 07:06:25,772 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type spdxjson failed for registry.access.redhat.com/ubi9/go-toolset@sha256:0200988bf4773dad494d97be5aeceb005da3b329fe6827c035509a3f6eec1ef1 with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-05-06 07:06:25,905 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type cyclonedx failed for registry.access.redhat.com/ubi9/go-toolset@sha256:0200988bf4773dad494d97be5aeceb005da3b329fe6827c035509a3f6eec1ef1 with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-05-06 07:06:26,256 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type spdxjson failed for registry.access.redhat.com/ubi9/go-toolset@sha256:0200988bf4773dad494d97be5aeceb005da3b329fe6827c035509a3f6eec1ef1 with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-05-06 07:06:26,373 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type cyclonedx failed for registry.access.redhat.com/ubi9/go-toolset@sha256:0200988bf4773dad494d97be5aeceb005da3b329fe6827c035509a3f6eec1ef1 with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-05-06 07:06:26,766 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type spdxjson failed for registry.access.redhat.com/ubi9/go-toolset@sha256:0200988bf4773dad494d97be5aeceb005da3b329fe6827c035509a3f6eec1ef1 with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-05-06 07:06:26,929 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type cyclonedx failed for registry.access.redhat.com/ubi9/go-toolset@sha256:0200988bf4773dad494d97be5aeceb005da3b329fe6827c035509a3f6eec1ef1 with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-05-06 07:06:26,929 [INFO] mobster.cmd.generate.oci_image.contextual_sbom.contextualize: Contextual mechanism won't be used, there is no parent image SBOM. 2026-05-06 07:06:26,929 [INFO] mobster.cmd.generate.oci_image: Contextual SBOM workflow finished successfully. 2026-05-06 07:06:26,931 [INFO] mobster.log: Contextual workflow completed in 2.33s 2026-05-06 07:06:27,071 [INFO] mobster.main: Exiting with code 0. [2026-05-06T07:06:27,149678612+00:00] End prepare-sboms pod: go-component-dlsyll-on-pull-request-j8lb7-build-container-pod | container step-upload-sbom: [2026-05-06T07:06:27,253907946+00:00] Upload SBOM INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' Using token for quay.io/redhat-appstudio-qe/group-uztv/go-component-dlsyll Pushing sbom to registry [retry] executing: cosign attach sbom --sbom sbom.json --type spdx quay.io/redhat-appstudio-qe/group-uztv/go-component-dlsyll:on-pr-a5839952a803695473c9db1daaf20da0c2f5d74b@sha256:c053d095b5cbfcdcb81dc6c9e56b3469240fe9fb9367477d0becb289c651631d WARNING: SBOM attachments are deprecated and support will be removed in a Cosign release soon after 2024-02-22 (see https://github.com/sigstore/cosign/issues/2755). Instead, please use SBOM attestations. WARNING: Attaching SBOMs this way does not sign them. To sign them, use 'cosign attest --predicate sbom.json --key <key path>'. Uploading SBOM file for [quay.io/redhat-appstudio-qe/group-uztv/go-component-dlsyll@sha256:c053d095b5cbfcdcb81dc6c9e56b3469240fe9fb9367477d0becb289c651631d] to [quay.io/redhat-appstudio-qe/group-uztv/go-component-dlsyll:sha256-c053d095b5cbfcdcb81dc6c9e56b3469240fe9fb9367477d0becb289c651631d.sbom] with mediaType [text/spdx+json]. quay.io/redhat-appstudio-qe/group-uztv/go-component-dlsyll@sha256:1534bb91dff0511621b27c11ef324d5a6631e91ad97da1897c1a80a94dd9f70d [2026-05-06T07:06:30,977514090+00:00] End upload-sbom pod: go-component-dlsyll-on-pull-request-j8lb7-build-image-index-pod | init container: prepare 2026/05/06 07:06:32 Entrypoint initialization pod: go-component-dlsyll-on-pull-request-j8lb7-build-image-index-pod | init container: place-scripts 2026/05/06 07:06:33 Decoded script /tekton/scripts/script-0-d2hfv 2026/05/06 07:06:33 Decoded script /tekton/scripts/script-1-kc2nb 2026/05/06 07:06:33 Decoded script /tekton/scripts/script-2-fjv46 pod: go-component-dlsyll-on-pull-request-j8lb7-build-image-index-pod | container step-build: [2026-05-06T07:07:20,426575020+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' Running konflux-build-cli time="2026-05-06T07:07:23Z" level=info msg="[param] image: quay.io/redhat-appstudio-qe/group-uztv/go-component-dlsyll:on-pr-a5839952a803695473c9db1daaf20da0c2f5d74b" time="2026-05-06T07:07:23Z" level=info msg="[param] images: [quay.io/redhat-appstudio-qe/group-uztv/go-component-dlsyll:on-pr-a5839952a803695473c9db1daaf20da0c2f5d74b@sha256:c053d095b5cbfcdcb81dc6c9e56b3469240fe9fb9367477d0becb289c651631d]" time="2026-05-06T07:07:23Z" level=info msg="[param] buildah-format: docker" time="2026-05-06T07:07:23Z" level=info msg="[param] always-build-index: false" time="2026-05-06T07:07:23Z" level=info msg="[param] additional-tags: [go-component-dlsyll-on-pull-request-j8lb7-build-image-index]" time="2026-05-06T07:07:23Z" level=info msg="[param] output-manifest-path: /index-build-data/manifest_data.json" time="2026-05-06T07:07:23Z" level=info msg="[param] result-path-image-digest: /tekton/results/IMAGE_DIGEST" time="2026-05-06T07:07:23Z" level=info msg="[param] result-path-image-url: /tekton/results/IMAGE_URL" time="2026-05-06T07:07:23Z" level=info msg="[param] result-path-image-ref: /tekton/results/IMAGE_REF" time="2026-05-06T07:07:23Z" level=info msg="[param] result-path-images: /tekton/results/IMAGES" time="2026-05-06T07:07:23Z" level=info msg="Creating manifest list: quay.io/redhat-appstudio-qe/group-uztv/go-component-dlsyll:on-pr-a5839952a803695473c9db1daaf20da0c2f5d74b" time="2026-05-06T07:07:23Z" level=info msg="buildah [stdout] 0015b58d5263160e1aff6c0c47dcaa5a3256a22f5d706fda881fdd9b72cdc073" logger=CliExecutor time="2026-05-06T07:07:23Z" level=info msg="Skipping image index generation. Returning results for single image." {"image_digest":"sha256:c053d095b5cbfcdcb81dc6c9e56b3469240fe9fb9367477d0becb289c651631d","image_url":"quay.io/redhat-appstudio-qe/group-uztv/go-component-dlsyll:on-pr-a5839952a803695473c9db1daaf20da0c2f5d74b","image_ref":"quay.io/redhat-appstudio-qe/group-uztv/go-component-dlsyll@sha256:c053d095b5cbfcdcb81dc6c9e56b3469240fe9fb9367477d0becb289c651631d","images":"quay.io/redhat-appstudio-qe/group-uztv/go-component-dlsyll@sha256:c053d095b5cbfcdcb81dc6c9e56b3469240fe9fb9367477d0becb289c651631d"} pod: go-component-dlsyll-on-pull-request-j8lb7-build-image-index-pod | container step-create-sbom: The manifest_data.json file does not exist. Skipping the SBOM creation... pod: go-component-dlsyll-on-pull-request-j8lb7-build-image-index-pod | container step-upload-sbom: [2026-05-06T07:07:23,955701001+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' The index.spdx.json file does not exists. Skipping the SBOM upload... pod: go-component-dlsyll-on-pull-request-j8lb7-clair-scan-pod | init container: prepare 2026/05/06 07:08:44 Entrypoint initialization pod: go-component-dlsyll-on-pull-request-j8lb7-clair-scan-pod | init container: place-scripts 2026/05/06 07:08:45 Decoded script /tekton/scripts/script-0-mmhp7 2026/05/06 07:08:45 Decoded script /tekton/scripts/script-1-mlrr8 2026/05/06 07:08:45 Decoded script /tekton/scripts/script-2-mh64f 2026/05/06 07:08:45 Decoded script /tekton/scripts/script-3-tcvnv pod: go-component-dlsyll-on-pull-request-j8lb7-clair-scan-pod | container step-get-image-manifests: Inspecting raw image manifest quay.io/redhat-appstudio-qe/group-uztv/go-component-dlsyll@sha256:c053d095b5cbfcdcb81dc6c9e56b3469240fe9fb9367477d0becb289c651631d. pod: go-component-dlsyll-on-pull-request-j8lb7-clair-scan-pod | container step-get-vulnerabilities: Running clair-action on amd64 image manifest... �[90m2026-05-06T07:10:23Z�[0m �[32mINF�[0m �[1mmatchers created�[0m �[36mcomponent=�[0mlibvuln/New �[36mmatchers=�[0m[{"docs":"https://pkg.go.dev/github.com/quay/claircore/ruby","name":"ruby-gem"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ubuntu","name":"ubuntu-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel","name":"rhel"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/aws","name":"aws-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/photon","name":"photon"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel/rhcc","name":"rhel-container-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/suse","name":"suse"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/alpine","name":"alpine-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/gobin","name":"gobin"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/java","name":"java-maven"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/oracle","name":"oracle"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/debian","name":"debian-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/python","name":"python"}] �[90m2026-05-06T07:10:23Z�[0m �[32mINF�[0m �[1mlibvuln initialized�[0m �[36mcomponent=�[0mlibvuln/New �[90m2026-05-06T07:10:25Z�[0m �[32mINF�[0m �[1mregistered configured scanners�[0m �[36mcomponent=�[0mlibindex/New �[90m2026-05-06T07:10:25Z�[0m �[32mINF�[0m �[1mNewLayerScanner: constructing a new layer-scanner�[0m �[36mcomponent=�[0mindexer.NewLayerScanner �[90m2026-05-06T07:10:25Z�[0m �[32mINF�[0m �[1mindex request start�[0m �[36mcomponent=�[0mlibindex/Libindex.Index �[36mmanifest=�[0msha256:c053d095b5cbfcdcb81dc6c9e56b3469240fe9fb9367477d0becb289c651631d �[90m2026-05-06T07:10:25Z�[0m �[32mINF�[0m �[1mstarting scan�[0m �[36mcomponent=�[0mindexer/controller/Controller.Index �[36mmanifest=�[0msha256:c053d095b5cbfcdcb81dc6c9e56b3469240fe9fb9367477d0becb289c651631d �[90m2026-05-06T07:10:25Z�[0m �[32mINF�[0m �[1mmanifest to be scanned�[0m �[36mcomponent=�[0mindexer/controller/Controller.Index �[36mmanifest=�[0msha256:c053d095b5cbfcdcb81dc6c9e56b3469240fe9fb9367477d0becb289c651631d �[36mstate=�[0mCheckManifest �[90m2026-05-06T07:10:25Z�[0m �[32mINF�[0m �[1mlayers fetch start�[0m �[36mcomponent=�[0mindexer/controller/Controller.Index �[36mmanifest=�[0msha256:c053d095b5cbfcdcb81dc6c9e56b3469240fe9fb9367477d0becb289c651631d �[36mstate=�[0mFetchLayers �[90m2026-05-06T07:10:30Z�[0m �[32mINF�[0m �[1mlayers fetch success�[0m �[36mcomponent=�[0mindexer/controller/Controller.Index �[36mmanifest=�[0msha256:c053d095b5cbfcdcb81dc6c9e56b3469240fe9fb9367477d0becb289c651631d �[36mstate=�[0mFetchLayers �[90m2026-05-06T07:10:30Z�[0m �[32mINF�[0m �[1mlayers fetch done�[0m �[36mcomponent=�[0mindexer/controller/Controller.Index �[36mmanifest=�[0msha256:c053d095b5cbfcdcb81dc6c9e56b3469240fe9fb9367477d0becb289c651631d �[36mstate=�[0mFetchLayers �[90m2026-05-06T07:10:30Z�[0m �[32mINF�[0m �[1mlayers scan start�[0m �[36mcomponent=�[0mindexer/controller/Controller.Index �[36mmanifest=�[0msha256:c053d095b5cbfcdcb81dc6c9e56b3469240fe9fb9367477d0becb289c651631d �[36mstate=�[0mScanLayers �[90m2026-05-06T07:10:30Z�[0m �[32mINF�[0m �[1mfound buildinfo Dockerfile�[0m �[36mcomponent=�[0mrhel/rhcc/scanner.Scan �[36mkind=�[0mpackage �[36mlayer=�[0msha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991 �[36mmanifest=�[0msha256:c053d095b5cbfcdcb81dc6c9e56b3469240fe9fb9367477d0becb289c651631d �[36mpath=�[0mroot/buildinfo/Dockerfile-ubi9-9.1.0-1782 �[36mscanner=�[0mrhel_containerscanner �[36mstate=�[0mScanLayers �[90m2026-05-06T07:10:30Z�[0m �[32mINF�[0m �[1mfound buildinfo Dockerfile�[0m �[36mcomponent=�[0mrhel/rhcc/scanner.Scan �[36mkind=�[0mpackage �[36mlayer=�[0msha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975 �[36mmanifest=�[0msha256:c053d095b5cbfcdcb81dc6c9e56b3469240fe9fb9367477d0becb289c651631d �[36mpath=�[0mroot/buildinfo/Dockerfile-ubi9-s2i-core-1-394 �[36mscanner=�[0mrhel_containerscanner �[36mstate=�[0mScanLayers �[90m2026-05-06T07:10:30Z�[0m �[32mINF�[0m �[1mfound buildinfo Dockerfile�[0m �[36mcomponent=�[0mrhel/rhcc/scanner.Scan �[36mkind=�[0mpackage �[36mlayer=�[0msha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581 �[36mmanifest=�[0msha256:c053d095b5cbfcdcb81dc6c9e56b3469240fe9fb9367477d0becb289c651631d �[36mpath=�[0mroot/buildinfo/Dockerfile-ubi9-s2i-base-1-421 �[36mscanner=�[0mrhel_containerscanner �[36mstate=�[0mScanLayers �[90m2026-05-06T07:10:30Z�[0m �[32mINF�[0m �[1mfound buildinfo Dockerfile�[0m �[36mcomponent=�[0mrhel/rhcc/scanner.Scan �[36mkind=�[0mpackage �[36mlayer=�[0msha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670 �[36mmanifest=�[0msha256:c053d095b5cbfcdcb81dc6c9e56b3469240fe9fb9367477d0becb289c651631d �[36mpath=�[0mroot/buildinfo/Dockerfile-rhel9-go-toolset-1.18.9-14 �[36mscanner=�[0mrhel_containerscanner �[36mstate=�[0mScanLayers �[90m2026-05-06T07:10:32Z�[0m �[32mINF�[0m �[1mlayers scan done�[0m �[36mcomponent=�[0mindexer/controller/Controller.Index �[36mmanifest=�[0msha256:c053d095b5cbfcdcb81dc6c9e56b3469240fe9fb9367477d0becb289c651631d �[36mstate=�[0mScanLayers �[90m2026-05-06T07:10:32Z�[0m �[32mINF�[0m �[1mstarting index manifest�[0m �[36mcomponent=�[0mindexer/controller/Controller.Index �[36mmanifest=�[0msha256:c053d095b5cbfcdcb81dc6c9e56b3469240fe9fb9367477d0becb289c651631d �[36mstate=�[0mIndexManifest �[90m2026-05-06T07:10:32Z�[0m �[32mINF�[0m �[1mfinishing scan�[0m �[36mcomponent=�[0mindexer/controller/Controller.Index �[36mmanifest=�[0msha256:c053d095b5cbfcdcb81dc6c9e56b3469240fe9fb9367477d0becb289c651631d �[36mstate=�[0mIndexFinished �[90m2026-05-06T07:10:32Z�[0m �[32mINF�[0m �[1mmanifest successfully scanned�[0m �[36mcomponent=�[0mindexer/controller/Controller.Index �[36mmanifest=�[0msha256:c053d095b5cbfcdcb81dc6c9e56b3469240fe9fb9367477d0becb289c651631d �[36mstate=�[0mIndexFinished �[90m2026-05-06T07:10:33Z�[0m �[32mINF�[0m �[1mindex request done�[0m �[36mcomponent=�[0mlibindex/Libindex.Index �[36mmanifest=�[0msha256:c053d095b5cbfcdcb81dc6c9e56b3469240fe9fb9367477d0becb289c651631d { "manifest_hash": "sha256:c053d095b5cbfcdcb81dc6c9e56b3469240fe9fb9367477d0becb289c651631d", "packages": { "++K+RsmgWfVk2mj1+hzWKA==": { "id": "++K+RsmgWfVk2mj1+hzWKA==", "name": "zlib-devel", "version": "1.2.11-35.el9_1", "kind": "binary", "source": { "id": "", "name": "zlib", "version": "1.2.11-35.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+8O7w8gnK983LoZMdgIWhQ==": { "id": "+8O7w8gnK983LoZMdgIWhQ==", "name": "kernel-headers", "version": "5.14.0-162.18.1.el9_1", "kind": "binary", "source": { "id": "", "name": "kernel", "version": "5.14.0-162.18.1.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+A7/nzEXX3Q/xJZ50VMnlQ==": { "id": "+A7/nzEXX3Q/xJZ50VMnlQ==", "name": "libidn2", "version": "2.3.0-7.el9", "kind": "binary", "source": { "id": "", "name": "libidn2", "version": "2.3.0-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+B22ALb6YCnXu+3s6afaLg==": { "id": "+B22ALb6YCnXu+3s6afaLg==", "name": "python3-decorator", "version": "4.4.2-6.el9", "kind": "binary", "source": { "id": "", "name": "python-decorator", "version": "4.4.2-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "+LQ46YAn9giMKDZRMCUpfg==": { "id": "+LQ46YAn9giMKDZRMCUpfg==", "name": "perl-lib", "version": "0.65-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+Mkqc/Y23wK8i6e0RDbi0w==": { "id": "+Mkqc/Y23wK8i6e0RDbi0w==", "name": "libstdc++", "version": "11.3.1-2.1.el9", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "11.3.1-2.1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+jCn1wujuDa5B1uNvCdVnw==": { "id": "+jCn1wujuDa5B1uNvCdVnw==", "name": "device-mapper-libs", "version": "9:1.02.185-3.el9", "kind": "binary", "source": { "id": "", "name": "lvm2", "version": "2.03.16-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+yIdH2Pb8SGFuXnry3uK/A==": { "id": "+yIdH2Pb8SGFuXnry3uK/A==", "name": "gdb", "version": "10.2-10.el9", "kind": "binary", "source": { "id": "", "name": "gdb", "version": "10.2-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "/FMjm+UzO0PTaS3Td0lhkw==": { "id": "/FMjm+UzO0PTaS3Td0lhkw==", "name": "pkgconf-pkg-config", "version": "1.7.3-9.el9", "kind": "binary", "source": { "id": "", "name": "pkgconf", "version": "1.7.3-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "/L1kFEoHZTukrNTCQLypFQ==": { "id": "/L1kFEoHZTukrNTCQLypFQ==", "name": "xz-libs", "version": "5.2.5-8.el9_0", "kind": "binary", "source": { "id": "", "name": "xz", "version": "5.2.5-8.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "/dbWc/LExxt1O7duWFf9og==": { "id": "/dbWc/LExxt1O7duWFf9og==", "name": "libtirpc", "version": "1.3.3-0.el9", "kind": "binary", "source": { "id": "", "name": "libtirpc", "version": "1.3.3-0.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "/t0e+LuglIbDcO/k67Hr2A==": { "id": "/t0e+LuglIbDcO/k67Hr2A==", "name": "elfutils-libs", "version": "0.187-5.el9", "kind": "binary", "source": { "id": "", "name": "elfutils", "version": "0.187-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "/th8aUKrkgR3Sw9KSBM+CA==": { "id": "/th8aUKrkgR3Sw9KSBM+CA==", "name": "python3-subscription-manager-rhsm", "version": "1.29.30.1-1.el9_1", "kind": "binary", "source": { "id": "", "name": "subscription-manager", "version": "1.29.30.1-1.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "09fH92fqoWDOaYEpwQ9p2g==": { "id": "09fH92fqoWDOaYEpwQ9p2g==", "name": "ed", "version": "1.14.2-12.el9", "kind": "binary", "source": { "id": "", "name": "ed", "version": "1.14.2-12.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "0N0D43vK8KV4kQOq2LQn7g==": { "id": "0N0D43vK8KV4kQOq2LQn7g==", "name": "glibc-locale-source", "version": "2.34-40.el9_1.1", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-40.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "0QIby1L00NbGeIw8oxRQWQ==": { "id": "0QIby1L00NbGeIw8oxRQWQ==", "name": "zip", "version": "3.0-33.el9", "kind": "binary", "source": { "id": "", "name": "zip", "version": "3.0-33.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "0Yvc2+M8FAry625wuL4S5A==": { "id": "0Yvc2+M8FAry625wuL4S5A==", "name": "less", "version": "590-1.el9_0", "kind": "binary", "source": { "id": "", "name": "less", "version": "590-1.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "0wIoN0pFyBSc9eVtRdIOWA==": { "id": "0wIoN0pFyBSc9eVtRdIOWA==", "name": "python3", "version": "3.9.14-1.el9_1.2", "kind": "binary", "source": { "id": "", "name": "python3.9", "version": "3.9.14-1.el9_1.2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "13/XvLtRK2RDQlcsZc1BtQ==": { "id": "13/XvLtRK2RDQlcsZc1BtQ==", "name": "gdb-gdbserver", "version": "10.2-10.el9", "kind": "binary", "source": { "id": "", "name": "gdb", "version": "10.2-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "13i0QoQ6Q4yBI5RUf20lXA==": { "id": "13i0QoQ6Q4yBI5RUf20lXA==", "name": "libwebp-devel", "version": "1.2.0-3.el9", "kind": "binary", "source": { "id": "", "name": "libwebp", "version": "1.2.0-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "1GZ5tdSeZY3Wi3x9/AVQ2Q==": { "id": "1GZ5tdSeZY3Wi3x9/AVQ2Q==", "name": "binutils-gold", "version": "2.35.2-24.el9", "kind": "binary", "source": { "id": "", "name": "binutils", "version": "2.35.2-24.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "1T7WJ83NrIa0U7DlD1BR4Q==": { "id": "1T7WJ83NrIa0U7DlD1BR4Q==", "name": "python-srpm-macros", "version": "3.9-52.el9", "kind": "binary", "source": { "id": "", "name": "python-rpm-macros", "version": "3.9-52.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "1XXuvf69/0I2dNHaU2UndQ==": { "id": "1XXuvf69/0I2dNHaU2UndQ==", "name": "patch", "version": "2.7.6-16.el9", "kind": "binary", "source": { "id": "", "name": "patch", "version": "2.7.6-16.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "1dO83wB64hDLki3A4eA/Pg==": { "id": "1dO83wB64hDLki3A4eA/Pg==", "name": "sqlite", "version": "3.34.1-6.el9_1", "kind": "binary", "source": { "id": "", "name": "sqlite", "version": "3.34.1-6.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "1h9uHE0QiXBO/zpJrT0VjA==": { "id": "1h9uHE0QiXBO/zpJrT0VjA==", "name": "ncurses-base", "version": "6.2-8.20210508.el9", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.2-8.20210508.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "1iUaGpv40BOJQUks5I0iYg==": { "id": "1iUaGpv40BOJQUks5I0iYg==", "name": "libicu", "version": "67.1-9.el9", "kind": "binary", "source": { "id": "", "name": "icu", "version": "67.1-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "1m9sKqHTfU4F/K4fidg9cg==": { "id": "1m9sKqHTfU4F/K4fidg9cg==", "name": "perl-Exporter", "version": "5.74-461.el9", "kind": "binary", "source": { "id": "", "name": "perl-Exporter", "version": "5.74-461.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "2REYKadw7TKFiuC+OnoHmA==": { "id": "2REYKadw7TKFiuC+OnoHmA==", "name": "rpm-build-libs", "version": "4.16.1.3-19.el9_1", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.16.1.3-19.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "2fg1ZRYCSPKKOgCxCcA36w==": { "id": "2fg1ZRYCSPKKOgCxCcA36w==", "name": "bzip2-libs", "version": "1.0.8-8.el9", "kind": "binary", "source": { "id": "", "name": "bzip2", "version": "1.0.8-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "2w8qE/d9mqIY/9+1qBBrPg==": { "id": "2w8qE/d9mqIY/9+1qBBrPg==", "name": "perl-IO-Socket-IP", "version": "0.41-5.el9", "kind": "binary", "source": { "id": "", "name": "perl-IO-Socket-IP", "version": "0.41-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "3688bXyK/nwHthXLLVH24g==": { "id": "3688bXyK/nwHthXLLVH24g==", "name": "perl-overloading", "version": "0.02-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "3DTA/XNFCCDFf6sfX96bGg==": { "id": "3DTA/XNFCCDFf6sfX96bGg==", "name": "perl-Errno", "version": "1.30-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3RQKCmep11B4hkfn96QJTA==": { "id": "3RQKCmep11B4hkfn96QJTA==", "name": "shadow-utils", "version": "2:4.9-5.el9", "kind": "binary", "source": { "id": "", "name": "shadow-utils", "version": "4.9-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3iIPR0bjuCPQ2+48pSdeHg==": { "id": "3iIPR0bjuCPQ2+48pSdeHg==", "name": "perl-IO", "version": "1.43-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "4Aph2Qer6+KdCecFsU0TXg==": { "id": "4Aph2Qer6+KdCecFsU0TXg==", "name": "systemd-rpm-macros", "version": "250-12.el9_1.3", "kind": "binary", "source": { "id": "", "name": "systemd", "version": "250-12.el9_1.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "4DM2GB9KLL7/xWypPdz7vA==": { "id": "4DM2GB9KLL7/xWypPdz7vA==", "name": "git-core-doc", "version": "2.31.1-3.el9_1", "kind": "binary", "source": { "id": "", "name": "git", "version": "2.31.1-3.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "4ImdKzJ7uZoaviIayzuoUg==": { "id": "4ImdKzJ7uZoaviIayzuoUg==", "name": "nodejs-full-i18n", "version": "1:16.18.1-3.el9_1", "kind": "binary", "source": { "id": "", "name": "nodejs", "version": "16.18.1-3.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "4Kw/w2gH7CYCOCv19cdYYA==": { "id": "4Kw/w2gH7CYCOCv19cdYYA==", "name": "perl-File-Path", "version": "2.18-4.el9", "kind": "binary", "source": { "id": "", "name": "perl-File-Path", "version": "2.18-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "582nBqlxZXz0sTRmkFvU4Q==": { "id": "582nBqlxZXz0sTRmkFvU4Q==", "name": "libxcb", "version": "1.13.1-9.el9", "kind": "binary", "source": { "id": "", "name": "libxcb", "version": "1.13.1-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "5EpVrCQ4OYKiPYYEOuUcmQ==": { "id": "5EpVrCQ4OYKiPYYEOuUcmQ==", "name": "perl-Scalar-List-Utils", "version": "4:1.56-461.el9", "kind": "binary", "source": { "id": "", "name": "perl-Scalar-List-Utils", "version": "1.56-461.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "5JeNH+bHiuiK9wwBZqH10A==": { "id": "5JeNH+bHiuiK9wwBZqH10A==", "name": "libeconf", "version": "0.4.1-2.el9", "kind": "binary", "source": { "id": "", "name": "libeconf", "version": "0.4.1-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "5NZNFErDrBiBoorV+igTjg==": { "id": "5NZNFErDrBiBoorV+igTjg==", "name": "libtiff-devel", "version": "4.4.0-5.el9_1", "kind": "binary", "source": { "id": "", "name": "libtiff", "version": "4.4.0-5.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "5mmSudfrCeEmVSPweWmcVQ==": { "id": "5mmSudfrCeEmVSPweWmcVQ==", "name": "librhsm", "version": "0.0.3-7.el9", "kind": "binary", "source": { "id": "", "name": "librhsm", "version": "0.0.3-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "5oq4jjwqdEJHokHmXZ7fFA==": { "id": "5oq4jjwqdEJHokHmXZ7fFA==", "name": "dwz", "version": "0.14-3.el9", "kind": "binary", "source": { "id": "", "name": "dwz", "version": "0.14-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "5uy1J7qi/MafOdYJgaQeGw==": { "id": "5uy1J7qi/MafOdYJgaQeGw==", "name": "virt-what", "version": "1.25-1.el9", "kind": "binary", "source": { "id": "", "name": "virt-what", "version": "1.25-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "60b1mOIk+ncF/benyKWfug==": { "id": "60b1mOIk+ncF/benyKWfug==", "name": "perl-Data-Dumper", "version": "2.174-462.el9", "kind": "binary", "source": { "id": "", "name": "perl-Data-Dumper", "version": "2.174-462.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "68hxwX7t9VVTsdLs/0iJBA==": { "id": "68hxwX7t9VVTsdLs/0iJBA==", "name": "crypto-policies", "version": "20220815-1.git0fbe86f.el9", "kind": "binary", "source": { "id": "", "name": "crypto-policies", "version": "20220815-1.git0fbe86f.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "695zXUDPsaaAbh1PGloHag==": { "id": "695zXUDPsaaAbh1PGloHag==", "name": "environment-modules", "version": "5.0.1-1.el9", "kind": "binary", "source": { "id": "", "name": "environment-modules", "version": "5.0.1-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6AYt+NWt55432RGa/HxiQg==": { "id": "6AYt+NWt55432RGa/HxiQg==", "name": "libXt", "version": "1.2.0-6.el9", "kind": "binary", "source": { "id": "", "name": "libXt", "version": "1.2.0-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6COiLlB/V7UlOwfuFJy77w==": { "id": "6COiLlB/V7UlOwfuFJy77w==", "name": "unzip", "version": "6.0-56.el9", "kind": "binary", "source": { "id": "", "name": "unzip", "version": "6.0-56.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6G1ytjIPgX0NNsVwuPQKkQ==": { "id": "6G1ytjIPgX0NNsVwuPQKkQ==", "name": "python3-gpg", "version": "1.15.1-6.el9", "kind": "binary", "source": { "id": "", "name": "gpgme", "version": "1.15.1-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6G4wapu2zP6UYfTP+Ip2pA==": { "id": "6G4wapu2zP6UYfTP+Ip2pA==", "name": "gdb-headless", "version": "10.2-10.el9", "kind": "binary", "source": { "id": "", "name": "gdb", "version": "10.2-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6HUC1/dPziZpbtWEymw0nQ==": { "id": "6HUC1/dPziZpbtWEymw0nQ==", "name": "gzip", "version": "1.12-1.el9", "kind": "binary", "source": { "id": "", "name": "gzip", "version": "1.12-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6LVRZKaAJH97OKCXsJMDDw==": { "id": "6LVRZKaAJH97OKCXsJMDDw==", "name": "ca-certificates", "version": "2022.2.54-90.2.el9_0", "kind": "binary", "source": { "id": "", "name": "ca-certificates", "version": "2022.2.54-90.2.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "6MFxZDjn6ZxVQspQib4VSA==": { "id": "6MFxZDjn6ZxVQspQib4VSA==", "name": "libXau", "version": "1.0.9-8.el9", "kind": "binary", "source": { "id": "", "name": "libXau", "version": "1.0.9-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6RxnMs+9yIqzJpLgR7I3zA==": { "id": "6RxnMs+9yIqzJpLgR7I3zA==", "name": "audit-libs", "version": "3.0.7-103.el9", "kind": "binary", "source": { "id": "", "name": "audit", "version": "3.0.7-103.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6VAQWTpZhN9PW7YCmVhxsw==": { "id": "6VAQWTpZhN9PW7YCmVhxsw==", "name": "glibc-headers", "version": "2.34-40.el9_1.1", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-40.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6camihNRcGvFSo3XinEWFg==": { "id": "6camihNRcGvFSo3XinEWFg==", "name": "libacl", "version": "2.3.1-3.el9", "kind": "binary", "source": { "id": "", "name": "acl", "version": "2.3.1-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6f28+Af9kIn0OSp9f9j14Q==": { "id": "6f28+Af9kIn0OSp9f9j14Q==", "name": "ubi9/s2i-base", "version": "1-421", "kind": "binary", "source": { "id": "yRjjypPMZa7QJg+DLoMumw==", "name": "s2i-base-container", "version": "1-421", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.0.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "normalized_version": "rhctag:1.0.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "74+EW3adzZwX9DbUU0vOdA==": { "id": "74+EW3adzZwX9DbUU0vOdA==", "name": "which", "version": "2.21-28.el9", "kind": "binary", "source": { "id": "", "name": "which", "version": "2.21-28.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "7JHS+mBQfJeJoy73lvm4lw==": { "id": "7JHS+mBQfJeJoy73lvm4lw==", "name": "npm", "version": "1:8.19.2-1.16.18.1.3.el9_1", "kind": "binary", "source": { "id": "", "name": "nodejs", "version": "16.18.1-3.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "7Lf3UXydabzw8g7HGZER+w==": { "id": "7Lf3UXydabzw8g7HGZER+w==", "name": "ubi9/s2i-core", "version": "1-394", "kind": "binary", "source": { "id": "Lm5zHfIH4SjtxMBhECD0OQ==", "name": "s2i-core-container", "version": "1-394", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.0.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "normalized_version": "rhctag:1.0.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "7ZWYFE98hi9HyU5Q68Jgsw==": { "id": "7ZWYFE98hi9HyU5Q68Jgsw==", "name": "libX11-devel", "version": "1.7.0-7.el9", "kind": "binary", "source": { "id": "", "name": "libX11", "version": "1.7.0-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "7qAMBOvJ2FYxpK9n05pI7Q==": { "id": "7qAMBOvJ2FYxpK9n05pI7Q==", "name": "libpng", "version": "2:1.6.37-12.el9", "kind": "binary", "source": { "id": "", "name": "libpng", "version": "1.6.37-12.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "7yB5oIQve4tWIMlUmHbdQQ==": { "id": "7yB5oIQve4tWIMlUmHbdQQ==", "name": "graphite2", "version": "1.3.14-9.el9", "kind": "binary", "source": { "id": "", "name": "graphite2", "version": "1.3.14-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "84WodsWNE9m9GIrBiKl02g==": { "id": "84WodsWNE9m9GIrBiKl02g==", "name": "python3-cloud-what", "version": "1.29.30.1-1.el9_1", "kind": "binary", "source": { "id": "", "name": "subscription-manager", "version": "1.29.30.1-1.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "88jYB91M4ddvxo2XjMJKmQ==": { "id": "88jYB91M4ddvxo2XjMJKmQ==", "name": "libmpc", "version": "1.2.1-4.el9", "kind": "binary", "source": { "id": "", "name": "libmpc", "version": "1.2.1-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "8Gh2hioTt5BFisg9eNKeEg==": { "id": "8Gh2hioTt5BFisg9eNKeEg==", "name": "python3-librepo", "version": "1.14.2-3.el9", "kind": "binary", "source": { "id": "", "name": "librepo", "version": "1.14.2-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "8I3zEJ4sFSgk47ZaRLgtDQ==": { "id": "8I3zEJ4sFSgk47ZaRLgtDQ==", "name": "annobin", "version": "10.73-3.el9", "kind": "binary", "source": { "id": "", "name": "annobin", "version": "10.73-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "8Ky53YwzOPM2pkEIVuuuBg==": { "id": "8Ky53YwzOPM2pkEIVuuuBg==", "name": "glibc-gconv-extra", "version": "2.34-40.el9_1.1", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-40.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "8Q+4qMpgUhvMDCe2QUBIuQ==": { "id": "8Q+4qMpgUhvMDCe2QUBIuQ==", "name": "dbus", "version": "1:1.12.20-7.el9_1", "kind": "binary", "source": { "id": "", "name": "dbus", "version": "1.12.20-7.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "8gpmX0NZa9MMhcqi6FUGtg==": { "id": "8gpmX0NZa9MMhcqi6FUGtg==", "name": "python3-gobject-base", "version": "3.40.1-6.el9", "kind": "binary", "source": { "id": "", "name": "pygobject3", "version": "3.40.1-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "8tmJEWGia0UWhhPJb3EyAw==": { "id": "8tmJEWGia0UWhhPJb3EyAw==", "name": "redhat-release", "version": "9.1-1.9.el9", "kind": "binary", "source": { "id": "", "name": "redhat-release", "version": "9.1-1.9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "9AmKs/wDQFsVMVHWnqbu+g==": { "id": "9AmKs/wDQFsVMVHWnqbu+g==", "name": "ubi9-container", "version": "9.1.0-1782", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:9.1.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "9Fy0bRr3ZMu3q8UNrhlOSQ==": { "id": "9Fy0bRr3ZMu3q8UNrhlOSQ==", "name": "man-db", "version": "2.9.3-6.el9", "kind": "binary", "source": { "id": "", "name": "man-db", "version": "2.9.3-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "9HjCH3SeUwgItfYZysNlOw==": { "id": "9HjCH3SeUwgItfYZysNlOw==", "name": "mariadb-connector-c-config", "version": "3.2.6-1.el9_0", "kind": "binary", "source": { "id": "", "name": "mariadb-connector-c", "version": "3.2.6-1.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "9WzsXAqqRoLidXM4HaB8/w==": { "id": "9WzsXAqqRoLidXM4HaB8/w==", "name": "delve", "version": "1.8.3-1.el9", "kind": "binary", "source": { "id": "", "name": "delve", "version": "1.8.3-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "9bMXqD09C2r4s8P+HNy2uw==": { "id": "9bMXqD09C2r4s8P+HNy2uw==", "name": "perl-Pod-Perldoc", "version": "3.28.01-461.el9", "kind": "binary", "source": { "id": "", "name": "perl-Pod-Perldoc", "version": "3.28.01-461.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "9hWn3VgLVkzmMJln7S0UCQ==": { "id": "9hWn3VgLVkzmMJln7S0UCQ==", "name": "libcurl-minimal", "version": "7.76.1-19.el9_1.1", "kind": "binary", "source": { "id": "", "name": "curl", "version": "7.76.1-19.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "9sAM/NqMLlsG3N88/yD1Vg==": { "id": "9sAM/NqMLlsG3N88/yD1Vg==", "name": "python3-libdnf", "version": "0.67.0-3.el9", "kind": "binary", "source": { "id": "", "name": "libdnf", "version": "0.67.0-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ACNA1cjsRpihwLsZYxMiYQ==": { "id": "ACNA1cjsRpihwLsZYxMiYQ==", "name": "libXrender", "version": "0.9.10-16.el9", "kind": "binary", "source": { "id": "", "name": "libXrender", "version": "0.9.10-16.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AOquy/6bQ9axg0KRp6hMjg==": { "id": "AOquy/6bQ9axg0KRp6hMjg==", "name": "libbrotli", "version": "1.0.9-6.el9", "kind": "binary", "source": { "id": "", "name": "brotli", "version": "1.0.9-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ARxZCHzD7KB2Pu4aHl7POw==": { "id": "ARxZCHzD7KB2Pu4aHl7POw==", "name": "python3-libs", "version": "3.9.14-1.el9_1.2", "kind": "binary", "source": { "id": "", "name": "python3.9", "version": "3.9.14-1.el9_1.2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AZwLZmqkel2BzSMgQsIVGQ==": { "id": "AZwLZmqkel2BzSMgQsIVGQ==", "name": "libselinux", "version": "3.4-3.el9", "kind": "binary", "source": { "id": "", "name": "libselinux", "version": "3.4-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AbW1lRpGUjSEKNnr/Toz6A==": { "id": "AbW1lRpGUjSEKNnr/Toz6A==", "name": "jbigkit-libs", "version": "2.1-23.el9", "kind": "binary", "source": { "id": "", "name": "jbigkit", "version": "2.1-23.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AdRs6lk9yzTM3HvjeEThKA==": { "id": "AdRs6lk9yzTM3HvjeEThKA==", "name": "systemd", "version": "250-12.el9_1.3", "kind": "binary", "source": { "id": "", "name": "systemd", "version": "250-12.el9_1.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AnHvlYoTKSxzg0JMVMiJkg==": { "id": "AnHvlYoTKSxzg0JMVMiJkg==", "name": "openldap-compat", "version": "2.6.2-3.el9", "kind": "binary", "source": { "id": "", "name": "openldap", "version": "2.6.2-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AxTxyAHzdLVnUL9t8+ZYmg==": { "id": "AxTxyAHzdLVnUL9t8+ZYmg==", "name": "curl-minimal", "version": "7.76.1-19.el9_1.1", "kind": "binary", "source": { "id": "", "name": "curl", "version": "7.76.1-19.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "BQhiFmX4hLYteW4oRCLTSA==": { "id": "BQhiFmX4hLYteW4oRCLTSA==", "name": "libassuan", "version": "2.5.5-3.el9", "kind": "binary", "source": { "id": "", "name": "libassuan", "version": "2.5.5-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "BX+oelClu2v6UOl6tluOEQ==": { "id": "BX+oelClu2v6UOl6tluOEQ==", "name": "crypto-policies-scripts", "version": "20220815-1.git0fbe86f.el9", "kind": "binary", "source": { "id": "", "name": "crypto-policies", "version": "20220815-1.git0fbe86f.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "C3QbGupU53FFTX0pkfNLrA==": { "id": "C3QbGupU53FFTX0pkfNLrA==", "name": "util-linux", "version": "2.37.4-9.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "C7VGVckK0YZj4RiVmStEsA==": { "id": "C7VGVckK0YZj4RiVmStEsA==", "name": "sqlite-libs", "version": "3.34.1-6.el9_1", "kind": "binary", "source": { "id": "", "name": "sqlite", "version": "3.34.1-6.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "CXRheoFIylTt2C0ZN4qu3w==": { "id": "CXRheoFIylTt2C0ZN4qu3w==", "name": "perl-Net-SSLeay", "version": "1.92-2.el9", "kind": "binary", "source": { "id": "", "name": "perl-Net-SSLeay", "version": "1.92-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "CjFzfz4zBZj7fcwIrVHCRA==": { "id": "CjFzfz4zBZj7fcwIrVHCRA==", "name": "perl-IPC-Open3", "version": "1.21-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "CpC5etTxiNuDvBGQesJNDg==": { "id": "CpC5etTxiNuDvBGQesJNDg==", "name": "libmount", "version": "2.37.4-9.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Ct/46Ed7Asmqt98kLc0FLw==": { "id": "Ct/46Ed7Asmqt98kLc0FLw==", "name": "perl-Symbol", "version": "1.08-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "Cwut2mrMMUaIvKenvO1qWw==": { "id": "Cwut2mrMMUaIvKenvO1qWw==", "name": "perl-Socket", "version": "4:2.031-4.el9", "kind": "binary", "source": { "id": "", "name": "perl-Socket", "version": "2.031-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "D/XNnExpupd1bO9ZIJIE9w==": { "id": "D/XNnExpupd1bO9ZIJIE9w==", "name": "perl-AutoLoader", "version": "5.74-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "D0GGDit/UxegO+/A5R03SA==": { "id": "D0GGDit/UxegO+/A5R03SA==", "name": "elfutils-default-yama-scope", "version": "0.187-5.el9", "kind": "binary", "source": { "id": "", "name": "elfutils", "version": "0.187-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "DGqCqs+yrHvXs9qsPgn58g==": { "id": "DGqCqs+yrHvXs9qsPgn58g==", "name": "github.com/devfile-samples/devfile-sample-go-basic", "version": "(devel)", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "DK0d2bPQCX0xz6Lec7u1cg==": { "id": "DK0d2bPQCX0xz6Lec7u1cg==", "name": "info", "version": "6.7-15.el9", "kind": "binary", "source": { "id": "", "name": "texinfo", "version": "6.7-15.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "DMchAI2VcGSa4n8bdw5YkA==": { "id": "DMchAI2VcGSa4n8bdw5YkA==", "name": "xorg-x11-proto-devel", "version": "2021.4-2.el9", "kind": "binary", "source": { "id": "", "name": "xorg-x11-proto-devel", "version": "2021.4-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "DSiKsVzdOYp1aJo/8T0A5A==": { "id": "DSiKsVzdOYp1aJo/8T0A5A==", "name": "pcre", "version": "8.44-3.el9.3", "kind": "binary", "source": { "id": "", "name": "pcre", "version": "8.44-3.el9.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "DrLq8qfU1bfE8o8AfdvkrQ==": { "id": "DrLq8qfU1bfE8o8AfdvkrQ==", "name": "libverto", "version": "0.3.2-3.el9", "kind": "binary", "source": { "id": "", "name": "libverto", "version": "0.3.2-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "E2+Fh4utKcr7Wyiwzh2bYw==": { "id": "E2+Fh4utKcr7Wyiwzh2bYw==", "name": "gnutls", "version": "3.7.6-12.el9_0", "kind": "binary", "source": { "id": "", "name": "gnutls", "version": "3.7.6-12.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "E7ikPxWehuEw+6yIZODYlQ==": { "id": "E7ikPxWehuEw+6yIZODYlQ==", "name": "golang", "version": "1.18.9-1.el9_1", "kind": "binary", "source": { "id": "", "name": "golang", "version": "1.18.9-1.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ED0/IlCpWWQwBBKR2YT9sw==": { "id": "ED0/IlCpWWQwBBKR2YT9sw==", "name": "libnl3", "version": "3.7.0-1.el9", "kind": "binary", "source": { "id": "", "name": "libnl3", "version": "3.7.0-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "EEcEMKhGMvXAfnMhboIpqw==": { "id": "EEcEMKhGMvXAfnMhboIpqw==", "name": "publicsuffix-list-dafsa", "version": "20210518-3.el9", "kind": "binary", "source": { "id": "", "name": "publicsuffix-list", "version": "20210518-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "EgjLGZKjPtqIaFVLlFAAPg==": { "id": "EgjLGZKjPtqIaFVLlFAAPg==", "name": "openssh-clients", "version": "8.7p1-24.el9_1", "kind": "binary", "source": { "id": "", "name": "openssh", "version": "8.7p1-24.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "EuqqL3yIFMd5VRAfuufJgg==": { "id": "EuqqL3yIFMd5VRAfuufJgg==", "name": "glibc-common", "version": "2.34-40.el9_1.1", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-40.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Exv8+xTp+7Y4AfuM+ph47Q==": { "id": "Exv8+xTp+7Y4AfuM+ph47Q==", "name": "perl-parent", "version": "1:0.238-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-parent", "version": "0.238-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "FEF27h+V5TzrUeQsFddapA==": { "id": "FEF27h+V5TzrUeQsFddapA==", "name": "libSM", "version": "1.2.3-10.el9", "kind": "binary", "source": { "id": "", "name": "libSM", "version": "1.2.3-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "FFSNe661VBElA1asGZ7k3g==": { "id": "FFSNe661VBElA1asGZ7k3g==", "name": "rust-srpm-macros", "version": "17-4.el9", "kind": "binary", "source": { "id": "", "name": "rust-srpm-macros", "version": "17-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "FKD/ouYSWOOZHy4i43SaxA==": { "id": "FKD/ouYSWOOZHy4i43SaxA==", "name": "perl-TermReadKey", "version": "2.38-11.el9", "kind": "binary", "source": { "id": "", "name": "perl-TermReadKey", "version": "2.38-11.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "FMrR4PbDeEhmMEh2juuVnw==": { "id": "FMrR4PbDeEhmMEh2juuVnw==", "name": "wget", "version": "1.21.1-7.el9", "kind": "binary", "source": { "id": "", "name": "wget", "version": "1.21.1-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "FVL6ljas6Mq4jYoOr1b6Hw==": { "id": "FVL6ljas6Mq4jYoOr1b6Hw==", "name": "tpm2-tss", "version": "3.0.3-8.el9", "kind": "binary", "source": { "id": "", "name": "tpm2-tss", "version": "3.0.3-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "FW8ByCOP6ljvNWDQolahwg==": { "id": "FW8ByCOP6ljvNWDQolahwg==", "name": "sysprof-capture-devel", "version": "3.40.1-3.el9", "kind": "binary", "source": { "id": "", "name": "sysprof", "version": "3.40.1-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "FaNO6QWs1mWPp40PrBiBUQ==": { "id": "FaNO6QWs1mWPp40PrBiBUQ==", "name": "libseccomp", "version": "2.5.2-2.el9", "kind": "binary", "source": { "id": "", "name": "libseccomp", "version": "2.5.2-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Fy3bplraTnRnJlV5RewauA==": { "id": "Fy3bplraTnRnJlV5RewauA==", "name": "libxslt-devel", "version": "1.1.34-9.el9", "kind": "binary", "source": { "id": "", "name": "libxslt", "version": "1.1.34-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "G1YDEd7+V95Qa+PMxB8sJw==": { "id": "G1YDEd7+V95Qa+PMxB8sJw==", "name": "perl-Digest", "version": "1.19-4.el9", "kind": "binary", "source": { "id": "", "name": "perl-Digest", "version": "1.19-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "G61ZL2SOHR2qgvQfi118gw==": { "id": "G61ZL2SOHR2qgvQfi118gw==", "name": "dejavu-sans-fonts", "version": "2.37-18.el9", "kind": "binary", "source": { "id": "", "name": "dejavu-fonts", "version": "2.37-18.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "GIScmMWQrnoFNoEgq3fg2w==": { "id": "GIScmMWQrnoFNoEgq3fg2w==", "name": "python3-dbus", "version": "1.2.18-2.el9", "kind": "binary", "source": { "id": "", "name": "dbus-python", "version": "1.2.18-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "GSkR2SOuqWQN8NtOvU4cgw==": { "id": "GSkR2SOuqWQN8NtOvU4cgw==", "name": "perl-Thread-Queue", "version": "3.14-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-Thread-Queue", "version": "3.14-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "GVmxmNcJqT3ovg+RwjJg1A==": { "id": "GVmxmNcJqT3ovg+RwjJg1A==", "name": "nodejs-docs", "version": "1:16.18.1-3.el9_1", "kind": "binary", "source": { "id": "", "name": "nodejs", "version": "16.18.1-3.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "GXm2fCeoaq1FqYmMTmMmhQ==": { "id": "GXm2fCeoaq1FqYmMTmMmhQ==", "name": "go-toolset-container", "version": "1.18.9-14", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.18.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "H+zLNGeS4JMpmfP42mEhnA==": { "id": "H+zLNGeS4JMpmfP42mEhnA==", "name": "scl-utils", "version": "1:2.0.3-2.el9", "kind": "binary", "source": { "id": "", "name": "scl-utils", "version": "2.0.3-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "H3zfV58LzeEUiNQbZbZb2A==": { "id": "H3zfV58LzeEUiNQbZbZb2A==", "name": "perl-File-Temp", "version": "1:0.231.100-4.el9", "kind": "binary", "source": { "id": "", "name": "perl-File-Temp", "version": "0.231.100-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "HRtVOTg/Y7Pvd6wqcX24fA==": { "id": "HRtVOTg/Y7Pvd6wqcX24fA==", "name": "python3-requests", "version": "2.25.1-6.el9", "kind": "binary", "source": { "id": "", "name": "python-requests", "version": "2.25.1-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "HbglDdnV9yne0i8jQL30HA==": { "id": "HbglDdnV9yne0i8jQL30HA==", "name": "libtasn1", "version": "4.16.0-8.el9_1", "kind": "binary", "source": { "id": "", "name": "libtasn1", "version": "4.16.0-8.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "I16VSEydeiRYB1TSf5694A==": { "id": "I16VSEydeiRYB1TSf5694A==", "name": "libreport-filesystem", "version": "2.15.2-6.el9", "kind": "binary", "source": { "id": "", "name": "libreport", "version": "2.15.2-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "IDaB7M+//88qbPppM+LpUw==": { "id": "IDaB7M+//88qbPppM+LpUw==", "name": "cracklib", "version": "2.9.6-27.el9", "kind": "binary", "source": { "id": "", "name": "cracklib", "version": "2.9.6-27.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "IN2DA8X4LYRmUb07gLqapg==": { "id": "IN2DA8X4LYRmUb07gLqapg==", "name": "dnf-data", "version": "4.12.0-4.el9", "kind": "binary", "source": { "id": "", "name": "dnf", "version": "4.12.0-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "IOb5jo+s7DgjzeK/LoVNig==": { "id": "IOb5jo+s7DgjzeK/LoVNig==", "name": "libdb", "version": "5.3.28-53.el9", "kind": "binary", "source": { "id": "", "name": "libdb", "version": "5.3.28-53.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "J0HrVYoM3raELvTfJ82QMA==": { "id": "J0HrVYoM3raELvTfJ82QMA==", "name": "perl-vars", "version": "1.05-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "JHQdC8JdSGipvO0sCig0cQ==": { "id": "JHQdC8JdSGipvO0sCig0cQ==", "name": "systemd-pam", "version": "250-12.el9_1.3", "kind": "binary", "source": { "id": "", "name": "systemd", "version": "250-12.el9_1.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "JI92axWONkD2XCTUAeCtuQ==": { "id": "JI92axWONkD2XCTUAeCtuQ==", "name": "autoconf", "version": "2.69-38.el9", "kind": "binary", "source": { "id": "", "name": "autoconf", "version": "2.69-38.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "JKP7JzVg7UGaAz4VrH03lQ==": { "id": "JKP7JzVg7UGaAz4VrH03lQ==", "name": "langpacks-core-font-en", "version": "3.0-16.el9", "kind": "binary", "source": { "id": "", "name": "langpacks", "version": "3.0-16.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "JaDqP2PIekJ4FuDfyPDUKA==": { "id": "JaDqP2PIekJ4FuDfyPDUKA==", "name": "dmidecode", "version": "1:3.3-7.el9", "kind": "binary", "source": { "id": "", "name": "dmidecode", "version": "3.3-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "JrBk+FMgyv4RrG6esVBCIQ==": { "id": "JrBk+FMgyv4RrG6esVBCIQ==", "name": "cryptsetup-libs", "version": "2.4.3-5.el9_1.1", "kind": "binary", "source": { "id": "", "name": "cryptsetup", "version": "2.4.3-5.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Jt5/Qd9oxegZwQjsNbUyYA==": { "id": "Jt5/Qd9oxegZwQjsNbUyYA==", "name": "emacs-filesystem", "version": "1:27.2-6.el9", "kind": "binary", "source": { "id": "", "name": "emacs", "version": "27.2-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "K04omiWBsTnRCbFVZLmRKw==": { "id": "K04omiWBsTnRCbFVZLmRKw==", "name": "python3-ethtool", "version": "0.15-2.el9", "kind": "binary", "source": { "id": "", "name": "python-ethtool", "version": "0.15-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "K5U87AYLwYDq48YpniD72A==": { "id": "K5U87AYLwYDq48YpniD72A==", "name": "libffi", "version": "3.4.2-7.el9", "kind": "binary", "source": { "id": "", "name": "libffi", "version": "3.4.2-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "KF5C+zKu/uFB7knCqOvDAQ==": { "id": "KF5C+zKu/uFB7knCqOvDAQ==", "name": "json-glib", "version": "1.6.6-1.el9", "kind": "binary", "source": { "id": "", "name": "json-glib", "version": "1.6.6-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "KH0/KbRUi7KL6UvWa8i6Pg==": { "id": "KH0/KbRUi7KL6UvWa8i6Pg==", "name": "python3-inotify", "version": "0.9.6-25.el9", "kind": "binary", "source": { "id": "", "name": "python-inotify", "version": "0.9.6-25.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "KSobT+LH4PXsCiP04HOhbQ==": { "id": "KSobT+LH4PXsCiP04HOhbQ==", "name": "gdbm-libs", "version": "1:1.19-4.el9", "kind": "binary", "source": { "id": "", "name": "gdbm", "version": "1.19-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "KcftiMkhTw4x89HNJI8NNg==": { "id": "KcftiMkhTw4x89HNJI8NNg==", "name": "perl-Text-ParseWords", "version": "3.30-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-Text-ParseWords", "version": "3.30-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "KlSRCTMecbL63Kg+FZjUdQ==": { "id": "KlSRCTMecbL63Kg+FZjUdQ==", "name": "libicu-devel", "version": "67.1-9.el9", "kind": "binary", "source": { "id": "", "name": "icu", "version": "67.1-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "KyRw1LumZrRo6AKKkHgP7w==": { "id": "KyRw1LumZrRo6AKKkHgP7w==", "name": "libXext", "version": "1.3.4-8.el9", "kind": "binary", "source": { "id": "", "name": "libXext", "version": "1.3.4-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "L1wl5gEz2lzyNJbirzPmpQ==": { "id": "L1wl5gEz2lzyNJbirzPmpQ==", "name": "pcre2-utf32", "version": "10.40-2.el9", "kind": "binary", "source": { "id": "", "name": "pcre2", "version": "10.40-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "L2RUW2Fm5EOgoqwyitY3bg==": { "id": "L2RUW2Fm5EOgoqwyitY3bg==", "name": "dbus-broker", "version": "28-7.el9", "kind": "binary", "source": { "id": "", "name": "dbus-broker", "version": "28-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "L4diUjusARli24fy/u9lAw==": { "id": "L4diUjusARli24fy/u9lAw==", "name": "perl-NDBM_File", "version": "1.15-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "LD9yEwGtdZJl2S96EO58PQ==": { "id": "LD9yEwGtdZJl2S96EO58PQ==", "name": "file-libs", "version": "5.39-10.el9", "kind": "binary", "source": { "id": "", "name": "file", "version": "5.39-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "LDIMlzOywHz1+CG5FwjKdQ==": { "id": "LDIMlzOywHz1+CG5FwjKdQ==", "name": "subscription-manager-rhsm-certificates", "version": "20220623-1.el9", "kind": "binary", "source": { "id": "", "name": "subscription-manager-rhsm-certificates", "version": "20220623-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "LEyuwSco7tb1WIyWy42H8g==": { "id": "LEyuwSco7tb1WIyWy42H8g==", "name": "perl-Storable", "version": "1:3.21-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-Storable", "version": "3.21-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "LR+S3JloJQ5YEViBpmcLkA==": { "id": "LR+S3JloJQ5YEViBpmcLkA==", "name": "pam", "version": "1.5.1-12.el9", "kind": "binary", "source": { "id": "", "name": "pam", "version": "1.5.1-12.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "LZYaKh1MnXoGX4fHzghRTQ==": { "id": "LZYaKh1MnXoGX4fHzghRTQ==", "name": "usermode", "version": "1.114-4.el9", "kind": "binary", "source": { "id": "", "name": "usermode", "version": "1.114-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Leh3RdsGa1oyRcl5Dz4SdA==": { "id": "Leh3RdsGa1oyRcl5Dz4SdA==", "name": "gd-devel", "version": "2.3.2-3.el9", "kind": "binary", "source": { "id": "", "name": "gd", "version": "2.3.2-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "LjtOegR/S/Y0KwJeOuSl/w==": { "id": "LjtOegR/S/Y0KwJeOuSl/w==", "name": "perl-podlators", "version": "1:4.14-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-podlators", "version": "4.14-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "Lm5zHfIH4SjtxMBhECD0OQ==": { "id": "Lm5zHfIH4SjtxMBhECD0OQ==", "name": "s2i-core-container", "version": "1-394", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.0.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "Lwqn0aweLQLZmo12VvYcog==": { "id": "Lwqn0aweLQLZmo12VvYcog==", "name": "popt", "version": "1.18-8.el9", "kind": "binary", "source": { "id": "", "name": "popt", "version": "1.18-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "M2qdPAOOvb+CWXJwouP4Rw==": { "id": "M2qdPAOOvb+CWXJwouP4Rw==", "name": "mariadb-connector-c-devel", "version": "3.2.6-1.el9_0", "kind": "binary", "source": { "id": "", "name": "mariadb-connector-c", "version": "3.2.6-1.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "MDH8Zt4oQWDiYk9qFV5Lbg==": { "id": "MDH8Zt4oQWDiYk9qFV5Lbg==", "name": "libxcrypt", "version": "4.4.18-3.el9", "kind": "binary", "source": { "id": "", "name": "libxcrypt", "version": "4.4.18-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "MJmw8vClC4VAn/J4MfhK2Q==": { "id": "MJmw8vClC4VAn/J4MfhK2Q==", "name": "python3-setuptools-wheel", "version": "53.0.0-10.el9_1.1", "kind": "binary", "source": { "id": "", "name": "python-setuptools", "version": "53.0.0-10.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "MORX6hW9ZLZCt/52w71zTg==": { "id": "MORX6hW9ZLZCt/52w71zTg==", "name": "perl-PathTools", "version": "3.78-461.el9", "kind": "binary", "source": { "id": "", "name": "perl-PathTools", "version": "3.78-461.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "MXR26wvfFq4/JiRamdOfsA==": { "id": "MXR26wvfFq4/JiRamdOfsA==", "name": "pixman", "version": "0.40.0-5.el9", "kind": "binary", "source": { "id": "", "name": "pixman", "version": "0.40.0-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Ma5Vpx57SAZOCC5w2EPQYw==": { "id": "Ma5Vpx57SAZOCC5w2EPQYw==", "name": "libksba", "version": "1.5.1-6.el9_1", "kind": "binary", "source": { "id": "", "name": "libksba", "version": "1.5.1-6.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "MdGkZ055CI+TZYqVm7FIPg==": { "id": "MdGkZ055CI+TZYqVm7FIPg==", "name": "libcbor", "version": "0.7.0-5.el9", "kind": "binary", "source": { "id": "", "name": "libcbor", "version": "0.7.0-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Mp61fGpK3II0W8dIQgk3hA==": { "id": "Mp61fGpK3II0W8dIQgk3hA==", "name": "libpipeline", "version": "1.5.3-4.el9", "kind": "binary", "source": { "id": "", "name": "libpipeline", "version": "1.5.3-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "MvJE7slPeyMPjzl+J8UH7w==": { "id": "MvJE7slPeyMPjzl+J8UH7w==", "name": "make", "version": "1:4.3-7.el9", "kind": "binary", "source": { "id": "", "name": "make", "version": "4.3-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "MxYp6jmrNGPG4EUMxgtsIw==": { "id": "MxYp6jmrNGPG4EUMxgtsIw==", "name": "qt5-srpm-macros", "version": "5.15.3-1.el9", "kind": "binary", "source": { "id": "", "name": "qt5", "version": "5.15.3-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "N4dB55YYjGYeXRj+vLBatg==": { "id": "N4dB55YYjGYeXRj+vLBatg==", "name": "perl-Class-Struct", "version": "0.66-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "N9SQ1VZ/1zaqG0gdsMW91g==": { "id": "N9SQ1VZ/1zaqG0gdsMW91g==", "name": "perl-Term-ANSIColor", "version": "5.01-461.el9", "kind": "binary", "source": { "id": "", "name": "perl-Term-ANSIColor", "version": "5.01-461.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "NQAINik1AG7Zn8OB8pLDpA==": { "id": "NQAINik1AG7Zn8OB8pLDpA==", "name": "libedit", "version": "3.1-37.20210216cvs.el9", "kind": "binary", "source": { "id": "", "name": "libedit", "version": "3.1-37.20210216cvs.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Nak/NGhCYVubG4CsEbHhug==": { "id": "Nak/NGhCYVubG4CsEbHhug==", "name": "graphite2-devel", "version": "1.3.14-9.el9", "kind": "binary", "source": { "id": "", "name": "graphite2", "version": "1.3.14-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "NdCY2/S+syamLH224R4hug==": { "id": "NdCY2/S+syamLH224R4hug==", "name": "langpacks-en", "version": "3.0-16.el9", "kind": "binary", "source": { "id": "", "name": "langpacks", "version": "3.0-16.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "O2SZ5NZewmkamADtmBGMpw==": { "id": "O2SZ5NZewmkamADtmBGMpw==", "name": "setup", "version": "2.13.7-7.el9", "kind": "binary", "source": { "id": "", "name": "setup", "version": "2.13.7-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "OLwWa8SuQNJHUBFuTxkKKA==": { "id": "OLwWa8SuQNJHUBFuTxkKKA==", "name": "cyrus-sasl-lib", "version": "2.1.27-20.el9", "kind": "binary", "source": { "id": "", "name": "cyrus-sasl", "version": "2.1.27-20.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "OgwdUybWl/HQYbnPTE4Psw==": { "id": "OgwdUybWl/HQYbnPTE4Psw==", "name": "npth", "version": "1.6-8.el9", "kind": "binary", "source": { "id": "", "name": "npth", "version": "1.6-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "OkY4XBjh2jDTkYhGjNkrUA==": { "id": "OkY4XBjh2jDTkYhGjNkrUA==", "name": "mariadb-connector-c", "version": "3.2.6-1.el9_0", "kind": "binary", "source": { "id": "", "name": "mariadb-connector-c", "version": "3.2.6-1.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "On+NX4Yr+KIGVwagqPDWcQ==": { "id": "On+NX4Yr+KIGVwagqPDWcQ==", "name": "pcre2-utf16", "version": "10.40-2.el9", "kind": "binary", "source": { "id": "", "name": "pcre2", "version": "10.40-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "OvOSK0YS4U6j2gyFBATNXg==": { "id": "OvOSK0YS4U6j2gyFBATNXg==", "name": "xz", "version": "5.2.5-8.el9_0", "kind": "binary", "source": { "id": "", "name": "xz", "version": "5.2.5-8.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "PHkBez1UE90U9LJepncOKQ==": { "id": "PHkBez1UE90U9LJepncOKQ==", "name": "perl-mro", "version": "1.23-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Pstkjkz7Io1S30t7a9lp4w==": { "id": "Pstkjkz7Io1S30t7a9lp4w==", "name": "source-highlight", "version": "3.1.9-11.el9", "kind": "binary", "source": { "id": "", "name": "source-highlight", "version": "3.1.9-11.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Q+exKQZH61PI/8YfpN472w==": { "id": "Q+exKQZH61PI/8YfpN472w==", "name": "glibc-devel", "version": "2.34-40.el9_1.1", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-40.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "QCZyKHG3XZk9MlIs9ZFBuA==": { "id": "QCZyKHG3XZk9MlIs9ZFBuA==", "name": "llvm-libs", "version": "14.0.6-1.el9", "kind": "binary", "source": { "id": "", "name": "llvm", "version": "14.0.6-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "QcnepR4WKBdAhWdMUPrAWA==": { "id": "QcnepR4WKBdAhWdMUPrAWA==", "name": "python3-hawkey", "version": "0.67.0-3.el9", "kind": "binary", "source": { "id": "", "name": "libdnf", "version": "0.67.0-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "QwKK6TG/JtcCly9jntVf+w==": { "id": "QwKK6TG/JtcCly9jntVf+w==", "name": "vim-filesystem", "version": "2:8.2.2637-20.el9_1", "kind": "binary", "source": { "id": "", "name": "vim", "version": "8.2.2637-20.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "R7K6A/Ve75xrYpD+6H0Z8w==": { "id": "R7K6A/Ve75xrYpD+6H0Z8w==", "name": "file", "version": "5.39-10.el9", "kind": "binary", "source": { "id": "", "name": "file", "version": "5.39-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "R9sC7SuM6vJmJZYq/bMHWw==": { "id": "R9sC7SuM6vJmJZYq/bMHWw==", "name": "m4", "version": "1.4.19-1.el9", "kind": "binary", "source": { "id": "", "name": "m4", "version": "1.4.19-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "RRIjgvJwJW9jZT+h6lhzrQ==": { "id": "RRIjgvJwJW9jZT+h6lhzrQ==", "name": "nodejs", "version": "1:16.18.1-3.el9_1", "kind": "binary", "source": { "id": "", "name": "nodejs", "version": "16.18.1-3.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "RgUn0rRy/i742s4qQGGoNw==": { "id": "RgUn0rRy/i742s4qQGGoNw==", "name": "libcom_err", "version": "1.46.5-3.el9", "kind": "binary", "source": { "id": "", "name": "e2fsprogs", "version": "1.46.5-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "RhNJQyxUHoA1z70UtgAC4Q==": { "id": "RhNJQyxUHoA1z70UtgAC4Q==", "name": "perl-File-stat", "version": "1.09-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "RjsHhFfoWvmQBIu8lxYZjw==": { "id": "RjsHhFfoWvmQBIu8lxYZjw==", "name": "perl-SelectSaver", "version": "1.02-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "RnnkgzrsHA8d297AfaWbPg==": { "id": "RnnkgzrsHA8d297AfaWbPg==", "name": "bash", "version": "5.1.8-6.el9_1", "kind": "binary", "source": { "id": "", "name": "bash", "version": "5.1.8-6.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Rx4ZYvIz7JT5wbghBsjOTA==": { "id": "Rx4ZYvIz7JT5wbghBsjOTA==", "name": "libsemanage", "version": "3.4-2.el9", "kind": "binary", "source": { "id": "", "name": "libsemanage", "version": "3.4-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "SRyGVMCI95+oD0l3+3YStw==": { "id": "SRyGVMCI95+oD0l3+3YStw==", "name": "dnf", "version": "4.12.0-4.el9", "kind": "binary", "source": { "id": "", "name": "dnf", "version": "4.12.0-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "SSFXEK4vNCR4s9ImWtXtgA==": { "id": "SSFXEK4vNCR4s9ImWtXtgA==", "name": "gnupg2", "version": "2.3.3-2.el9_0", "kind": "binary", "source": { "id": "", "name": "gnupg2", "version": "2.3.3-2.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "SSnnOPGZCl33DlmR57wC7w==": { "id": "SSnnOPGZCl33DlmR57wC7w==", "name": "python3-dnf-plugins-core", "version": "4.1.0-3.el9", "kind": "binary", "source": { "id": "", "name": "dnf-plugins-core", "version": "4.1.0-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "SV9uo4F9Li9vAHBKYcAlZA==": { "id": "SV9uo4F9Li9vAHBKYcAlZA==", "name": "binutils", "version": "2.35.2-24.el9", "kind": "binary", "source": { "id": "", "name": "binutils", "version": "2.35.2-24.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "SZllfeGD2yJm0VL0H7onLg==": { "id": "SZllfeGD2yJm0VL0H7onLg==", "name": "libxcb-devel", "version": "1.13.1-9.el9", "kind": "binary", "source": { "id": "", "name": "libxcb", "version": "1.13.1-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "SdI1Am/qHph5dG2ZoOeUIQ==": { "id": "SdI1Am/qHph5dG2ZoOeUIQ==", "name": "libevent", "version": "2.1.12-6.el9", "kind": "binary", "source": { "id": "", "name": "libevent", "version": "2.1.12-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "TANtf1h6RhI5yVQQhHFTbg==": { "id": "TANtf1h6RhI5yVQQhHFTbg==", "name": "libstdc++-devel", "version": "11.3.1-2.1.el9", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "11.3.1-2.1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "THoW7icQ9Ts4hZAkh5A/WQ==": { "id": "THoW7icQ9Ts4hZAkh5A/WQ==", "name": "perl-if", "version": "0.60.800-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "TPIRq84Pr3a6ywzPeCr3Pw==": { "id": "TPIRq84Pr3a6ywzPeCr3Pw==", "name": "libcap-ng", "version": "0.8.2-7.el9", "kind": "binary", "source": { "id": "", "name": "libcap-ng", "version": "0.8.2-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Tl6ebomp9GQLN9svWzKp+w==": { "id": "Tl6ebomp9GQLN9svWzKp+w==", "name": "libcap", "version": "2.48-8.el9", "kind": "binary", "source": { "id": "", "name": "libcap", "version": "2.48-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "To0NR+oyXDu1CYJfmVGurQ==": { "id": "To0NR+oyXDu1CYJfmVGurQ==", "name": "gpgme", "version": "1.15.1-6.el9", "kind": "binary", "source": { "id": "", "name": "gpgme", "version": "1.15.1-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Tob5YtKxleVTQzw2GCmwGg==": { "id": "Tob5YtKxleVTQzw2GCmwGg==", "name": "libpq-devel", "version": "13.5-1.el9", "kind": "binary", "source": { "id": "", "name": "libpq", "version": "13.5-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "TzNyp6yTJ3m0O8xeeDKC3A==": { "id": "TzNyp6yTJ3m0O8xeeDKC3A==", "name": "libpq", "version": "13.5-1.el9", "kind": "binary", "source": { "id": "", "name": "libpq", "version": "13.5-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "TzT9ayOh2hZShfYtipxZEw==": { "id": "TzT9ayOh2hZShfYtipxZEw==", "name": "harfbuzz-icu", "version": "2.7.4-8.el9", "kind": "binary", "source": { "id": "", "name": "harfbuzz", "version": "2.7.4-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "U0P0dNPn1iUcw6b33AAKUg==": { "id": "U0P0dNPn1iUcw6b33AAKUg==", "name": "sqlite-devel", "version": "3.34.1-6.el9_1", "kind": "binary", "source": { "id": "", "name": "sqlite", "version": "3.34.1-6.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Ud9PNLLJ6v7hTpAYdO825w==": { "id": "Ud9PNLLJ6v7hTpAYdO825w==", "name": "pcre-utf16", "version": "8.44-3.el9.3", "kind": "binary", "source": { "id": "", "name": "pcre", "version": "8.44-3.el9.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Uui1iXuECCOB7NgLQMsJpg==": { "id": "Uui1iXuECCOB7NgLQMsJpg==", "name": "glibc-langpack-en", "version": "2.34-40.el9_1.1", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-40.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "UyCrdfN88WUEEECLCIw93w==": { "id": "UyCrdfN88WUEEECLCIw93w==", "name": "keyutils-libs", "version": "1.6.1-4.el9", "kind": "binary", "source": { "id": "", "name": "keyutils", "version": "1.6.1-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "V/3oHP6E5IRlfgZZHK72RA==": { "id": "V/3oHP6E5IRlfgZZHK72RA==", "name": "p11-kit-trust", "version": "0.24.1-2.el9", "kind": "binary", "source": { "id": "", "name": "p11-kit", "version": "0.24.1-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "VDWxBVhhJMCCBIlvmorheA==": { "id": "VDWxBVhhJMCCBIlvmorheA==", "name": "libfido2", "version": "1.6.0-7.el9", "kind": "binary", "source": { "id": "", "name": "libfido2", "version": "1.6.0-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "VFldiAD+rTFuce+kutFUuA==": { "id": "VFldiAD+rTFuce+kutFUuA==", "name": "openssl", "version": "1:3.0.1-47.el9_1", "kind": "binary", "source": { "id": "", "name": "openssl", "version": "3.0.1-47.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "VKbklzwNVEem7m1iQRERDg==": { "id": "VKbklzwNVEem7m1iQRERDg==", "name": "stdlib", "version": "1.18.1", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "semver:0.1.18.1.0.0.0.0.0.0", "cpe": "" }, "VLOqRGIR4aQvFfvVrpLyIg==": { "id": "VLOqRGIR4aQvFfvVrpLyIg==", "name": "pcre-cpp", "version": "8.44-3.el9.3", "kind": "binary", "source": { "id": "", "name": "pcre", "version": "8.44-3.el9.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "VV2Z1ngTs6sGvt5SrayPCg==": { "id": "VV2Z1ngTs6sGvt5SrayPCg==", "name": "libgpg-error", "version": "1.42-5.el9", "kind": "binary", "source": { "id": "", "name": "libgpg-error", "version": "1.42-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "VhjrPOGZ9XGEFgLnQWc+KQ==": { "id": "VhjrPOGZ9XGEFgLnQWc+KQ==", "name": "perl-Text-Tabs+Wrap", "version": "2013.0523-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-Text-Tabs+Wrap", "version": "2013.0523-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "W+js148eF9SSUbrTSIRvOQ==": { "id": "W+js148eF9SSUbrTSIRvOQ==", "name": "libcurl-devel", "version": "7.76.1-19.el9_1.1", "kind": "binary", "source": { "id": "", "name": "curl", "version": "7.76.1-19.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "W4amAY83CsyR7zQ0GM7zsg==": { "id": "W4amAY83CsyR7zQ0GM7zsg==", "name": "pcre2-syntax", "version": "10.40-2.el9", "kind": "binary", "source": { "id": "", "name": "pcre2", "version": "10.40-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "WCNTEGU4JEqQUNwdkKkP0Q==": { "id": "WCNTEGU4JEqQUNwdkKkP0Q==", "name": "perl-interpreter", "version": "4:5.32.1-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "WIBkwuKReD+vnev0WY88mA==": { "id": "WIBkwuKReD+vnev0WY88mA==", "name": "go-srpm-macros", "version": "3.0.9-9.el9", "kind": "binary", "source": { "id": "", "name": "go-rpm-macros", "version": "3.0.9-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "WM43f6rBXkL3dY9fUi8CGw==": { "id": "WM43f6rBXkL3dY9fUi8CGw==", "name": "boost-regex", "version": "1.75.0-8.el9", "kind": "binary", "source": { "id": "", "name": "boost", "version": "1.75.0-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "WN9YKonIBKVWuMNAg76vrA==": { "id": "WN9YKonIBKVWuMNAg76vrA==", "name": "libXpm-devel", "version": "3.5.13-8.el9_1", "kind": "binary", "source": { "id": "", "name": "libXpm", "version": "3.5.13-8.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "WXfnWfq5UvDl4B0hS+0enw==": { "id": "WXfnWfq5UvDl4B0hS+0enw==", "name": "elfutils-debuginfod-client", "version": "0.187-5.el9", "kind": "binary", "source": { "id": "", "name": "elfutils", "version": "0.187-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "WgTBt6b85L1bF7WXV5bQRA==": { "id": "WgTBt6b85L1bF7WXV5bQRA==", "name": "perl-File-Compare", "version": "1.100.600-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "WifWl02dLM2pp5urxOSuNg==": { "id": "WifWl02dLM2pp5urxOSuNg==", "name": "perl-URI", "version": "5.09-3.el9", "kind": "binary", "source": { "id": "", "name": "perl-URI", "version": "5.09-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "WuHt6bav9qTQn9+qCLLu3w==": { "id": "WuHt6bav9qTQn9+qCLLu3w==", "name": "python3-rpm", "version": "4.16.1.3-19.el9_1", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.16.1.3-19.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "XD0JiZBKTweysL9d3sIzpw==": { "id": "XD0JiZBKTweysL9d3sIzpw==", "name": "perl-subs", "version": "1.03-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "XMI2bnJZdxdcHnKc3zgCUA==": { "id": "XMI2bnJZdxdcHnKc3zgCUA==", "name": "ghc-srpm-macros", "version": "1.5.0-6.el9", "kind": "binary", "source": { "id": "", "name": "ghc-srpm-macros", "version": "1.5.0-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "XMPq7+46c92RSax5sZ9PZw==": { "id": "XMPq7+46c92RSax5sZ9PZw==", "name": "libxml2", "version": "2.9.13-3.el9_1", "kind": "binary", "source": { "id": "", "name": "libxml2", "version": "2.9.13-3.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "XPJI1FEhwhWF1vzFJI8S6g==": { "id": "XPJI1FEhwhWF1vzFJI8S6g==", "name": "libsolv", "version": "0.7.22-1.el9", "kind": "binary", "source": { "id": "", "name": "libsolv", "version": "0.7.22-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "XVUHqTgxrtHVNbQOLA/oQA==": { "id": "XVUHqTgxrtHVNbQOLA/oQA==", "name": "librepo", "version": "1.14.2-3.el9", "kind": "binary", "source": { "id": "", "name": "librepo", "version": "1.14.2-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "XX1gx35T8rMzed7p4qESdA==": { "id": "XX1gx35T8rMzed7p4qESdA==", "name": "harfbuzz-devel", "version": "2.7.4-8.el9", "kind": "binary", "source": { "id": "", "name": "harfbuzz", "version": "2.7.4-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "XliA1VgMzM5VjjSZdnmlQw==": { "id": "XliA1VgMzM5VjjSZdnmlQw==", "name": "perl-Getopt-Long", "version": "1:2.52-4.el9", "kind": "binary", "source": { "id": "", "name": "perl-Getopt-Long", "version": "2.52-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "XmQjRyagIacphhV3vVNJUg==": { "id": "XmQjRyagIacphhV3vVNJUg==", "name": "libuser", "version": "0.63-11.el9", "kind": "binary", "source": { "id": "", "name": "libuser", "version": "0.63-11.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Xs0UZDLX+3bz2vT+iSJz7Q==": { "id": "Xs0UZDLX+3bz2vT+iSJz7Q==", "name": "glib2", "version": "2.68.4-5.el9", "kind": "binary", "source": { "id": "", "name": "glib2", "version": "2.68.4-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "XwbkaIGCYyq6BjBMVZ1wzw==": { "id": "XwbkaIGCYyq6BjBMVZ1wzw==", "name": "readline", "version": "8.1-4.el9", "kind": "binary", "source": { "id": "", "name": "readline", "version": "8.1-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Y2WVn7YbALZNiKrMVF83bA==": { "id": "Y2WVn7YbALZNiKrMVF83bA==", "name": "bsdtar", "version": "3.5.3-3.el9", "kind": "binary", "source": { "id": "", "name": "libarchive", "version": "3.5.3-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Y35yrxWjtTUkUbNtS9+p6g==": { "id": "Y35yrxWjtTUkUbNtS9+p6g==", "name": "python3-six", "version": "1.15.0-9.el9", "kind": "binary", "source": { "id": "", "name": "python-six", "version": "1.15.0-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "YRfO+WACNVQDTEO1DaRoPw==": { "id": "YRfO+WACNVQDTEO1DaRoPw==", "name": "libarchive", "version": "3.5.3-3.el9", "kind": "binary", "source": { "id": "", "name": "libarchive", "version": "3.5.3-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ZEh/5caJmj5WMgoK5/jyfw==": { "id": "ZEh/5caJmj5WMgoK5/jyfw==", "name": "libjpeg-turbo", "version": "2.0.90-5.el9", "kind": "binary", "source": { "id": "", "name": "libjpeg-turbo", "version": "2.0.90-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ZX4vKkXsoMfQ2HH9oPb0TA==": { "id": "ZX4vKkXsoMfQ2HH9oPb0TA==", "name": "libXau-devel", "version": "1.0.9-8.el9", "kind": "binary", "source": { "id": "", "name": "libXau", "version": "1.0.9-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Znd6oNA8HDVHwd3abR/PEg==": { "id": "Znd6oNA8HDVHwd3abR/PEg==", "name": "libblkid-devel", "version": "2.37.4-9.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "a0GQ0ecdg5PXNSF9I+cGHw==": { "id": "a0GQ0ecdg5PXNSF9I+cGHw==", "name": "libX11", "version": "1.7.0-7.el9", "kind": "binary", "source": { "id": "", "name": "libX11", "version": "1.7.0-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "aW0vfCmvp3ku6dMkvaoZGw==": { "id": "aW0vfCmvp3ku6dMkvaoZGw==", "name": "perl-base", "version": "2.27-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "ao0mLJHwgqEhua26lzg6gQ==": { "id": "ao0mLJHwgqEhua26lzg6gQ==", "name": "glibc-minimal-langpack", "version": "2.34-40.el9_1.1", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-40.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "arzS3GnLPLKzM8xRPFnUzw==": { "id": "arzS3GnLPLKzM8xRPFnUzw==", "name": "ncurses", "version": "6.2-8.20210508.el9", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.2-8.20210508.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ax5YZqtoTsGSLh5YAOUDAA==": { "id": "ax5YZqtoTsGSLh5YAOUDAA==", "name": "dbus-libs", "version": "1:1.12.20-7.el9_1", "kind": "binary", "source": { "id": "", "name": "dbus", "version": "1.12.20-7.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "b/fX+2E3Kw/VrXP3Viej5w==": { "id": "b/fX+2E3Kw/VrXP3Viej5w==", "name": "acl", "version": "2.3.1-3.el9", "kind": "binary", "source": { "id": "", "name": "acl", "version": "2.3.1-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bEsPytE/ZdCMbfuAgQc9AA==": { "id": "bEsPytE/ZdCMbfuAgQc9AA==", "name": "perl-srpm-macros", "version": "1-41.el9", "kind": "binary", "source": { "id": "", "name": "perl-srpm-macros", "version": "1-41.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "bFvWffGqJWr7FWnI7K9NVw==": { "id": "bFvWffGqJWr7FWnI7K9NVw==", "name": "grep", "version": "3.6-5.el9", "kind": "binary", "source": { "id": "", "name": "grep", "version": "3.6-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bQK0gSM91Pq8oi5kJ9072Q==": { "id": "bQK0gSM91Pq8oi5kJ9072Q==", "name": "gettext-libs", "version": "0.21-7.el9", "kind": "binary", "source": { "id": "", "name": "gettext", "version": "0.21-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bbOmNWQZu2GtbHRNTT5LbA==": { "id": "bbOmNWQZu2GtbHRNTT5LbA==", "name": "pcre2", "version": "10.40-2.el9", "kind": "binary", "source": { "id": "", "name": "pcre2", "version": "10.40-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bp0rUgZ5FkIYAX2aEVd/VA==": { "id": "bp0rUgZ5FkIYAX2aEVd/VA==", "name": "vim-minimal", "version": "2:8.2.2637-20.el9_1", "kind": "binary", "source": { "id": "", "name": "vim", "version": "8.2.2637-20.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "byfHs8LLvbAc+YzK8+QmXA==": { "id": "byfHs8LLvbAc+YzK8+QmXA==", "name": "glibc", "version": "2.34-40.el9_1.1", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-40.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "c+W6x4Mcea6sasJQFpayfg==": { "id": "c+W6x4Mcea6sasJQFpayfg==", "name": "libwebp", "version": "1.2.0-3.el9", "kind": "binary", "source": { "id": "", "name": "libwebp", "version": "1.2.0-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "c4cAHnbL6QvzxTWvSxwSUQ==": { "id": "c4cAHnbL6QvzxTWvSxwSUQ==", "name": "golang-bin", "version": "1.18.9-1.el9_1", "kind": "binary", "source": { "id": "", "name": "golang", "version": "1.18.9-1.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "c6MW06Rtj8J56gSpVtmC/w==": { "id": "c6MW06Rtj8J56gSpVtmC/w==", "name": "libselinux-devel", "version": "3.4-3.el9", "kind": "binary", "source": { "id": "", "name": "libselinux", "version": "3.4-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "cGWkJkC9Qm+QCP4f8vmD+Q==": { "id": "cGWkJkC9Qm+QCP4f8vmD+Q==", "name": "libX11-xcb", "version": "1.7.0-7.el9", "kind": "binary", "source": { "id": "", "name": "libX11", "version": "1.7.0-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "cPPALpm8EZ1p7Fe1on0nPQ==": { "id": "cPPALpm8EZ1p7Fe1on0nPQ==", "name": "diffutils", "version": "3.7-12.el9", "kind": "binary", "source": { "id": "", "name": "diffutils", "version": "3.7-12.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "caF9WsICRhpk2jJBTv5OsQ==": { "id": "caF9WsICRhpk2jJBTv5OsQ==", "name": "perl-File-Basename", "version": "2.85-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "cj0M8yBzJA8j5tTGHOqDIw==": { "id": "cj0M8yBzJA8j5tTGHOqDIw==", "name": "perl-Fcntl", "version": "1.13-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ckYokpjDEx3hfGxpdtbM6A==": { "id": "ckYokpjDEx3hfGxpdtbM6A==", "name": "dnf-plugins-core", "version": "4.1.0-3.el9", "kind": "binary", "source": { "id": "", "name": "dnf-plugins-core", "version": "4.1.0-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "clGQ5Kq/RKZZziBln/4BLA==": { "id": "clGQ5Kq/RKZZziBln/4BLA==", "name": "perl-DynaLoader", "version": "1.47-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ct/ndQfSB+G17YP34ufDBA==": { "id": "ct/ndQfSB+G17YP34ufDBA==", "name": "perl-Digest-MD5", "version": "2.58-4.el9", "kind": "binary", "source": { "id": "", "name": "perl-Digest-MD5", "version": "2.58-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dC9CoYt17eaqinGSVCfCxw==": { "id": "dC9CoYt17eaqinGSVCfCxw==", "name": "libattr", "version": "2.5.1-3.el9", "kind": "binary", "source": { "id": "", "name": "attr", "version": "2.5.1-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dMY7Qly4vcBOdARECvhzxQ==": { "id": "dMY7Qly4vcBOdARECvhzxQ==", "name": "ncurses-libs", "version": "6.2-8.20210508.el9", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.2-8.20210508.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dStYvdO33sly7EacpHOqeA==": { "id": "dStYvdO33sly7EacpHOqeA==", "name": "rootfiles", "version": "8.1-31.el9", "kind": "binary", "source": { "id": "", "name": "rootfiles", "version": "8.1-31.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "dYr9tK7XM6aISNKJAtl5ZQ==": { "id": "dYr9tK7XM6aISNKJAtl5ZQ==", "name": "pcre-utf32", "version": "8.44-3.el9.3", "kind": "binary", "source": { "id": "", "name": "pcre", "version": "8.44-3.el9.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dnA+092RxSVxmYLtbm4n5w==": { "id": "dnA+092RxSVxmYLtbm4n5w==", "name": "libmount-devel", "version": "2.37.4-9.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dpQG/pUwAqVv1OdQqnvylQ==": { "id": "dpQG/pUwAqVv1OdQqnvylQ==", "name": "libsigsegv", "version": "2.13-4.el9", "kind": "binary", "source": { "id": "", "name": "libsigsegv", "version": "2.13-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dt/eA+h8BqXPeZvbQ4xjlQ==": { "id": "dt/eA+h8BqXPeZvbQ4xjlQ==", "name": "openssh", "version": "8.7p1-24.el9_1", "kind": "binary", "source": { "id": "", "name": "openssh", "version": "8.7p1-24.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "e7W78NrdwYaVEcBcXhDv5Q==": { "id": "e7W78NrdwYaVEcBcXhDv5Q==", "name": "libcomps", "version": "0.1.18-1.el9", "kind": "binary", "source": { "id": "", "name": "libcomps", "version": "0.1.18-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "eEjpOxWkwvzzJN5kkeVUcg==": { "id": "eEjpOxWkwvzzJN5kkeVUcg==", "name": "perl-Encode", "version": "4:3.08-462.el9", "kind": "binary", "source": { "id": "", "name": "perl-Encode", "version": "3.08-462.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "eJ5VkZHE2z3KyF5sFEKj8g==": { "id": "eJ5VkZHE2z3KyF5sFEKj8g==", "name": "cmake-filesystem", "version": "3.20.2-7.el9", "kind": "binary", "source": { "id": "", "name": "cmake", "version": "3.20.2-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "eMk3cpR3xfyfnR/IUeON3Q==": { "id": "eMk3cpR3xfyfnR/IUeON3Q==", "name": "command-line-arguments", "version": "(devel)", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "eUjbBBk9e6ukjdxq7Ysc5Q==": { "id": "eUjbBBk9e6ukjdxq7Ysc5Q==", "name": "krb5-libs", "version": "1.19.1-24.el9_1", "kind": "binary", "source": { "id": "", "name": "krb5", "version": "1.19.1-24.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "eckWZv7IBjaLZNS/vZ1gWg==": { "id": "eckWZv7IBjaLZNS/vZ1gWg==", "name": "procps-ng", "version": "3.3.17-8.el9", "kind": "binary", "source": { "id": "", "name": "procps-ng", "version": "3.3.17-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ey7Cn3NmMZ6qorZvUccGqA==": { "id": "ey7Cn3NmMZ6qorZvUccGqA==", "name": "nodejs-libs", "version": "1:16.18.1-3.el9_1", "kind": "binary", "source": { "id": "", "name": "nodejs", "version": "16.18.1-3.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "f2GhXCi0MGW6C5vh1ih8XQ==": { "id": "f2GhXCi0MGW6C5vh1ih8XQ==", "name": "perl-threads", "version": "1:2.25-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-threads", "version": "2.25-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "fTz/BbdjDg+PD+HvcMlQ3A==": { "id": "fTz/BbdjDg+PD+HvcMlQ3A==", "name": "go-toolset", "version": "1.18.9-1.el9_1", "kind": "binary", "source": { "id": "", "name": "go-toolset", "version": "1.18.9-1.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ffBZQco1wXO0fddcwHstSQ==": { "id": "ffBZQco1wXO0fddcwHstSQ==", "name": "redhat-rpm-config", "version": "196-1.el9", "kind": "binary", "source": { "id": "", "name": "redhat-rpm-config", "version": "196-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "gBWlSWdEA8U1+Ep4A/+M2g==": { "id": "gBWlSWdEA8U1+Ep4A/+M2g==", "name": "perl-Error", "version": "1:0.17029-7.el9", "kind": "binary", "source": { "id": "", "name": "perl-Error", "version": "0.17029-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "gJHwCqer7Rl9ijGK6wpg4A==": { "id": "gJHwCqer7Rl9ijGK6wpg4A==", "name": "libICE", "version": "1.0.10-8.el9", "kind": "binary", "source": { "id": "", "name": "libICE", "version": "1.0.10-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gngAZQYf0zy4+w3GwgpLmw==": { "id": "gngAZQYf0zy4+w3GwgpLmw==", "name": "python3-libcomps", "version": "0.1.18-1.el9", "kind": "binary", "source": { "id": "", "name": "libcomps", "version": "0.1.18-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gsdYiUdG+fMtG/M0X1EkAg==": { "id": "gsdYiUdG+fMtG/M0X1EkAg==", "name": "filesystem", "version": "3.16-2.el9", "kind": "binary", "source": { "id": "", "name": "filesystem", "version": "3.16-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hGxLNL3q3tYYzz2uKfKB4A==": { "id": "hGxLNL3q3tYYzz2uKfKB4A==", "name": "expat", "version": "2.4.9-1.el9_1.1", "kind": "binary", "source": { "id": "", "name": "expat", "version": "2.4.9-1.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hHL/OokyETnopazrev0shg==": { "id": "hHL/OokyETnopazrev0shg==", "name": "lua-libs", "version": "5.4.4-2.el9_1", "kind": "binary", "source": { "id": "", "name": "lua", "version": "5.4.4-2.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hKJ3xmpaes4B2vxd2C5M1Q==": { "id": "hKJ3xmpaes4B2vxd2C5M1Q==", "name": "ocaml-srpm-macros", "version": "6-6.el9", "kind": "binary", "source": { "id": "", "name": "ocaml-srpm-macros", "version": "6-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "hNv7ol5w6PGaZXktwlRWPg==": { "id": "hNv7ol5w6PGaZXktwlRWPg==", "name": "libblkid", "version": "2.37.4-9.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hYEisV19Dxn4PvCvxJFm5A==": { "id": "hYEisV19Dxn4PvCvxJFm5A==", "name": "lz4-libs", "version": "1.9.3-5.el9", "kind": "binary", "source": { "id": "", "name": "lz4", "version": "1.9.3-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hasHd85qN7fkJeIIqjjDow==": { "id": "hasHd85qN7fkJeIIqjjDow==", "name": "gcc", "version": "11.3.1-2.1.el9", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "11.3.1-2.1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "heXcDkpDDTJ/ac/FHrXYvg==": { "id": "heXcDkpDDTJ/ac/FHrXYvg==", "name": "efi-srpm-macros", "version": "6-2.el9_0", "kind": "binary", "source": { "id": "", "name": "efi-rpm-macros", "version": "6-2.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "hgr5TOXgV4U9LXyKt2w6gA==": { "id": "hgr5TOXgV4U9LXyKt2w6gA==", "name": "libffi-devel", "version": "3.4.2-7.el9", "kind": "binary", "source": { "id": "", "name": "libffi", "version": "3.4.2-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hjikQWtnmVPaWts63wYw4Q==": { "id": "hjikQWtnmVPaWts63wYw4Q==", "name": "passwd", "version": "0.80-12.el9", "kind": "binary", "source": { "id": "", "name": "passwd", "version": "0.80-12.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hrY/5TRUmBt6d/EoQ9M7aw==": { "id": "hrY/5TRUmBt6d/EoQ9M7aw==", "name": "python3-dateutil", "version": "1:2.8.1-6.el9", "kind": "binary", "source": { "id": "", "name": "python-dateutil", "version": "2.8.1-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "hvKbzRSMjrg1f3y/PRzGwg==": { "id": "hvKbzRSMjrg1f3y/PRzGwg==", "name": "openssl-devel", "version": "1:3.0.1-47.el9_1", "kind": "binary", "source": { "id": "", "name": "openssl", "version": "3.0.1-47.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hyds1mrD8GWUXo+lv53Rag==": { "id": "hyds1mrD8GWUXo+lv53Rag==", "name": "findutils", "version": "1:4.8.0-5.el9", "kind": "binary", "source": { "id": "", "name": "findutils", "version": "4.8.0-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "i1yNGcAdCbK2SnebCgMUqQ==": { "id": "i1yNGcAdCbK2SnebCgMUqQ==", "name": "systemd-libs", "version": "250-12.el9_1.3", "kind": "binary", "source": { "id": "", "name": "systemd", "version": "250-12.el9_1.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "iBA/JBMmSIEGbBZDQlcuUQ==": { "id": "iBA/JBMmSIEGbBZDQlcuUQ==", "name": "bzip2-devel", "version": "1.0.8-8.el9", "kind": "binary", "source": { "id": "", "name": "bzip2", "version": "1.0.8-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "iG10xBRfLLoRP3qlluI7NQ==": { "id": "iG10xBRfLLoRP3qlluI7NQ==", "name": "automake", "version": "1.16.2-6.el9", "kind": "binary", "source": { "id": "", "name": "automake", "version": "1.16.2-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "iMLMqCcRXnm6QslpJnCS7w==": { "id": "iMLMqCcRXnm6QslpJnCS7w==", "name": "cairo", "version": "1.17.4-7.el9", "kind": "binary", "source": { "id": "", "name": "cairo", "version": "1.17.4-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "iQByZpdRXgW/fl3SoDuoAA==": { "id": "iQByZpdRXgW/fl3SoDuoAA==", "name": "libipt", "version": "2.0.4-5.el9", "kind": "binary", "source": { "id": "", "name": "libipt", "version": "2.0.4-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "iQnKl0+RxymKc9bhVdyuyQ==": { "id": "iQnKl0+RxymKc9bhVdyuyQ==", "name": "perl-B", "version": "1.80-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "iTjyL8AL9avw3YnaeFgLEg==": { "id": "iTjyL8AL9avw3YnaeFgLEg==", "name": "gettext", "version": "0.21-7.el9", "kind": "binary", "source": { "id": "", "name": "gettext", "version": "0.21-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "iswhVSntR4QnIsTAyM6ydQ==": { "id": "iswhVSntR4QnIsTAyM6ydQ==", "name": "perl-Pod-Escapes", "version": "1:1.07-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-Pod-Escapes", "version": "1.07-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "ix3lD4/Nn7qLbcpDm0AIhg==": { "id": "ix3lD4/Nn7qLbcpDm0AIhg==", "name": "perl-constant", "version": "1.33-461.el9", "kind": "binary", "source": { "id": "", "name": "perl-constant", "version": "1.33-461.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "j3oHbOmfE09xNAzoTXpcSg==": { "id": "j3oHbOmfE09xNAzoTXpcSg==", "name": "libsepol", "version": "3.4-1.1.el9", "kind": "binary", "source": { "id": "", "name": "libsepol", "version": "3.4-1.1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "jADxtb7PiatU9dihVhjp/Q==": { "id": "jADxtb7PiatU9dihVhjp/Q==", "name": "elfutils-libelf", "version": "0.187-5.el9", "kind": "binary", "source": { "id": "", "name": "elfutils", "version": "0.187-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "jDIVpAdvhjPN/gmOBNQuag==": { "id": "jDIVpAdvhjPN/gmOBNQuag==", "name": "perl-Time-Local", "version": "2:1.300-7.el9", "kind": "binary", "source": { "id": "", "name": "perl-Time-Local", "version": "1.300-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "jH43ZEoPP2TpNiUJXUizMw==": { "id": "jH43ZEoPP2TpNiUJXUizMw==", "name": "libutempter", "version": "1.2.1-6.el9", "kind": "binary", "source": { "id": "", "name": "libutempter", "version": "1.2.1-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "jSOT/FBECA7xUY+Zv/Ps+Q==": { "id": "jSOT/FBECA7xUY+Zv/Ps+Q==", "name": "rpm", "version": "4.16.1.3-19.el9_1", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.16.1.3-19.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "jXo3rXdhdYGkiXYZpQxZ3Q==": { "id": "jXo3rXdhdYGkiXYZpQxZ3Q==", "name": "python3-chardet", "version": "4.0.0-5.el9", "kind": "binary", "source": { "id": "", "name": "python-chardet", "version": "4.0.0-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "kAc8BYCjeCgQR9YdLeGx9w==": { "id": "kAc8BYCjeCgQR9YdLeGx9w==", "name": "python3-urllib3", "version": "1.26.5-3.el9", "kind": "binary", "source": { "id": "", "name": "python-urllib3", "version": "1.26.5-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "kDzRHkg3txncDWuyd5771g==": { "id": "kDzRHkg3txncDWuyd5771g==", "name": "fontconfig", "version": "2.14.0-2.el9_1", "kind": "binary", "source": { "id": "", "name": "fontconfig", "version": "2.14.0-2.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "kMrprdB/TspYL2Dyt9hBfw==": { "id": "kMrprdB/TspYL2Dyt9hBfw==", "name": "libgomp", "version": "11.3.1-2.1.el9", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "11.3.1-2.1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "kdml4TiffKDDUHJjP7R1Tg==": { "id": "kdml4TiffKDDUHJjP7R1Tg==", "name": "openldap", "version": "2.6.2-3.el9", "kind": "binary", "source": { "id": "", "name": "openldap", "version": "2.6.2-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ki6pd/LsWsx2BY6b+Np6dQ==": { "id": "ki6pd/LsWsx2BY6b+Np6dQ==", "name": "cpp", "version": "11.3.1-2.1.el9", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "11.3.1-2.1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "kigiD4fuysu8/DeCr+ONKQ==": { "id": "kigiD4fuysu8/DeCr+ONKQ==", "name": "basesystem", "version": "11-13.el9", "kind": "binary", "source": { "id": "", "name": "basesystem", "version": "11-13.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "ktHjHCegyaFGFLaqVjqkVA==": { "id": "ktHjHCegyaFGFLaqVjqkVA==", "name": "libX11-common", "version": "1.7.0-7.el9", "kind": "binary", "source": { "id": "", "name": "libX11", "version": "1.7.0-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "kzHnWWgcRX/Do32aQ8TMBQ==": { "id": "kzHnWWgcRX/Do32aQ8TMBQ==", "name": "perl-Git", "version": "2.31.1-3.el9_1", "kind": "binary", "source": { "id": "", "name": "git", "version": "2.31.1-3.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "lITnNJqHTfcVQiCGHjWozA==": { "id": "lITnNJqHTfcVQiCGHjWozA==", "name": "python3-pip-wheel", "version": "21.2.3-6.el9", "kind": "binary", "source": { "id": "", "name": "python-pip", "version": "21.2.3-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "lwkb5oxxrG7ZgPYzSyvcZQ==": { "id": "lwkb5oxxrG7ZgPYzSyvcZQ==", "name": "libxml2-devel", "version": "2.9.13-3.el9_1", "kind": "binary", "source": { "id": "", "name": "libxml2", "version": "2.9.13-3.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "lxyER9sFQyH/cLua8fAlfw==": { "id": "lxyER9sFQyH/cLua8fAlfw==", "name": "perl-File-Find", "version": "1.37-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "ly9SmBBH7WsYXh1oG69XaQ==": { "id": "ly9SmBBH7WsYXh1oG69XaQ==", "name": "perl-HTTP-Tiny", "version": "0.076-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-HTTP-Tiny", "version": "0.076-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "m7hOFCjo7x6PMvux7htFOg==": { "id": "m7hOFCjo7x6PMvux7htFOg==", "name": "cracklib-dicts", "version": "2.9.6-27.el9", "kind": "binary", "source": { "id": "", "name": "cracklib", "version": "2.9.6-27.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mK/FUfODp3MR7WS2xegPsw==": { "id": "mK/FUfODp3MR7WS2xegPsw==", "name": "langpacks-core-en", "version": "3.0-16.el9", "kind": "binary", "source": { "id": "", "name": "langpacks", "version": "3.0-16.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "mLZQEF4KLS62c+8BB/jz0Q==": { "id": "mLZQEF4KLS62c+8BB/jz0Q==", "name": "libxslt", "version": "1.1.34-9.el9", "kind": "binary", "source": { "id": "", "name": "libxslt", "version": "1.1.34-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mLtyJkgiain09bfdUDF0tA==": { "id": "mLtyJkgiain09bfdUDF0tA==", "name": "python3-idna", "version": "2.10-7.el9", "kind": "binary", "source": { "id": "", "name": "python-idna", "version": "2.10-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "mPqGnMbiXN6jP61aGbHvOA==": { "id": "mPqGnMbiXN6jP61aGbHvOA==", "name": "libyaml", "version": "0.2.5-7.el9", "kind": "binary", "source": { "id": "", "name": "libyaml", "version": "0.2.5-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mRRefE/Wm2s5CZDmwUJ8jg==": { "id": "mRRefE/Wm2s5CZDmwUJ8jg==", "name": "zlib", "version": "1.2.11-35.el9_1", "kind": "binary", "source": { "id": "", "name": "zlib", "version": "1.2.11-35.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mS/mU0XqXurt5b2cC0G2wA==": { "id": "mS/mU0XqXurt5b2cC0G2wA==", "name": "libXpm", "version": "3.5.13-8.el9_1", "kind": "binary", "source": { "id": "", "name": "libXpm", "version": "3.5.13-8.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "me8N6gnEhOLccvD/431aCw==": { "id": "me8N6gnEhOLccvD/431aCw==", "name": "libgcc", "version": "11.3.1-2.1.el9", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "11.3.1-2.1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mqd6XOc7hJ7OKe7FI62YlA==": { "id": "mqd6XOc7hJ7OKe7FI62YlA==", "name": "python3-setuptools", "version": "53.0.0-10.el9_1.1", "kind": "binary", "source": { "id": "", "name": "python-setuptools", "version": "53.0.0-10.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "ms1/Dytf/YQgRgubY3EyyQ==": { "id": "ms1/Dytf/YQgRgubY3EyyQ==", "name": "libsepol-devel", "version": "3.4-1.1.el9", "kind": "binary", "source": { "id": "", "name": "libsepol", "version": "3.4-1.1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "n2BikwI3Mg2dIr4kYK8New==": { "id": "n2BikwI3Mg2dIr4kYK8New==", "name": "pkgconf-m4", "version": "1.7.3-9.el9", "kind": "binary", "source": { "id": "", "name": "pkgconf", "version": "1.7.3-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "nC22unSxVi1R4g6taYLM9Q==": { "id": "nC22unSxVi1R4g6taYLM9Q==", "name": "brotli-devel", "version": "1.0.9-6.el9", "kind": "binary", "source": { "id": "", "name": "brotli", "version": "1.0.9-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "nRx5HCyZ2M4L1LvJSclibw==": { "id": "nRx5HCyZ2M4L1LvJSclibw==", "name": "rsync", "version": "3.2.3-18.el9", "kind": "binary", "source": { "id": "", "name": "rsync", "version": "3.2.3-18.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "nUBBsXgA+QSl6Tx9eXi6Mw==": { "id": "nUBBsXgA+QSl6Tx9eXi6Mw==", "name": "dbus-common", "version": "1:1.12.20-7.el9_1", "kind": "binary", "source": { "id": "", "name": "dbus", "version": "1.12.20-7.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "na4ojyfFHL07xf5Yr8wxsg==": { "id": "na4ojyfFHL07xf5Yr8wxsg==", "name": "libgpg-error-devel", "version": "1.42-5.el9", "kind": "binary", "source": { "id": "", "name": "libgpg-error", "version": "1.42-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "noZz3cbDBX3Q1ohSWIKe1g==": { "id": "noZz3cbDBX3Q1ohSWIKe1g==", "name": "libtiff", "version": "4.4.0-5.el9_1", "kind": "binary", "source": { "id": "", "name": "libtiff", "version": "4.4.0-5.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "nqniqNEVhrfub8cS+os87A==": { "id": "nqniqNEVhrfub8cS+os87A==", "name": "fonts-srpm-macros", "version": "1:2.0.5-7.el9.1", "kind": "binary", "source": { "id": "", "name": "fonts-rpm-macros", "version": "2.0.5-7.el9.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "nwgNWiqPWTP9jQpHdB8CFA==": { "id": "nwgNWiqPWTP9jQpHdB8CFA==", "name": "subscription-manager", "version": "1.29.30.1-1.el9_1", "kind": "binary", "source": { "id": "", "name": "subscription-manager", "version": "1.29.30.1-1.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "o0sNxhdrQvn3LtgSlydcdw==": { "id": "o0sNxhdrQvn3LtgSlydcdw==", "name": "pcre2-devel", "version": "10.40-2.el9", "kind": "binary", "source": { "id": "", "name": "pcre2", "version": "10.40-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "o3loazzxvm2hQ5N1QRaYvg==": { "id": "o3loazzxvm2hQ5N1QRaYvg==", "name": "glib2-devel", "version": "2.68.4-5.el9", "kind": "binary", "source": { "id": "", "name": "glib2", "version": "2.68.4-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "oCbJhi6fmGrlKcF1SlNuYw==": { "id": "oCbJhi6fmGrlKcF1SlNuYw==", "name": "git-core", "version": "2.31.1-3.el9_1", "kind": "binary", "source": { "id": "", "name": "git", "version": "2.31.1-3.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "oGWSEEsLb6ToIwJ1tUBkwg==": { "id": "oGWSEEsLb6ToIwJ1tUBkwg==", "name": "perl-File-Copy", "version": "2.34-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "oK41W21MyjS/j+5BoCQjuA==": { "id": "oK41W21MyjS/j+5BoCQjuA==", "name": "tcl", "version": "1:8.6.10-7.el9", "kind": "binary", "source": { "id": "", "name": "tcl", "version": "8.6.10-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "oWKtpTsx1ck3WozLlUNKbw==": { "id": "oWKtpTsx1ck3WozLlUNKbw==", "name": "yum", "version": "4.12.0-4.el9", "kind": "binary", "source": { "id": "", "name": "dnf", "version": "4.12.0-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "obNuQXzAwE3TzjUoRN1yEw==": { "id": "obNuQXzAwE3TzjUoRN1yEw==", "name": "libbabeltrace", "version": "1.5.8-10.el9", "kind": "binary", "source": { "id": "", "name": "babeltrace", "version": "1.5.8-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "og/hyn7iqbsNsfIv/8VHFg==": { "id": "og/hyn7iqbsNsfIv/8VHFg==", "name": "harfbuzz", "version": "2.7.4-8.el9", "kind": "binary", "source": { "id": "", "name": "harfbuzz", "version": "2.7.4-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "om/hnbn42itSjLCSeL6+2A==": { "id": "om/hnbn42itSjLCSeL6+2A==", "name": "freetype", "version": "2.10.4-9.el9", "kind": "binary", "source": { "id": "", "name": "freetype", "version": "2.10.4-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "p9BcHmUiqsfiDX2HpNFM5g==": { "id": "p9BcHmUiqsfiDX2HpNFM5g==", "name": "libgcrypt", "version": "1.10.0-8.el9_0", "kind": "binary", "source": { "id": "", "name": "libgcrypt", "version": "1.10.0-8.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "pNbpZqWYymW5Cm1QYLE4uQ==": { "id": "pNbpZqWYymW5Cm1QYLE4uQ==", "name": "device-mapper", "version": "9:1.02.185-3.el9", "kind": "binary", "source": { "id": "", "name": "lvm2", "version": "2.03.16-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "pc8TmjOHnExT3yvCQuGR7Q==": { "id": "pc8TmjOHnExT3yvCQuGR7Q==", "name": "tar", "version": "2:1.34-6.el9_1", "kind": "binary", "source": { "id": "", "name": "tar", "version": "1.34-6.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "pdyD4GFauXtML8NxA7nURQ==": { "id": "pdyD4GFauXtML8NxA7nURQ==", "name": "python3-dnf", "version": "4.12.0-4.el9", "kind": "binary", "source": { "id": "", "name": "dnf", "version": "4.12.0-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "peDze6790+ubKa/8hacS+w==": { "id": "peDze6790+ubKa/8hacS+w==", "name": "stdlib", "version": "1.18.9", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "semver:0.1.18.9.0.0.0.0.0.0", "cpe": "" }, "pff1wMeg2U6ebqlGIkRlMg==": { "id": "pff1wMeg2U6ebqlGIkRlMg==", "name": "git", "version": "2.31.1-3.el9_1", "kind": "binary", "source": { "id": "", "name": "git", "version": "2.31.1-3.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ptT0YL/h24MTjTTVlPAZVg==": { "id": "ptT0YL/h24MTjTTVlPAZVg==", "name": "freetype-devel", "version": "2.10.4-9.el9", "kind": "binary", "source": { "id": "", "name": "freetype", "version": "2.10.4-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "qIHoKDOcFEbVk0+xQvglbQ==": { "id": "qIHoKDOcFEbVk0+xQvglbQ==", "name": "openssl-libs", "version": "1:3.0.1-47.el9_1", "kind": "binary", "source": { "id": "", "name": "openssl", "version": "3.0.1-47.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "qTTyL80F/2JUAy85WSpobg==": { "id": "qTTyL80F/2JUAy85WSpobg==", "name": "coreutils-single", "version": "8.32-32.el9", "kind": "binary", "source": { "id": "", "name": "coreutils", "version": "8.32-32.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "qYSZ6aKFWol313IOGRXaug==": { "id": "qYSZ6aKFWol313IOGRXaug==", "name": "json-c", "version": "0.14-11.el9", "kind": "binary", "source": { "id": "", "name": "json-c", "version": "0.14-11.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "qcLLXOiskeOh3Yk1oA8Pwg==": { "id": "qcLLXOiskeOh3Yk1oA8Pwg==", "name": "kmod-libs", "version": "28-7.el9", "kind": "binary", "source": { "id": "", "name": "kmod", "version": "28-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "qijykJ/WFTcI/fd8/RsFmg==": { "id": "qijykJ/WFTcI/fd8/RsFmg==", "name": "ubi9", "version": "9.1.0-1782", "kind": "binary", "source": { "id": "9AmKs/wDQFsVMVHWnqbu+g==", "name": "ubi9-container", "version": "9.1.0-1782", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:9.1.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "normalized_version": "rhctag:9.1.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "rEU0uZUpz06y9hg0ORc49A==": { "id": "rEU0uZUpz06y9hg0ORc49A==", "name": "libpwquality", "version": "1.4.4-8.el9", "kind": "binary", "source": { "id": "", "name": "libpwquality", "version": "1.4.4-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rTAf2eiAGJSR1vI+tk12zg==": { "id": "rTAf2eiAGJSR1vI+tk12zg==", "name": "libuuid", "version": "2.37.4-9.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rUUieTQ6JPdOKUOFRfhvNw==": { "id": "rUUieTQ6JPdOKUOFRfhvNw==", "name": "perl-MIME-Base64", "version": "3.16-4.el9", "kind": "binary", "source": { "id": "", "name": "perl-MIME-Base64", "version": "3.16-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rY/kE/V4JnxYoqV+lmc9mg==": { "id": "rY/kE/V4JnxYoqV+lmc9mg==", "name": "gawk", "version": "5.1.0-6.el9", "kind": "binary", "source": { "id": "", "name": "gawk", "version": "5.1.0-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rYCgRZF9UtO2MybO6TcW0g==": { "id": "rYCgRZF9UtO2MybO6TcW0g==", "name": "nettle", "version": "3.8-3.el9_0", "kind": "binary", "source": { "id": "", "name": "nettle", "version": "3.8-3.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rZckolqfVnE7xInGZn5Zzw==": { "id": "rZckolqfVnE7xInGZn5Zzw==", "name": "python3-pysocks", "version": "1.7.1-12.el9", "kind": "binary", "source": { "id": "", "name": "python-pysocks", "version": "1.7.1-12.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "rj2k4My0f4W7sR9R0rDeJg==": { "id": "rj2k4My0f4W7sR9R0rDeJg==", "name": "perl-Pod-Usage", "version": "4:2.01-4.el9", "kind": "binary", "source": { "id": "", "name": "perl-Pod-Usage", "version": "2.01-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "rkUaC636uKZYge61PN1dew==": { "id": "rkUaC636uKZYge61PN1dew==", "name": "perl-POSIX", "version": "1.94-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rlHYqOr0lkUB/Gs6b1kD2g==": { "id": "rlHYqOr0lkUB/Gs6b1kD2g==", "name": "mpfr", "version": "4.1.0-7.el9", "kind": "binary", "source": { "id": "", "name": "mpfr", "version": "4.1.0-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ryPyL0/oZK1jJ8umBZkZBA==": { "id": "ryPyL0/oZK1jJ8umBZkZBA==", "name": "libjpeg-turbo-devel", "version": "2.0.90-5.el9", "kind": "binary", "source": { "id": "", "name": "libjpeg-turbo", "version": "2.0.90-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "s9qYH9lv+nqFfUwtnSIxEw==": { "id": "s9qYH9lv+nqFfUwtnSIxEw==", "name": "ima-evm-utils", "version": "1.4-4.el9", "kind": "binary", "source": { "id": "", "name": "ima-evm-utils", "version": "1.4-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "sE1EmQ5Nhv4P4rilE6lODw==": { "id": "sE1EmQ5Nhv4P4rilE6lODw==", "name": "lsof", "version": "4.94.0-3.el9", "kind": "binary", "source": { "id": "", "name": "lsof", "version": "4.94.0-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ssPaV1VLDu6d5ZJ6Rrmh3A==": { "id": "ssPaV1VLDu6d5ZJ6Rrmh3A==", "name": "sed", "version": "4.8-9.el9", "kind": "binary", "source": { "id": "", "name": "sed", "version": "4.8-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "sukNATkcLkohYgGrhDtrZA==": { "id": "sukNATkcLkohYgGrhDtrZA==", "name": "libxcrypt-devel", "version": "4.4.18-3.el9", "kind": "binary", "source": { "id": "", "name": "libxcrypt", "version": "4.4.18-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "sx0C6L5COHIkv6yQQyPlbw==": { "id": "sx0C6L5COHIkv6yQQyPlbw==", "name": "libunistring", "version": "0.9.10-15.el9", "kind": "binary", "source": { "id": "", "name": "libunistring", "version": "0.9.10-15.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "sy1cTR7VjlyD3WavviV1+g==": { "id": "sy1cTR7VjlyD3WavviV1+g==", "name": "p11-kit", "version": "0.24.1-2.el9", "kind": "binary", "source": { "id": "", "name": "p11-kit", "version": "0.24.1-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "szNvvFbgC3+nu7+FkWHQxA==": { "id": "szNvvFbgC3+nu7+FkWHQxA==", "name": "perl-overload", "version": "1.31-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "t51FYLdtFZpGFe/8JMUaTQ==": { "id": "t51FYLdtFZpGFe/8JMUaTQ==", "name": "rhel9/go-toolset", "version": "1.18.9-14", "kind": "binary", "source": { "id": "GXm2fCeoaq1FqYmMTmMmhQ==", "name": "go-toolset-container", "version": "1.18.9-14", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.18.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "normalized_version": "rhctag:1.18.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "tOoZIHzytN01BRAw3es1Yg==": { "id": "tOoZIHzytN01BRAw3es1Yg==", "name": "bzip2", "version": "1.0.8-8.el9", "kind": "binary", "source": { "id": "", "name": "bzip2", "version": "1.0.8-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "tWWw65aFr0Her+B1hlgbqA==": { "id": "tWWw65aFr0Her+B1hlgbqA==", "name": "perl-Pod-Simple", "version": "1:3.42-4.el9", "kind": "binary", "source": { "id": "", "name": "perl-Pod-Simple", "version": "3.42-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "tsX00aIcJlVDdnN8EABj3g==": { "id": "tsX00aIcJlVDdnN8EABj3g==", "name": "perl-Getopt-Std", "version": "1.12-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "u+N5u943P15onszlgf+ujA==": { "id": "u+N5u943P15onszlgf+ujA==", "name": "libdnf", "version": "0.67.0-3.el9", "kind": "binary", "source": { "id": "", "name": "libdnf", "version": "0.67.0-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "u5TyEoU5GA6Z2czzwhMLiA==": { "id": "u5TyEoU5GA6Z2czzwhMLiA==", "name": "fonts-filesystem", "version": "1:2.0.5-7.el9.1", "kind": "binary", "source": { "id": "", "name": "fonts-rpm-macros", "version": "2.0.5-7.el9.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "u95OKK2MhRQlEYI4tmvSVQ==": { "id": "u95OKK2MhRQlEYI4tmvSVQ==", "name": "util-linux-core", "version": "2.37.4-9.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "uCyCeArpCxiSoV6DjC80ng==": { "id": "uCyCeArpCxiSoV6DjC80ng==", "name": "pcre-devel", "version": "8.44-3.el9.3", "kind": "binary", "source": { "id": "", "name": "pcre", "version": "8.44-3.el9.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "uOrv4V08LjQ381I5J7cGpw==": { "id": "uOrv4V08LjQ381I5J7cGpw==", "name": "gobject-introspection", "version": "1.68.0-10.el9", "kind": "binary", "source": { "id": "", "name": "gobject-introspection", "version": "1.68.0-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "uSt8DkzxoDcE1tRbyYPDOg==": { "id": "uSt8DkzxoDcE1tRbyYPDOg==", "name": "alternatives", "version": "1.20-2.el9", "kind": "binary", "source": { "id": "", "name": "chkconfig", "version": "1.20-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "uWyEe6UPxO05NNzNabxBgA==": { "id": "uWyEe6UPxO05NNzNabxBgA==", "name": "tzdata", "version": "2022g-1.el9_1", "kind": "binary", "source": { "id": "", "name": "tzdata", "version": "2022g-1.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "uXpj8krYkomg5XDZ83F2kg==": { "id": "uXpj8krYkomg5XDZ83F2kg==", "name": "perl-libs", "version": "4:5.32.1-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "uwkXfq5VvKEldZwWOwGq4w==": { "id": "uwkXfq5VvKEldZwWOwGq4w==", "name": "gmp", "version": "1:6.2.0-10.el9", "kind": "binary", "source": { "id": "", "name": "gmp", "version": "6.2.0-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "v5fMEqf0GRz+BrBqAji9dQ==": { "id": "v5fMEqf0GRz+BrBqAji9dQ==", "name": "libzstd", "version": "1.5.1-2.el9", "kind": "binary", "source": { "id": "", "name": "zstd", "version": "1.5.1-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "v6X9Dt1wPw8fK6VaHz1Ffw==": { "id": "v6X9Dt1wPw8fK6VaHz1Ffw==", "name": "perl-threads-shared", "version": "1.61-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-threads-shared", "version": "1.61-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "vSRLH3asu5knZtxqOxtnwQ==": { "id": "vSRLH3asu5knZtxqOxtnwQ==", "name": "brotli", "version": "1.0.9-6.el9", "kind": "binary", "source": { "id": "", "name": "brotli", "version": "1.0.9-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "vVZXXrZNgHNmTJM7knKqAQ==": { "id": "vVZXXrZNgHNmTJM7knKqAQ==", "name": "libfdisk", "version": "2.37.4-9.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "vaBZgtoGX6VZtIwrD9w+EQ==": { "id": "vaBZgtoGX6VZtIwrD9w+EQ==", "name": "libdnf-plugin-subscription-manager", "version": "1.29.30.1-1.el9_1", "kind": "binary", "source": { "id": "", "name": "subscription-manager", "version": "1.29.30.1-1.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "vcbNsnPegQ9DMvL/4z83AA==": { "id": "vcbNsnPegQ9DMvL/4z83AA==", "name": "perl-IO-Socket-SSL", "version": "2.073-1.el9", "kind": "binary", "source": { "id": "", "name": "perl-IO-Socket-SSL", "version": "2.073-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "vtNcuXyRth8r8K/W3sfqrQ==": { "id": "vtNcuXyRth8r8K/W3sfqrQ==", "name": "libpng-devel", "version": "2:1.6.37-12.el9", "kind": "binary", "source": { "id": "", "name": "libpng", "version": "1.6.37-12.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "w2DoavvB02S/+BS01jQqJw==": { "id": "w2DoavvB02S/+BS01jQqJw==", "name": "openblas-srpm-macros", "version": "2-11.el9", "kind": "binary", "source": { "id": "", "name": "openblas-srpm-macros", "version": "2-11.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "wVOHUaFC3qlk+Ft1W2VH7A==": { "id": "wVOHUaFC3qlk+Ft1W2VH7A==", "name": "python3-gobject-base-noarch", "version": "3.40.1-6.el9", "kind": "binary", "source": { "id": "", "name": "pygobject3", "version": "3.40.1-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "wXu3MDegq/TfLSbBy6aoBQ==": { "id": "wXu3MDegq/TfLSbBy6aoBQ==", "name": "gcc-c++", "version": "11.3.1-2.1.el9", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "11.3.1-2.1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "wdMozBSF06uhI4HOI003SQ==": { "id": "wdMozBSF06uhI4HOI003SQ==", "name": "perl-Term-Cap", "version": "1.17-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-Term-Cap", "version": "1.17-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "wsc0mBnyNwrXYdpo0V+0aw==": { "id": "wsc0mBnyNwrXYdpo0V+0aw==", "name": "perl-FileHandle", "version": "2.03-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "wusWpHXirQF8KfxliQcLkQ==": { "id": "wusWpHXirQF8KfxliQcLkQ==", "name": "kernel-srpm-macros", "version": "1.0-11.el9", "kind": "binary", "source": { "id": "", "name": "kernel-srpm-macros", "version": "1.0-11.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "wvtx3JsOUmPyorardjeYSQ==": { "id": "wvtx3JsOUmPyorardjeYSQ==", "name": "fontconfig-devel", "version": "2.14.0-2.el9_1", "kind": "binary", "source": { "id": "", "name": "fontconfig", "version": "2.14.0-2.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "x4oijVhQU8BUwJwoFvk4QA==": { "id": "x4oijVhQU8BUwJwoFvk4QA==", "name": "libmodulemd", "version": "2.13.0-2.el9", "kind": "binary", "source": { "id": "", "name": "libmodulemd", "version": "2.13.0-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xC2PhiBOHiQbniVjaMltjw==": { "id": "xC2PhiBOHiQbniVjaMltjw==", "name": "libpkgconf", "version": "1.7.3-9.el9", "kind": "binary", "source": { "id": "", "name": "pkgconf", "version": "1.7.3-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xGsFnJNA7f9q/+8cz1QFqg==": { "id": "xGsFnJNA7f9q/+8cz1QFqg==", "name": "lua-srpm-macros", "version": "1-6.el9", "kind": "binary", "source": { "id": "", "name": "lua-rpm-macros", "version": "1-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "xSR/sMJIXbuFPYhZS2ZN2Q==": { "id": "xSR/sMJIXbuFPYhZS2ZN2Q==", "name": "gcc-plugin-annobin", "version": "11.3.1-2.1.el9", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "11.3.1-2.1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xVpXFb43dZh4HfBX53yyew==": { "id": "xVpXFb43dZh4HfBX53yyew==", "name": "python3-iniparse", "version": "0.4-45.el9", "kind": "binary", "source": { "id": "", "name": "python-iniparse", "version": "0.4-45.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "xdunfqVk+0spTcWoJA7wPw==": { "id": "xdunfqVk+0spTcWoJA7wPw==", "name": "libnghttp2", "version": "1.43.0-5.el9", "kind": "binary", "source": { "id": "", "name": "nghttp2", "version": "1.43.0-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xfiNHrth0bRlTgQnR3IgUw==": { "id": "xfiNHrth0bRlTgQnR3IgUw==", "name": "libpsl", "version": "0.21.1-5.el9", "kind": "binary", "source": { "id": "", "name": "libpsl", "version": "0.21.1-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xgCGPQ7CZbjJqBTw2Nmu9w==": { "id": "xgCGPQ7CZbjJqBTw2Nmu9w==", "name": "groff-base", "version": "1.22.4-10.el9", "kind": "binary", "source": { "id": "", "name": "groff", "version": "1.22.4-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xnmn6fk+/THLJg3emXYMww==": { "id": "xnmn6fk+/THLJg3emXYMww==", "name": "perl-libnet", "version": "3.13-4.el9", "kind": "binary", "source": { "id": "", "name": "perl-libnet", "version": "3.13-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "y9sflCLWTaHWSSC+w8u7bQ==": { "id": "y9sflCLWTaHWSSC+w8u7bQ==", "name": "xz-devel", "version": "5.2.5-8.el9_0", "kind": "binary", "source": { "id": "", "name": "xz", "version": "5.2.5-8.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "yLdg/zIMr1LMvkW9tAZlGw==": { "id": "yLdg/zIMr1LMvkW9tAZlGw==", "name": "rpm-libs", "version": "4.16.1.3-19.el9_1", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.16.1.3-19.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "yRjjypPMZa7QJg+DLoMumw==": { "id": "yRjjypPMZa7QJg+DLoMumw==", "name": "s2i-base-container", "version": "1-421", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.0.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "yXx0rhfj7kyXaTrxOLQSfA==": { "id": "yXx0rhfj7kyXaTrxOLQSfA==", "name": "libsmartcols", "version": "2.37.4-9.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "yY469KfvqdHWbJwmOcIU1Q==": { "id": "yY469KfvqdHWbJwmOcIU1Q==", "name": "perl-Carp", "version": "1.50-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-Carp", "version": "1.50-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "ycSS8xsUDu5nMwsql04xfQ==": { "id": "ycSS8xsUDu5nMwsql04xfQ==", "name": "gd", "version": "2.3.2-3.el9", "kind": "binary", "source": { "id": "", "name": "gd", "version": "2.3.2-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "z/d/zUXK6aF2L4H7dfeSZw==": { "id": "z/d/zUXK6aF2L4H7dfeSZw==", "name": "pkgconf", "version": "1.7.3-9.el9", "kind": "binary", "source": { "id": "", "name": "pkgconf", "version": "1.7.3-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "zLbmCpiDy68qsFvtKNzmgQ==": { "id": "zLbmCpiDy68qsFvtKNzmgQ==", "name": "xml-common", "version": "0.6.3-58.el9", "kind": "binary", "source": { "id": "", "name": "sgml-common", "version": "0.6.3-58.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "zPYyryKVwACz98/WbfSW6w==": { "id": "zPYyryKVwACz98/WbfSW6w==", "name": "rpm-sign-libs", "version": "4.16.1.3-19.el9_1", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.16.1.3-19.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "zpqzIc9TY4hiXJG024jdBQ==": { "id": "zpqzIc9TY4hiXJG024jdBQ==", "name": "golang-src", "version": "1.18.9-1.el9_1", "kind": "binary", "source": { "id": "", "name": "golang", "version": "1.18.9-1.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "zxuLMmxubC84XoLpkfxZ3w==": { "id": "zxuLMmxubC84XoLpkfxZ3w==", "name": "perl-Mozilla-CA", "version": "20200520-6.el9", "kind": "binary", "source": { "id": "", "name": "perl-Mozilla-CA", "version": "20200520-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" } }, "distributions": { "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a": { "id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "did": "rhel", "name": "Red Hat Enterprise Linux Server", "version": "9", "version_code_name": "", "version_id": "9", "arch": "", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "pretty_name": "Red Hat Enterprise Linux Server 9" } }, "repository": { "0b1d11cf-d36a-432f-b1e8-427ef74fce06": { "id": "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "name": "cpe:/o:redhat:enterprise_linux:9::baseos", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "19cc1ca6-2885-421f-8791-6b3ce26351c9": { "id": "19cc1ca6-2885-421f-8791-6b3ce26351c9", "name": "Red Hat Container Catalog", "uri": "https://catalog.redhat.com/software/containers/explore", "cpe": "" }, "2a32e048-f35d-4373-9a24-80be9fee286d": { "id": "2a32e048-f35d-4373-9a24-80be9fee286d", "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "2c143cbc-60bb-4249-879d-c42bec22481e": { "id": "2c143cbc-60bb-4249-879d-c42bec22481e", "name": "cpe:/o:redhat:enterprise_linux:9::baseos", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "3ad5dc00-af60-4a7d-b6b4-a12726f024c5": { "id": "3ad5dc00-af60-4a7d-b6b4-a12726f024c5", "name": "cpe:/a:redhat:enterprise_linux:9::appstream", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "a9438ddb-e64d-4c42-b1eb-134e533ca8ea": { "id": "a9438ddb-e64d-4c42-b1eb-134e533ca8ea", "name": "cpe:/o:redhat:enterprise_linux:9::baseos", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "b0dbd76a-0010-4c55-952a-4a4ea7e7cfff": { "id": "b0dbd76a-0010-4c55-952a-4a4ea7e7cfff", "name": "cpe:/a:redhat:enterprise_linux:9::appstream", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3": { "id": "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3", "name": "cpe:/a:redhat:enterprise_linux:9::appstream", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "e8b9608f-978c-4681-be5c-407253060f07": { "id": "e8b9608f-978c-4681-be5c-407253060f07", "name": "cpe:/a:redhat:enterprise_linux:9::appstream", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "f74b8f72-cc6c-4f27-a3bf-e034ea6e9212": { "id": "f74b8f72-cc6c-4f27-a3bf-e034ea6e9212", "name": "cpe:/o:redhat:enterprise_linux:9::baseos", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" } }, "environments": { "++K+RsmgWfVk2mj1+hzWKA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "+8O7w8gnK983LoZMdgIWhQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "+A7/nzEXX3Q/xJZ50VMnlQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "+B22ALb6YCnXu+3s6afaLg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "+LQ46YAn9giMKDZRMCUpfg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "+Mkqc/Y23wK8i6e0RDbi0w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "+jCn1wujuDa5B1uNvCdVnw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "+yIdH2Pb8SGFuXnry3uK/A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "/FMjm+UzO0PTaS3Td0lhkw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "/L1kFEoHZTukrNTCQLypFQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "/dbWc/LExxt1O7duWFf9og==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "/t0e+LuglIbDcO/k67Hr2A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "/th8aUKrkgR3Sw9KSBM+CA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "09fH92fqoWDOaYEpwQ9p2g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "0N0D43vK8KV4kQOq2LQn7g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "f74b8f72-cc6c-4f27-a3bf-e034ea6e9212", "b0dbd76a-0010-4c55-952a-4a4ea7e7cfff" ] } ], "0QIby1L00NbGeIw8oxRQWQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "0Yvc2+M8FAry625wuL4S5A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "f74b8f72-cc6c-4f27-a3bf-e034ea6e9212", "b0dbd76a-0010-4c55-952a-4a4ea7e7cfff" ] } ], "0wIoN0pFyBSc9eVtRdIOWA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "13/XvLtRK2RDQlcsZc1BtQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "13i0QoQ6Q4yBI5RUf20lXA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "1GZ5tdSeZY3Wi3x9/AVQ2Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "1T7WJ83NrIa0U7DlD1BR4Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "1XXuvf69/0I2dNHaU2UndQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "1dO83wB64hDLki3A4eA/Pg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "1h9uHE0QiXBO/zpJrT0VjA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "1iUaGpv40BOJQUks5I0iYg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "1m9sKqHTfU4F/K4fidg9cg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "2REYKadw7TKFiuC+OnoHmA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "2fg1ZRYCSPKKOgCxCcA36w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "2w8qE/d9mqIY/9+1qBBrPg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "3688bXyK/nwHthXLLVH24g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "3DTA/XNFCCDFf6sfX96bGg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "3RQKCmep11B4hkfn96QJTA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "3iIPR0bjuCPQ2+48pSdeHg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "4Aph2Qer6+KdCecFsU0TXg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "4DM2GB9KLL7/xWypPdz7vA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "4ImdKzJ7uZoaviIayzuoUg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "4Kw/w2gH7CYCOCv19cdYYA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "582nBqlxZXz0sTRmkFvU4Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "5EpVrCQ4OYKiPYYEOuUcmQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "5JeNH+bHiuiK9wwBZqH10A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "5NZNFErDrBiBoorV+igTjg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "5mmSudfrCeEmVSPweWmcVQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "5oq4jjwqdEJHokHmXZ7fFA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "5uy1J7qi/MafOdYJgaQeGw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "60b1mOIk+ncF/benyKWfug==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "68hxwX7t9VVTsdLs/0iJBA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "695zXUDPsaaAbh1PGloHag==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "f74b8f72-cc6c-4f27-a3bf-e034ea6e9212", "b0dbd76a-0010-4c55-952a-4a4ea7e7cfff" ] } ], "6AYt+NWt55432RGa/HxiQg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "6COiLlB/V7UlOwfuFJy77w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "f74b8f72-cc6c-4f27-a3bf-e034ea6e9212", "b0dbd76a-0010-4c55-952a-4a4ea7e7cfff" ] } ], "6G1ytjIPgX0NNsVwuPQKkQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "6G4wapu2zP6UYfTP+Ip2pA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "6HUC1/dPziZpbtWEymw0nQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "6LVRZKaAJH97OKCXsJMDDw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "6MFxZDjn6ZxVQspQib4VSA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "6RxnMs+9yIqzJpLgR7I3zA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "6VAQWTpZhN9PW7YCmVhxsw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "6camihNRcGvFSo3XinEWFg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "6f28+Af9kIn0OSp9f9j14Q==": [ { "package_db": "root/buildinfo/Dockerfile-ubi9-s2i-base-1-421", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": [ "19cc1ca6-2885-421f-8791-6b3ce26351c9", "19cc1ca6-2885-421f-8791-6b3ce26351c9" ] } ], "74+EW3adzZwX9DbUU0vOdA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "7JHS+mBQfJeJoy73lvm4lw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "7Lf3UXydabzw8g7HGZER+w==": [ { "package_db": "root/buildinfo/Dockerfile-ubi9-s2i-core-1-394", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": [ "19cc1ca6-2885-421f-8791-6b3ce26351c9", "19cc1ca6-2885-421f-8791-6b3ce26351c9" ] } ], "7ZWYFE98hi9HyU5Q68Jgsw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "7qAMBOvJ2FYxpK9n05pI7Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "7yB5oIQve4tWIMlUmHbdQQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "84WodsWNE9m9GIrBiKl02g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "88jYB91M4ddvxo2XjMJKmQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "8Gh2hioTt5BFisg9eNKeEg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "8I3zEJ4sFSgk47ZaRLgtDQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "8Ky53YwzOPM2pkEIVuuuBg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "8Q+4qMpgUhvMDCe2QUBIuQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "8gpmX0NZa9MMhcqi6FUGtg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "8tmJEWGia0UWhhPJb3EyAw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "9AmKs/wDQFsVMVHWnqbu+g==": [ { "package_db": "root/buildinfo/Dockerfile-ubi9-9.1.0-1782", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": [ "19cc1ca6-2885-421f-8791-6b3ce26351c9", "19cc1ca6-2885-421f-8791-6b3ce26351c9" ] } ], "9Fy0bRr3ZMu3q8UNrhlOSQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "f74b8f72-cc6c-4f27-a3bf-e034ea6e9212", "b0dbd76a-0010-4c55-952a-4a4ea7e7cfff" ] } ], "9HjCH3SeUwgItfYZysNlOw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "9WzsXAqqRoLidXM4HaB8/w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "a9438ddb-e64d-4c42-b1eb-134e533ca8ea", "3ad5dc00-af60-4a7d-b6b4-a12726f024c5" ] } ], "9bMXqD09C2r4s8P+HNy2uw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "9hWn3VgLVkzmMJln7S0UCQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "9sAM/NqMLlsG3N88/yD1Vg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "ACNA1cjsRpihwLsZYxMiYQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "AOquy/6bQ9axg0KRp6hMjg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "ARxZCHzD7KB2Pu4aHl7POw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "AZwLZmqkel2BzSMgQsIVGQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "AbW1lRpGUjSEKNnr/Toz6A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "AdRs6lk9yzTM3HvjeEThKA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "AnHvlYoTKSxzg0JMVMiJkg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "AxTxyAHzdLVnUL9t8+ZYmg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "BQhiFmX4hLYteW4oRCLTSA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "BX+oelClu2v6UOl6tluOEQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "C3QbGupU53FFTX0pkfNLrA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "C7VGVckK0YZj4RiVmStEsA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "CXRheoFIylTt2C0ZN4qu3w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "CjFzfz4zBZj7fcwIrVHCRA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "CpC5etTxiNuDvBGQesJNDg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "Ct/46Ed7Asmqt98kLc0FLw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "Cwut2mrMMUaIvKenvO1qWw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "D/XNnExpupd1bO9ZIJIE9w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "D0GGDit/UxegO+/A5R03SA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "DGqCqs+yrHvXs9qsPgn58g==": [ { "package_db": "go:opt/app-root/src/main", "introduced_in": "sha256:58bd48c688cddf0b8fd763ce887647a9f4e7eb355eb2f8970c721fc7b582740f", "distribution_id": "", "repository_ids": [ "2a32e048-f35d-4373-9a24-80be9fee286d" ] } ], "DK0d2bPQCX0xz6Lec7u1cg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "DMchAI2VcGSa4n8bdw5YkA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "DSiKsVzdOYp1aJo/8T0A5A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "DrLq8qfU1bfE8o8AfdvkrQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "E2+Fh4utKcr7Wyiwzh2bYw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "E7ikPxWehuEw+6yIZODYlQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "a9438ddb-e64d-4c42-b1eb-134e533ca8ea", "3ad5dc00-af60-4a7d-b6b4-a12726f024c5" ] } ], "ED0/IlCpWWQwBBKR2YT9sw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "EEcEMKhGMvXAfnMhboIpqw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "EgjLGZKjPtqIaFVLlFAAPg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "EuqqL3yIFMd5VRAfuufJgg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "Exv8+xTp+7Y4AfuM+ph47Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "FEF27h+V5TzrUeQsFddapA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "FFSNe661VBElA1asGZ7k3g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "FKD/ouYSWOOZHy4i43SaxA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "FMrR4PbDeEhmMEh2juuVnw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "FVL6ljas6Mq4jYoOr1b6Hw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "FW8ByCOP6ljvNWDQolahwg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "FaNO6QWs1mWPp40PrBiBUQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "Fy3bplraTnRnJlV5RewauA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "G1YDEd7+V95Qa+PMxB8sJw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "G61ZL2SOHR2qgvQfi118gw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "GIScmMWQrnoFNoEgq3fg2w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "GSkR2SOuqWQN8NtOvU4cgw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "GVmxmNcJqT3ovg+RwjJg1A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "GXm2fCeoaq1FqYmMTmMmhQ==": [ { "package_db": "root/buildinfo/Dockerfile-rhel9-go-toolset-1.18.9-14", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "", "repository_ids": [ "19cc1ca6-2885-421f-8791-6b3ce26351c9", "19cc1ca6-2885-421f-8791-6b3ce26351c9" ] } ], "H+zLNGeS4JMpmfP42mEhnA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "f74b8f72-cc6c-4f27-a3bf-e034ea6e9212", "b0dbd76a-0010-4c55-952a-4a4ea7e7cfff" ] } ], "H3zfV58LzeEUiNQbZbZb2A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "HRtVOTg/Y7Pvd6wqcX24fA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "HbglDdnV9yne0i8jQL30HA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "I16VSEydeiRYB1TSf5694A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "IDaB7M+//88qbPppM+LpUw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "IN2DA8X4LYRmUb07gLqapg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "IOb5jo+s7DgjzeK/LoVNig==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "J0HrVYoM3raELvTfJ82QMA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "JHQdC8JdSGipvO0sCig0cQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "JI92axWONkD2XCTUAeCtuQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "JKP7JzVg7UGaAz4VrH03lQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "JaDqP2PIekJ4FuDfyPDUKA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "JrBk+FMgyv4RrG6esVBCIQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "Jt5/Qd9oxegZwQjsNbUyYA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "K04omiWBsTnRCbFVZLmRKw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "K5U87AYLwYDq48YpniD72A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "KF5C+zKu/uFB7knCqOvDAQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "KH0/KbRUi7KL6UvWa8i6Pg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "KSobT+LH4PXsCiP04HOhbQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "KcftiMkhTw4x89HNJI8NNg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "KlSRCTMecbL63Kg+FZjUdQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "KyRw1LumZrRo6AKKkHgP7w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "L1wl5gEz2lzyNJbirzPmpQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "L2RUW2Fm5EOgoqwyitY3bg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "L4diUjusARli24fy/u9lAw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "LD9yEwGtdZJl2S96EO58PQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "LDIMlzOywHz1+CG5FwjKdQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "LEyuwSco7tb1WIyWy42H8g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "LR+S3JloJQ5YEViBpmcLkA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "LZYaKh1MnXoGX4fHzghRTQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "Leh3RdsGa1oyRcl5Dz4SdA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "LjtOegR/S/Y0KwJeOuSl/w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "Lm5zHfIH4SjtxMBhECD0OQ==": [ { "package_db": "root/buildinfo/Dockerfile-ubi9-s2i-core-1-394", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": [ "19cc1ca6-2885-421f-8791-6b3ce26351c9", "19cc1ca6-2885-421f-8791-6b3ce26351c9" ] } ], "Lwqn0aweLQLZmo12VvYcog==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "M2qdPAOOvb+CWXJwouP4Rw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "MDH8Zt4oQWDiYk9qFV5Lbg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "MJmw8vClC4VAn/J4MfhK2Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "MORX6hW9ZLZCt/52w71zTg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "MXR26wvfFq4/JiRamdOfsA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "Ma5Vpx57SAZOCC5w2EPQYw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "MdGkZ055CI+TZYqVm7FIPg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "Mp61fGpK3II0W8dIQgk3hA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "f74b8f72-cc6c-4f27-a3bf-e034ea6e9212", "b0dbd76a-0010-4c55-952a-4a4ea7e7cfff" ] } ], "MvJE7slPeyMPjzl+J8UH7w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "MxYp6jmrNGPG4EUMxgtsIw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "N4dB55YYjGYeXRj+vLBatg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "N9SQ1VZ/1zaqG0gdsMW91g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "NQAINik1AG7Zn8OB8pLDpA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "Nak/NGhCYVubG4CsEbHhug==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "NdCY2/S+syamLH224R4hug==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "O2SZ5NZewmkamADtmBGMpw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "OLwWa8SuQNJHUBFuTxkKKA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "OgwdUybWl/HQYbnPTE4Psw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "OkY4XBjh2jDTkYhGjNkrUA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "On+NX4Yr+KIGVwagqPDWcQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "OvOSK0YS4U6j2gyFBATNXg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "f74b8f72-cc6c-4f27-a3bf-e034ea6e9212", "b0dbd76a-0010-4c55-952a-4a4ea7e7cfff" ] } ], "PHkBez1UE90U9LJepncOKQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "Pstkjkz7Io1S30t7a9lp4w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "Q+exKQZH61PI/8YfpN472w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "QCZyKHG3XZk9MlIs9ZFBuA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "QcnepR4WKBdAhWdMUPrAWA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "QwKK6TG/JtcCly9jntVf+w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "f74b8f72-cc6c-4f27-a3bf-e034ea6e9212", "b0dbd76a-0010-4c55-952a-4a4ea7e7cfff" ] } ], "R7K6A/Ve75xrYpD+6H0Z8w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "R9sC7SuM6vJmJZYq/bMHWw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "RRIjgvJwJW9jZT+h6lhzrQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "RgUn0rRy/i742s4qQGGoNw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "RhNJQyxUHoA1z70UtgAC4Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "RjsHhFfoWvmQBIu8lxYZjw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "RnnkgzrsHA8d297AfaWbPg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "Rx4ZYvIz7JT5wbghBsjOTA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "SRyGVMCI95+oD0l3+3YStw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "SSFXEK4vNCR4s9ImWtXtgA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "SSnnOPGZCl33DlmR57wC7w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "SV9uo4F9Li9vAHBKYcAlZA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "SZllfeGD2yJm0VL0H7onLg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "SdI1Am/qHph5dG2ZoOeUIQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "TANtf1h6RhI5yVQQhHFTbg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "THoW7icQ9Ts4hZAkh5A/WQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "TPIRq84Pr3a6ywzPeCr3Pw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "Tl6ebomp9GQLN9svWzKp+w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "To0NR+oyXDu1CYJfmVGurQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "Tob5YtKxleVTQzw2GCmwGg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "TzNyp6yTJ3m0O8xeeDKC3A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "TzT9ayOh2hZShfYtipxZEw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "U0P0dNPn1iUcw6b33AAKUg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "Ud9PNLLJ6v7hTpAYdO825w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "Uui1iXuECCOB7NgLQMsJpg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "f74b8f72-cc6c-4f27-a3bf-e034ea6e9212", "b0dbd76a-0010-4c55-952a-4a4ea7e7cfff" ] } ], "UyCrdfN88WUEEECLCIw93w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "V/3oHP6E5IRlfgZZHK72RA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "VDWxBVhhJMCCBIlvmorheA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "VFldiAD+rTFuce+kutFUuA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "VKbklzwNVEem7m1iQRERDg==": [ { "package_db": "go:usr/bin/dlv", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "", "repository_ids": [ "2a32e048-f35d-4373-9a24-80be9fee286d" ] } ], "VLOqRGIR4aQvFfvVrpLyIg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "VV2Z1ngTs6sGvt5SrayPCg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "VhjrPOGZ9XGEFgLnQWc+KQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "W+js148eF9SSUbrTSIRvOQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "W4amAY83CsyR7zQ0GM7zsg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "WCNTEGU4JEqQUNwdkKkP0Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "WIBkwuKReD+vnev0WY88mA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "WM43f6rBXkL3dY9fUi8CGw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "WN9YKonIBKVWuMNAg76vrA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "WXfnWfq5UvDl4B0hS+0enw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "WgTBt6b85L1bF7WXV5bQRA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "WifWl02dLM2pp5urxOSuNg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "WuHt6bav9qTQn9+qCLLu3w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "XD0JiZBKTweysL9d3sIzpw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "XMI2bnJZdxdcHnKc3zgCUA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "XMPq7+46c92RSax5sZ9PZw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "XPJI1FEhwhWF1vzFJI8S6g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "XVUHqTgxrtHVNbQOLA/oQA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "XX1gx35T8rMzed7p4qESdA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "XliA1VgMzM5VjjSZdnmlQw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "XmQjRyagIacphhV3vVNJUg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "Xs0UZDLX+3bz2vT+iSJz7Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "XwbkaIGCYyq6BjBMVZ1wzw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "Y2WVn7YbALZNiKrMVF83bA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "f74b8f72-cc6c-4f27-a3bf-e034ea6e9212", "b0dbd76a-0010-4c55-952a-4a4ea7e7cfff" ] } ], "Y35yrxWjtTUkUbNtS9+p6g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "YRfO+WACNVQDTEO1DaRoPw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "ZEh/5caJmj5WMgoK5/jyfw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "ZX4vKkXsoMfQ2HH9oPb0TA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "Znd6oNA8HDVHwd3abR/PEg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "a0GQ0ecdg5PXNSF9I+cGHw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "aW0vfCmvp3ku6dMkvaoZGw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "ao0mLJHwgqEhua26lzg6gQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "arzS3GnLPLKzM8xRPFnUzw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "ax5YZqtoTsGSLh5YAOUDAA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "b/fX+2E3Kw/VrXP3Viej5w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "bEsPytE/ZdCMbfuAgQc9AA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "bFvWffGqJWr7FWnI7K9NVw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "bQK0gSM91Pq8oi5kJ9072Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "f74b8f72-cc6c-4f27-a3bf-e034ea6e9212", "b0dbd76a-0010-4c55-952a-4a4ea7e7cfff" ] } ], "bbOmNWQZu2GtbHRNTT5LbA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "bp0rUgZ5FkIYAX2aEVd/VA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "byfHs8LLvbAc+YzK8+QmXA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "c+W6x4Mcea6sasJQFpayfg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "c4cAHnbL6QvzxTWvSxwSUQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "a9438ddb-e64d-4c42-b1eb-134e533ca8ea", "3ad5dc00-af60-4a7d-b6b4-a12726f024c5" ] } ], "c6MW06Rtj8J56gSpVtmC/w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "cGWkJkC9Qm+QCP4f8vmD+Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "cPPALpm8EZ1p7Fe1on0nPQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "a9438ddb-e64d-4c42-b1eb-134e533ca8ea", "3ad5dc00-af60-4a7d-b6b4-a12726f024c5" ] } ], "caF9WsICRhpk2jJBTv5OsQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "cj0M8yBzJA8j5tTGHOqDIw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "ckYokpjDEx3hfGxpdtbM6A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "clGQ5Kq/RKZZziBln/4BLA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "ct/ndQfSB+G17YP34ufDBA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "dC9CoYt17eaqinGSVCfCxw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "dMY7Qly4vcBOdARECvhzxQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "dStYvdO33sly7EacpHOqeA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "dYr9tK7XM6aISNKJAtl5ZQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "dnA+092RxSVxmYLtbm4n5w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "dpQG/pUwAqVv1OdQqnvylQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "dt/eA+h8BqXPeZvbQ4xjlQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "e7W78NrdwYaVEcBcXhDv5Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "eEjpOxWkwvzzJN5kkeVUcg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "eJ5VkZHE2z3KyF5sFEKj8g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "eMk3cpR3xfyfnR/IUeON3Q==": [ { "package_db": "go:usr/lib/golang/pkg/tool/linux_amd64/vet", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "", "repository_ids": [ "2a32e048-f35d-4373-9a24-80be9fee286d" ] } ], "eUjbBBk9e6ukjdxq7Ysc5Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "eckWZv7IBjaLZNS/vZ1gWg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "f74b8f72-cc6c-4f27-a3bf-e034ea6e9212", "b0dbd76a-0010-4c55-952a-4a4ea7e7cfff" ] } ], "ey7Cn3NmMZ6qorZvUccGqA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "f2GhXCi0MGW6C5vh1ih8XQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "fTz/BbdjDg+PD+HvcMlQ3A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "a9438ddb-e64d-4c42-b1eb-134e533ca8ea", "3ad5dc00-af60-4a7d-b6b4-a12726f024c5" ] } ], "ffBZQco1wXO0fddcwHstSQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "gBWlSWdEA8U1+Ep4A/+M2g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "gJHwCqer7Rl9ijGK6wpg4A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "gngAZQYf0zy4+w3GwgpLmw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "gsdYiUdG+fMtG/M0X1EkAg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "hGxLNL3q3tYYzz2uKfKB4A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "hHL/OokyETnopazrev0shg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "hKJ3xmpaes4B2vxd2C5M1Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "hNv7ol5w6PGaZXktwlRWPg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "hYEisV19Dxn4PvCvxJFm5A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "hasHd85qN7fkJeIIqjjDow==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "heXcDkpDDTJ/ac/FHrXYvg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "hgr5TOXgV4U9LXyKt2w6gA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "hjikQWtnmVPaWts63wYw4Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "hrY/5TRUmBt6d/EoQ9M7aw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "hvKbzRSMjrg1f3y/PRzGwg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "hyds1mrD8GWUXo+lv53Rag==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "i1yNGcAdCbK2SnebCgMUqQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "iBA/JBMmSIEGbBZDQlcuUQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "iG10xBRfLLoRP3qlluI7NQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "iMLMqCcRXnm6QslpJnCS7w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "iQByZpdRXgW/fl3SoDuoAA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "iQnKl0+RxymKc9bhVdyuyQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "iTjyL8AL9avw3YnaeFgLEg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "f74b8f72-cc6c-4f27-a3bf-e034ea6e9212", "b0dbd76a-0010-4c55-952a-4a4ea7e7cfff" ] } ], "iswhVSntR4QnIsTAyM6ydQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "ix3lD4/Nn7qLbcpDm0AIhg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "j3oHbOmfE09xNAzoTXpcSg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "jADxtb7PiatU9dihVhjp/Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "jDIVpAdvhjPN/gmOBNQuag==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "jH43ZEoPP2TpNiUJXUizMw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "jSOT/FBECA7xUY+Zv/Ps+Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "jXo3rXdhdYGkiXYZpQxZ3Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "kAc8BYCjeCgQR9YdLeGx9w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "kDzRHkg3txncDWuyd5771g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "kMrprdB/TspYL2Dyt9hBfw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "kdml4TiffKDDUHJjP7R1Tg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "ki6pd/LsWsx2BY6b+Np6dQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "kigiD4fuysu8/DeCr+ONKQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "ktHjHCegyaFGFLaqVjqkVA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "kzHnWWgcRX/Do32aQ8TMBQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "lITnNJqHTfcVQiCGHjWozA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "lwkb5oxxrG7ZgPYzSyvcZQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "lxyER9sFQyH/cLua8fAlfw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "ly9SmBBH7WsYXh1oG69XaQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "m7hOFCjo7x6PMvux7htFOg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "mK/FUfODp3MR7WS2xegPsw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "mLZQEF4KLS62c+8BB/jz0Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "mLtyJkgiain09bfdUDF0tA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "mPqGnMbiXN6jP61aGbHvOA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "mRRefE/Wm2s5CZDmwUJ8jg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "mS/mU0XqXurt5b2cC0G2wA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "me8N6gnEhOLccvD/431aCw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "mqd6XOc7hJ7OKe7FI62YlA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "ms1/Dytf/YQgRgubY3EyyQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "n2BikwI3Mg2dIr4kYK8New==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "nC22unSxVi1R4g6taYLM9Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "nRx5HCyZ2M4L1LvJSclibw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "f74b8f72-cc6c-4f27-a3bf-e034ea6e9212", "b0dbd76a-0010-4c55-952a-4a4ea7e7cfff" ] } ], "nUBBsXgA+QSl6Tx9eXi6Mw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "na4ojyfFHL07xf5Yr8wxsg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "noZz3cbDBX3Q1ohSWIKe1g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "nqniqNEVhrfub8cS+os87A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "nwgNWiqPWTP9jQpHdB8CFA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "o0sNxhdrQvn3LtgSlydcdw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "o3loazzxvm2hQ5N1QRaYvg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "oCbJhi6fmGrlKcF1SlNuYw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "oGWSEEsLb6ToIwJ1tUBkwg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "oK41W21MyjS/j+5BoCQjuA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "f74b8f72-cc6c-4f27-a3bf-e034ea6e9212", "b0dbd76a-0010-4c55-952a-4a4ea7e7cfff" ] } ], "oWKtpTsx1ck3WozLlUNKbw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "obNuQXzAwE3TzjUoRN1yEw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "og/hyn7iqbsNsfIv/8VHFg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "om/hnbn42itSjLCSeL6+2A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "p9BcHmUiqsfiDX2HpNFM5g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "pNbpZqWYymW5Cm1QYLE4uQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "pc8TmjOHnExT3yvCQuGR7Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "pdyD4GFauXtML8NxA7nURQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "peDze6790+ubKa/8hacS+w==": [ { "package_db": "go:opt/app-root/src/main", "introduced_in": "sha256:58bd48c688cddf0b8fd763ce887647a9f4e7eb355eb2f8970c721fc7b582740f", "distribution_id": "", "repository_ids": [ "2a32e048-f35d-4373-9a24-80be9fee286d" ] } ], "pff1wMeg2U6ebqlGIkRlMg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "ptT0YL/h24MTjTTVlPAZVg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "qIHoKDOcFEbVk0+xQvglbQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "qTTyL80F/2JUAy85WSpobg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "qYSZ6aKFWol313IOGRXaug==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "qcLLXOiskeOh3Yk1oA8Pwg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "qijykJ/WFTcI/fd8/RsFmg==": [ { "package_db": "root/buildinfo/Dockerfile-ubi9-9.1.0-1782", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": [ "19cc1ca6-2885-421f-8791-6b3ce26351c9", "19cc1ca6-2885-421f-8791-6b3ce26351c9" ] } ], "rEU0uZUpz06y9hg0ORc49A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "rTAf2eiAGJSR1vI+tk12zg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "rUUieTQ6JPdOKUOFRfhvNw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "rY/kE/V4JnxYoqV+lmc9mg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "rYCgRZF9UtO2MybO6TcW0g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "rZckolqfVnE7xInGZn5Zzw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "rj2k4My0f4W7sR9R0rDeJg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "rkUaC636uKZYge61PN1dew==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "rlHYqOr0lkUB/Gs6b1kD2g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "ryPyL0/oZK1jJ8umBZkZBA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "s9qYH9lv+nqFfUwtnSIxEw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "sE1EmQ5Nhv4P4rilE6lODw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "ssPaV1VLDu6d5ZJ6Rrmh3A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "sukNATkcLkohYgGrhDtrZA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "sx0C6L5COHIkv6yQQyPlbw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "sy1cTR7VjlyD3WavviV1+g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "szNvvFbgC3+nu7+FkWHQxA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "t51FYLdtFZpGFe/8JMUaTQ==": [ { "package_db": "root/buildinfo/Dockerfile-rhel9-go-toolset-1.18.9-14", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "", "repository_ids": [ "19cc1ca6-2885-421f-8791-6b3ce26351c9", "19cc1ca6-2885-421f-8791-6b3ce26351c9" ] } ], "tOoZIHzytN01BRAw3es1Yg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "tWWw65aFr0Her+B1hlgbqA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "tsX00aIcJlVDdnN8EABj3g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "u+N5u943P15onszlgf+ujA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "u5TyEoU5GA6Z2czzwhMLiA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "u95OKK2MhRQlEYI4tmvSVQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "uCyCeArpCxiSoV6DjC80ng==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "uOrv4V08LjQ381I5J7cGpw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "uSt8DkzxoDcE1tRbyYPDOg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "uWyEe6UPxO05NNzNabxBgA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "uXpj8krYkomg5XDZ83F2kg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "uwkXfq5VvKEldZwWOwGq4w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "v5fMEqf0GRz+BrBqAji9dQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "v6X9Dt1wPw8fK6VaHz1Ffw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "vSRLH3asu5knZtxqOxtnwQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "vVZXXrZNgHNmTJM7knKqAQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "vaBZgtoGX6VZtIwrD9w+EQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "vcbNsnPegQ9DMvL/4z83AA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "vtNcuXyRth8r8K/W3sfqrQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "w2DoavvB02S/+BS01jQqJw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "wVOHUaFC3qlk+Ft1W2VH7A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "wXu3MDegq/TfLSbBy6aoBQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "wdMozBSF06uhI4HOI003SQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "wsc0mBnyNwrXYdpo0V+0aw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "wusWpHXirQF8KfxliQcLkQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "wvtx3JsOUmPyorardjeYSQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "x4oijVhQU8BUwJwoFvk4QA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "xC2PhiBOHiQbniVjaMltjw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "xGsFnJNA7f9q/+8cz1QFqg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "xSR/sMJIXbuFPYhZS2ZN2Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "xVpXFb43dZh4HfBX53yyew==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "xdunfqVk+0spTcWoJA7wPw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "xfiNHrth0bRlTgQnR3IgUw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "xgCGPQ7CZbjJqBTw2Nmu9w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "f74b8f72-cc6c-4f27-a3bf-e034ea6e9212", "b0dbd76a-0010-4c55-952a-4a4ea7e7cfff" ] } ], "xnmn6fk+/THLJg3emXYMww==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "y9sflCLWTaHWSSC+w8u7bQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "yLdg/zIMr1LMvkW9tAZlGw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "yRjjypPMZa7QJg+DLoMumw==": [ { "package_db": "root/buildinfo/Dockerfile-ubi9-s2i-base-1-421", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": [ "19cc1ca6-2885-421f-8791-6b3ce26351c9", "19cc1ca6-2885-421f-8791-6b3ce26351c9" ] } ], "yXx0rhfj7kyXaTrxOLQSfA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "yY469KfvqdHWbJwmOcIU1Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "ycSS8xsUDu5nMwsql04xfQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "z/d/zUXK6aF2L4H7dfeSZw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "zLbmCpiDy68qsFvtKNzmgQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ], "zPYyryKVwACz98/WbfSW6w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "2c143cbc-60bb-4249-879d-c42bec22481e", "e8b9608f-978c-4681-be5c-407253060f07" ] } ], "zpqzIc9TY4hiXJG024jdBQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "a9438ddb-e64d-4c42-b1eb-134e533ca8ea", "3ad5dc00-af60-4a7d-b6b4-a12726f024c5" ] } ], "zxuLMmxubC84XoLpkfxZ3w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "af7b72a1-abdc-4b7c-a81d-a7aa7cc2b24a", "repository_ids": [ "0b1d11cf-d36a-432f-b1e8-427ef74fce06", "b7559ec7-0499-4dc4-86cd-d7a7c62e4bc3" ] } ] }, "vulnerabilities": { "++J1c+9mFiyHFShlJEQFeA==": { "id": "++J1c+9mFiyHFShlJEQFeA==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "+0Id+AHw3V8pYW+ywWnP+g==": { "id": "+0Id+AHw3V8pYW+ywWnP+g==", "updater": "rhel-vex", "name": "CVE-2022-39253", "description": "Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source's `$GIT_DIR/objects` directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via `--no-hardlinks`). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim's machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the `--recurse-submodules` option. Git does not create symbolic links in the `$GIT_DIR/objects` directory. The problem has been patched in the versions published on 2022-10-18, and backported to v2.30.x. Potential workarounds: Avoid cloning untrusted repositories using the `--local` optimization when on a shared machine, either by passing the `--no-local` option to `git clone` or cloning from a URL that uses the `file://` scheme. Alternatively, avoid cloning repositories from untrusted sources with `--recurse-submodules` or run `git config --global protocol.file.allow user`.", "issued": "2022-10-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-39253 https://bugzilla.redhat.com/show_bug.cgi?id=2137422 https://www.cve.org/CVERecord?id=CVE-2022-39253 https://nvd.nist.gov/vuln/detail/CVE-2022-39253 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-39253.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "+0pi5+jw8FdwHp5pZIVTBg==": { "id": "+0pi5+jw8FdwHp5pZIVTBg==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:6746", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libnghttp2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.43.0-5.el9_3.1", "arch_op": "pattern match" }, "+1zjTJXhgIQ5uwrI0Po3UA==": { "id": "+1zjTJXhgIQ5uwrI0Po3UA==", "updater": "rhel-vex", "name": "CVE-2021-35065", "description": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "issued": "2022-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35065 https://bugzilla.redhat.com/show_bug.cgi?id=2156324 https://www.cve.org/CVERecord?id=CVE-2021-35065 https://nvd.nist.gov/vuln/detail/CVE-2021-35065 https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35065.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "+3z2iqfNC+87k0NgFEkCCg==": { "id": "+3z2iqfNC+87k0NgFEkCCg==", "updater": "rhel-vex", "name": "CVE-2025-55130", "description": "A flaw in Node.js’s Permissions model allows attackers to bypass `--allow-fs-read` and `--allow-fs-write` restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files. This breaks the expected isolation guarantees and enables arbitrary file read/write.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-55130 https://bugzilla.redhat.com/show_bug.cgi?id=2431352 https://www.cve.org/CVERecord?id=CVE-2025-55130 https://nvd.nist.gov/vuln/detail/CVE-2025-55130 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-55130.json https://access.redhat.com/errata/RHSA-2026:2782", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.22.0-1.module+el9.7.0+23896+b5802de9", "arch_op": "pattern match" }, "+4boUUXSpak/++mwJDcv/A==": { "id": "+4boUUXSpak/++mwJDcv/A==", "updater": "rhel-vex", "name": "CVE-2025-14104", "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14104 https://bugzilla.redhat.com/show_bug.cgi?id=2419369 https://www.cve.org/CVERecord?id=CVE-2025-14104 https://nvd.nist.gov/vuln/detail/CVE-2025-14104 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14104.json https://access.redhat.com/errata/RHSA-2026:1913", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "util-linux", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.37.4-21.el9_7", "arch_op": "pattern match" }, "+56lxqiE6H3D8IED88OxVw==": { "id": "+56lxqiE6H3D8IED88OxVw==", "updater": "rhel-vex", "name": "CVE-2025-69649", "description": "A flaw was found in binutils. Processing a specially crafted ELF binary file containing malformed header fields with the readelf program can trigger a NULL pointer dereference, causing a crash and resulting in a denial of service.", "issued": "2026-03-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69649 https://bugzilla.redhat.com/show_bug.cgi?id=2445298 https://www.cve.org/CVERecord?id=CVE-2025-69649 https://nvd.nist.gov/vuln/detail/CVE-2025-69649 https://sourceware.org/bugzilla/show_bug.cgi?id=33697 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=66a3492ce68e1ae45b2489bd9a815c39ea5d7f66 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69649.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "+63s7h05SP1xmH1EyLoL/Q==": { "id": "+63s7h05SP1xmH1EyLoL/Q==", "updater": "rhel-vex", "name": "CVE-2022-4904", "description": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.", "issued": "2022-12-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4904 https://bugzilla.redhat.com/show_bug.cgi?id=2168631 https://www.cve.org/CVERecord?id=CVE-2022-4904 https://nvd.nist.gov/vuln/detail/CVE-2022-4904 https://github.com/c-ares/c-ares/issues/496 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4904.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "+81WHs4+NlxNNP8OWMLJ2g==": { "id": "+81WHs4+NlxNNP8OWMLJ2g==", "updater": "rhel-vex", "name": "CVE-2026-33056", "description": "A flaw was found in tar-rs, a Rust library for reading and writing tar archives. When unpacking a crafted tar archive, an attacker can exploit a symbolic link vulnerability. By including a symlink followed by a directory with the same name, the library incorrectly applies file permissions to the symlink's target. This allows an attacker to modify the permissions of arbitrary directories outside the intended extraction location.", "issued": "2026-03-20T07:11:10Z", "links": "https://access.redhat.com/security/cve/CVE-2026-33056 https://bugzilla.redhat.com/show_bug.cgi?id=2449490 https://www.cve.org/CVERecord?id=CVE-2026-33056 https://nvd.nist.gov/vuln/detail/CVE-2026-33056 https://github.com/alexcrichton/tar-rs/commit/17b1fd84e632071cb8eef9d3709bf347bd266446 https://github.com/alexcrichton/tar-rs/security/advisories/GHSA-j4xf-2g29-59ph https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33056.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "+DDOZxWQYsdNCtZZs4LB2w==": { "id": "+DDOZxWQYsdNCtZZs4LB2w==", "updater": "rhel-vex", "name": "CVE-2024-24789", "description": "A flaw was found in Golang. The ZIP implementation of the Go language archive/zip library behaves differently than the rest of the ZIP file format implementations. When handling ZIP files with a corrupted central directory record, the library skips over the invalid record and processes the next valid one. This flaw allows a malicious user to access hidden information or files inside maliciously crafted ZIP files.", "issued": "2024-06-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24789 https://bugzilla.redhat.com/show_bug.cgi?id=2292668 https://www.cve.org/CVERecord?id=CVE-2024-24789 https://nvd.nist.gov/vuln/detail/CVE-2024-24789 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24789.json https://access.redhat.com/errata/RHSA-2024:4212", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.11-1.el9_4", "arch_op": "pattern match" }, "+Hel9A1WiSK+ZclItesXnQ==": { "id": "+Hel9A1WiSK+ZclItesXnQ==", "updater": "rhel-vex", "name": "CVE-2021-35939", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "+JeSB99qGv/68TsolLxJ1A==": { "id": "+JeSB99qGv/68TsolLxJ1A==", "updater": "rhel-vex", "name": "CVE-2025-4598", "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "issued": "2025-05-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4598 https://bugzilla.redhat.com/show_bug.cgi?id=2369242 https://www.cve.org/CVERecord?id=CVE-2025-4598 https://nvd.nist.gov/vuln/detail/CVE-2025-4598 https://www.openwall.com/lists/oss-security/2025/05/29/3 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4598.json https://access.redhat.com/errata/RHSA-2025:22660", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:252-55.el9_7.7", "arch_op": "pattern match" }, "+Jox86Lr4olzZZpeF2W5Cg==": { "id": "+Jox86Lr4olzZZpeF2W5Cg==", "updater": "rhel-vex", "name": "CVE-2025-12818", "description": "A vulnerability has been identified in PostgreSQL’s libpq client library, where integer wraparound in several allocation-size calculations allows a peer or input provider to cause an undersized buffer and then write out-of-bounds by hundreds of megabytes. This can lead to a client application segmentation fault or crash when using libpq to connect to a PostgreSQL server.", "issued": "2025-11-13T13:00:12Z", "links": "https://access.redhat.com/security/cve/CVE-2025-12818 https://bugzilla.redhat.com/show_bug.cgi?id=2414826 https://www.cve.org/CVERecord?id=CVE-2025-12818 https://nvd.nist.gov/vuln/detail/CVE-2025-12818 https://www.postgresql.org/support/security/CVE-2025-12818/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-12818.json https://access.redhat.com/errata/RHSA-2026:0458", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libpq-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:13.23-1.el9_7", "arch_op": "pattern match" }, "+KQdB1idGjEGKH9of9v/Ew==": { "id": "+KQdB1idGjEGKH9of9v/Ew==", "updater": "rhel-vex", "name": "CVE-2025-69419", "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69419 https://bugzilla.redhat.com/show_bug.cgi?id=2430386 https://www.cve.org/CVERecord?id=CVE-2025-69419 https://nvd.nist.gov/vuln/detail/CVE-2025-69419 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69419.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "+PjI2yN4wCMPyf1oygeT5Q==": { "id": "+PjI2yN4wCMPyf1oygeT5Q==", "updater": "rhel-vex", "name": "CVE-2023-48237", "description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "issued": "2023-11-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48237.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "+Q1v3N9+IP1xQOJnmQWDyQ==": { "id": "+Q1v3N9+IP1xQOJnmQWDyQ==", "updater": "rhel-vex", "name": "CVE-2024-8088", "description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "issued": "2024-08-22T19:15:09Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:9371", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.19-8.el9", "arch_op": "pattern match" }, "+Q9jA+OXah1xDhJvsj+1OQ==": { "id": "+Q9jA+OXah1xDhJvsj+1OQ==", "updater": "rhel-vex", "name": "CVE-2023-29403", "description": "On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state or assuming the status of standard I/O file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29403 https://bugzilla.redhat.com/show_bug.cgi?id=2216965 https://www.cve.org/CVERecord?id=CVE-2023-29403 https://nvd.nist.gov/vuln/detail/CVE-2023-29403 https://go.dev/cl/501223 https://go.dev/issue/60272 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1840 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29403.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "+QQwOZo/9naGhbYAyaOr+w==": { "id": "+QQwOZo/9naGhbYAyaOr+w==", "updater": "rhel-vex", "name": "CVE-2026-33809", "description": "A flaw was found in golang.org/x/image/tiff. A remote attacker could exploit this vulnerability by providing a maliciously crafted Tagged Image File Format (TIFF) file. This could cause the image decoding process to attempt to allocate up to 4 gigabytes (GiB) of memory. The excessive resource consumption or an out-of-memory error would lead to a Denial of Service (DoS) condition.", "issued": "2026-03-25T18:24:04Z", "links": "https://access.redhat.com/security/cve/CVE-2026-33809 https://bugzilla.redhat.com/show_bug.cgi?id=2451437 https://www.cve.org/CVERecord?id=CVE-2026-33809 https://nvd.nist.gov/vuln/detail/CVE-2026-33809 https://go.dev/cl/757660 https://go.dev/issue/78267 https://pkg.go.dev/vuln/GO-2026-4815 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33809.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "+SOMbfLFiy8gAeP6YTZQLA==": { "id": "+SOMbfLFiy8gAeP6YTZQLA==", "updater": "rhel-vex", "name": "CVE-2022-41862", "description": "A flaw was found In PostgreSQL. A modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions, a server can cause a libpq client to over-read and report an error message containing uninitialized bytes.", "issued": "2023-02-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41862 https://bugzilla.redhat.com/show_bug.cgi?id=2165722 https://www.cve.org/CVERecord?id=CVE-2022-41862 https://nvd.nist.gov/vuln/detail/CVE-2022-41862 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41862.json https://access.redhat.com/errata/RHSA-2023:6429", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libpq-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:13.11-1.el9", "arch_op": "pattern match" }, "+SqndwadNHIvm6x16t9CQg==": { "id": "+SqndwadNHIvm6x16t9CQg==", "updater": "rhel-vex", "name": "CVE-2024-8244", "description": "A race condition has been discovered in the golang filepath.Walk and filepath.WalkDir functions. This race condition exists where a portion of the path being walked is replaced with a symbolic link while the walk is in progress.", "issued": "2025-08-06T15:32:27Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8244 https://bugzilla.redhat.com/show_bug.cgi?id=2386885 https://www.cve.org/CVERecord?id=CVE-2024-8244 https://nvd.nist.gov/vuln/detail/CVE-2024-8244 https://go.dev/issue/70007 https://pkg.go.dev/vuln/GO-2025-9999 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8244.json", "severity": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "go-rpm-macros", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "+T/c3saENK5zeqXtZtGLNw==": { "id": "+T/c3saENK5zeqXtZtGLNw==", "updater": "rhel-vex", "name": "CVE-2025-5914", "description": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5914 https://bugzilla.redhat.com/show_bug.cgi?id=2370861 https://www.cve.org/CVERecord?id=CVE-2025-5914 https://nvd.nist.gov/vuln/detail/CVE-2025-5914 https://github.com/libarchive/libarchive/pull/2598 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5914.json https://access.redhat.com/errata/RHSA-2025:14130", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-6.el9_6", "arch_op": "pattern match" }, "+TrS27bZKgEeir9pISurnQ==": { "id": "+TrS27bZKgEeir9pISurnQ==", "updater": "rhel-vex", "name": "CVE-2026-5773", "description": "A flaw was found in libcurl. Due to a logical error in the connection reuse mechanism for SMB (Server Message Block) transfers, libcurl might reuse an existing SMB connection with a different share than intended. This vulnerability, categorized as CWE-488 (Exposure of Data Element to Wrong Session), could lead to the download of an incorrect file or the upload of a file to an unintended location when an application uses libcurl for SMB transfers.", "issued": "2026-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5773 https://bugzilla.redhat.com/show_bug.cgi?id=2461201 https://www.cve.org/CVERecord?id=CVE-2026-5773 https://nvd.nist.gov/vuln/detail/CVE-2026-5773 https://curl.se/docs/CVE-2026-5773.html https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5773.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "+U7CyAHaY71mhNm2Xnq2uw==": { "id": "+U7CyAHaY71mhNm2Xnq2uw==", "updater": "rhel-vex", "name": "CVE-2025-68160", "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-68160 https://bugzilla.redhat.com/show_bug.cgi?id=2430380 https://www.cve.org/CVERecord?id=CVE-2025-68160 https://nvd.nist.gov/vuln/detail/CVE-2025-68160 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68160.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "+UOyQgpOAnrWS+mVMK5k1Q==": { "id": "+UOyQgpOAnrWS+mVMK5k1Q==", "updater": "rhel-vex", "name": "CVE-2026-0861", "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "issued": "2026-01-14T21:01:11Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0861 https://bugzilla.redhat.com/show_bug.cgi?id=2429771 https://www.cve.org/CVERecord?id=CVE-2026-0861 https://nvd.nist.gov/vuln/detail/CVE-2026-0861 https://sourceware.org/bugzilla/show_bug.cgi?id=33796 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0861.json https://access.redhat.com/errata/RHSA-2026:2786", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-231.el9_7.10", "arch_op": "pattern match" }, "+VEguSVDjTT9/ZZv1zUgpg==": { "id": "+VEguSVDjTT9/ZZv1zUgpg==", "updater": "rhel-vex", "name": "CVE-2023-24607", "description": "A vulnerability was found in Qt, where a flaw occurs when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4, a remote attacker could exploit this vulnerability by sending a specially crafted string, causing a denial of service.", "issued": "2023-04-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24607 https://bugzilla.redhat.com/show_bug.cgi?id=2187154 https://www.cve.org/CVERecord?id=CVE-2023-24607 https://nvd.nist.gov/vuln/detail/CVE-2023-24607 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24607.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "qt5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "+WB02bbxvRVZgJj5gYjJ7w==": { "id": "+WB02bbxvRVZgJj5gYjJ7w==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-IO", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.43-481.el9", "arch_op": "pattern match" }, "+Y8OjDjxiEFL5zY0EIjaWA==": { "id": "+Y8OjDjxiEFL5zY0EIjaWA==", "updater": "rhel-vex", "name": "CVE-2025-9230", "description": "A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).", "issued": "2025-09-30T23:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9230 https://bugzilla.redhat.com/show_bug.cgi?id=2396054 https://www.cve.org/CVERecord?id=CVE-2025-9230 https://nvd.nist.gov/vuln/detail/CVE-2025-9230 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9230.json https://access.redhat.com/errata/RHSA-2025:21255", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-4.el9_7", "arch_op": "pattern match" }, "+YVz742I3o3v3ix+O1wb3g==": { "id": "+YVz742I3o3v3ix+O1wb3g==", "updater": "rhel-vex", "name": "CVE-2023-45290", "description": "A flaw was discovered in Go's net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45290 https://bugzilla.redhat.com/show_bug.cgi?id=2268017 https://www.cve.org/CVERecord?id=CVE-2023-45290 https://nvd.nist.gov/vuln/detail/CVE-2023-45290 http://www.openwall.com/lists/oss-security/2024/03/08/4 https://go.dev/cl/569341 https://go.dev/issue/65383 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://pkg.go.dev/vuln/GO-2024-2599 https://security.netapp.com/advisory/ntap-20240329-0004 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45290.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "+YsItiFwLsY/quEIP17M6A==": { "id": "+YsItiFwLsY/quEIP17M6A==", "updater": "rhel-vex", "name": "CVE-2024-2511", "description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv1.3 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "issued": "2024-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "+do0gu6vrF3ZT5my5V6+CQ==": { "id": "+do0gu6vrF3ZT5my5V6+CQ==", "updater": "rhel-vex", "name": "CVE-2024-8088", "description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "issued": "2024-08-22T19:15:09Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:6163", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.5", "arch_op": "pattern match" }, "+doAGgTwsE0iptDdCED/aA==": { "id": "+doAGgTwsE0iptDdCED/aA==", "updater": "rhel-vex", "name": "CVE-2026-33672", "description": "A flaw was found in picomatch, a JavaScript glob matcher. A remote attacker could exploit a method injection vulnerability by providing specially crafted POSIX bracket expressions, such as [[:constructor:]]. This allows the attacker to inject inherited method names into generated regular expressions, leading to incorrect glob matching behavior. This issue can cause security-relevant logic errors in applications that use picomatch for filtering, validation, or access control, potentially compromising data integrity.", "issued": "2026-03-26T21:39:16Z", "links": "https://access.redhat.com/security/cve/CVE-2026-33672 https://bugzilla.redhat.com/show_bug.cgi?id=2451993 https://www.cve.org/CVERecord?id=CVE-2026-33672 https://nvd.nist.gov/vuln/detail/CVE-2026-33672 https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903 https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33672.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "+dqw6lT9TwTTzMp6O2vf1w==": { "id": "+dqw6lT9TwTTzMp6O2vf1w==", "updater": "rhel-vex", "name": "CVE-2023-29403", "description": "On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state or assuming the status of standard I/O file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29403 https://bugzilla.redhat.com/show_bug.cgi?id=2216965 https://www.cve.org/CVERecord?id=CVE-2023-29403 https://nvd.nist.gov/vuln/detail/CVE-2023-29403 https://go.dev/cl/501223 https://go.dev/issue/60272 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1840 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29403.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "+eh9aI+N2OVaUhb6bBR86g==": { "id": "+eh9aI+N2OVaUhb6bBR86g==", "updater": "rhel-vex", "name": "CVE-2025-55131", "description": "A memory exposure flaw has been discovered in Node.js. A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the `vm` module with the timeout option. Under specific timing conditions, buffers allocated with `Buffer.alloc` and other `TypedArray` instances like `Uint8Array` may contain leftover data from previous operations, allowing in-process secrets like tokens or passwords to leak or causing data corruption.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-55131 https://bugzilla.redhat.com/show_bug.cgi?id=2431350 https://www.cve.org/CVERecord?id=CVE-2025-55131 https://nvd.nist.gov/vuln/detail/CVE-2025-55131 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-55131.json https://access.redhat.com/errata/RHSA-2026:2782", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.22.0-1.module+el9.7.0+23896+b5802de9", "arch_op": "pattern match" }, "+fYUom03o4taYF0LdBwDsg==": { "id": "+fYUom03o4taYF0LdBwDsg==", "updater": "rhel-vex", "name": "CVE-2025-66199", "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-66199 https://bugzilla.redhat.com/show_bug.cgi?id=2430379 https://www.cve.org/CVERecord?id=CVE-2025-66199 https://nvd.nist.gov/vuln/detail/CVE-2025-66199 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-66199.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "+gPHeZza1/WobF3MlhRjIQ==": { "id": "+gPHeZza1/WobF3MlhRjIQ==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:20936", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-9.el9_7", "arch_op": "pattern match" }, "+govv3Zh4UHQ+P7JiRlanw==": { "id": "+govv3Zh4UHQ+P7JiRlanw==", "updater": "rhel-vex", "name": "CVE-2026-27904", "description": "A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and resulting in a Denial of Service (DoS).", "issued": "2026-02-26T01:07:42Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27904 https://bugzilla.redhat.com/show_bug.cgi?id=2442922 https://www.cve.org/CVERecord?id=CVE-2026-27904 https://nvd.nist.gov/vuln/detail/CVE-2026-27904 https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27904.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "+hBhqk1qKnkU+nqn6a96qg==": { "id": "+hBhqk1qKnkU+nqn6a96qg==", "updater": "rhel-vex", "name": "CVE-2023-48233", "description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "issued": "2023-11-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48233.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "+hNDIOxLd94c7zDMEtwHAQ==": { "id": "+hNDIOxLd94c7zDMEtwHAQ==", "updater": "rhel-vex", "name": "CVE-2023-6237", "description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "issued": "2024-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "+ieGB56AL1fLbXEZaHIRig==": { "id": "+ieGB56AL1fLbXEZaHIRig==", "updater": "rhel-vex", "name": "CVE-2024-28834", "description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:2570", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-4.el9_4", "arch_op": "pattern match" }, "+nrMi8U389zlK2TEsOUGbw==": { "id": "+nrMi8U389zlK2TEsOUGbw==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-vars", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.05-481.el9", "arch_op": "pattern match" }, "+o9j0Llb6+ISl2S6vmkRkQ==": { "id": "+o9j0Llb6+ISl2S6vmkRkQ==", "updater": "rhel-vex", "name": "CVE-2023-25434", "description": "A heap-based buffer overflow vulnerability was found in LibTIFF's tiffcrop utility in the extractContigSamplesBytes() function. This flaw allows an attacker to pass a crafted TIFF image file to the tiffcrop utility, which causes an out-of-bounds read access resulting in an application crash, eventually leading to a denial of service.", "issued": "2023-06-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25434 https://bugzilla.redhat.com/show_bug.cgi?id=2215209 https://www.cve.org/CVERecord?id=CVE-2023-25434 https://nvd.nist.gov/vuln/detail/CVE-2023-25434 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25434.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "+pLPiYWkQ9M+8Zi7lKlOZA==": { "id": "+pLPiYWkQ9M+8Zi7lKlOZA==", "updater": "rhel-vex", "name": "CVE-2025-3576", "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "issued": "2025-04-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3576 https://bugzilla.redhat.com/show_bug.cgi?id=2359465 https://www.cve.org/CVERecord?id=CVE-2025-3576 https://nvd.nist.gov/vuln/detail/CVE-2025-3576 https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3576.json https://access.redhat.com/errata/RHSA-2025:9430", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-8.el9_6", "arch_op": "pattern match" }, "+pWnGgJUL0jrC1yhwq+kNw==": { "id": "+pWnGgJUL0jrC1yhwq+kNw==", "updater": "rhel-vex", "name": "CVE-2025-23083", "description": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.", "issued": "2025-01-22T01:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23083 https://bugzilla.redhat.com/show_bug.cgi?id=2339392 https://www.cve.org/CVERecord?id=CVE-2025-23083 https://nvd.nist.gov/vuln/detail/CVE-2025-23083 https://nodejs.org/en/blog/vulnerability/january-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23083.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "+rCn8yfwQj/rMH9c7+J0ww==": { "id": "+rCn8yfwQj/rMH9c7+J0ww==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "+sWeYS6ySa1XLsRNuvvO3Q==": { "id": "+sWeYS6ySa1XLsRNuvvO3Q==", "updater": "rhel-vex", "name": "CVE-2025-15366", "description": "A flaw was found in the imaplib module in the Python standard library. The imaplib module does not reject control characters, such as newlines, in user-controlled input passed to IMAP commands. This issue allows an attacker to inject additional commands to be executed in the IMAP server.", "issued": "2026-01-20T21:40:24Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15366 https://bugzilla.redhat.com/show_bug.cgi?id=2431368 https://www.cve.org/CVERecord?id=CVE-2025-15366 https://nvd.nist.gov/vuln/detail/CVE-2025-15366 https://github.com/python/cpython/issues/143921 https://github.com/python/cpython/pull/143922 https://mail.python.org/archives/list/security-announce@python.org/thread/DD7C7JZJYTBXMDOWKCEIEBJLBRU64OMR/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15366.json https://access.redhat.com/errata/RHSA-2026:4168", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.25-3.el9_7.1", "arch_op": "pattern match" }, "+tNEhZfQ7eus2PEerEe59g==": { "id": "+tNEhZfQ7eus2PEerEe59g==", "updater": "rhel-vex", "name": "CVE-2025-4598", "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "issued": "2025-05-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4598 https://bugzilla.redhat.com/show_bug.cgi?id=2369242 https://www.cve.org/CVERecord?id=CVE-2025-4598 https://nvd.nist.gov/vuln/detail/CVE-2025-4598 https://www.openwall.com/lists/oss-security/2025/05/29/3 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4598.json https://access.redhat.com/errata/RHSA-2025:22660", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd-pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:252-55.el9_7.7", "arch_op": "pattern match" }, "+uMSPU5jbqI0+jsP/eX6PA==": { "id": "+uMSPU5jbqI0+jsP/eX6PA==", "updater": "rhel-vex", "name": "CVE-2022-3037", "description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "issued": "2022-08-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3037.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "+wnQC0tYj+uyZzMNgN2bcw==": { "id": "+wnQC0tYj+uyZzMNgN2bcw==", "updater": "rhel-vex", "name": "CVE-2024-32020", "description": "A vulnerability was found in Git. This flaw allows an unauthenticated attacker to place a specialized repository on their target's local system. For performance reasons, Git uses hardlinks when cloning a repository located on the same disk. However, if the repo being cloned is owned by a different user, this can introduce a security risk. At any time in the future, the original repo owner could rewrite the hardlinked files in the cloned user's repo.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32020 https://bugzilla.redhat.com/show_bug.cgi?id=2280466 https://www.cve.org/CVERecord?id=CVE-2024-32020 https://nvd.nist.gov/vuln/detail/CVE-2024-32020 https://github.com/git/git/security/advisories/GHSA-5rfh-556j-fhgj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32020.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "+xzMjgQ/BhN1jTBlVwQfIA==": { "id": "+xzMjgQ/BhN1jTBlVwQfIA==", "updater": "rhel-vex", "name": "CVE-2023-6237", "description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "issued": "2024-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "/+0dqY3HS0Vwp8Izm3R04Q==": { "id": "/+0dqY3HS0Vwp8Izm3R04Q==", "updater": "rhel-vex", "name": "CVE-2023-3817", "description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "/+Tfrcve2y5Ca3irhvwHVA==": { "id": "/+Tfrcve2y5Ca3irhvwHVA==", "updater": "rhel-vex", "name": "CVE-2025-8194", "description": "A flaw was found in the Python tarfile module. Processing a specially crafted tar archive, specifically an archive with negative offsets, can cause an infinite loop and deadlock. This issue results in a denial of service in the Python application using the tarfile module.", "issued": "2025-07-28T18:42:44Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8194 https://bugzilla.redhat.com/show_bug.cgi?id=2384043 https://www.cve.org/CVERecord?id=CVE-2025-8194 https://nvd.nist.gov/vuln/detail/CVE-2025-8194 https://github.com/python/cpython/issues/130577 https://github.com/python/cpython/pull/137027 https://mail.python.org/archives/list/security-announce@python.org/thread/ZULLF3IZ726XP5EY7XJ7YIN3K5MDYR2D/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8194.json https://access.redhat.com/errata/RHSA-2025:15019", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.2", "arch_op": "pattern match" }, "/+enDTB16pRyR8XOMcf3ug==": { "id": "/+enDTB16pRyR8XOMcf3ug==", "updater": "rhel-vex", "name": "CVE-2023-27538", "description": "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27538 https://bugzilla.redhat.com/show_bug.cgi?id=2179103 https://www.cve.org/CVERecord?id=CVE-2023-27538 https://nvd.nist.gov/vuln/detail/CVE-2023-27538 https://curl.se/docs/CVE-2023-27538.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27538.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "/+t6edjy50ibBAIw8q+CWg==": { "id": "/+t6edjy50ibBAIw8q+CWg==", "updater": "rhel-vex", "name": "CVE-2025-0938", "description": "A flaw was found in Python. The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.", "issued": "2025-01-31T17:51:35Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0938 https://bugzilla.redhat.com/show_bug.cgi?id=2343237 https://www.cve.org/CVERecord?id=CVE-2025-0938 https://nvd.nist.gov/vuln/detail/CVE-2025-0938 https://github.com/python/cpython/issues/105704 https://github.com/python/cpython/pull/129418 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0938.json https://access.redhat.com/errata/RHSA-2025:6977", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9", "arch_op": "pattern match" }, "//2gjbgNV4aF0qefir+7Ng==": { "id": "//2gjbgNV4aF0qefir+7Ng==", "updater": "osv/go", "name": "GO-2024-2963", "description": "Denial of service due to improper 100-continue handling in net/http", "issued": "2024-07-02T20:11:00Z", "links": "https://go.dev/cl/591255 https://go.dev/issue/67555 https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.21.12" }, "//8buewiV8gb20qv4g1cqQ==": { "id": "//8buewiV8gb20qv4g1cqQ==", "updater": "rhel-vex", "name": "CVE-2025-65018", "description": "A buffer overflow flaw has been discovered in libpng. There is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds.", "issued": "2025-11-24T23:50:18Z", "links": "https://access.redhat.com/security/cve/CVE-2025-65018 https://bugzilla.redhat.com/show_bug.cgi?id=2416907 https://www.cve.org/CVERecord?id=CVE-2025-65018 https://nvd.nist.gov/vuln/detail/CVE-2025-65018 https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea https://github.com/pnggroup/libpng/issues/755 https://github.com/pnggroup/libpng/pull/757 https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-65018.json https://access.redhat.com/errata/RHSA-2026:0238", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libpng-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:1.6.37-12.el9_7.1", "arch_op": "pattern match" }, "/0WOR5Jn6BKoC/9+5dlz1Q==": { "id": "/0WOR5Jn6BKoC/9+5dlz1Q==", "updater": "rhel-vex", "name": "CVE-2025-23165", "description": "A flaw was found in the ReadFileUtf8 internal binding of Node.js. This vulnerability can allow an attacker to cause an application denial of service via repeated file read operations that trigger an unrecoverable memory leak due to a corrupted pointer in the underlying file system binding.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23165 https://bugzilla.redhat.com/show_bug.cgi?id=2367162 https://www.cve.org/CVERecord?id=CVE-2025-23165 https://nvd.nist.gov/vuln/detail/CVE-2025-23165 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23165.json https://access.redhat.com/errata/RHSA-2025:8468", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.19.2-1.module+el9.6.0+23146+be9976bd", "arch_op": "pattern match" }, "/8OUfvwBnXvWQXB4Meq/rQ==": { "id": "/8OUfvwBnXvWQXB4Meq/rQ==", "updater": "rhel-vex", "name": "CVE-2025-5914", "description": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5914 https://bugzilla.redhat.com/show_bug.cgi?id=2370861 https://www.cve.org/CVERecord?id=CVE-2025-5914 https://nvd.nist.gov/vuln/detail/CVE-2025-5914 https://github.com/libarchive/libarchive/pull/2598 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5914.json https://access.redhat.com/errata/RHSA-2025:14130", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-6.el9_6", "arch_op": "pattern match" }, "/E8Khm0ZXy1gRiDom4c+aw==": { "id": "/E8Khm0ZXy1gRiDom4c+aw==", "updater": "rhel-vex", "name": "CVE-2023-43785", "description": "A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43785 https://bugzilla.redhat.com/show_bug.cgi?id=2242252 https://www.cve.org/CVERecord?id=CVE-2023-43785 https://nvd.nist.gov/vuln/detail/CVE-2023-43785 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43785.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "/EvgSih2YVXl7ohENLMJIQ==": { "id": "/EvgSih2YVXl7ohENLMJIQ==", "updater": "rhel-vex", "name": "CVE-2021-43618", "description": "A flaw was found in gmp. An integer overflow vulnerability could allow an attacker to input an integer value leading to a crash. The highest threat from this vulnerability is to system availability.", "issued": "2021-11-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-43618 https://bugzilla.redhat.com/show_bug.cgi?id=2024904 https://www.cve.org/CVERecord?id=CVE-2021-43618 https://nvd.nist.gov/vuln/detail/CVE-2021-43618 https://bugs.debian.org/994405 https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-43618.json https://access.redhat.com/errata/RHSA-2023:6661", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gmp", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:6.2.0-13.el9", "arch_op": "pattern match" }, "/F62/Gd7cIE4aLRbxVnfCA==": { "id": "/F62/Gd7cIE4aLRbxVnfCA==", "updater": "rhel-vex", "name": "CVE-2023-52425", "description": "A flaw was found in Expat (libexpat). When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service.", "issued": "2024-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-52425 https://bugzilla.redhat.com/show_bug.cgi?id=2262877 https://www.cve.org/CVERecord?id=CVE-2023-52425 https://nvd.nist.gov/vuln/detail/CVE-2023-52425 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52425.json https://access.redhat.com/errata/RHSA-2024:1530", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-1.el9_3.1", "arch_op": "pattern match" }, "/G3xQo8kmNMyu7hycZYF/A==": { "id": "/G3xQo8kmNMyu7hycZYF/A==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "/GSEB7NuV5IOBsMvXs0hOw==": { "id": "/GSEB7NuV5IOBsMvXs0hOw==", "updater": "rhel-vex", "name": "CVE-2026-21716", "description": "A flaw was found in Node.js. An incomplete security fix allows code operating under restricted file system write permissions to bypass these limitations. This vulnerability enables the modification of file permissions and ownership on already-open files, even when explicit write access is denied. Such a bypass could lead to unauthorized changes to system files.", "issued": "2026-03-30T19:07:28Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21716 https://bugzilla.redhat.com/show_bug.cgi?id=2453157 https://www.cve.org/CVERecord?id=CVE-2026-21716 https://nvd.nist.gov/vuln/detail/CVE-2026-21716 https://nodejs.org/en/blog/vulnerability/march-2026-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21716.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "/HT2WOXIuvVNrzT1Wp3ntw==": { "id": "/HT2WOXIuvVNrzT1Wp3ntw==", "updater": "rhel-vex", "name": "CVE-2023-24534", "description": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service.", "issued": "2023-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24534 https://bugzilla.redhat.com/show_bug.cgi?id=2184483 https://www.cve.org/CVERecord?id=CVE-2023-24534 https://nvd.nist.gov/vuln/detail/CVE-2023-24534 https://go.dev/issue/58975 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24534.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "/Hu/RwrxQwmMU70Y0Ls1DA==": { "id": "/Hu/RwrxQwmMU70Y0Ls1DA==", "updater": "rhel-vex", "name": "CVE-2022-29458", "description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "issued": "2022-04-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-29458.json https://access.redhat.com/errata/RHSA-2025:12876", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses-base", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9_6.2", "arch_op": "pattern match" }, "/IZs3BxM2p7QaA473aqOUw==": { "id": "/IZs3BxM2p7QaA473aqOUw==", "updater": "rhel-vex", "name": "CVE-2026-21717", "description": "A flaw was found in V8's string hashing mechanism within Node.js. A remote attacker can exploit this vulnerability by crafting requests containing integer-like strings. These specially crafted strings cause predictable hash collisions in V8's internal string table, particularly when processed by functions like JSON.parse() on attacker-controlled input. This can significantly degrade the performance of the Node.js process, leading to a Denial of Service (DoS) condition.", "issued": "2026-03-30T19:07:28Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21717 https://bugzilla.redhat.com/show_bug.cgi?id=2453162 https://www.cve.org/CVERecord?id=CVE-2026-21717 https://nvd.nist.gov/vuln/detail/CVE-2026-21717 https://nodejs.org/en/blog/vulnerability/march-2026-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21717.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "/KRhrFyFO2WBBj1/Wnbnrg==": { "id": "/KRhrFyFO2WBBj1/Wnbnrg==", "updater": "rhel-vex", "name": "CVE-2024-34158", "description": "A flaw was found in the go/build/constraint package of the Golang standard library. Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34158 https://bugzilla.redhat.com/show_bug.cgi?id=2310529 https://www.cve.org/CVERecord?id=CVE-2024-34158 https://nvd.nist.gov/vuln/detail/CVE-2024-34158 https://go.dev/cl/611240 https://go.dev/issue/69141 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3107 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34158.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "/MWzwBJlhhNbF+zp0zgq+A==": { "id": "/MWzwBJlhhNbF+zp0zgq+A==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-File-Find", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.37-481.el9", "arch_op": "pattern match" }, "/MgFHW097IAGIZkNc/Fltw==": { "id": "/MgFHW097IAGIZkNc/Fltw==", "updater": "rhel-vex", "name": "CVE-2025-5245", "description": "A denial-of-service vulnerability has been identified in GNU Binutils, affecting versions up to 2.44. The flaw resides within the debug_type_samep function in the /binutils/debug.c file of the objdump component. An attacker with local access can trigger a program crash by manipulating input data, leading to a denial of service for the objdump utility.", "issued": "2025-05-27T14:31:12Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5245 https://bugzilla.redhat.com/show_bug.cgi?id=2368771 https://www.cve.org/CVERecord?id=CVE-2025-5245 https://nvd.nist.gov/vuln/detail/CVE-2025-5245 https://sourceware.org/bugzilla/attachment.cgi?id=16004 https://sourceware.org/bugzilla/show_bug.cgi?id=32829 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6c3458a8b7ee7d39f070c7b2350851cb2110c65a https://vuldb.com/?ctiid.310347 https://vuldb.com/?id.310347 https://vuldb.com/?submit.584635 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5245.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "/SEhubz8W4ZKbKg2+yh86Q==": { "id": "/SEhubz8W4ZKbKg2+yh86Q==", "updater": "rhel-vex", "name": "CVE-2022-30635", "description": "A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-30635 https://bugzilla.redhat.com/show_bug.cgi?id=2107388 https://www.cve.org/CVERecord?id=CVE-2022-30635 https://nvd.nist.gov/vuln/detail/CVE-2022-30635 https://go.dev/issue/53615 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-30635.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "/U86DUGeHRSAL0GvmlifyA==": { "id": "/U86DUGeHRSAL0GvmlifyA==", "updater": "rhel-vex", "name": "CVE-2024-22020", "description": "A flaw was found in the Node.js package. By embedding non-network imports in data URLs, this flaw allows an attacker to execute arbitrary code, compromising system security.", "issued": "2024-07-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22020 https://bugzilla.redhat.com/show_bug.cgi?id=2296417 https://www.cve.org/CVERecord?id=CVE-2024-22020 https://nvd.nist.gov/vuln/detail/CVE-2024-22020 https://hackerone.com/reports/2092749 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22020.json https://access.redhat.com/errata/RHSA-2024:5815", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.16.0-1.module+el9.4.0+22197+9e60f127", "arch_op": "pattern match" }, "/U8Jx7SKI9t4H3q4Xm/KEQ==": { "id": "/U8Jx7SKI9t4H3q4Xm/KEQ==", "updater": "rhel-vex", "name": "CVE-2022-48281", "description": "A vulnerability was found in libtiff. This vulnerability occurs due to an issue in processCropSelections in the tools/tiffcrop.c function in LibTIFF that has a heap-based buffer overflow (for example, \"WRITE of size 307203\") via a crafted TIFF image.", "issued": "2023-01-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-48281 https://bugzilla.redhat.com/show_bug.cgi?id=2163606 https://www.cve.org/CVERecord?id=CVE-2022-48281 https://nvd.nist.gov/vuln/detail/CVE-2022-48281 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-48281.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "/VvBaUxAqtfTsAgPes9bAA==": { "id": "/VvBaUxAqtfTsAgPes9bAA==", "updater": "rhel-vex", "name": "CVE-2024-12797", "description": "A flaw was found in OpenSSL's RFC7250 Raw Public Key (RPK) authentication. This vulnerability allows man-in-the-middle (MITM) attacks via failure to abort TLS/DTLS handshakes when the server's RPK does not match the expected key despite the SSL_VERIFY_PEER verification mode being set.", "issued": "2025-02-11T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12797 https://bugzilla.redhat.com/show_bug.cgi?id=2342757 https://www.cve.org/CVERecord?id=CVE-2024-12797 https://nvd.nist.gov/vuln/detail/CVE-2024-12797 https://openssl-library.org/news/secadv/20250211.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12797.json https://access.redhat.com/errata/RHSA-2025:1330", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5.1", "arch_op": "pattern match" }, "/WghVlKV6eiRYf2iGmk9sQ==": { "id": "/WghVlKV6eiRYf2iGmk9sQ==", "updater": "rhel-vex", "name": "CVE-2023-46809", "description": "A flaw was found in Node.js. The privateDecrypt() API of the crypto library may allow a covert timing side-channel during PKCS#1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decrypt captured RSA ciphertexts or forge signatures, especially in scenarios involving API endpoints processing JSON Web Encryption messages.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46809 https://bugzilla.redhat.com/show_bug.cgi?id=2264569 https://www.cve.org/CVERecord?id=CVE-2023-46809 https://nvd.nist.gov/vuln/detail/CVE-2023-46809 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46809.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "/YIHlhDwc0XvwYDDbGEIMg==": { "id": "/YIHlhDwc0XvwYDDbGEIMg==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "/YcdipQjiqJUDpddwhDiIw==": { "id": "/YcdipQjiqJUDpddwhDiIw==", "updater": "rhel-vex", "name": "CVE-2022-2345", "description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "issued": "2022-07-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2345.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "/ZDgobr+usix01fmflBpYg==": { "id": "/ZDgobr+usix01fmflBpYg==", "updater": "rhel-vex", "name": "CVE-2025-69647", "description": "A flaw was found in binutils. Processing a specially crafted ELF binary file containing malformed DWARF loclists data with the readelf program can trigger an infinite loop and result in a denial of service.", "issued": "2026-03-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69647 https://bugzilla.redhat.com/show_bug.cgi?id=2445773 https://www.cve.org/CVERecord?id=CVE-2025-69647 https://nvd.nist.gov/vuln/detail/CVE-2025-69647 https://sourceware.org/bugzilla/show_bug.cgi?id=33640 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=455446bbdc8675f34808187de2bbad4682016ff7 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69647.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "/bIhvJWw2AYMGyJtBaoH6A==": { "id": "/bIhvJWw2AYMGyJtBaoH6A==", "updater": "rhel-vex", "name": "CVE-2024-21892", "description": "A flaw was found in Node.js. On Linux, Node.js ignores certain environment variables if an unprivileged user has set them while the process is running with elevated privileges, except for CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when other capabilities have been set. This flaw allows unprivileged users to inject code that inherits the process's elevated privileges.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21892 https://bugzilla.redhat.com/show_bug.cgi?id=2264582 https://www.cve.org/CVERecord?id=CVE-2024-21892 https://nvd.nist.gov/vuln/detail/CVE-2024-21892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21892.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "/crHce0F0k12Ag9tTWXgCA==": { "id": "/crHce0F0k12Ag9tTWXgCA==", "updater": "rhel-vex", "name": "CVE-2026-27135", "description": "A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service (DoS).", "issued": "2026-03-18T17:59:02Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27135 https://bugzilla.redhat.com/show_bug.cgi?id=2448754 https://www.cve.org/CVERecord?id=CVE-2026-27135 https://nvd.nist.gov/vuln/detail/CVE-2026-27135 https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27135.json https://access.redhat.com/errata/RHSA-2026:7896", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572", "arch_op": "pattern match" }, "/eHyvb2Yvu/vFkWHODEbfw==": { "id": "/eHyvb2Yvu/vFkWHODEbfw==", "updater": "rhel-vex", "name": "CVE-2026-0865", "description": "Missing newline filtering has been discovered in Python. User-controlled header names and values containing newlines can allow injecting HTTP headers.", "issued": "2026-01-20T21:26:15Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0865 https://bugzilla.redhat.com/show_bug.cgi?id=2431367 https://www.cve.org/CVERecord?id=CVE-2026-0865 https://nvd.nist.gov/vuln/detail/CVE-2026-0865 https://github.com/python/cpython/issues/143916 https://github.com/python/cpython/pull/143917 https://mail.python.org/archives/list/security-announce@python.org/thread/BJ6QPHNSHJTS3A7CFV6IBMCAP2DWRVNT/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0865.json https://access.redhat.com/errata/RHSA-2026:4168", "severity": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.25-3.el9_7.1", "arch_op": "pattern match" }, "/eIvRWSFFmU3q3Ki3j/gKA==": { "id": "/eIvRWSFFmU3q3Ki3j/gKA==", "updater": "rhel-vex", "name": "CVE-2024-32004", "description": "A vulnerability was found in Git. This vulnerability can be exploited by an unauthenticated attacker who places a specialized repository on the target's local system. If the victim clones this repository, the attacker can execute arbitrary code.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32004 https://bugzilla.redhat.com/show_bug.cgi?id=2280428 https://www.cve.org/CVERecord?id=CVE-2024-32004 https://nvd.nist.gov/vuln/detail/CVE-2024-32004 https://github.com/git/git/security/advisories/GHSA-xfc6-vwr8-r389 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32004.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "/h81Nr0GSz2fO9zGO8rpYw==": { "id": "/h81Nr0GSz2fO9zGO8rpYw==", "updater": "rhel-vex", "name": "CVE-2025-69421", "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69421 https://bugzilla.redhat.com/show_bug.cgi?id=2430387 https://www.cve.org/CVERecord?id=CVE-2025-69421 https://nvd.nist.gov/vuln/detail/CVE-2025-69421 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69421.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "/i0rPUB7nJcIUQuikyWxeQ==": { "id": "/i0rPUB7nJcIUQuikyWxeQ==", "updater": "rhel-vex", "name": "CVE-2025-59465", "description": "A denial of service flaw has been discovered in NodeJS. A malformed `HTTP/2 HEADERS` frame with oversized, invalid `HPACK` data can cause Node.js to crash by triggering an unhandled `TLSSocket` error `ECONNRESET`. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not attach explicit error handlers to secure sockets", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-59465 https://bugzilla.redhat.com/show_bug.cgi?id=2431349 https://www.cve.org/CVERecord?id=CVE-2025-59465 https://nvd.nist.gov/vuln/detail/CVE-2025-59465 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-59465.json https://access.redhat.com/errata/RHSA-2026:2783", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.20.0-1.module+el9.7.0+23895+0637d423", "arch_op": "pattern match" }, "/ik4PFVpoYSF6+jKJPGHoA==": { "id": "/ik4PFVpoYSF6+jKJPGHoA==", "updater": "rhel-vex", "name": "CVE-2025-11840", "description": "An out of bounds read flaw has been discovered in GNU binutils. The `vfinfo` function in the `ldmisc.c` file. Exploitation of this flaw requires local access and may cause a program crash.", "issued": "2025-10-16T15:32:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11840 https://bugzilla.redhat.com/show_bug.cgi?id=2404481 https://www.cve.org/CVERecord?id=CVE-2025-11840 https://nvd.nist.gov/vuln/detail/CVE-2025-11840 https://sourceware.org/bugzilla/attachment.cgi?id=16351 https://sourceware.org/bugzilla/attachment.cgi?id=16357 https://sourceware.org/bugzilla/show_bug.cgi?id=33455 https://vuldb.com/?ctiid.328775 https://vuldb.com/?id.328775 https://vuldb.com/?submit.661281 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11840.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "/jvSCV2RwJ6c/Llx9z8uvA==": { "id": "/jvSCV2RwJ6c/Llx9z8uvA==", "updater": "rhel-vex", "name": "CVE-2025-15469", "description": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15469 https://bugzilla.redhat.com/show_bug.cgi?id=2430378 https://www.cve.org/CVERecord?id=CVE-2025-15469 https://nvd.nist.gov/vuln/detail/CVE-2025-15469 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15469.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "/kFHc0+JKhJmQT3bM6TpTQ==": { "id": "/kFHc0+JKhJmQT3bM6TpTQ==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "/m4KubgMsY+Uf3GqqbY5Og==": { "id": "/m4KubgMsY+Uf3GqqbY5Og==", "updater": "rhel-vex", "name": "CVE-2022-35252", "description": "A vulnerability found in curl. This security flaw happens when curl is used to retrieve and parse cookies from an HTTP(S) server, where it accepts cookies using control codes (byte values below 32), and also when cookies that contain such control codes are later sent back to an HTTP(S) server, possibly causing the server to return a 400 response. This issue effectively allows a \"sister site\" to deny service to siblings and cause a denial of service attack.", "issued": "2022-08-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-35252 https://bugzilla.redhat.com/show_bug.cgi?id=2120718 https://www.cve.org/CVERecord?id=CVE-2022-35252 https://nvd.nist.gov/vuln/detail/CVE-2022-35252 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-35252.json https://access.redhat.com/errata/RHSA-2023:2478", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9", "arch_op": "pattern match" }, "/mkayEGPyxm+Oz1uU7VxhQ==": { "id": "/mkayEGPyxm+Oz1uU7VxhQ==", "updater": "rhel-vex", "name": "CVE-2025-61984", "description": "A flaw was found in OpenSSH where control characters in usernames were not properly validated when sourced from untrusted inputs like the command line or configuration expansion. If a ProxyCommand is used, these control characters could modify command behavior, potentially leading to code execution.", "issued": "2025-10-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61984 https://bugzilla.redhat.com/show_bug.cgi?id=2401960 https://www.cve.org/CVERecord?id=CVE-2025-61984 https://nvd.nist.gov/vuln/detail/CVE-2025-61984 https://marc.info/?l=openssh-unix-dev\u0026m=175974522032149\u0026w=2 https://www.openssh.com/releasenotes.html#10.1p1 https://www.openwall.com/lists/oss-security/2025/10/06/1 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61984.json https://access.redhat.com/errata/RHSA-2025:23480", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-47.el9_7", "arch_op": "pattern match" }, "/pWkiqt8QgDCUksSSa24UQ==": { "id": "/pWkiqt8QgDCUksSSa24UQ==", "updater": "rhel-vex", "name": "CVE-2023-29007", "description": "A vulnerability was found in Git. This security flaw occurs when renaming or deleting a section from a configuration file, where certain malicious configuration values may be misinterpreted as the beginning of a new configuration section. This flaw leads to arbitrary configuration injection.", "issued": "2023-04-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29007 https://bugzilla.redhat.com/show_bug.cgi?id=2188338 https://www.cve.org/CVERecord?id=CVE-2023-29007 https://nvd.nist.gov/vuln/detail/CVE-2023-29007 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29007.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "/qkNjq5a4HrGsyOMMBvKNA==": { "id": "/qkNjq5a4HrGsyOMMBvKNA==", "updater": "rhel-vex", "name": "CVE-2026-21637", "description": "A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when `pskCallback` or `ALPNCallback` are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths (tlsClientError and error), causing either immediate process termination or silent file descriptor leaks that eventually lead to denial of service. Because these callbacks process attacker-controlled input during the TLS handshake, a remote client can repeatedly trigger the issue. This vulnerability affects TLS servers using PSK or ALPN callbacks across Node.js versions where these callbacks throw without being safely wrapped.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21637 https://bugzilla.redhat.com/show_bug.cgi?id=2431340 https://www.cve.org/CVERecord?id=CVE-2026-21637 https://nvd.nist.gov/vuln/detail/CVE-2026-21637 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21637.json https://access.redhat.com/errata/RHSA-2026:2781", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.13.0-1.module+el9.7.0+23894+c8377628", "arch_op": "pattern match" }, "/rGrv6ID1FHztWkSNUU0Yw==": { "id": "/rGrv6ID1FHztWkSNUU0Yw==", "updater": "rhel-vex", "name": "CVE-2023-43786", "description": "A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43786 https://bugzilla.redhat.com/show_bug.cgi?id=2242253 https://www.cve.org/CVERecord?id=CVE-2023-43786 https://nvd.nist.gov/vuln/detail/CVE-2023-43786 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43786.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "/w1B4Q4YhRhn+C15Pv2Mlg==": { "id": "/w1B4Q4YhRhn+C15Pv2Mlg==", "updater": "rhel-vex", "name": "CVE-2026-27142", "description": "An input escaping flaw has been discovered in the golang html/template module. Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value \"refresh\". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow \"url=\" by setting htmlmetacontenturlescape=0.", "issued": "2026-03-06T21:28:14Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27142 https://bugzilla.redhat.com/show_bug.cgi?id=2445351 https://www.cve.org/CVERecord?id=CVE-2026-27142 https://nvd.nist.gov/vuln/detail/CVE-2026-27142 https://go.dev/cl/752081 https://go.dev/issue/77954 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://pkg.go.dev/vuln/GO-2026-4603 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27142.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "/wfob5jHHezdiyugtfPWjg==": { "id": "/wfob5jHHezdiyugtfPWjg==", "updater": "rhel-vex", "name": "CVE-2021-45261", "description": "A flaw was found in patch. A possible memory corruption vulnerability could allow an attacker to input a specially crafted patch file leading to a crash or code execution.", "issued": "2021-12-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-45261 https://bugzilla.redhat.com/show_bug.cgi?id=2035081 https://www.cve.org/CVERecord?id=CVE-2021-45261 https://nvd.nist.gov/vuln/detail/CVE-2021-45261 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-45261.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "patch", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "00MQS+g+VNjKvRbuFWsWbQ==": { "id": "00MQS+g+VNjKvRbuFWsWbQ==", "updater": "rhel-vex", "name": "CVE-2023-29403", "description": "On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state or assuming the status of standard I/O file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29403 https://bugzilla.redhat.com/show_bug.cgi?id=2216965 https://www.cve.org/CVERecord?id=CVE-2023-29403 https://nvd.nist.gov/vuln/detail/CVE-2023-29403 https://go.dev/cl/501223 https://go.dev/issue/60272 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1840 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29403.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "00cDk2w3qfvdzMbO27c/+w==": { "id": "00cDk2w3qfvdzMbO27c/+w==", "updater": "rhel-vex", "name": "CVE-2022-2982", "description": "A heap use-after-free vulnerability was found in vim's qf_fill_buffer() function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-08-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2982 https://bugzilla.redhat.com/show_bug.cgi?id=2123714 https://www.cve.org/CVERecord?id=CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2982.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "01GEWNrsm5Pgr9C+LDMW/A==": { "id": "01GEWNrsm5Pgr9C+LDMW/A==", "updater": "rhel-vex", "name": "CVE-2026-27904", "description": "A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and resulting in a Denial of Service (DoS).", "issued": "2026-02-26T01:07:42Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27904 https://bugzilla.redhat.com/show_bug.cgi?id=2442922 https://www.cve.org/CVERecord?id=CVE-2026-27904 https://nvd.nist.gov/vuln/detail/CVE-2026-27904 https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27904.json https://access.redhat.com/errata/RHSA-2026:7302", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.22.2-1.module+el9.7.0+24157+8ddb2461", "arch_op": "pattern match" }, "03WJApqdfWbzHtZHpqBt1Q==": { "id": "03WJApqdfWbzHtZHpqBt1Q==", "updater": "rhel-vex", "name": "CVE-2023-30590", "description": "A vulnerability has been identified in the Node.js, where a generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30590 https://bugzilla.redhat.com/show_bug.cgi?id=2219842 https://www.cve.org/CVERecord?id=CVE-2023-30590 https://nvd.nist.gov/vuln/detail/CVE-2023-30590 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30590.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "041SU8x5Wrw6mRfaRurHIg==": { "id": "041SU8x5Wrw6mRfaRurHIg==", "updater": "rhel-vex", "name": "CVE-2025-69419", "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69419 https://bugzilla.redhat.com/show_bug.cgi?id=2430386 https://www.cve.org/CVERecord?id=CVE-2025-69419 https://nvd.nist.gov/vuln/detail/CVE-2025-69419 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69419.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "06GjiUkv66Ek9Iq8u3SFSA==": { "id": "06GjiUkv66Ek9Iq8u3SFSA==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.2.8.el9_4", "arch_op": "pattern match" }, "081ZZUa7+goThe2JzRBcxw==": { "id": "081ZZUa7+goThe2JzRBcxw==", "updater": "osv/go", "name": "GO-2023-1621", "description": "Incorrect calculation on P256 curves in crypto/internal/nistec", "issued": "2023-03-08T19:30:53Z", "links": "https://go.dev/issue/58647 https://go.dev/cl/471255 https://groups.google.com/g/golang-announce/c/3-TpUx48iQY", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.7" }, "08D4UJe9dGHvq1NhH1rKXw==": { "id": "08D4UJe9dGHvq1NhH1rKXw==", "updater": "rhel-vex", "name": "CVE-2026-27904", "description": "A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and resulting in a Denial of Service (DoS).", "issued": "2026-02-26T01:07:42Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27904 https://bugzilla.redhat.com/show_bug.cgi?id=2442922 https://www.cve.org/CVERecord?id=CVE-2026-27904 https://nvd.nist.gov/vuln/detail/CVE-2026-27904 https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27904.json https://access.redhat.com/errata/RHSA-2026:7302", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.22.2-1.module+el9.7.0+24157+8ddb2461", "arch_op": "pattern match" }, "09S7nCU8PMWz5tWquOFCaQ==": { "id": "09S7nCU8PMWz5tWquOFCaQ==", "updater": "rhel-vex", "name": "CVE-2023-39325", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39325 https://bugzilla.redhat.com/show_bug.cgi?id=2243296 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-39325 https://nvd.nist.gov/vuln/detail/CVE-2023-39325 https://access.redhat.com/security/cve/CVE-2023-44487 https://go.dev/issue/63417 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39325.json https://access.redhat.com/errata/RHSA-2023:5738", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.13-1.el9_2", "arch_op": "pattern match" }, "0DSgRHOq1OLwMX3biKMcbA==": { "id": "0DSgRHOq1OLwMX3biKMcbA==", "updater": "rhel-vex", "name": "CVE-2024-24788", "description": "A flaw was found in the net package of the Go stdlib. When a malformed DNS message is received as a response to a query, the Lookup functions within the net package can get stuck in an infinite loop. This issue can lead to resource exhaustion and denial of service (DoS) conditions.", "issued": "2024-05-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24788 https://bugzilla.redhat.com/show_bug.cgi?id=2279814 https://www.cve.org/CVERecord?id=CVE-2024-24788 https://nvd.nist.gov/vuln/detail/CVE-2024-24788 https://pkg.go.dev/vuln/GO-2024-2824 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24788.json https://access.redhat.com/errata/RHBA-2024:3840", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.10-1.el9_4", "arch_op": "pattern match" }, "0E1VjQWdmolR9lr9ElIZZQ==": { "id": "0E1VjQWdmolR9lr9ElIZZQ==", "updater": "rhel-vex", "name": "CVE-2026-28389", "description": "A flaw was found in OpenSSL. A remote attacker could exploit this by sending a specially crafted Cryptographic Message Syntax (CMS) EnvelopedData message with KeyAgreeRecipientInfo. This vulnerability arises because the software attempts to process an optional field without verifying its existence, leading to a NULL pointer dereference. This can result in a Denial of Service (DoS) for applications that handle untrusted CMS data.", "issued": "2026-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-28389 https://bugzilla.redhat.com/show_bug.cgi?id=2451096 https://www.cve.org/CVERecord?id=CVE-2026-28389 https://nvd.nist.gov/vuln/detail/CVE-2026-28389 https://openssl-library.org/news/secadv/20260407.txt https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-28389.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "0E3jDwz9OiQ7ty2SI9zDYQ==": { "id": "0E3jDwz9OiQ7ty2SI9zDYQ==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5765", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-3.el9_2", "arch_op": "pattern match" }, "0EZfEnxlowgJ1Et69rh7Fg==": { "id": "0EZfEnxlowgJ1Et69rh7Fg==", "updater": "rhel-vex", "name": "CVE-2024-45491", "description": "An issue was found in libexpat’s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "issued": "2024-08-30T03:15:03Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45491 https://bugzilla.redhat.com/show_bug.cgi?id=2308616 https://www.cve.org/CVERecord?id=CVE-2024-45491 https://nvd.nist.gov/vuln/detail/CVE-2024-45491 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/888 https://github.com/libexpat/libexpat/pull/891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45491.json https://access.redhat.com/errata/RHSA-2024:6754", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-2.el9_4.1", "arch_op": "pattern match" }, "0Gq5wAUiCXaH50wxZYx9MQ==": { "id": "0Gq5wAUiCXaH50wxZYx9MQ==", "updater": "rhel-vex", "name": "CVE-2024-9287", "description": "A vulnerability has been found in the Python `venv` module and CLI. Path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts, for example, \"source venv/bin/activate\". This flaw allows attacker-controlled virtual environments to run commands when the virtual environment is activated.", "issued": "2024-10-22T16:34:39Z", "links": "https://access.redhat.com/security/cve/CVE-2024-9287 https://bugzilla.redhat.com/show_bug.cgi?id=2321440 https://www.cve.org/CVERecord?id=CVE-2024-9287 https://nvd.nist.gov/vuln/detail/CVE-2024-9287 https://github.com/python/cpython/issues/124651 https://github.com/python/cpython/pull/124712 https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9287.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "0K8l/WAiKh6VWmmuYinJBA==": { "id": "0K8l/WAiKh6VWmmuYinJBA==", "updater": "rhel-vex", "name": "CVE-2025-11495", "description": "A heap based buffer overflow flaw has been discovered in the GNU Binutils package. The affected element is the function elf_x86_64_relocate_section of the file elf64-x86-64.c of the component Linker. This manipulation causes heap-based buffer overflow. The attack can only be executed locally.", "issued": "2025-10-08T20:02:07Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11495 https://bugzilla.redhat.com/show_bug.cgi?id=2402584 https://www.cve.org/CVERecord?id=CVE-2025-11495 https://nvd.nist.gov/vuln/detail/CVE-2025-11495 https://sourceware.org/bugzilla/attachment.cgi?id=16393 https://sourceware.org/bugzilla/show_bug.cgi?id=33502 https://sourceware.org/bugzilla/show_bug.cgi?id=33502#c3 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0 https://vuldb.com/?ctiid.327620 https://vuldb.com/?id.327620 https://vuldb.com/?submit.668290 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11495.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "0LMSjLLjEqlpe4LAE1rWJA==": { "id": "0LMSjLLjEqlpe4LAE1rWJA==", "updater": "rhel-vex", "name": "CVE-2023-28321", "description": "A flaw was found in the Curl package. An incorrect International Domain Name (IDN) wildcard match may lead to improper certificate validation.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28321 https://bugzilla.redhat.com/show_bug.cgi?id=2196786 https://www.cve.org/CVERecord?id=CVE-2023-28321 https://nvd.nist.gov/vuln/detail/CVE-2023-28321 https://curl.se/docs/CVE-2023-28321.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28321.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "0LvlxzvH25js4ffWzvLRTQ==": { "id": "0LvlxzvH25js4ffWzvLRTQ==", "updater": "rhel-vex", "name": "CVE-2024-22020", "description": "A flaw was found in the Node.js package. By embedding non-network imports in data URLs, this flaw allows an attacker to execute arbitrary code, compromising system security.", "issued": "2024-07-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22020 https://bugzilla.redhat.com/show_bug.cgi?id=2296417 https://www.cve.org/CVERecord?id=CVE-2024-22020 https://nvd.nist.gov/vuln/detail/CVE-2024-22020 https://hackerone.com/reports/2092749 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22020.json https://access.redhat.com/errata/RHSA-2024:6147", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.4-1.module+el9.4.0+22195+c221878e", "arch_op": "pattern match" }, "0MVVcjDKfdLbs80csEfrOw==": { "id": "0MVVcjDKfdLbs80csEfrOw==", "updater": "rhel-vex", "name": "CVE-2025-22871", "description": "A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed (LF) instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to send hidden or unauthorized requests.", "issued": "2025-04-08T20:04:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/show_bug.cgi?id=2358493 https://www.cve.org/CVERecord?id=CVE-2025-22871 https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://pkg.go.dev/vuln/GO-2025-3563 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22871.json https://access.redhat.com/errata/RHSA-2025:8476", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.9-1.el9_6", "arch_op": "pattern match" }, "0O2I0zrYDyiCiU68WyBLvw==": { "id": "0O2I0zrYDyiCiU68WyBLvw==", "updater": "rhel-vex", "name": "CVE-2023-30589", "description": "A vulnerability has been identified in the Node.js, where llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30589 https://bugzilla.redhat.com/show_bug.cgi?id=2219841 https://www.cve.org/CVERecord?id=CVE-2023-30589 https://nvd.nist.gov/vuln/detail/CVE-2023-30589 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30589.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "0P/5eKFuPPXM3bHgeAHWxw==": { "id": "0P/5eKFuPPXM3bHgeAHWxw==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "0PMktbRk+B4fdwvvP1VWUg==": { "id": "0PMktbRk+B4fdwvvP1VWUg==", "updater": "rhel-vex", "name": "CVE-2025-48385", "description": "A bundled uri handling flaw was found in Git. When cloning a repository, Git knows to optionally fetch a bundle advertised by the remote server, which allows the server side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection.", "issued": "2025-07-08T18:23:44Z", "links": "https://access.redhat.com/security/cve/CVE-2025-48385 https://bugzilla.redhat.com/show_bug.cgi?id=2378808 https://www.cve.org/CVERecord?id=CVE-2025-48385 https://nvd.nist.gov/vuln/detail/CVE-2025-48385 https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-48385.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "0QqnWQey4QRkB1tBadW1jg==": { "id": "0QqnWQey4QRkB1tBadW1jg==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "0RLigWktH24pjgFtIwRH2A==": { "id": "0RLigWktH24pjgFtIwRH2A==", "updater": "rhel-vex", "name": "CVE-2023-23920", "description": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23920 https://bugzilla.redhat.com/show_bug.cgi?id=2172217 https://www.cve.org/CVERecord?id=CVE-2023-23920 https://nvd.nist.gov/vuln/detail/CVE-2023-23920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23920.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "0TUqdQNGOvjHNFjkDen1Sg==": { "id": "0TUqdQNGOvjHNFjkDen1Sg==", "updater": "rhel-vex", "name": "CVE-2022-25881", "description": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.", "issued": "2023-01-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25881 https://bugzilla.redhat.com/show_bug.cgi?id=2165824 https://www.cve.org/CVERecord?id=CVE-2022-25881 https://nvd.nist.gov/vuln/detail/CVE-2022-25881 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25881.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.3-1.16.19.1.1.el9_2", "arch_op": "pattern match" }, "0Tr3QMpqaFB6S//rbJ/Onw==": { "id": "0Tr3QMpqaFB6S//rbJ/Onw==", "updater": "rhel-vex", "name": "CVE-2025-3576", "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "issued": "2025-04-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3576 https://bugzilla.redhat.com/show_bug.cgi?id=2359465 https://www.cve.org/CVERecord?id=CVE-2025-3576 https://nvd.nist.gov/vuln/detail/CVE-2025-3576 https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3576.json https://access.redhat.com/errata/RHSA-2025:9430", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-8.el9_6", "arch_op": "pattern match" }, "0U0p6zwok5l6rbIxjBRN7w==": { "id": "0U0p6zwok5l6rbIxjBRN7w==", "updater": "rhel-vex", "name": "CVE-2023-43788", "description": "A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local attacker to trigger an out-of-bounds read error and read the contents of memory on the system.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43788 https://bugzilla.redhat.com/show_bug.cgi?id=2242248 https://www.cve.org/CVERecord?id=CVE-2023-43788 https://nvd.nist.gov/vuln/detail/CVE-2023-43788 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43788.json https://access.redhat.com/errata/RHSA-2024:2146", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libXpm-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.13-10.el9", "arch_op": "pattern match" }, "0UWL07sxLog3CGNaaYYQxQ==": { "id": "0UWL07sxLog3CGNaaYYQxQ==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "0UxirvKJMj5gY8fbrSf6sA==": { "id": "0UxirvKJMj5gY8fbrSf6sA==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-File-Copy", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-481.1.el9_6", "arch_op": "pattern match" }, "0W0/E/g2cPvxNF42LmIwRg==": { "id": "0W0/E/g2cPvxNF42LmIwRg==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-AutoLoader", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:5.74-481.el9", "arch_op": "pattern match" }, "0YTTGmYE/9YKV7yhSG2wCw==": { "id": "0YTTGmYE/9YKV7yhSG2wCw==", "updater": "rhel-vex", "name": "CVE-2025-69650", "description": "A flaw was found in binutils. Processing a specially crafted ELF binary file containing malformed relocation data with the readelf program can trigger a double free, causing a crash and resulting in a denial of service.", "issued": "2026-03-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69650 https://bugzilla.redhat.com/show_bug.cgi?id=2445293 https://www.cve.org/CVERecord?id=CVE-2025-69650 https://nvd.nist.gov/vuln/detail/CVE-2025-69650 https://sourceware.org/bugzilla/show_bug.cgi?id=33698 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ea4bc025abdba85a90e26e13f551c16a44bfa921 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69650.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "0YVxD0vSH+0MhijemP/Jmg==": { "id": "0YVxD0vSH+0MhijemP/Jmg==", "updater": "rhel-vex", "name": "CVE-2022-3705", "description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "issued": "2022-10-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3705.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "0ZGrJGNNqDLH/sZXsRkfvA==": { "id": "0ZGrJGNNqDLH/sZXsRkfvA==", "updater": "rhel-vex", "name": "CVE-2024-22020", "description": "A flaw was found in the Node.js package. By embedding non-network imports in data URLs, this flaw allows an attacker to execute arbitrary code, compromising system security.", "issued": "2024-07-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22020 https://bugzilla.redhat.com/show_bug.cgi?id=2296417 https://www.cve.org/CVERecord?id=CVE-2024-22020 https://nvd.nist.gov/vuln/detail/CVE-2024-22020 https://hackerone.com/reports/2092749 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22020.json https://access.redhat.com/errata/RHSA-2024:6147", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.7.0-1.18.20.4.1.module+el9.4.0+22195+c221878e", "arch_op": "pattern match" }, "0ZQtBpkFjRCvM3RNGGREDQ==": { "id": "0ZQtBpkFjRCvM3RNGGREDQ==", "updater": "rhel-vex", "name": "CVE-2023-29409", "description": "A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.", "issued": "2023-08-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29409 https://bugzilla.redhat.com/show_bug.cgi?id=2228743 https://www.cve.org/CVERecord?id=CVE-2023-29409 https://nvd.nist.gov/vuln/detail/CVE-2023-29409 https://go.dev/cl/515257 https://go.dev/issue/61460 https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ https://pkg.go.dev/vuln/GO-2023-1987 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29409.json https://access.redhat.com/errata/RHSA-2023:5738", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.13-1.el9_2", "arch_op": "pattern match" }, "0ZniYEExf5hn6bWx9CxbmA==": { "id": "0ZniYEExf5hn6bWx9CxbmA==", "updater": "rhel-vex", "name": "CVE-2023-23918", "description": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23918 https://bugzilla.redhat.com/show_bug.cgi?id=2171935 https://www.cve.org/CVERecord?id=CVE-2023-23918 https://nvd.nist.gov/vuln/detail/CVE-2023-23918 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23918.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "0ahYjiLWT0VE+MRcEm8yAQ==": { "id": "0ahYjiLWT0VE+MRcEm8yAQ==", "updater": "rhel-vex", "name": "CVE-2022-25881", "description": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.", "issued": "2023-01-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25881 https://bugzilla.redhat.com/show_bug.cgi?id=2165824 https://www.cve.org/CVERecord?id=CVE-2022-25881 https://nvd.nist.gov/vuln/detail/CVE-2022-25881 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25881.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "0bK7Vo3x9SXQYvDvMmgzXA==": { "id": "0bK7Vo3x9SXQYvDvMmgzXA==", "updater": "rhel-vex", "name": "CVE-2022-2208", "description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "issued": "2022-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2208.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "0bsVwLbC3DjqoPdFlpHGrA==": { "id": "0bsVwLbC3DjqoPdFlpHGrA==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "0dpAE7ovD7NaRYwnkw3w3Q==": { "id": "0dpAE7ovD7NaRYwnkw3w3Q==", "updater": "rhel-vex", "name": "CVE-2025-59465", "description": "A denial of service flaw has been discovered in NodeJS. A malformed `HTTP/2 HEADERS` frame with oversized, invalid `HPACK` data can cause Node.js to crash by triggering an unhandled `TLSSocket` error `ECONNRESET`. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not attach explicit error handlers to secure sockets", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-59465 https://bugzilla.redhat.com/show_bug.cgi?id=2431349 https://www.cve.org/CVERecord?id=CVE-2025-59465 https://nvd.nist.gov/vuln/detail/CVE-2025-59465 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-59465.json https://access.redhat.com/errata/RHSA-2026:2781", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.13.0-1.module+el9.7.0+23894+c8377628", "arch_op": "pattern match" }, "0gEzVf04N4WWI36MnLXr1w==": { "id": "0gEzVf04N4WWI36MnLXr1w==", "updater": "rhel-vex", "name": "CVE-2023-23936", "description": "A flaw was found in the fetch API in Node.js that did not prevent CRLF injection in the 'host' header. This issue could allow HTTP response splitting and HTTP header injection.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23936 https://bugzilla.redhat.com/show_bug.cgi?id=2172190 https://www.cve.org/CVERecord?id=CVE-2023-23936 https://nvd.nist.gov/vuln/detail/CVE-2023-23936 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23936.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "0hxAfeI84l0pzeedcqmGpQ==": { "id": "0hxAfeI84l0pzeedcqmGpQ==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-if", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:0.60.800-481.1.el9_6", "arch_op": "pattern match" }, "0kDaqIpbO93XpnbaK6KFUg==": { "id": "0kDaqIpbO93XpnbaK6KFUg==", "updater": "rhel-vex", "name": "CVE-2023-24534", "description": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service.", "issued": "2023-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24534 https://bugzilla.redhat.com/show_bug.cgi?id=2184483 https://www.cve.org/CVERecord?id=CVE-2023-24534 https://nvd.nist.gov/vuln/detail/CVE-2023-24534 https://go.dev/issue/58975 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24534.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "0mCcBHbOVq3mhrs5PZYNvA==": { "id": "0mCcBHbOVq3mhrs5PZYNvA==", "updater": "rhel-vex", "name": "CVE-2026-27138", "description": "A certificate validation flaw has been discovered in the golang crypto/x509 module. Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chains, or those that use TLS.", "issued": "2026-03-06T21:28:14Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27138 https://bugzilla.redhat.com/show_bug.cgi?id=2445344 https://www.cve.org/CVERecord?id=CVE-2026-27138 https://nvd.nist.gov/vuln/detail/CVE-2026-27138 https://go.dev/cl/752183 https://go.dev/issue/77953 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://pkg.go.dev/vuln/GO-2026-4600 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27138.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "0nQVynV3NMmwash6dBc+8Q==": { "id": "0nQVynV3NMmwash6dBc+8Q==", "updater": "rhel-vex", "name": "CVE-2023-2731", "description": "A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service.", "issued": "2023-04-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2731 https://bugzilla.redhat.com/show_bug.cgi?id=2207635 https://www.cve.org/CVERecord?id=CVE-2023-2731 https://nvd.nist.gov/vuln/detail/CVE-2023-2731 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2731.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "0tfYnYhAiMREOXyqf/1Urw==": { "id": "0tfYnYhAiMREOXyqf/1Urw==", "updater": "rhel-vex", "name": "CVE-2021-35937", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "0u2Zo3eZYFAXhVSIZh+vXQ==": { "id": "0u2Zo3eZYFAXhVSIZh+vXQ==", "updater": "rhel-vex", "name": "CVE-2017-16232", "description": "LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue", "issued": "2017-11-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2017-16232 https://bugzilla.redhat.com/show_bug.cgi?id=1516189 https://www.cve.org/CVERecord?id=CVE-2017-16232 https://nvd.nist.gov/vuln/detail/CVE-2017-16232 https://security.access.redhat.com/data/csaf/v2/vex/2017/cve-2017-16232.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "0u9BhQlRGnXqmFj5VxmVgw==": { "id": "0u9BhQlRGnXqmFj5VxmVgw==", "updater": "rhel-vex", "name": "CVE-2023-7008", "description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "issued": "2022-12-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd-rpm-macros", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:252-32.el9_4", "arch_op": "pattern match" }, "0v5F4x1W0RxkklLvRs6NKQ==": { "id": "0v5F4x1W0RxkklLvRs6NKQ==", "updater": "rhel-vex", "name": "CVE-2023-0433", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "issued": "2023-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0433.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "0w7yDxNwDisUMkIdlkUTZw==": { "id": "0w7yDxNwDisUMkIdlkUTZw==", "updater": "rhel-vex", "name": "CVE-2025-53905", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:48:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53905 https://bugzilla.redhat.com/show_bug.cgi?id=2380362 https://www.cve.org/CVERecord?id=CVE-2025-53905 https://nvd.nist.gov/vuln/detail/CVE-2025-53905 https://github.com/vim/vim/commit/87757c6b0a4b2c1f71c72ea8e1438b8fb116b239 https://github.com/vim/vim/security/advisories/GHSA-74v4-f3x9-ppvr https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53905.json https://access.redhat.com/errata/RHSA-2025:17742", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-22.el9_6.1", "arch_op": "pattern match" }, "0wSMVHwI5T4EgYqkub8RhA==": { "id": "0wSMVHwI5T4EgYqkub8RhA==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "0wh4c9Z6sNxM5NAXtzaMNg==": { "id": "0wh4c9Z6sNxM5NAXtzaMNg==", "updater": "rhel-vex", "name": "CVE-2023-51385", "description": "A flaw was found in OpenSSH. In certain circumstances, a remote attacker may be able to execute arbitrary OS commands by using expansion tokens, such as %u or %h, with user names or host names that contain shell metacharacters.", "issued": "2023-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-51385 https://bugzilla.redhat.com/show_bug.cgi?id=2255271 https://www.cve.org/CVERecord?id=CVE-2023-51385 https://nvd.nist.gov/vuln/detail/CVE-2023-51385 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-51385.json https://access.redhat.com/errata/RHSA-2024:1130", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-34.el9_3.3", "arch_op": "pattern match" }, "0yUB19C4Q870tLOnId/omg==": { "id": "0yUB19C4Q870tLOnId/omg==", "updater": "rhel-vex", "name": "CVE-2026-1525", "description": "A flaw was found in undici, a Node.js HTTP/1.1 client. A remote attacker could exploit this vulnerability by sending HTTP/1.1 requests that include duplicate Content-Length headers with different casing (e.g., \"Content-Length\" and \"content-length\"). This can lead to HTTP Request Smuggling, a technique where an attacker sends an ambiguous request that is interpreted differently by a proxy and a backend server. Successful exploitation could result in unauthorized access, cache poisoning, or credential hijacking. It may also cause a Denial of Service (DoS) if strict HTTP parsers reject the malformed requests.", "issued": "2026-03-12T19:56:55Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1525 https://bugzilla.redhat.com/show_bug.cgi?id=2447144 https://www.cve.org/CVERecord?id=CVE-2026-1525 https://nvd.nist.gov/vuln/detail/CVE-2026-1525 https://cna.openjsf.org/security-advisories.html https://cwe.mitre.org/data/definitions/444.html https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm https://hackerone.com/reports/3556037 https://www.rfc-editor.org/rfc/rfc9110.html#section-8.6 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1525.json https://access.redhat.com/errata/RHSA-2026:7302", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.22.2-1.module+el9.7.0+24157+8ddb2461", "arch_op": "pattern match" }, "1/8/Mjb4nleg0SsOivHAww==": { "id": "1/8/Mjb4nleg0SsOivHAww==", "updater": "rhel-vex", "name": "CVE-2025-9820", "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "issued": "2025-11-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9820 https://bugzilla.redhat.com/show_bug.cgi?id=2392528 https://www.cve.org/CVERecord?id=CVE-2025-9820 https://nvd.nist.gov/vuln/detail/CVE-2025-9820 https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5 https://gitlab.com/gnutls/gnutls/-/issues/1732 https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9820.json https://access.redhat.com/errata/RHSA-2026:4188", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-10.el9_7", "arch_op": "pattern match" }, "1/PWApRfYh/rLEOR0JZLsw==": { "id": "1/PWApRfYh/rLEOR0JZLsw==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "1/xm1gDhSpcAv1vbsLnNhA==": { "id": "1/xm1gDhSpcAv1vbsLnNhA==", "updater": "rhel-vex", "name": "CVE-2021-35065", "description": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "issued": "2022-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35065 https://bugzilla.redhat.com/show_bug.cgi?id=2156324 https://www.cve.org/CVERecord?id=CVE-2021-35065 https://nvd.nist.gov/vuln/detail/CVE-2021-35065 https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35065.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "10T7L0U8GuP9Qhz3unCqvw==": { "id": "10T7L0U8GuP9Qhz3unCqvw==", "updater": "rhel-vex", "name": "CVE-2025-22871", "description": "A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed (LF) instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to send hidden or unauthorized requests.", "issued": "2025-04-08T20:04:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/show_bug.cgi?id=2358493 https://www.cve.org/CVERecord?id=CVE-2025-22871 https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://pkg.go.dev/vuln/GO-2025-3563 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22871.json https://access.redhat.com/errata/RHSA-2025:8476", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.9-1.el9_6", "arch_op": "pattern match" }, "12PmpsYpKqbguwokcjBXqw==": { "id": "12PmpsYpKqbguwokcjBXqw==", "updater": "rhel-vex", "name": "CVE-2022-3627", "description": "An out-of-bounds write flaw was found in the _TIFFmemcpy function in libtiff/tif_unix.c in the libtiff package. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could cause a denial of service condition.", "issued": "2022-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3627 https://bugzilla.redhat.com/show_bug.cgi?id=2142742 https://www.cve.org/CVERecord?id=CVE-2022-3627 https://nvd.nist.gov/vuln/detail/CVE-2022-3627 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3627.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "1378JmiuKDjVj7PZAMUvLg==": { "id": "1378JmiuKDjVj7PZAMUvLg==", "updater": "rhel-vex", "name": "CVE-2023-25652", "description": "A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch.", "issued": "2023-04-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25652 https://bugzilla.redhat.com/show_bug.cgi?id=2188333 https://www.cve.org/CVERecord?id=CVE-2023-25652 https://nvd.nist.gov/vuln/detail/CVE-2023-25652 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25652.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "13Dkon5caDMIMuKn79Qskg==": { "id": "13Dkon5caDMIMuKn79Qskg==", "updater": "rhel-vex", "name": "CVE-2021-42574", "description": "A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. An attacker could exploit this to deceive a human reviewer by creating a malicious patch containing well placed BiDi characters. The special handling and rendering of those characters can be then used in an attempt to hide unexpected and potentially dangerous behaviour from the reviewer.", "issued": "2021-11-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-42574 https://bugzilla.redhat.com/show_bug.cgi?id=2005819 https://access.redhat.com/security/vulnerabilities/RHSB-2021-007 https://www.cve.org/CVERecord?id=CVE-2021-42574 https://nvd.nist.gov/vuln/detail/CVE-2021-42574 https://trojansource.codes/ https://www.lightbluetouchpaper.org/2021/11/01/trojan-source-invisible-vulnerabilities/ https://www.unicode.org/reports/tr36/#Bidirectional_Text_Spoofing https://www.unicode.org/reports/tr39/ https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-42574.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "13fIhbDHRYF0KXmxmJIfiA==": { "id": "13fIhbDHRYF0KXmxmJIfiA==", "updater": "rhel-vex", "name": "CVE-2024-32465", "description": "A flaw was found in Git in a full copy of a Git repository. A prerequisite for this vulnerability is for an unauthenticated attacker to place a specialized repository on their target's local system. If the victim were to clone this repository, it could result in arbitrary code execution.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32465 https://bugzilla.redhat.com/show_bug.cgi?id=2280446 https://www.cve.org/CVERecord?id=CVE-2024-32465 https://nvd.nist.gov/vuln/detail/CVE-2024-32465 https://github.com/git/git/security/advisories/GHSA-vm9j-46j9-qvq4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32465.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "14EBaSYBL4fLL4zgayhBkg==": { "id": "14EBaSYBL4fLL4zgayhBkg==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Class-Struct", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:0.66-481.el9", "arch_op": "pattern match" }, "14Etv/7765FAI8QbzsokBQ==": { "id": "14Etv/7765FAI8QbzsokBQ==", "updater": "rhel-vex", "name": "CVE-2025-24528", "description": "A flaw was found in krb5. With incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file. This issue can trigger a process crash and lead to a denial of service.", "issued": "2024-01-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-24528 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://www.cve.org/CVERecord?id=CVE-2025-24528 https://nvd.nist.gov/vuln/detail/CVE-2025-24528 https://github.com/krb5/krb5/commit/78ceba024b64d49612375be4a12d1c066b0bfbd0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-24528.json https://access.redhat.com/errata/RHSA-2025:7067", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-6.el9", "arch_op": "pattern match" }, "15uVNLTcXPHEO0XVoOOwZw==": { "id": "15uVNLTcXPHEO0XVoOOwZw==", "updater": "rhel-vex", "name": "CVE-2024-28834", "description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:2570", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-4.el9_4", "arch_op": "pattern match" }, "194woe53clmG4lfLXvwjcA==": { "id": "194woe53clmG4lfLXvwjcA==", "updater": "rhel-vex", "name": "CVE-2026-5121", "description": "A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for arbitrary code execution on the affected system.", "issued": "2026-03-30T07:44:15Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5121 https://bugzilla.redhat.com/show_bug.cgi?id=2452945 https://www.cve.org/CVERecord?id=CVE-2026-5121 https://nvd.nist.gov/vuln/detail/CVE-2026-5121 https://github.com/advisories/GHSA-2vwv-vqpv-v8vc https://github.com/libarchive/libarchive/pull/2934 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5121.json https://access.redhat.com/errata/RHSA-2026:8510", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "bsdtar", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-9.el9_7", "arch_op": "pattern match" }, "19Kvl4LS7MCiBo2cRD5fxQ==": { "id": "19Kvl4LS7MCiBo2cRD5fxQ==", "updater": "rhel-vex", "name": "CVE-2021-3974", "description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "issued": "2021-11-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3974.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "1BGBx+ICmx9ndSR1J6c9Rw==": { "id": "1BGBx+ICmx9ndSR1J6c9Rw==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "1CCABRgs/s9xxQcDgxw00A==": { "id": "1CCABRgs/s9xxQcDgxw00A==", "updater": "rhel-vex", "name": "CVE-2025-69645", "description": "A flaw was found in binutils, specifically in the `objdump` utility. A local attacker can exploit this vulnerability by providing a specially crafted binary file containing malformed DWARF (Debugging With Attributed Record Formats) debug information. This can lead to a logic error during the processing of DWARF compilation units, causing the `objdump` utility to crash and resulting in a denial of service.", "issued": "2026-03-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69645 https://bugzilla.redhat.com/show_bug.cgi?id=2445261 https://www.cve.org/CVERecord?id=CVE-2025-69645 https://nvd.nist.gov/vuln/detail/CVE-2025-69645 https://sourceware.org/bugzilla/show_bug.cgi?id=33637 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=cdb728d4da6184631989b192f1022c219dea7677 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69645.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "1CDGyH/KaS7DctjOTuk4Gg==": { "id": "1CDGyH/KaS7DctjOTuk4Gg==", "updater": "rhel-vex", "name": "CVE-2023-32002", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of Module._load() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2230948 https://www.cve.org/CVERecord?id=CVE-2023-32002 https://nvd.nist.gov/vuln/detail/CVE-2023-32002 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-module_load-highcve-2023-32002 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32002.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "1I7VtxkB33ashDX0kB4Teg==": { "id": "1I7VtxkB33ashDX0kB4Teg==", "updater": "rhel-vex", "name": "CVE-2025-5889", "description": "A denial-of-service (DoS) vulnerability has been identified in the brace-expansion JavaScript package. This issue occurs due to inefficient regular expression complexity, which can be exploited by an attacker providing specially crafted input. Such input could lead to excessive processing time and resource consumption, rendering applications that utilize this package unresponsive and causing a denial-of-service condition.", "issued": "2025-06-09T18:16:01Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5889 https://bugzilla.redhat.com/show_bug.cgi?id=2371270 https://www.cve.org/CVERecord?id=CVE-2025-5889 https://nvd.nist.gov/vuln/detail/CVE-2025-5889 https://gist.github.com/mmmsssttt404/37a40ce7d6e5ca604858fe30814d9466 https://github.com/juliangruber/brace-expansion/pull/65/commits/a5b98a4f30d7813266b221435e1eaaf25a1b0ac5 https://vuldb.com/?ctiid.311660 https://vuldb.com/?id.311660 https://vuldb.com/?submit.585717 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5889.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "1ICypZP/7UrDVdoDevopUA==": { "id": "1ICypZP/7UrDVdoDevopUA==", "updater": "rhel-vex", "name": "CVE-2023-39319", "description": "A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of \"\u003cscript\", \"\u003c!--\", and \"\u003c/script\" within JS literals in \u003cscript\u003e contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39319 https://bugzilla.redhat.com/show_bug.cgi?id=2237773 https://www.cve.org/CVERecord?id=CVE-2023-39319 https://nvd.nist.gov/vuln/detail/CVE-2023-39319 https://go.dev/cl/526157 https://go.dev/issue/62197 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2043.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39319.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "1IGqkgWGwsavqCo3U8V2Jw==": { "id": "1IGqkgWGwsavqCo3U8V2Jw==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:11802", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.16.0-2.module+el9.6.0+23339+d3c8acfa", "arch_op": "pattern match" }, "1KxLqY5vPHnDfUxdviejiw==": { "id": "1KxLqY5vPHnDfUxdviejiw==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "1LTKa378StuY8O3o3G26jw==": { "id": "1LTKa378StuY8O3o3G26jw==", "updater": "rhel-vex", "name": "CVE-2023-30589", "description": "A vulnerability has been identified in the Node.js, where llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30589 https://bugzilla.redhat.com/show_bug.cgi?id=2219841 https://www.cve.org/CVERecord?id=CVE-2023-30589 https://nvd.nist.gov/vuln/detail/CVE-2023-30589 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30589.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.1-1.18.16.1.1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "1PYvw1fdwe6hM2UBdw4Itw==": { "id": "1PYvw1fdwe6hM2UBdw4Itw==", "updater": "rhel-vex", "name": "CVE-2025-9900", "description": "A flaw was found in Libtiff. This vulnerability is a \"write-what-where\" condition, triggered when the library processes a specially crafted TIFF image file.\n\nBy providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.", "issued": "2025-09-22T14:29:35Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9900 https://bugzilla.redhat.com/show_bug.cgi?id=2392784 https://www.cve.org/CVERecord?id=CVE-2025-9900 https://nvd.nist.gov/vuln/detail/CVE-2025-9900 https://github.com/SexyShoelessGodofWar/LibTiff-4.7.0-Write-What-Where?tab=readme-ov-file https://gitlab.com/libtiff/libtiff/-/issues/704 https://gitlab.com/libtiff/libtiff/-/merge_requests/732 https://libtiff.gitlab.io/libtiff/releases/v4.7.1.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9900.json https://access.redhat.com/errata/RHSA-2025:19113", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-13.el9_6.2", "arch_op": "pattern match" }, "1QQmDcMkRqvOte/bR8QEuQ==": { "id": "1QQmDcMkRqvOte/bR8QEuQ==", "updater": "rhel-vex", "name": "CVE-2023-0797", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the _TIFFmemcpy function in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0797 https://bugzilla.redhat.com/show_bug.cgi?id=2170151 https://www.cve.org/CVERecord?id=CVE-2023-0797 https://nvd.nist.gov/vuln/detail/CVE-2023-0797 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0797.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "1QnQnbNEHorQXFc0WpMmGQ==": { "id": "1QnQnbNEHorQXFc0WpMmGQ==", "updater": "rhel-vex", "name": "CVE-2026-26996", "description": "A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.", "issued": "2026-02-20T03:05:21Z", "links": "https://access.redhat.com/security/cve/CVE-2026-26996 https://bugzilla.redhat.com/show_bug.cgi?id=2441268 https://www.cve.org/CVERecord?id=CVE-2026-26996 https://nvd.nist.gov/vuln/detail/CVE-2026-26996 https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5 https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-26996.json https://access.redhat.com/errata/RHSA-2026:7896", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.20.2-1.module+el9.7.0+24193+41b7b572", "arch_op": "pattern match" }, "1SDdOQM609JpOnF4Vx/qwQ==": { "id": "1SDdOQM609JpOnF4Vx/qwQ==", "updater": "rhel-vex", "name": "CVE-2025-3277", "description": "A flaw was found in SQLite’s `concat_ws()` function, where an integer overflow can be triggered. The resulting truncated integer can allocate a buffer. When SQLite writes the resulting string to the buffer, it uses the original, untruncated size, and a wild heap buffer overflow size of around 4GB can occur. This issue can result in arbitrary code execution.", "issued": "2025-04-14T16:50:48Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3277 https://bugzilla.redhat.com/show_bug.cgi?id=2359553 https://www.cve.org/CVERecord?id=CVE-2025-3277 https://nvd.nist.gov/vuln/detail/CVE-2025-3277 https://sqlite.org/src/info/498e3f1cf57f164f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3277.json https://access.redhat.com/errata/RHSA-2025:7433", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.15.0-1.module+el9.6.0+23062+9e7801b9", "arch_op": "pattern match" }, "1V7JwcA/poy4b6C9OdWTZg==": { "id": "1V7JwcA/poy4b6C9OdWTZg==", "updater": "rhel-vex", "name": "CVE-2025-59465", "description": "A denial of service flaw has been discovered in NodeJS. A malformed `HTTP/2 HEADERS` frame with oversized, invalid `HPACK` data can cause Node.js to crash by triggering an unhandled `TLSSocket` error `ECONNRESET`. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not attach explicit error handlers to secure sockets", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-59465 https://bugzilla.redhat.com/show_bug.cgi?id=2431349 https://www.cve.org/CVERecord?id=CVE-2025-59465 https://nvd.nist.gov/vuln/detail/CVE-2025-59465 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-59465.json https://access.redhat.com/errata/RHSA-2026:2782", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.22.0-1.module+el9.7.0+23896+b5802de9", "arch_op": "pattern match" }, "1VKGbptJGVhPmMaic8aidg==": { "id": "1VKGbptJGVhPmMaic8aidg==", "updater": "rhel-vex", "name": "CVE-2023-29491", "description": "A vulnerability was found in ncurses and occurs when used by a setuid application. This flaw allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "issued": "2023-04-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29491 https://bugzilla.redhat.com/show_bug.cgi?id=2191704 https://www.cve.org/CVERecord?id=CVE-2023-29491 https://nvd.nist.gov/vuln/detail/CVE-2023-29491 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29491.json https://access.redhat.com/errata/RHSA-2023:6698", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "ncurses", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9", "arch_op": "pattern match" }, "1WQ/LJu/kefEuHRv58l0Lw==": { "id": "1WQ/LJu/kefEuHRv58l0Lw==", "updater": "rhel-vex", "name": "CVE-2023-4734", "description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "issued": "2023-09-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4734.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "1XwPa50Si6EKs+Oms8SLUA==": { "id": "1XwPa50Si6EKs+Oms8SLUA==", "updater": "rhel-vex", "name": "CVE-2023-25193", "description": "A vulnerability was found HarfBuzz. This flaw allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "issued": "2023-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25193 https://bugzilla.redhat.com/show_bug.cgi?id=2167254 https://www.cve.org/CVERecord?id=CVE-2023-25193 https://nvd.nist.gov/vuln/detail/CVE-2023-25193 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25193.json https://access.redhat.com/errata/RHSA-2024:2410", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "harfbuzz-icu", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.7.4-10.el9", "arch_op": "pattern match" }, "1aPjlkabj3eUY8WGb+gz+g==": { "id": "1aPjlkabj3eUY8WGb+gz+g==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.2.8.el9_4", "arch_op": "pattern match" }, "1aeaK9IMMvYHnuzRhdxEbA==": { "id": "1aeaK9IMMvYHnuzRhdxEbA==", "updater": "rhel-vex", "name": "CVE-2025-59465", "description": "A denial of service flaw has been discovered in NodeJS. A malformed `HTTP/2 HEADERS` frame with oversized, invalid `HPACK` data can cause Node.js to crash by triggering an unhandled `TLSSocket` error `ECONNRESET`. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not attach explicit error handlers to secure sockets", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-59465 https://bugzilla.redhat.com/show_bug.cgi?id=2431349 https://www.cve.org/CVERecord?id=CVE-2025-59465 https://nvd.nist.gov/vuln/detail/CVE-2025-59465 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-59465.json https://access.redhat.com/errata/RHSA-2026:2783", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.20.0-1.module+el9.7.0+23895+0637d423", "arch_op": "pattern match" }, "1cpz1Hzz2hsR9fx5YrxP3g==": { "id": "1cpz1Hzz2hsR9fx5YrxP3g==", "updater": "rhel-vex", "name": "CVE-2025-6176", "description": "Scrapy are vulnerable to a denial of service (DoS) attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occurs because brotli can achieve extremely high compression ratios for zero-filled data, leading to excessive memory consumption during decompression.", "issued": "2025-10-31T00:00:21Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6176 https://bugzilla.redhat.com/show_bug.cgi?id=2408762 https://www.cve.org/CVERecord?id=CVE-2025-6176 https://nvd.nist.gov/vuln/detail/CVE-2025-6176 https://huntr.com/bounties/2c26a886-5984-47ee-a421-0d5fe1344eb0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6176.json https://access.redhat.com/errata/RHSA-2026:2042", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "brotli-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.0.9-9.el9_7", "arch_op": "pattern match" }, "1eXmoeT5Qd9M0GiSJ3z2mg==": { "id": "1eXmoeT5Qd9M0GiSJ3z2mg==", "updater": "rhel-vex", "name": "CVE-2023-30589", "description": "A vulnerability has been identified in the Node.js, where llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30589 https://bugzilla.redhat.com/show_bug.cgi?id=2219841 https://www.cve.org/CVERecord?id=CVE-2023-30589 https://nvd.nist.gov/vuln/detail/CVE-2023-30589 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30589.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.16.1-1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "1geoBO6lBMXVRM+dfApwgw==": { "id": "1geoBO6lBMXVRM+dfApwgw==", "updater": "rhel-vex", "name": "CVE-2026-32776", "description": "A flaw was found in libexpat. A remote attacker could exploit this vulnerability by providing specially crafted XML content with empty external parameter entities. This could lead to a NULL pointer dereference, causing the application to crash and resulting in a Denial of Service (DoS).", "issued": "2026-03-16T06:54:20Z", "links": "https://access.redhat.com/security/cve/CVE-2026-32776 https://bugzilla.redhat.com/show_bug.cgi?id=2447888 https://www.cve.org/CVERecord?id=CVE-2026-32776 https://nvd.nist.gov/vuln/detail/CVE-2026-32776 https://github.com/libexpat/libexpat/pull/1158 https://github.com/libexpat/libexpat/pull/1159 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32776.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "1hhG+RKT0fsxlS/Wf/LWEA==": { "id": "1hhG+RKT0fsxlS/Wf/LWEA==", "updater": "rhel-vex", "name": "CVE-2026-0861", "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "issued": "2026-01-14T21:01:11Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0861 https://bugzilla.redhat.com/show_bug.cgi?id=2429771 https://www.cve.org/CVERecord?id=CVE-2026-0861 https://nvd.nist.gov/vuln/detail/CVE-2026-0861 https://sourceware.org/bugzilla/show_bug.cgi?id=33796 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0861.json https://access.redhat.com/errata/RHSA-2026:2786", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-231.el9_7.10", "arch_op": "pattern match" }, "1lRtJofWFCTkQi0dreTmvg==": { "id": "1lRtJofWFCTkQi0dreTmvg==", "updater": "rhel-vex", "name": "CVE-2023-29491", "description": "A vulnerability was found in ncurses and occurs when used by a setuid application. This flaw allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "issued": "2023-04-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29491 https://bugzilla.redhat.com/show_bug.cgi?id=2191704 https://www.cve.org/CVERecord?id=CVE-2023-29491 https://nvd.nist.gov/vuln/detail/CVE-2023-29491 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29491.json https://access.redhat.com/errata/RHSA-2023:6698", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "ncurses-base", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9", "arch_op": "pattern match" }, "1nX4t0Z3G1H45fqJox3f4Q==": { "id": "1nX4t0Z3G1H45fqJox3f4Q==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "1npmxgSnoYj2MyAhQMaE7g==": { "id": "1npmxgSnoYj2MyAhQMaE7g==", "updater": "rhel-vex", "name": "CVE-2026-27171", "description": "A flaw was found in zlib. An attacker providing specially crafted input to the `crc32_combine64` or `crc32_combine_gen64` functions could trigger an infinite loop within the `x2nmodp` function. This leads to excessive CPU consumption, which can result in a Denial of Service (DoS) for the affected system.", "issued": "2026-02-18T02:36:19Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27171 https://bugzilla.redhat.com/show_bug.cgi?id=2440530 https://www.cve.org/CVERecord?id=CVE-2026-27171 https://nvd.nist.gov/vuln/detail/CVE-2026-27171 https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/ https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf https://github.com/madler/zlib/issues/904 https://github.com/madler/zlib/releases/tag/v1.3.2 https://ostif.org/zlib-audit-complete/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27171.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "zlib", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "1oKL9ZSv1M4CmxUhNFjpmg==": { "id": "1oKL9ZSv1M4CmxUhNFjpmg==", "updater": "rhel-vex", "name": "CVE-2025-46835", "description": "A vulnerability was found in the git GUI package. When a user clones an untrusted repository and edits a file located in a maliciously named directory, git GUI may end up creating or overwriting arbitrary files for the running user has written permission. This flaw allows an attacker to modify the content of target files without the affected user's intent, resulting in a data integrity issue.", "issued": "2025-07-10T15:09:42Z", "links": "https://access.redhat.com/security/cve/CVE-2025-46835 https://bugzilla.redhat.com/show_bug.cgi?id=2379326 https://www.cve.org/CVERecord?id=CVE-2025-46835 https://nvd.nist.gov/vuln/detail/CVE-2025-46835 https://github.com/j6t/git-gui/compare/dcda716dbc9c90bcac4611bd1076747671ee0906..a437f5bc93330a70b42a230e52f3bd036ca1b1da https://github.com/j6t/git-gui/security/advisories/GHSA-xfx7-68v4-v8fg https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-46835.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "1q7YjyB3mR25zvqxJ6Zk3w==": { "id": "1q7YjyB3mR25zvqxJ6Zk3w==", "updater": "rhel-vex", "name": "CVE-2022-48554", "description": "A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash.", "issued": "2022-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-48554 https://bugzilla.redhat.com/show_bug.cgi?id=2235714 https://www.cve.org/CVERecord?id=CVE-2022-48554 https://nvd.nist.gov/vuln/detail/CVE-2022-48554 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-48554.json https://access.redhat.com/errata/RHSA-2024:2512", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "file", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:5.39-16.el9", "arch_op": "pattern match" }, "1qsA4RvCYZB2uDwgIo8TuQ==": { "id": "1qsA4RvCYZB2uDwgIo8TuQ==", "updater": "osv/go", "name": "GO-2024-3106", "description": "Stack exhaustion in Decoder.Decode in encoding/gob", "issued": "2024-09-06T19:15:23Z", "links": "https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.22.7" }, "1r5b1oLl7viNgjtnEVfEyw==": { "id": "1r5b1oLl7viNgjtnEVfEyw==", "updater": "rhel-vex", "name": "CVE-2025-15469", "description": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15469 https://bugzilla.redhat.com/show_bug.cgi?id=2430378 https://www.cve.org/CVERecord?id=CVE-2025-15469 https://nvd.nist.gov/vuln/detail/CVE-2025-15469 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15469.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "1sD6TJmtoMKm89Mo2ka5lA==": { "id": "1sD6TJmtoMKm89Mo2ka5lA==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "1uk6R7fJdNFj2gxMFc6jOA==": { "id": "1uk6R7fJdNFj2gxMFc6jOA==", "updater": "rhel-vex", "name": "CVE-2025-69652", "description": "A flaw was found in binutils. Processing a specially crafted ELF binary file containing malformed DWARF abbrev or debug information with the readelf program using the -w abbrev command line option can trigger an abort, causing a crash and resulting in a denial of service.", "issued": "2026-03-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69652 https://bugzilla.redhat.com/show_bug.cgi?id=2445296 https://www.cve.org/CVERecord?id=CVE-2025-69652 https://nvd.nist.gov/vuln/detail/CVE-2025-69652 https://sourceware.org/bugzilla/show_bug.cgi?id=33701 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=44b79abd0fa12e7947252eb4c6e5d16ed6033e01 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69652.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "1w+glHHFE32ql3XJuIAYWQ==": { "id": "1w+glHHFE32ql3XJuIAYWQ==", "updater": "rhel-vex", "name": "CVE-2025-66862", "description": "A flaw was found in binutils. Processing a specially crafted PE file with cxxfilt can trigger a heap-based buffer over-read in the gnu_special function in the cplus-dem.c file, causing a crash and resulting in a denial of service.", "issued": "2025-12-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-66862 https://bugzilla.redhat.com/show_bug.cgi?id=2425825 https://www.cve.org/CVERecord?id=CVE-2025-66862 https://nvd.nist.gov/vuln/detail/CVE-2025-66862 https://github.com/caozhzh/CRGF-Vul/blob/main/cxxfilt/crash3.md https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-66862.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "1xlP6pB26ufMu9nE2My5Iw==": { "id": "1xlP6pB26ufMu9nE2My5Iw==", "updater": "rhel-vex", "name": "CVE-2025-64720", "description": "A buffer overflow flaw has been discovered in libpng. An out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component ≤ alpha × 257 required by the simplified PNG API.", "issued": "2025-11-24T23:45:38Z", "links": "https://access.redhat.com/security/cve/CVE-2025-64720 https://bugzilla.redhat.com/show_bug.cgi?id=2416904 https://www.cve.org/CVERecord?id=CVE-2025-64720 https://nvd.nist.gov/vuln/detail/CVE-2025-64720 https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643 https://github.com/pnggroup/libpng/issues/686 https://github.com/pnggroup/libpng/pull/751 https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-64720.json https://access.redhat.com/errata/RHSA-2026:0238", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libpng", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:1.6.37-12.el9_7.1", "arch_op": "pattern match" }, "1ylYMOLaPUA6xIkqwKBb9w==": { "id": "1ylYMOLaPUA6xIkqwKBb9w==", "updater": "rhel-vex", "name": "CVE-2023-28321", "description": "A flaw was found in the Curl package. An incorrect International Domain Name (IDN) wildcard match may lead to improper certificate validation.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28321 https://bugzilla.redhat.com/show_bug.cgi?id=2196786 https://www.cve.org/CVERecord?id=CVE-2023-28321 https://nvd.nist.gov/vuln/detail/CVE-2023-28321 https://curl.se/docs/CVE-2023-28321.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28321.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "2+grY6RsLOFJVlzFN96AuQ==": { "id": "2+grY6RsLOFJVlzFN96AuQ==", "updater": "osv/go", "name": "GO-2026-4403", "description": "Improper access to parent directory of root in os", "issued": "2026-02-04T22:42:26Z", "links": "https://go.dev/cl/670036 https://go.dev/issue/73555 https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.23.9" }, "2/I3PyWTnfJdMedKAemp8Q==": { "id": "2/I3PyWTnfJdMedKAemp8Q==", "updater": "rhel-vex", "name": "CVE-2023-24536", "description": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an issue during multipart form parsing. By sending a specially crafted input, a remote attacker can consume large amounts of CPU and memory, resulting in a denial of service.", "issued": "2023-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24536 https://bugzilla.redhat.com/show_bug.cgi?id=2184482 https://www.cve.org/CVERecord?id=CVE-2023-24536 https://nvd.nist.gov/vuln/detail/CVE-2023-24536 https://go.dev/issue/59153 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24536.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "2/tA0uwDqjzRb7JZP+f4Mw==": { "id": "2/tA0uwDqjzRb7JZP+f4Mw==", "updater": "rhel-vex", "name": "CVE-2026-32280", "description": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.", "issued": "2026-04-08T01:06:58Z", "links": "https://access.redhat.com/security/cve/CVE-2026-32280 https://bugzilla.redhat.com/show_bug.cgi?id=2456339 https://www.cve.org/CVERecord?id=CVE-2026-32280 https://nvd.nist.gov/vuln/detail/CVE-2026-32280 https://go.dev/cl/758320 https://go.dev/issue/78282 https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU https://pkg.go.dev/vuln/GO-2026-4947 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32280.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "241S2RmgJzaFxfQcayo1Pw==": { "id": "241S2RmgJzaFxfQcayo1Pw==", "updater": "rhel-vex", "name": "CVE-2026-6100", "description": "A flaw was found in Python's decompression modules, including `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile`. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is experiencing high memory usage. Exploitation of this flaw could potentially allow an attacker to execute arbitrary code or access sensitive data. The vulnerability is only present if the program re-uses decompressor instances across multiple decompression calls even after a `MemoryError` is raised during decompression. Using the helper functions to one-shot decompress data such as `lzma.decompress()`, `bz2.decompress()`, `gzip.decompress()`, and `zlib.decompress()` are not affected as a new decompressor instance is used per call. If the decompressor instance is not re-used after an error condition, this usage is similarly not vulnerable.", "issued": "2026-04-13T17:15:47Z", "links": "https://access.redhat.com/security/cve/CVE-2026-6100 https://bugzilla.redhat.com/show_bug.cgi?id=2457932 https://www.cve.org/CVERecord?id=CVE-2026-6100 https://nvd.nist.gov/vuln/detail/CVE-2026-6100 https://github.com/python/cpython/commit/6a5f79c8d7bbf22b083b240910c7a8781a59437d https://github.com/python/cpython/commit/8fc66aef6d7b3ae58f43f5c66f9366cc8cbbfcd2 https://github.com/python/cpython/commit/c3cf71c3366fe49acb776a639405c0eea6169c20 https://github.com/python/cpython/issues/148395 https://github.com/python/cpython/pull/148396 https://mail.python.org/archives/list/security-announce@python.org/thread/HTWB2Z6KT5QQX4RYEZAFININDHNOSIF3/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6100.json https://access.redhat.com/errata/RHSA-2026:10949", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.25-3.el9_7.3", "arch_op": "pattern match" }, "2432H9ZBrMWDJ7HhyQT63A==": { "id": "2432H9ZBrMWDJ7HhyQT63A==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "24Paca4PaySz9eM+VJu4ew==": { "id": "24Paca4PaySz9eM+VJu4ew==", "updater": "rhel-vex", "name": "CVE-2024-2398", "description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "issued": "2024-03-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-29.el9_4.1", "arch_op": "pattern match" }, "24Ysg4Ma/AJz8Z93D2PzNQ==": { "id": "24Ysg4Ma/AJz8Z93D2PzNQ==", "updater": "rhel-vex", "name": "CVE-2023-1255", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the AES-XTS cipher decryption implementation for the 64-bit ARM platform contains an issue that could cause it to read past the input buffer, leading to a crash.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1255 https://bugzilla.redhat.com/show_bug.cgi?id=2188461 https://www.cve.org/CVERecord?id=CVE-2023-1255 https://nvd.nist.gov/vuln/detail/CVE-2023-1255 https://www.openssl.org/news/secadv/20230420.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1255.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "269Lb6JhyjdTwif2gzpsMQ==": { "id": "269Lb6JhyjdTwif2gzpsMQ==", "updater": "rhel-vex", "name": "CVE-2025-69418", "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69418 https://bugzilla.redhat.com/show_bug.cgi?id=2430381 https://www.cve.org/CVERecord?id=CVE-2025-69418 https://nvd.nist.gov/vuln/detail/CVE-2025-69418 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69418.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "26JRymquUeoxtDSKcKSDSg==": { "id": "26JRymquUeoxtDSKcKSDSg==", "updater": "rhel-vex", "name": "CVE-2024-5535", "description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "27u7kvLvlu7kh99wyuxQrg==": { "id": "27u7kvLvlu7kh99wyuxQrg==", "updater": "rhel-vex", "name": "CVE-2025-5222", "description": "A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.", "issued": "2024-11-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5222 https://bugzilla.redhat.com/show_bug.cgi?id=2368600 https://www.cve.org/CVERecord?id=CVE-2025-5222 https://nvd.nist.gov/vuln/detail/CVE-2025-5222 https://unicode-org.atlassian.net/jira/software/c/projects/ICU/issues/ICU-22957 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5222.json https://access.redhat.com/errata/RHSA-2025:12083", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libicu", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:67.1-10.el9_6", "arch_op": "pattern match" }, "29Fo/GOP7MILPepOrnMgjA==": { "id": "29Fo/GOP7MILPepOrnMgjA==", "updater": "rhel-vex", "name": "CVE-2023-43786", "description": "A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43786 https://bugzilla.redhat.com/show_bug.cgi?id=2242253 https://www.cve.org/CVERecord?id=CVE-2023-43786 https://nvd.nist.gov/vuln/detail/CVE-2023-43786 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43786.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "29JfppZedoclZHW2coehcQ==": { "id": "29JfppZedoclZHW2coehcQ==", "updater": "rhel-vex", "name": "CVE-2023-24540", "description": "A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set \"\\t\\n\\f\\r\\u0020\\u2028\\u2029\" in JavaScript contexts that also contain actions may not be properly sanitized during execution.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24540 https://bugzilla.redhat.com/show_bug.cgi?id=2196027 https://www.cve.org/CVERecord?id=CVE-2023-24540 https://nvd.nist.gov/vuln/detail/CVE-2023-24540 https://go.dev/issue/59721 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24540.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "2A2BjgErU1GldRQi2g+XQg==": { "id": "2A2BjgErU1GldRQi2g+XQg==", "updater": "rhel-vex", "name": "CVE-2022-45939", "description": "A flaw was found in Etags, the Ctags implementation of Emacs. A file with a crafted filename may result in arbitrary command execution when processed by Etags.", "issued": "2022-11-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-45939 https://bugzilla.redhat.com/show_bug.cgi?id=2149380 https://www.cve.org/CVERecord?id=CVE-2022-45939 https://nvd.nist.gov/vuln/detail/CVE-2022-45939 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-45939.json https://access.redhat.com/errata/RHSA-2023:2366", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-8.el9", "arch_op": "pattern match" }, "2CBaGFwc5Pbj3yR6Gim3fA==": { "id": "2CBaGFwc5Pbj3yR6Gim3fA==", "updater": "rhel-vex", "name": "CVE-2026-25679", "description": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.", "issued": "2026-03-06T21:28:14Z", "links": "https://access.redhat.com/security/cve/CVE-2026-25679 https://bugzilla.redhat.com/show_bug.cgi?id=2445356 https://www.cve.org/CVERecord?id=CVE-2026-25679 https://nvd.nist.gov/vuln/detail/CVE-2026-25679 https://go.dev/cl/752180 https://go.dev/issue/77578 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://pkg.go.dev/vuln/GO-2026-4601 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25679.json https://access.redhat.com/errata/RHSA-2026:5942", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.25.8-1.el9_7", "arch_op": "pattern match" }, "2DPl1NLEsHotw7kYOPR/8A==": { "id": "2DPl1NLEsHotw7kYOPR/8A==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "2GOqqUt4mwKng/FA0FV67w==": { "id": "2GOqqUt4mwKng/FA0FV67w==", "updater": "rhel-vex", "name": "CVE-2023-32665", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32665 https://bugzilla.redhat.com/show_bug.cgi?id=2211827 https://www.cve.org/CVERecord?id=CVE-2023-32665 https://nvd.nist.gov/vuln/detail/CVE-2023-32665 https://gitlab.gnome.org/GNOME/glib/-/issues/2121 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32665.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "2I/0B+uXhxpPJWXGwNGlLw==": { "id": "2I/0B+uXhxpPJWXGwNGlLw==", "updater": "rhel-vex", "name": "CVE-2023-5344", "description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "issued": "2023-10-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5344.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "2IUiS8eDJ2evZHzBkLGqPw==": { "id": "2IUiS8eDJ2evZHzBkLGqPw==", "updater": "rhel-vex", "name": "CVE-2022-4285", "description": "An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.", "issued": "2022-10-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4285 https://bugzilla.redhat.com/show_bug.cgi?id=2150768 https://www.cve.org/CVERecord?id=CVE-2022-4285 https://nvd.nist.gov/vuln/detail/CVE-2022-4285 https://sourceware.org/bugzilla/show_bug.cgi?id=29699 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4285.json https://access.redhat.com/errata/RHSA-2023:6593", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.35.2-42.el9", "arch_op": "pattern match" }, "2Jpm8Zc5oiON+VhscwC/4w==": { "id": "2Jpm8Zc5oiON+VhscwC/4w==", "updater": "rhel-vex", "name": "CVE-2025-15469", "description": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15469 https://bugzilla.redhat.com/show_bug.cgi?id=2430378 https://www.cve.org/CVERecord?id=CVE-2025-15469 https://nvd.nist.gov/vuln/detail/CVE-2025-15469 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15469.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "2M5CwoqtCrF9ix+6ghISOg==": { "id": "2M5CwoqtCrF9ix+6ghISOg==", "updater": "rhel-vex", "name": "CVE-2024-6923", "description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "issued": "2024-08-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.5", "arch_op": "pattern match" }, "2No3jCnnmCwOEpCbk+TZGA==": { "id": "2No3jCnnmCwOEpCbk+TZGA==", "updater": "rhel-vex", "name": "CVE-2026-25646", "description": "A heap based buffer overflow flaw has been discovered in LibPNG. Prior to version 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification.", "issued": "2026-02-10T17:04:38Z", "links": "https://access.redhat.com/security/cve/CVE-2026-25646 https://bugzilla.redhat.com/show_bug.cgi?id=2438542 https://www.cve.org/CVERecord?id=CVE-2026-25646 https://nvd.nist.gov/vuln/detail/CVE-2026-25646 http://www.openwall.com/lists/oss-security/2026/02/09/7 https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88 https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25646.json https://access.redhat.com/errata/RHSA-2026:3405", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libpng-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:1.6.37-12.el9_7.2", "arch_op": "pattern match" }, "2QjZksAOTEJVwk59l2QYOQ==": { "id": "2QjZksAOTEJVwk59l2QYOQ==", "updater": "rhel-vex", "name": "CVE-2024-8088", "description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "issued": "2024-08-22T19:15:09Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:9371", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.19-8.el9", "arch_op": "pattern match" }, "2RZ3u6UmceVG9iB/xb73SA==": { "id": "2RZ3u6UmceVG9iB/xb73SA==", "updater": "rhel-vex", "name": "CVE-2022-2206", "description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "issued": "2022-06-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2206.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "2TDjlt2gAEWsLyBBPigFYw==": { "id": "2TDjlt2gAEWsLyBBPigFYw==", "updater": "rhel-vex", "name": "CVE-2024-13176", "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "issued": "2025-01-20T13:29:57Z", "links": "https://access.redhat.com/security/cve/CVE-2024-13176 https://bugzilla.redhat.com/show_bug.cgi?id=2338999 https://www.cve.org/CVERecord?id=CVE-2024-13176 https://nvd.nist.gov/vuln/detail/CVE-2024-13176 https://www.oracle.com/security-alerts/cpuapr2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-13176.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "2UHqEqfMIIn53NkDlDEppQ==": { "id": "2UHqEqfMIIn53NkDlDEppQ==", "updater": "rhel-vex", "name": "CVE-2022-2923", "description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "issued": "2022-08-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2923.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "2UhjmcPUkGmILpYJPZEiNQ==": { "id": "2UhjmcPUkGmILpYJPZEiNQ==", "updater": "rhel-vex", "name": "CVE-2021-35938", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-build-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "2VowcBblBj36IfwmFRwcwg==": { "id": "2VowcBblBj36IfwmFRwcwg==", "updater": "rhel-vex", "name": "CVE-2023-29007", "description": "A vulnerability was found in Git. This security flaw occurs when renaming or deleting a section from a configuration file, where certain malicious configuration values may be misinterpreted as the beginning of a new configuration section. This flaw leads to arbitrary configuration injection.", "issued": "2023-04-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29007 https://bugzilla.redhat.com/show_bug.cgi?id=2188338 https://www.cve.org/CVERecord?id=CVE-2023-29007 https://nvd.nist.gov/vuln/detail/CVE-2023-29007 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29007.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "2Yo5V5wVVXhJ0VU+H57P9g==": { "id": "2Yo5V5wVVXhJ0VU+H57P9g==", "updater": "rhel-vex", "name": "CVE-2026-1299", "description": "A flaw was found in the email module in the Python standard library. When serializing an email message, the BytesGenerator class fails to properly quote newline characters for email headers. This issue is exploitable when the LiteralHeader class is used as it does not respect email folding rules, allowing an attacker to inject email headers and potentially modify message recipients or the email body, and spoof sender information.", "issued": "2026-01-23T16:27:13Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1299 https://bugzilla.redhat.com/show_bug.cgi?id=2432437 https://www.cve.org/CVERecord?id=CVE-2026-1299 https://nvd.nist.gov/vuln/detail/CVE-2026-1299 https://cve.org/CVERecord?id=CVE-2024-6923 https://github.com/python/cpython/commit/052e55e7d44718fe46cbba0ca995cb8fcc359413 https://github.com/python/cpython/issues/144125 https://github.com/python/cpython/pull/144126 https://mail.python.org/archives/list/security-announce@python.org/thread/6ZZULGALJTITEAGEXLDJE2C6FORDXPBT/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1299.json https://access.redhat.com/errata/RHSA-2026:4168", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.25-3.el9_7.1", "arch_op": "pattern match" }, "2Z/NA7sGgadio/qisfiC3Q==": { "id": "2Z/NA7sGgadio/qisfiC3Q==", "updater": "rhel-vex", "name": "CVE-2022-48339", "description": "A flaw was found in the Emacs package. If a file name or directory name contains shell metacharacters, arbitrary code may be executed.", "issued": "2023-02-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-48339 https://bugzilla.redhat.com/show_bug.cgi?id=2171989 https://www.cve.org/CVERecord?id=CVE-2022-48339 https://nvd.nist.gov/vuln/detail/CVE-2022-48339 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-48339.json https://access.redhat.com/errata/RHSA-2023:2626", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-8.el9_2.1", "arch_op": "pattern match" }, "2bOVXniSdlE0fZB1iot4yQ==": { "id": "2bOVXniSdlE0fZB1iot4yQ==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "2eI6vtB1jD43elLjnJ5clw==": { "id": "2eI6vtB1jD43elLjnJ5clw==", "updater": "rhel-vex", "name": "CVE-2025-55132", "description": "A file access flaw has been discovered in NodeJS. A file's access and modification timestamps to be changed via `futimes()` even when the process has only read permissions. Unlike `utimes()`, `futimes()` does not apply the expected write-permission checks, which means file metadata can be modified in read-only directories. This behavior could be used to alter timestamps in ways that obscure activity, reducing the reliability of logs.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-55132 https://bugzilla.redhat.com/show_bug.cgi?id=2431338 https://www.cve.org/CVERecord?id=CVE-2025-55132 https://nvd.nist.gov/vuln/detail/CVE-2025-55132 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-55132.json https://access.redhat.com/errata/RHSA-2026:2783", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.20.0-1.module+el9.7.0+23895+0637d423", "arch_op": "pattern match" }, "2j4vw/Ef1McLxa/C6FEQvA==": { "id": "2j4vw/Ef1McLxa/C6FEQvA==", "updater": "rhel-vex", "name": "CVE-2022-25883", "description": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size, resulting in a denial of service.", "issued": "2023-06-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25883 https://bugzilla.redhat.com/show_bug.cgi?id=2216475 https://www.cve.org/CVERecord?id=CVE-2022-25883 https://nvd.nist.gov/vuln/detail/CVE-2022-25883 https://github.com/advisories/GHSA-c2qf-rxjj-qqgw https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25883.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.17.1-1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "2k/PqFfUaKNy33VkAbVD6g==": { "id": "2k/PqFfUaKNy33VkAbVD6g==", "updater": "rhel-vex", "name": "CVE-2022-24765", "description": "A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This allows the owner of the repository to cause arbitrary commands to be executed by other users who access the repository.", "issued": "2022-04-12T10:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-24765 https://bugzilla.redhat.com/show_bug.cgi?id=2073414 https://www.cve.org/CVERecord?id=CVE-2022-24765 https://nvd.nist.gov/vuln/detail/CVE-2022-24765 https://github.com/git-for-windows/git/security/advisories/GHSA-vw2c-22j4-2fh2 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-24765.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "2luu38jiVQvy6qOXHFgpAg==": { "id": "2luu38jiVQvy6qOXHFgpAg==", "updater": "rhel-vex", "name": "CVE-2022-2042", "description": "A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.", "issued": "2022-06-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2042 https://bugzilla.redhat.com/show_bug.cgi?id=2097768 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2042.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "2n2n++65Q4X6kZeNZUZXMw==": { "id": "2n2n++65Q4X6kZeNZUZXMw==", "updater": "rhel-vex", "name": "CVE-2023-27533", "description": "A vulnerability in input validation exists in curl \u003c8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27533 https://bugzilla.redhat.com/show_bug.cgi?id=2179062 https://www.cve.org/CVERecord?id=CVE-2023-27533 https://nvd.nist.gov/vuln/detail/CVE-2023-27533 https://curl.se/docs/CVE-2023-27533.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27533.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "2oTX17kDUCTK4lHB98r0SQ==": { "id": "2oTX17kDUCTK4lHB98r0SQ==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-base", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.27-481.1.el9_6", "arch_op": "pattern match" }, "2pofu/QdlV4xoXosgfKRNw==": { "id": "2pofu/QdlV4xoXosgfKRNw==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "2s0qmbyWNwDtt7UJcKOirQ==": { "id": "2s0qmbyWNwDtt7UJcKOirQ==", "updater": "rhel-vex", "name": "CVE-2026-1528", "description": "A flaw was found in undici. A remote attacker could exploit this vulnerability by sending a specially crafted WebSocket frame with an extremely large 64-bit length. This causes undici's ByteParser to overflow its internal calculations, leading to an invalid state and a fatal TypeError. The primary consequence is a Denial of Service (DoS), which terminates the process.", "issued": "2026-03-12T20:21:57Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1528 https://bugzilla.redhat.com/show_bug.cgi?id=2447145 https://www.cve.org/CVERecord?id=CVE-2026-1528 https://nvd.nist.gov/vuln/detail/CVE-2026-1528 https://cna.openjsf.org/security-advisories.html https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj https://hackerone.com/reports/3537648 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1528.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "2sm08sXcjWtT2Gtu3CdSug==": { "id": "2sm08sXcjWtT2Gtu3CdSug==", "updater": "rhel-vex", "name": "CVE-2022-1725", "description": "A NULL pointer dereference vulnerability was found in Vim's vim_regexec_string() function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "issued": "2022-09-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-1725 https://bugzilla.redhat.com/show_bug.cgi?id=2132561 https://www.cve.org/CVERecord?id=CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-1725.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "2t1KBK7sA8rKgVHavF6SZA==": { "id": "2t1KBK7sA8rKgVHavF6SZA==", "updater": "rhel-vex", "name": "CVE-2023-52355", "description": "An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB.", "issued": "2023-11-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-52355 https://bugzilla.redhat.com/show_bug.cgi?id=2251326 https://www.cve.org/CVERecord?id=CVE-2023-52355 https://nvd.nist.gov/vuln/detail/CVE-2023-52355 https://gitlab.com/libtiff/libtiff/-/issues/621 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52355.json https://access.redhat.com/errata/RHSA-2025:20801", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-15.el9", "arch_op": "pattern match" }, "2tFr9TQJkcgsTrNAQX0kdw==": { "id": "2tFr9TQJkcgsTrNAQX0kdw==", "updater": "rhel-vex", "name": "CVE-2023-39319", "description": "A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of \"\u003cscript\", \"\u003c!--\", and \"\u003c/script\" within JS literals in \u003cscript\u003e contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39319 https://bugzilla.redhat.com/show_bug.cgi?id=2237773 https://www.cve.org/CVERecord?id=CVE-2023-39319 https://nvd.nist.gov/vuln/detail/CVE-2023-39319 https://go.dev/cl/526157 https://go.dev/issue/62197 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2043.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39319.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "2usQa32fSqIDVo0qKM7RFA==": { "id": "2usQa32fSqIDVo0qKM7RFA==", "updater": "rhel-vex", "name": "CVE-2025-58190", "description": "The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) in an exposed go application if an attacker provides specially crafted HTML content.", "issued": "2026-02-05T17:48:44Z", "links": "https://access.redhat.com/security/cve/CVE-2025-58190 https://bugzilla.redhat.com/show_bug.cgi?id=2437110 https://www.cve.org/CVERecord?id=CVE-2025-58190 https://nvd.nist.gov/vuln/detail/CVE-2025-58190 https://github.com/golang/vulndb/issues/4441 https://go.dev/cl/709875 https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c https://pkg.go.dev/vuln/GO-2026-4441 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-58190.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "2vdCDySzHer9qKv7EOUGqQ==": { "id": "2vdCDySzHer9qKv7EOUGqQ==", "updater": "rhel-vex", "name": "CVE-2024-12085", "description": "A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.", "issued": "2025-01-14T15:06:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12085 https://bugzilla.redhat.com/show_bug.cgi?id=2330539 https://www.cve.org/CVERecord?id=CVE-2024-12085 https://nvd.nist.gov/vuln/detail/CVE-2024-12085 https://kb.cert.org/vuls/id/952657 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12085.json https://access.redhat.com/errata/RHSA-2025:0324", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "High", "package": { "id": "", "name": "rsync", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.2.3-20.el9_5.1", "arch_op": "pattern match" }, "2vidY7qxU0KDMpAzTaXQCw==": { "id": "2vidY7qxU0KDMpAzTaXQCw==", "updater": "rhel-vex", "name": "CVE-2022-29187", "description": "A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This issue allows the owner of the repository to cause arbitrary commands to be executed by other users who access the repository.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-29187 https://bugzilla.redhat.com/show_bug.cgi?id=2107439 https://www.cve.org/CVERecord?id=CVE-2022-29187 https://nvd.nist.gov/vuln/detail/CVE-2022-29187 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-29187.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "2wnmmIxGcmTTQ7kdV4Q55Q==": { "id": "2wnmmIxGcmTTQ7kdV4Q55Q==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.2.8.el9_4", "arch_op": "pattern match" }, "2y2LXrQ+Jdr+fioSazFF4w==": { "id": "2y2LXrQ+Jdr+fioSazFF4w==", "updater": "rhel-vex", "name": "CVE-2025-58183", "description": "A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.", "issued": "2025-10-29T22:10:14Z", "links": "https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://www.cve.org/CVERecord?id=CVE-2025-58183 https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4014 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-58183.json https://access.redhat.com/errata/RHSA-2025:21815", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.25.3-1.el9_7", "arch_op": "pattern match" }, "3+pow+WXSexmxDv966vMqQ==": { "id": "3+pow+WXSexmxDv966vMqQ==", "updater": "rhel-vex", "name": "CVE-2026-21716", "description": "A flaw was found in Node.js. An incomplete security fix allows code operating under restricted file system write permissions to bypass these limitations. This vulnerability enables the modification of file permissions and ownership on already-open files, even when explicit write access is denied. Such a bypass could lead to unauthorized changes to system files.", "issued": "2026-03-30T19:07:28Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21716 https://bugzilla.redhat.com/show_bug.cgi?id=2453157 https://www.cve.org/CVERecord?id=CVE-2026-21716 https://nvd.nist.gov/vuln/detail/CVE-2026-21716 https://nodejs.org/en/blog/vulnerability/march-2026-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21716.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "31lRdk8cNY+AWoLVxQqBUw==": { "id": "31lRdk8cNY+AWoLVxQqBUw==", "updater": "rhel-vex", "name": "CVE-2024-12797", "description": "A flaw was found in OpenSSL's RFC7250 Raw Public Key (RPK) authentication. This vulnerability allows man-in-the-middle (MITM) attacks via failure to abort TLS/DTLS handshakes when the server's RPK does not match the expected key despite the SSL_VERIFY_PEER verification mode being set.", "issued": "2025-02-11T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12797 https://bugzilla.redhat.com/show_bug.cgi?id=2342757 https://www.cve.org/CVERecord?id=CVE-2024-12797 https://nvd.nist.gov/vuln/detail/CVE-2024-12797 https://openssl-library.org/news/secadv/20250211.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12797.json https://access.redhat.com/errata/RHSA-2025:1330", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5.1", "arch_op": "pattern match" }, "32PT0J5usgv3laBJ37g1fA==": { "id": "32PT0J5usgv3laBJ37g1fA==", "updater": "rhel-vex", "name": "CVE-2023-39615", "description": "A flaw was found in Libxml2, where it contains a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a denial of service (DoS) by supplying a crafted XML file.", "issued": "2023-08-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39615 https://bugzilla.redhat.com/show_bug.cgi?id=2235864 https://www.cve.org/CVERecord?id=CVE-2023-39615 https://nvd.nist.gov/vuln/detail/CVE-2023-39615 https://gitlab.gnome.org/GNOME/libxml2/-/issues/535 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39615.json https://access.redhat.com/errata/RHSA-2023:7747", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-5.el9_3", "arch_op": "pattern match" }, "34BcC5oWRD1/7/1kuocy1g==": { "id": "34BcC5oWRD1/7/1kuocy1g==", "updater": "rhel-vex", "name": "CVE-2025-55130", "description": "A flaw in Node.js’s Permissions model allows attackers to bypass `--allow-fs-read` and `--allow-fs-write` restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files. This breaks the expected isolation guarantees and enables arbitrary file read/write.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-55130 https://bugzilla.redhat.com/show_bug.cgi?id=2431352 https://www.cve.org/CVERecord?id=CVE-2025-55130 https://nvd.nist.gov/vuln/detail/CVE-2025-55130 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-55130.json https://access.redhat.com/errata/RHSA-2026:2781", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.13.0-1.module+el9.7.0+23894+c8377628", "arch_op": "pattern match" }, "372OESqFjEs8/4MHn0xr+Q==": { "id": "372OESqFjEs8/4MHn0xr+Q==", "updater": "rhel-vex", "name": "CVE-2025-14104", "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14104 https://bugzilla.redhat.com/show_bug.cgi?id=2419369 https://www.cve.org/CVERecord?id=CVE-2025-14104 https://nvd.nist.gov/vuln/detail/CVE-2025-14104 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14104.json https://access.redhat.com/errata/RHSA-2026:1913", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libblkid-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.37.4-21.el9_7", "arch_op": "pattern match" }, "39KBEdrZX0FwGoQxYgkupQ==": { "id": "39KBEdrZX0FwGoQxYgkupQ==", "updater": "rhel-vex", "name": "CVE-2025-23083", "description": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.", "issued": "2025-01-22T01:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23083 https://bugzilla.redhat.com/show_bug.cgi?id=2339392 https://www.cve.org/CVERecord?id=CVE-2025-23083 https://nvd.nist.gov/vuln/detail/CVE-2025-23083 https://nodejs.org/en/blog/vulnerability/january-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23083.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.13.1-1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "3A+d+ITPUBtAGX1jTlLhKg==": { "id": "3A+d+ITPUBtAGX1jTlLhKg==", "updater": "rhel-vex", "name": "CVE-2023-6129", "description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "issued": "2024-01-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "3A/kVsDzDDwZXdM+JpfWlA==": { "id": "3A/kVsDzDDwZXdM+JpfWlA==", "updater": "rhel-vex", "name": "CVE-2026-32288", "description": "A flaw was found in Go's `archive/tar` package. A remote attacker could exploit this vulnerability by providing a maliciously-crafted archive file. When the `tar.Reader` processes an archive containing a large number of sparse regions in the \"old GNU sparse map\" format, it can lead to unbounded memory allocation. This can result in a Denial of Service (DoS) condition, making the affected application unresponsive.", "issued": "2026-04-08T01:06:57Z", "links": "https://access.redhat.com/security/cve/CVE-2026-32288 https://bugzilla.redhat.com/show_bug.cgi?id=2456332 https://www.cve.org/CVERecord?id=CVE-2026-32288 https://nvd.nist.gov/vuln/detail/CVE-2026-32288 https://go.dev/cl/763766 https://go.dev/issue/78301 https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU https://pkg.go.dev/vuln/GO-2026-4869 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32288.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "3AbYXrLwWtddQg0NqJQudw==": { "id": "3AbYXrLwWtddQg0NqJQudw==", "updater": "rhel-vex", "name": "CVE-2026-22020", "description": "No description is available for this CVE.", "issued": "2026-04-21T20:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22020 https://bugzilla.redhat.com/show_bug.cgi?id=2460045 https://www.cve.org/CVERecord?id=CVE-2026-22020 https://nvd.nist.gov/vuln/detail/CVE-2026-22020 https://www.oracle.com/security-alerts/cpuapr2026.html#AppendixJAVA https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22020.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libpng", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "3BY1OD4rYtX6LEFO6X+/Yw==": { "id": "3BY1OD4rYtX6LEFO6X+/Yw==", "updater": "rhel-vex", "name": "CVE-2023-24329", "description": "A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity.", "issued": "2023-02-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24329 https://bugzilla.redhat.com/show_bug.cgi?id=2173917 https://www.cve.org/CVERecord?id=CVE-2023-24329 https://nvd.nist.gov/vuln/detail/CVE-2023-24329 https://pointernull.com/security/python-url-parse-problem.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24329.json https://access.redhat.com/errata/RHSA-2023:3595", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.16-1.el9_2.1", "arch_op": "pattern match" }, "3CUrg7YVjtx0L5aX+iMRxA==": { "id": "3CUrg7YVjtx0L5aX+iMRxA==", "updater": "rhel-vex", "name": "CVE-2024-9287", "description": "A vulnerability has been found in the Python `venv` module and CLI. Path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts, for example, \"source venv/bin/activate\". This flaw allows attacker-controlled virtual environments to run commands when the virtual environment is activated.", "issued": "2024-10-22T16:34:39Z", "links": "https://access.redhat.com/security/cve/CVE-2024-9287 https://bugzilla.redhat.com/show_bug.cgi?id=2321440 https://www.cve.org/CVERecord?id=CVE-2024-9287 https://nvd.nist.gov/vuln/detail/CVE-2024-9287 https://github.com/python/cpython/issues/124651 https://github.com/python/cpython/pull/124712 https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9287.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "3D/COcmVFbxgINNliqKHgw==": { "id": "3D/COcmVFbxgINNliqKHgw==", "updater": "rhel-vex", "name": "CVE-2023-23916", "description": "A flaw was found in the Curl package. A malicious server can insert an unlimited number of compression steps. This decompression chain could result in out-of-memory errors.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23916 https://bugzilla.redhat.com/show_bug.cgi?id=2167815 https://www.cve.org/CVERecord?id=CVE-2023-23916 https://nvd.nist.gov/vuln/detail/CVE-2023-23916 https://curl.se/docs/CVE-2023-23916.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23916.json https://access.redhat.com/errata/RHSA-2023:1701", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-19.el9_1.2", "arch_op": "pattern match" }, "3DJmtryLboz5D1RmZn6WTw==": { "id": "3DJmtryLboz5D1RmZn6WTw==", "updater": "rhel-vex", "name": "CVE-2025-8194", "description": "A flaw was found in the Python tarfile module. Processing a specially crafted tar archive, specifically an archive with negative offsets, can cause an infinite loop and deadlock. This issue results in a denial of service in the Python application using the tarfile module.", "issued": "2025-07-28T18:42:44Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8194 https://bugzilla.redhat.com/show_bug.cgi?id=2384043 https://www.cve.org/CVERecord?id=CVE-2025-8194 https://nvd.nist.gov/vuln/detail/CVE-2025-8194 https://github.com/python/cpython/issues/130577 https://github.com/python/cpython/pull/137027 https://mail.python.org/archives/list/security-announce@python.org/thread/ZULLF3IZ726XP5EY7XJ7YIN3K5MDYR2D/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8194.json https://access.redhat.com/errata/RHSA-2025:15019", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.2", "arch_op": "pattern match" }, "3E/EPC1OcoKQToPb+efdaQ==": { "id": "3E/EPC1OcoKQToPb+efdaQ==", "updater": "rhel-vex", "name": "CVE-2022-3358", "description": "A flaw was found in OpenSSL, where it incorrectly handles legacy custom ciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions (as well as other similarly named encryption and decryption initialization functions). Instead of using the custom cipher directly, it incorrectly tries to fetch an equivalent cipher from the available providers. An equivalent cipher is found based on the NID passed to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a given cipher. However, it is possible for an application to incorrectly pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef is used this way, the OpenSSL encryption/decryption initialization function will match the NULL cipher as equivalent and fetch this from the available providers. This is successful if the default provider has been loaded (or if a third-party provider has been loaded that offers this cipher). Using the NULL cipher means that the plaintext is emitted as the ciphertext.", "issued": "2022-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3358 https://bugzilla.redhat.com/show_bug.cgi?id=2134740 https://www.cve.org/CVERecord?id=CVE-2022-3358 https://nvd.nist.gov/vuln/detail/CVE-2022-3358 https://www.openssl.org/news/secadv/20221011.txt https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3358.json https://access.redhat.com/errata/RHSA-2023:2523", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-6.el9_2", "arch_op": "pattern match" }, "3E5wmOETiTx03Y24iDJEUg==": { "id": "3E5wmOETiTx03Y24iDJEUg==", "updater": "rhel-vex", "name": "CVE-2025-22866", "description": "A flaw was found in the Golang crypto/internal/nistec package. Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Considering how this function is used, this leakage is likely insufficient to recover the private key when P-256 is used in any well-known protocols.", "issued": "2025-02-06T16:54:10Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22866 https://bugzilla.redhat.com/show_bug.cgi?id=2344219 https://www.cve.org/CVERecord?id=CVE-2025-22866 https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://pkg.go.dev/vuln/GO-2025-3447 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22866.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "3FdyvSRS+ECfT74KYiCcLA==": { "id": "3FdyvSRS+ECfT74KYiCcLA==", "updater": "rhel-vex", "name": "CVE-2023-22490", "description": "A vulnerability was found in Git. Using a specially-crafted repository, Git can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source $GIT_DIR/objects directory contains symbolic links (CVE-2022-39253), the objects directory may still be a symbolic link.", "issued": "2023-02-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-22490 https://bugzilla.redhat.com/show_bug.cgi?id=2168160 https://www.cve.org/CVERecord?id=CVE-2023-22490 https://nvd.nist.gov/vuln/detail/CVE-2023-22490 https://github.blog/2023-02-14-git-security-vulnerabilities-announced-3/ https://github.com/git/git/security/advisories/GHSA-gw92-x3fm-3g3q https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-22490.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "3FpQibjt3OzhrwoSJ9I0Mg==": { "id": "3FpQibjt3OzhrwoSJ9I0Mg==", "updater": "rhel-vex", "name": "CVE-2025-4598", "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "issued": "2025-05-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4598 https://bugzilla.redhat.com/show_bug.cgi?id=2369242 https://www.cve.org/CVERecord?id=CVE-2025-4598 https://nvd.nist.gov/vuln/detail/CVE-2025-4598 https://www.openwall.com/lists/oss-security/2025/05/29/3 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4598.json https://access.redhat.com/errata/RHSA-2025:22660", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd-pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:252-55.el9_7.7", "arch_op": "pattern match" }, "3KVKKCxdWl+iCbo/o6cUCw==": { "id": "3KVKKCxdWl+iCbo/o6cUCw==", "updater": "rhel-vex", "name": "CVE-2025-61984", "description": "A flaw was found in OpenSSH where control characters in usernames were not properly validated when sourced from untrusted inputs like the command line or configuration expansion. If a ProxyCommand is used, these control characters could modify command behavior, potentially leading to code execution.", "issued": "2025-10-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61984 https://bugzilla.redhat.com/show_bug.cgi?id=2401960 https://www.cve.org/CVERecord?id=CVE-2025-61984 https://nvd.nist.gov/vuln/detail/CVE-2025-61984 https://marc.info/?l=openssh-unix-dev\u0026m=175974522032149\u0026w=2 https://www.openssh.com/releasenotes.html#10.1p1 https://www.openwall.com/lists/oss-security/2025/10/06/1 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61984.json https://access.redhat.com/errata/RHSA-2025:23480", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-47.el9_7", "arch_op": "pattern match" }, "3Lvdmj//2sze9S8I3n8yrw==": { "id": "3Lvdmj//2sze9S8I3n8yrw==", "updater": "rhel-vex", "name": "CVE-2023-0288", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "issued": "2023-01-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0288.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "3NsOBlWsKnPW4267fh2nUA==": { "id": "3NsOBlWsKnPW4267fh2nUA==", "updater": "rhel-vex", "name": "CVE-2025-5914", "description": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5914 https://bugzilla.redhat.com/show_bug.cgi?id=2370861 https://www.cve.org/CVERecord?id=CVE-2025-5914 https://nvd.nist.gov/vuln/detail/CVE-2025-5914 https://github.com/libarchive/libarchive/pull/2598 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5914.json https://access.redhat.com/errata/RHSA-2025:14130", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "bsdtar", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-6.el9_6", "arch_op": "pattern match" }, "3O4R28kD2w0Acw7XQvAZ3Q==": { "id": "3O4R28kD2w0Acw7XQvAZ3Q==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-interpreter", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "4:5.32.1-481.el9", "arch_op": "pattern match" }, "3R40oInfBrzPyywU8VZGOA==": { "id": "3R40oInfBrzPyywU8VZGOA==", "updater": "rhel-vex", "name": "CVE-2025-61985", "description": "A flaw was found in OpenSSH where the SSH client accepted \\0 (null) characters in ssh:// URIs. When a ProxyCommand is configured, these characters could alter how the command is parsed, potentially leading to code execution depending on how the proxy is set up.", "issued": "2025-10-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61985 https://bugzilla.redhat.com/show_bug.cgi?id=2401962 https://www.cve.org/CVERecord?id=CVE-2025-61985 https://nvd.nist.gov/vuln/detail/CVE-2025-61985 https://marc.info/?l=openssh-unix-dev\u0026m=175974522032149\u0026w=2 https://www.openssh.com/releasenotes.html#10.1p1 https://www.openwall.com/lists/oss-security/2025/10/06/1 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61985.json https://access.redhat.com/errata/RHSA-2025:23480", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-47.el9_7", "arch_op": "pattern match" }, "3S91ZYwiienVlUnFeIzkRw==": { "id": "3S91ZYwiienVlUnFeIzkRw==", "updater": "rhel-vex", "name": "CVE-2025-8941", "description": "A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a \"complete\" fix for CVE-2025-6020.", "issued": "2025-08-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://www.cve.org/CVERecord?id=CVE-2025-8941 https://nvd.nist.gov/vuln/detail/CVE-2025-8941 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8941.json https://access.redhat.com/errata/RHSA-2025:15099", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-26.el9_6", "arch_op": "pattern match" }, "3UFdmogC8LxBJ8vh97CLKg==": { "id": "3UFdmogC8LxBJ8vh97CLKg==", "updater": "rhel-vex", "name": "CVE-2026-33812", "description": "A flaw was found in golang.org/x/image. A remote attacker could exploit this vulnerability by providing a specially crafted font file. Parsing this malicious file can lead to excessive memory allocation, which may result in a Denial of Service (DoS) for the affected system.", "issued": "2026-04-21T19:21:28Z", "links": "https://access.redhat.com/security/cve/CVE-2026-33812 https://bugzilla.redhat.com/show_bug.cgi?id=2460227 https://www.cve.org/CVERecord?id=CVE-2026-33812 https://nvd.nist.gov/vuln/detail/CVE-2026-33812 https://go.dev/cl/761180 https://go.dev/issue/78382 https://pkg.go.dev/vuln/GO-2026-4962 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33812.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "3UNcgW64Eji4iyY2ZDB1cg==": { "id": "3UNcgW64Eji4iyY2ZDB1cg==", "updater": "rhel-vex", "name": "CVE-2026-3783", "description": "A flaw was found in curl. When an OAuth2 bearer token is used for an HTTP(S) transfer that redirects to a second URL, curl could unintentionally leak the token. This occurs if the second hostname has entries in the `.netrc` file, allowing the bearer token intended for the first host to be sent to the redirected host. This information disclosure could allow an attacker to gain unauthorized access.", "issued": "2026-03-11T10:09:08Z", "links": "https://access.redhat.com/security/cve/CVE-2026-3783 https://bugzilla.redhat.com/show_bug.cgi?id=2446450 https://www.cve.org/CVERecord?id=CVE-2026-3783 https://nvd.nist.gov/vuln/detail/CVE-2026-3783 http://www.openwall.com/lists/oss-security/2026/03/11/2 https://curl.se/docs/CVE-2026-3783.html https://curl.se/docs/CVE-2026-3783.json https://hackerone.com/reports/3583983 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3783.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "3WRC4Vl08/leTJ1MFHuCEg==": { "id": "3WRC4Vl08/leTJ1MFHuCEg==", "updater": "rhel-vex", "name": "CVE-2022-3297", "description": "A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-09-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3297 https://bugzilla.redhat.com/show_bug.cgi?id=2129838 https://www.cve.org/CVERecord?id=CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3297.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "3XIBdvUrBg0m5KBpdJCHaA==": { "id": "3XIBdvUrBg0m5KBpdJCHaA==", "updater": "rhel-vex", "name": "CVE-2026-21710", "description": "A flaw was found in Node.js. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request that includes a header named `__proto__`. When a Node.js application processes this request and attempts to access distinct headers, it encounters an unhandled error, leading to an application crash. This can result in a Denial of Service (DoS), making the affected service unavailable to users.", "issued": "2026-03-30T19:07:28Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21710 https://bugzilla.redhat.com/show_bug.cgi?id=2453151 https://www.cve.org/CVERecord?id=CVE-2026-21710 https://nvd.nist.gov/vuln/detail/CVE-2026-21710 https://nodejs.org/en/blog/vulnerability/march-2026-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21710.json https://access.redhat.com/errata/RHSA-2026:7302", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.22.2-1.module+el9.7.0+24157+8ddb2461", "arch_op": "pattern match" }, "3a2lYBlaR2GDen/lmTlCyg==": { "id": "3a2lYBlaR2GDen/lmTlCyg==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1443", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.18.2-1.module+el9.5.0+22758+4ad2c198", "arch_op": "pattern match" }, "3bb0a18NQSPWO0aeq9twVw==": { "id": "3bb0a18NQSPWO0aeq9twVw==", "updater": "rhel-vex", "name": "CVE-2025-69419", "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69419 https://bugzilla.redhat.com/show_bug.cgi?id=2430386 https://www.cve.org/CVERecord?id=CVE-2025-69419 https://nvd.nist.gov/vuln/detail/CVE-2025-69419 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69419.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "3cVM/UH6o+8G2FMQ1Gl/Ww==": { "id": "3cVM/UH6o+8G2FMQ1Gl/Ww==", "updater": "rhel-vex", "name": "CVE-2024-4603", "description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.  In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "issued": "2024-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "3ehQjUp3PMzo2i+ZXMC7RA==": { "id": "3ehQjUp3PMzo2i+ZXMC7RA==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://inbox.sourceware.org/libc-announce/3ac997b0-28a5-4129-af53-675efe4c2dec@redhat.com/T/#u https://sourceware.org/bugzilla/show_bug.cgi?id=32976 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "3f5N5l71YgnMV/U9whrIuA==": { "id": "3f5N5l71YgnMV/U9whrIuA==", "updater": "rhel-vex", "name": "CVE-2023-0803", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted16bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0803 https://bugzilla.redhat.com/show_bug.cgi?id=2170187 https://www.cve.org/CVERecord?id=CVE-2023-0803 https://nvd.nist.gov/vuln/detail/CVE-2023-0803 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0803.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "3k2lNJd2kR3VB6gGhj547g==": { "id": "3k2lNJd2kR3VB6gGhj547g==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gcc-c++", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "3skSbDjTQ02+eNiFJz716g==": { "id": "3skSbDjTQ02+eNiFJz716g==", "updater": "rhel-vex", "name": "CVE-2023-45143", "description": "A flaw was found in the Undici node package due to the occurrence of Cross-origin requests, possibly leading to a cookie header leakage. By default, cookie headers are forbidden request headers, and they must be enabled. This flaw allows a malicious user to access this leaked cookie if they have control of the redirection.", "issued": "2023-10-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45143 https://bugzilla.redhat.com/show_bug.cgi?id=2244104 https://www.cve.org/CVERecord?id=CVE-2023-45143 https://nvd.nist.gov/vuln/detail/CVE-2023-45143 https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45143.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "3w8o+aWAdmG4VgeVZcWXSQ==": { "id": "3w8o+aWAdmG4VgeVZcWXSQ==", "updater": "rhel-vex", "name": "CVE-2025-47906", "description": "A path handling flaw has been discovered in the os/exec go package. If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", "issued": "2025-09-18T18:41:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47906 https://bugzilla.redhat.com/show_bug.cgi?id=2396546 https://www.cve.org/CVERecord?id=CVE-2025-47906 https://nvd.nist.gov/vuln/detail/CVE-2025-47906 https://go.dev/cl/691775 https://go.dev/issue/74466 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://pkg.go.dev/vuln/GO-2025-3956 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47906.json https://access.redhat.com/errata/RHSA-2025:13935", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.6-1.el9_6", "arch_op": "pattern match" }, "3wP/Eggf7Bu35MpzNr1Fog==": { "id": "3wP/Eggf7Bu35MpzNr1Fog==", "updater": "rhel-vex", "name": "CVE-2025-31498", "description": "A flaw was found in c-ares. This vulnerability allows a remote or local attacker to cause a use-after-free, potentially leading to application-level denial of service or other unexpected behavior via manipulation of DNS responses or network conditions during query processing.", "issued": "2025-04-08T13:53:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-31498 https://bugzilla.redhat.com/show_bug.cgi?id=2358271 https://www.cve.org/CVERecord?id=CVE-2025-31498 https://nvd.nist.gov/vuln/detail/CVE-2025-31498 https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1 https://github.com/c-ares/c-ares/pull/821 https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-31498.json https://access.redhat.com/errata/RHSA-2025:7433", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.15.0-1.module+el9.6.0+23062+9e7801b9", "arch_op": "pattern match" }, "3wYf+EaP3IAW5wHFWATuaw==": { "id": "3wYf+EaP3IAW5wHFWATuaw==", "updater": "rhel-vex", "name": "CVE-2023-32067", "description": "A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32067 https://bugzilla.redhat.com/show_bug.cgi?id=2209502 https://www.cve.org/CVERecord?id=CVE-2023-32067 https://nvd.nist.gov/vuln/detail/CVE-2023-32067 https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32067.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "3wnJ6TxCGJITikNK4m6q+g==": { "id": "3wnJ6TxCGJITikNK4m6q+g==", "updater": "rhel-vex", "name": "CVE-2025-4330", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows bypassing of extraction filters, enabling symlink traversal outside the intended extraction directory and potential modification of file metadata via malicious tar archives using TarFile.extractall() or TarFile.extract() with the filter=\"data\" or filter=\"tar\" parameters. This issue leads to potentially overwriting or modifying system files and metadata.", "issued": "2025-06-03T12:58:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4330 https://bugzilla.redhat.com/show_bug.cgi?id=2370014 https://www.cve.org/CVERecord?id=CVE-2025-4330 https://nvd.nist.gov/vuln/detail/CVE-2025-4330 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4330.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "3xBuQnj5DELjtk3GymuBTw==": { "id": "3xBuQnj5DELjtk3GymuBTw==", "updater": "rhel-vex", "name": "CVE-2026-27135", "description": "A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service (DoS).", "issued": "2026-03-18T17:59:02Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27135 https://bugzilla.redhat.com/show_bug.cgi?id=2448754 https://www.cve.org/CVERecord?id=CVE-2026-27135 https://nvd.nist.gov/vuln/detail/CVE-2026-27135 https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27135.json https://access.redhat.com/errata/RHSA-2026:7302", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.22.2-1.module+el9.7.0+24157+8ddb2461", "arch_op": "pattern match" }, "3yaDBYST3GIWj+F89QlkNw==": { "id": "3yaDBYST3GIWj+F89QlkNw==", "updater": "rhel-vex", "name": "CVE-2026-27904", "description": "A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and resulting in a Denial of Service (DoS).", "issued": "2026-02-26T01:07:42Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27904 https://bugzilla.redhat.com/show_bug.cgi?id=2442922 https://www.cve.org/CVERecord?id=CVE-2026-27904 https://nvd.nist.gov/vuln/detail/CVE-2026-27904 https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27904.json https://access.redhat.com/errata/RHSA-2026:7302", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.22.2-1.module+el9.7.0+24157+8ddb2461", "arch_op": "pattern match" }, "429KD7e1Cl6AyUZNBGOTQw==": { "id": "429KD7e1Cl6AyUZNBGOTQw==", "updater": "rhel-vex", "name": "CVE-2025-9230", "description": "A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).", "issued": "2025-09-30T23:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9230 https://bugzilla.redhat.com/show_bug.cgi?id=2396054 https://www.cve.org/CVERecord?id=CVE-2025-9230 https://nvd.nist.gov/vuln/detail/CVE-2025-9230 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9230.json https://access.redhat.com/errata/RHSA-2025:21255", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-4.el9_7", "arch_op": "pattern match" }, "43uaBOp3I4s6BbwM75Dtcg==": { "id": "43uaBOp3I4s6BbwM75Dtcg==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "49jEi4xCgfg8T8qzhNobIA==": { "id": "49jEi4xCgfg8T8qzhNobIA==", "updater": "rhel-vex", "name": "CVE-2024-21891", "description": "A flaw was found in Node.js. Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwritten with user-defined implementations, leading to a filesystem permission model bypass through a path traversal attack.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21891 https://bugzilla.redhat.com/show_bug.cgi?id=2265720 https://www.cve.org/CVERecord?id=CVE-2024-21891 https://nvd.nist.gov/vuln/detail/CVE-2024-21891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21891.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "4CRDu/yV+Tfg3mSUobPIUg==": { "id": "4CRDu/yV+Tfg3mSUobPIUg==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "4Gs7xCHPPMrNepkQNCPnkg==": { "id": "4Gs7xCHPPMrNepkQNCPnkg==", "updater": "rhel-vex", "name": "CVE-2023-23946", "description": "A vulnerability was found in Git. This security issue occurs when feeding a crafted input to \"git apply.\" A path outside the working tree can be overwritten by the user running \"git apply.\"", "issued": "2023-02-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23946 https://bugzilla.redhat.com/show_bug.cgi?id=2168161 https://www.cve.org/CVERecord?id=CVE-2023-23946 https://nvd.nist.gov/vuln/detail/CVE-2023-23946 https://github.blog/2023-02-14-git-security-vulnerabilities-announced-3/ https://github.com/git/git/security/advisories/GHSA-r87m-v37r-cwfh https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23946.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "4H2TsDPy1XcHidTqNqeZpg==": { "id": "4H2TsDPy1XcHidTqNqeZpg==", "updater": "rhel-vex", "name": "CVE-2026-4519", "description": "A flaw was found in Python. The `webbrowser.open()` API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options, which could lead to unexpected behavior, information disclosure, or potentially arbitrary code execution, impacting the integrity of the system.", "issued": "2026-03-20T15:08:32Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4519 https://bugzilla.redhat.com/show_bug.cgi?id=2449649 https://www.cve.org/CVERecord?id=CVE-2026-4519 https://nvd.nist.gov/vuln/detail/CVE-2026-4519 https://github.com/python/cpython/issues/143930 https://github.com/python/cpython/pull/143931 https://mail.python.org/archives/list/security-announce@python.org/thread/AY5NDSS433JK56Q7Q5IS7B37QFZVVOUS/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4519.json https://access.redhat.com/errata/RHSA-2026:6766", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.25-3.el9_7.2", "arch_op": "pattern match" }, "4Ir8FDWM4WPrO3dybbfnYQ==": { "id": "4Ir8FDWM4WPrO3dybbfnYQ==", "updater": "rhel-vex", "name": "CVE-2025-13837", "description": "A flaw was found in the plistlib module in the Python standard library. The amount of data to read from a Plist file is specified in the file itself. This issue allows a specially crafted Plist file to cause an application to allocate a large amount of memory, potentially resulting in allocations errors, swapping, out-of-memory conditions or even system freezes.", "issued": "2025-12-01T18:13:32Z", "links": "https://access.redhat.com/security/cve/CVE-2025-13837 https://bugzilla.redhat.com/show_bug.cgi?id=2418084 https://www.cve.org/CVERecord?id=CVE-2025-13837 https://nvd.nist.gov/vuln/detail/CVE-2025-13837 https://github.com/python/cpython/issues/119342 https://github.com/python/cpython/pull/119343 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-13837.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3.9", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "4IznDha57aCNWoI0Hc828Q==": { "id": "4IznDha57aCNWoI0Hc828Q==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "4JIGhO7+fAz+LPTFEuBHUg==": { "id": "4JIGhO7+fAz+LPTFEuBHUg==", "updater": "rhel-vex", "name": "CVE-2023-24329", "description": "A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity.", "issued": "2023-02-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24329 https://bugzilla.redhat.com/show_bug.cgi?id=2173917 https://www.cve.org/CVERecord?id=CVE-2023-24329 https://nvd.nist.gov/vuln/detail/CVE-2023-24329 https://pointernull.com/security/python-url-parse-problem.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24329.json https://access.redhat.com/errata/RHSA-2023:3595", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.16-1.el9_2.1", "arch_op": "pattern match" }, "4Jo5xwEh2K91Sr9xMmwzcw==": { "id": "4Jo5xwEh2K91Sr9xMmwzcw==", "updater": "rhel-vex", "name": "CVE-2026-25547", "description": "A flaw was found in the brace-expansion component. This denial of service (DoS) vulnerability allows a remote attacker to provide specially crafted input containing repeated numeric brace ranges. This input causes the library to attempt an unbounded expansion, consuming excessive CPU and memory resources. This can lead to a system crash, impacting the availability of the service.", "issued": "2026-02-04T21:51:17Z", "links": "https://access.redhat.com/security/cve/CVE-2026-25547 https://bugzilla.redhat.com/show_bug.cgi?id=2436942 https://www.cve.org/CVERecord?id=CVE-2026-25547 https://nvd.nist.gov/vuln/detail/CVE-2026-25547 https://github.com/isaacs/brace-expansion/security/advisories/GHSA-7h2j-956f-4vf2 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25547.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "4JsZIRvQ+13IMgBIUPH0jA==": { "id": "4JsZIRvQ+13IMgBIUPH0jA==", "updater": "rhel-vex", "name": "CVE-2023-7008", "description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "issued": "2022-12-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:252-32.el9_4", "arch_op": "pattern match" }, "4K1RYkumn7qw6Pk7lwpfbA==": { "id": "4K1RYkumn7qw6Pk7lwpfbA==", "updater": "rhel-vex", "name": "CVE-2024-11168", "description": "A flaw was found in Python. The `urllib.parse.urlsplit()` and `urlparse()` functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture compliant. This behavior was not conformant to RFC 3986 and was potentially vulnerable to server-side request forgery (SSRF) if a URL is processed by more than one URL parser.", "issued": "2024-11-12T21:22:23Z", "links": "https://access.redhat.com/security/cve/CVE-2024-11168 https://bugzilla.redhat.com/show_bug.cgi?id=2325776 https://www.cve.org/CVERecord?id=CVE-2024-11168 https://nvd.nist.gov/vuln/detail/CVE-2024-11168 https://github.com/python/cpython/commit/29f348e232e82938ba2165843c448c2b291504c5 https://github.com/python/cpython/commit/b2171a2fd41416cf68afd67460578631d755a550 https://github.com/python/cpython/issues/103848 https://github.com/python/cpython/pull/103849 https://mail.python.org/archives/list/security-announce@python.org/thread/XPWB6XVZ5G5KGEI63M4AWLIEUF5BPH4T/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-11168.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "4K4SQ2PlDqXihbvwEXiB/w==": { "id": "4K4SQ2PlDqXihbvwEXiB/w==", "updater": "rhel-vex", "name": "CVE-2023-3618", "description": "A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.", "issued": "2023-02-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3618 https://bugzilla.redhat.com/show_bug.cgi?id=2215865 https://www.cve.org/CVERecord?id=CVE-2023-3618 https://nvd.nist.gov/vuln/detail/CVE-2023-3618 https://gitlab.com/libtiff/libtiff/-/issues/529 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3618.json https://access.redhat.com/errata/RHSA-2024:2289", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9", "arch_op": "pattern match" }, "4K7cGcsZltSw5Ayu8+A5rA==": { "id": "4K7cGcsZltSw5Ayu8+A5rA==", "updater": "rhel-vex", "name": "CVE-2023-2731", "description": "A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service.", "issued": "2023-04-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2731 https://bugzilla.redhat.com/show_bug.cgi?id=2207635 https://www.cve.org/CVERecord?id=CVE-2023-2731 https://nvd.nist.gov/vuln/detail/CVE-2023-2731 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2731.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "4L3dk768qs7Sg3jWyr+5Ug==": { "id": "4L3dk768qs7Sg3jWyr+5Ug==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "4LZWGm07jnOHHBGX2FzAwg==": { "id": "4LZWGm07jnOHHBGX2FzAwg==", "updater": "rhel-vex", "name": "CVE-2025-1153", "description": "A flaw was found in GNU Binutils. A specially-crafted payload may be able to trigger a memory leak, which can lead to an application crash or other undefined behavior.", "issued": "2025-02-10T19:00:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1153 https://bugzilla.redhat.com/show_bug.cgi?id=2344743 https://www.cve.org/CVERecord?id=CVE-2025-1153 https://nvd.nist.gov/vuln/detail/CVE-2025-1153 https://sourceware.org/bugzilla/show_bug.cgi?id=32603 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150 https://vuldb.com/?ctiid.295057 https://vuldb.com/?id.295057 https://vuldb.com/?submit.489991 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1153.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "4MoaZecth+9t4X3jdykhZg==": { "id": "4MoaZecth+9t4X3jdykhZg==", "updater": "rhel-vex", "name": "CVE-2023-43789", "description": "A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the system.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43789 https://bugzilla.redhat.com/show_bug.cgi?id=2242249 https://www.cve.org/CVERecord?id=CVE-2023-43789 https://nvd.nist.gov/vuln/detail/CVE-2023-43789 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43789.json https://access.redhat.com/errata/RHSA-2024:2146", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libXpm-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.13-10.el9", "arch_op": "pattern match" }, "4N3POA/rTFsL9RdGINkq1A==": { "id": "4N3POA/rTFsL9RdGINkq1A==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "4Oz54fEBFyAJBdTJ/p2wxA==": { "id": "4Oz54fEBFyAJBdTJ/p2wxA==", "updater": "rhel-vex", "name": "CVE-2024-2236", "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "issued": "2024-03-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json https://access.redhat.com/errata/RHSA-2024:9404", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgcrypt", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.10.0-11.el9", "arch_op": "pattern match" }, "4PIM0/eLiUwExdFACTKEEw==": { "id": "4PIM0/eLiUwExdFACTKEEw==", "updater": "rhel-vex", "name": "CVE-2026-32281", "description": "A flaw was found in Go's `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.", "issued": "2026-04-08T01:06:58Z", "links": "https://access.redhat.com/security/cve/CVE-2026-32281 https://bugzilla.redhat.com/show_bug.cgi?id=2456333 https://www.cve.org/CVERecord?id=CVE-2026-32281 https://nvd.nist.gov/vuln/detail/CVE-2026-32281 https://go.dev/cl/758061 https://go.dev/issue/78281 https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU https://pkg.go.dev/vuln/GO-2026-4946 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32281.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "4PW1pGs0HJlG6XNR1xk0ZA==": { "id": "4PW1pGs0HJlG6XNR1xk0ZA==", "updater": "osv/go", "name": "GO-2025-3447", "description": "Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec", "issued": "2025-02-06T16:38:14Z", "links": "https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.22.12" }, "4PXcy6CSX2EaPwYEdLkfbw==": { "id": "4PXcy6CSX2EaPwYEdLkfbw==", "updater": "rhel-vex", "name": "CVE-2023-28322", "description": "A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28322 https://bugzilla.redhat.com/show_bug.cgi?id=2196793 https://www.cve.org/CVERecord?id=CVE-2023-28322 https://nvd.nist.gov/vuln/detail/CVE-2023-28322 https://curl.se/docs/CVE-2023-28322.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28322.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "4QiWtYafAt/cFOvYpyJONw==": { "id": "4QiWtYafAt/cFOvYpyJONw==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "4RaJ63cwUpp+QWj0IKysEw==": { "id": "4RaJ63cwUpp+QWj0IKysEw==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "4TUE8wYBdfhOKrJqWCYBNg==": { "id": "4TUE8wYBdfhOKrJqWCYBNg==", "updater": "rhel-vex", "name": "CVE-2025-66293", "description": "An out of bounds read vulnerability has been discovered in libpng. This vulnerability is in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management.", "issued": "2025-12-03T20:33:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-66293 https://bugzilla.redhat.com/show_bug.cgi?id=2418711 https://www.cve.org/CVERecord?id=CVE-2025-66293 https://nvd.nist.gov/vuln/detail/CVE-2025-66293 https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1 https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a https://github.com/pnggroup/libpng/issues/764 https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-66293.json https://access.redhat.com/errata/RHSA-2026:0238", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libpng-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:1.6.37-12.el9_7.1", "arch_op": "pattern match" }, "4TbG63vud59mo+N/aCOqpg==": { "id": "4TbG63vud59mo+N/aCOqpg==", "updater": "rhel-vex", "name": "CVE-2025-15367", "description": "A flaw was found in the poplib module in the Python standard library. The poplib module does not reject control characters, such as newlines, in user-controlled input passed to POP3 commands. This issue allows an attacker to inject additional commands to be executed in the POP3 server.", "issued": "2026-01-20T21:47:09Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15367 https://bugzilla.redhat.com/show_bug.cgi?id=2431373 https://www.cve.org/CVERecord?id=CVE-2025-15367 https://nvd.nist.gov/vuln/detail/CVE-2025-15367 https://github.com/python/cpython/issues/143923 https://github.com/python/cpython/pull/143924 https://mail.python.org/archives/list/security-announce@python.org/thread/CBFBOWVGGUJFSGITQCCBZS4GEYYZ7ZNE/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15367.json https://access.redhat.com/errata/RHSA-2026:4168", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.25-3.el9_7.1", "arch_op": "pattern match" }, "4Uca8szOo7gGoVgv+DjeUA==": { "id": "4Uca8szOo7gGoVgv+DjeUA==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "4Utc/6C5f6+A3gsr9KU/IA==": { "id": "4Utc/6C5f6+A3gsr9KU/IA==", "updater": "rhel-vex", "name": "CVE-2022-25881", "description": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.", "issued": "2023-01-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25881 https://bugzilla.redhat.com/show_bug.cgi?id=2165824 https://www.cve.org/CVERecord?id=CVE-2022-25881 https://nvd.nist.gov/vuln/detail/CVE-2022-25881 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25881.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "4WgtH2AC4w3jDaPCHFqEaw==": { "id": "4WgtH2AC4w3jDaPCHFqEaw==", "updater": "rhel-vex", "name": "CVE-2025-11494", "description": "An out of bounds read flaw has been discovered in the GNU Binutils package. The impacted function is _bfd_x86_elf_late_size_sections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally.", "issued": "2025-10-08T19:32:07Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11494 https://bugzilla.redhat.com/show_bug.cgi?id=2402559 https://www.cve.org/CVERecord?id=CVE-2025-11494 https://nvd.nist.gov/vuln/detail/CVE-2025-11494 https://sourceware.org/bugzilla/attachment.cgi?id=16389 https://sourceware.org/bugzilla/show_bug.cgi?id=33499 https://sourceware.org/bugzilla/show_bug.cgi?id=33499#c2 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a https://vuldb.com/?ctiid.327619 https://vuldb.com/?id.327619 https://vuldb.com/?submit.668281 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11494.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "4XOA2zoAqaqRnsk9Cc57Xw==": { "id": "4XOA2zoAqaqRnsk9Cc57Xw==", "updater": "rhel-vex", "name": "CVE-2026-27135", "description": "A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service (DoS).", "issued": "2026-03-18T17:59:02Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27135 https://bugzilla.redhat.com/show_bug.cgi?id=2448754 https://www.cve.org/CVERecord?id=CVE-2026-27135 https://nvd.nist.gov/vuln/detail/CVE-2026-27135 https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27135.json https://access.redhat.com/errata/RHSA-2026:7302", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461", "arch_op": "pattern match" }, "4YMcCEsfWO5KpctoAqwrFQ==": { "id": "4YMcCEsfWO5KpctoAqwrFQ==", "updater": "rhel-vex", "name": "CVE-2025-24928", "description": "A flaw was found in libxml2. This vulnerability allows a stack-based buffer overflow via DTD validation of an untrusted document or untrusted DTD.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-24928 https://bugzilla.redhat.com/show_bug.cgi?id=2346421 https://www.cve.org/CVERecord?id=CVE-2025-24928 https://nvd.nist.gov/vuln/detail/CVE-2025-24928 https://gitlab.gnome.org/GNOME/libxml2/-/issues/847 https://issues.oss-fuzz.com/issues/392687022 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-24928.json https://access.redhat.com/errata/RHSA-2025:2679", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.2", "arch_op": "pattern match" }, "4ZTG400o6y5du1mo17bLtg==": { "id": "4ZTG400o6y5du1mo17bLtg==", "updater": "rhel-vex", "name": "CVE-2026-2581", "description": "A flaw was found in Undici. When the `interceptors.deduplicate()` feature is enabled, response data for deduplicated requests can accumulate in memory. A remote attacker, by sending large or chunked responses and concurrent identical requests from an untrusted endpoint, can exploit this uncontrolled resource consumption. This leads to high memory usage and potential Out-Of-Memory (OOM) process termination, resulting in a Denial of Service (DoS) for the application.", "issued": "2026-03-12T20:13:19Z", "links": "https://access.redhat.com/security/cve/CVE-2026-2581 https://bugzilla.redhat.com/show_bug.cgi?id=2447140 https://www.cve.org/CVERecord?id=CVE-2026-2581 https://nvd.nist.gov/vuln/detail/CVE-2026-2581 https://cna.openjsf.org/security-advisories.html https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h https://hackerone.com/reports/3513473 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2581.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "4ZcrBE+d85+98j2eHMpVTQ==": { "id": "4ZcrBE+d85+98j2eHMpVTQ==", "updater": "rhel-vex", "name": "CVE-2026-27139", "description": "A path traversal flaw has been discovered in the golang `os` module. On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the filesystem without permitting reading or writing files outside the root.", "issued": "2026-03-06T21:28:14Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27139 https://bugzilla.redhat.com/show_bug.cgi?id=2445335 https://www.cve.org/CVERecord?id=CVE-2026-27139 https://nvd.nist.gov/vuln/detail/CVE-2026-27139 https://go.dev/cl/749480 https://go.dev/issue/77827 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://pkg.go.dev/vuln/GO-2026-4602 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27139.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "4aR9t5J6YwMk5D9wZ0BV7w==": { "id": "4aR9t5J6YwMk5D9wZ0BV7w==", "updater": "rhel-vex", "name": "CVE-2024-3651", "description": "A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.", "issued": "2024-04-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://www.cve.org/CVERecord?id=CVE-2024-3651 https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3651.json https://access.redhat.com/errata/RHSA-2024:3846", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-idna", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.10-7.el9_4.1", "arch_op": "pattern match" }, "4buHU7VwQZ104Kjv/TKwDg==": { "id": "4buHU7VwQZ104Kjv/TKwDg==", "updater": "rhel-vex", "name": "CVE-2026-26996", "description": "A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.", "issued": "2026-02-20T03:05:21Z", "links": "https://access.redhat.com/security/cve/CVE-2026-26996 https://bugzilla.redhat.com/show_bug.cgi?id=2441268 https://www.cve.org/CVERecord?id=CVE-2026-26996 https://nvd.nist.gov/vuln/detail/CVE-2026-26996 https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5 https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-26996.json https://access.redhat.com/errata/RHSA-2026:7302", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.22.2-1.module+el9.7.0+24157+8ddb2461", "arch_op": "pattern match" }, "4comqU/5SRuDKC1qqBMlGQ==": { "id": "4comqU/5SRuDKC1qqBMlGQ==", "updater": "rhel-vex", "name": "CVE-2022-24765", "description": "A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This allows the owner of the repository to cause arbitrary commands to be executed by other users who access the repository.", "issued": "2022-04-12T10:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-24765 https://bugzilla.redhat.com/show_bug.cgi?id=2073414 https://www.cve.org/CVERecord?id=CVE-2022-24765 https://nvd.nist.gov/vuln/detail/CVE-2022-24765 https://github.com/git-for-windows/git/security/advisories/GHSA-vw2c-22j4-2fh2 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-24765.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "4eh40PtMaL3JhPlCzb+8jA==": { "id": "4eh40PtMaL3JhPlCzb+8jA==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "4evfzAbeD7HXRBHHbDpAwA==": { "id": "4evfzAbeD7HXRBHHbDpAwA==", "updater": "osv/go", "name": "GO-2023-1878", "description": "Insufficient sanitization of Host header in net/http", "issued": "2023-07-11T19:19:08Z", "links": "https://go.dev/issue/60374 https://go.dev/cl/506996 https://groups.google.com/g/golang-announce/c/2q13H6LEEx0", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.11" }, "4gO4ls/gy0nmsC3NeXvyVQ==": { "id": "4gO4ls/gy0nmsC3NeXvyVQ==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-IO", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.43-481.1.el9_6", "arch_op": "pattern match" }, "4hX2FW/Yj9HDbKRBqrhgdg==": { "id": "4hX2FW/Yj9HDbKRBqrhgdg==", "updater": "rhel-vex", "name": "CVE-2024-56171", "description": "A flaw was found in libxml2. This vulnerability allows a use-after-free via a crafted XML document validated against an XML schema with certain identity constraints or a crafted XML schema.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-56171 https://bugzilla.redhat.com/show_bug.cgi?id=2346416 https://www.cve.org/CVERecord?id=CVE-2024-56171 https://nvd.nist.gov/vuln/detail/CVE-2024-56171 https://gitlab.gnome.org/GNOME/libxml2/-/issues/828 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-56171.json https://access.redhat.com/errata/RHSA-2025:2679", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.2", "arch_op": "pattern match" }, "4i2XUvSeC6zka4yp7MoBfg==": { "id": "4i2XUvSeC6zka4yp7MoBfg==", "updater": "rhel-vex", "name": "CVE-2025-6020", "description": "A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.", "issued": "2025-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6020 https://bugzilla.redhat.com/show_bug.cgi?id=2372512 https://www.cve.org/CVERecord?id=CVE-2025-6020 https://nvd.nist.gov/vuln/detail/CVE-2025-6020 https://github.com/linux-pam/linux-pam/security/advisories/GHSA-f9p8-gjr4-j9gx https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6020.json https://access.redhat.com/errata/RHSA-2025:9526", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-25.el9_6", "arch_op": "pattern match" }, "4iFNln+X4k0SeUiw/ueLUA==": { "id": "4iFNln+X4k0SeUiw/ueLUA==", "updater": "rhel-vex", "name": "CVE-2024-24784", "description": "A flaw was found in Go's net/mail standard library package. The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions made by programs using different parsers.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24784 https://bugzilla.redhat.com/show_bug.cgi?id=2268021 https://www.cve.org/CVERecord?id=CVE-2024-24784 https://nvd.nist.gov/vuln/detail/CVE-2024-24784 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24784.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "4ifTGHhVbtDPeqLwYDVyJA==": { "id": "4ifTGHhVbtDPeqLwYDVyJA==", "updater": "osv/go", "name": "GO-2026-4341", "description": "Memory exhaustion in query parameter parsing in net/url", "issued": "2026-01-28T19:08:18Z", "links": "https://go.dev/cl/736712 https://go.dev/issue/77101 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.12" }, "4jKXN+o/0vyACgd6hmLCbw==": { "id": "4jKXN+o/0vyACgd6hmLCbw==", "updater": "osv/go", "name": "GO-2025-4009", "description": "Quadratic complexity when parsing some invalid inputs in encoding/pem", "issued": "2025-10-29T21:49:55Z", "links": "https://go.dev/issue/75676 https://go.dev/cl/709858 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.8" }, "4n9Ikrh9k/dcuFfUsd+cxQ==": { "id": "4n9Ikrh9k/dcuFfUsd+cxQ==", "updater": "rhel-vex", "name": "CVE-2017-17095", "description": "A vulnerability was found in LibTIFF, where a heap-based buffer overflow in the pal2rgb function in tools/pal2rgb.c can lead to a denial of service, a remote attacker could exploit this flaw by persuading a victim to open a specially crafted file, causing the application to crash.", "issued": "2017-11-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2017-17095 https://bugzilla.redhat.com/show_bug.cgi?id=1524284 https://www.cve.org/CVERecord?id=CVE-2017-17095 https://nvd.nist.gov/vuln/detail/CVE-2017-17095 https://security.access.redhat.com/data/csaf/v2/vex/2017/cve-2017-17095.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "4os+HU28VQ7buZvoEKQ/kg==": { "id": "4os+HU28VQ7buZvoEKQ/kg==", "updater": "rhel-vex", "name": "CVE-2026-34757", "description": "A flaw was found in libpng, a library used for handling PNG (Portable Network Graphics) image files. This vulnerability arises when an application reuses a pointer, previously obtained from functions like png_get_PLTE, by passing it back to a corresponding setter function within the same image structure. This action causes the setter to access memory that has already been deallocated, leading to a use-after-free condition. A local attacker could potentially exploit this flaw to corrupt image metadata or disclose sensitive information from the application's memory.", "issued": "2026-04-09T14:41:18Z", "links": "https://access.redhat.com/security/cve/CVE-2026-34757 https://bugzilla.redhat.com/show_bug.cgi?id=2456918 https://www.cve.org/CVERecord?id=CVE-2026-34757 https://nvd.nist.gov/vuln/detail/CVE-2026-34757 https://github.com/pnggroup/libpng/commit/398cbe3df03f4e11bb031e07f416dfdde3684e8a https://github.com/pnggroup/libpng/commit/55d20aaa322c9274491cda82c5cd4f99b48c6bcc https://github.com/pnggroup/libpng/issues/836 https://github.com/pnggroup/libpng/issues/837 https://github.com/pnggroup/libpng/security/advisories/GHSA-6fr7-g8h7-v645 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34757.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libpng", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "4rkDoNFFNCrcnkPj+GN2vA==": { "id": "4rkDoNFFNCrcnkPj+GN2vA==", "updater": "rhel-vex", "name": "CVE-2025-24928", "description": "A flaw was found in libxml2. This vulnerability allows a stack-based buffer overflow via DTD validation of an untrusted document or untrusted DTD.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-24928 https://bugzilla.redhat.com/show_bug.cgi?id=2346421 https://www.cve.org/CVERecord?id=CVE-2025-24928 https://nvd.nist.gov/vuln/detail/CVE-2025-24928 https://gitlab.gnome.org/GNOME/libxml2/-/issues/847 https://issues.oss-fuzz.com/issues/392687022 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-24928.json https://access.redhat.com/errata/RHSA-2025:2679", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.2", "arch_op": "pattern match" }, "4u3exWl+MPcCOYOgbQLM+A==": { "id": "4u3exWl+MPcCOYOgbQLM+A==", "updater": "rhel-vex", "name": "CVE-2025-69419", "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69419 https://bugzilla.redhat.com/show_bug.cgi?id=2430386 https://www.cve.org/CVERecord?id=CVE-2025-69419 https://nvd.nist.gov/vuln/detail/CVE-2025-69419 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69419.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "4vS3iu8lvGukFpBFqYCdVg==": { "id": "4vS3iu8lvGukFpBFqYCdVg==", "updater": "rhel-vex", "name": "CVE-2025-23165", "description": "A flaw was found in the ReadFileUtf8 internal binding of Node.js. This vulnerability can allow an attacker to cause an application denial of service via repeated file read operations that trigger an unrecoverable memory leak due to a corrupted pointer in the underlying file system binding.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23165 https://bugzilla.redhat.com/show_bug.cgi?id=2367162 https://www.cve.org/CVERecord?id=CVE-2025-23165 https://nvd.nist.gov/vuln/detail/CVE-2025-23165 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23165.json https://access.redhat.com/errata/RHSA-2025:8467", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.16.0-1.module+el9.6.0+23151+b1496e9d", "arch_op": "pattern match" }, "4wegIDtvEZ75QrQWM65auQ==": { "id": "4wegIDtvEZ75QrQWM65auQ==", "updater": "rhel-vex", "name": "CVE-2025-69650", "description": "A flaw was found in binutils. Processing a specially crafted ELF binary file containing malformed relocation data with the readelf program can trigger a double free, causing a crash and resulting in a denial of service.", "issued": "2026-03-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69650 https://bugzilla.redhat.com/show_bug.cgi?id=2445293 https://www.cve.org/CVERecord?id=CVE-2025-69650 https://nvd.nist.gov/vuln/detail/CVE-2025-69650 https://sourceware.org/bugzilla/show_bug.cgi?id=33698 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ea4bc025abdba85a90e26e13f551c16a44bfa921 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69650.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "4xxaXkxeYvxr8HgxLSDyHw==": { "id": "4xxaXkxeYvxr8HgxLSDyHw==", "updater": "rhel-vex", "name": "CVE-2023-31124", "description": "A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31124 https://bugzilla.redhat.com/show_bug.cgi?id=2209494 https://www.cve.org/CVERecord?id=CVE-2023-31124 https://nvd.nist.gov/vuln/detail/CVE-2023-31124 https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31124.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "4zvDuRN18ZTgEdA+auow3w==": { "id": "4zvDuRN18ZTgEdA+auow3w==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "5/L+eT1BzZSWVW4ZLUXszw==": { "id": "5/L+eT1BzZSWVW4ZLUXszw==", "updater": "rhel-vex", "name": "CVE-2023-29499", "description": "A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29499 https://bugzilla.redhat.com/show_bug.cgi?id=2211828 https://www.cve.org/CVERecord?id=CVE-2023-29499 https://nvd.nist.gov/vuln/detail/CVE-2023-29499 https://gitlab.gnome.org/GNOME/glib/-/issues/2794 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29499.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "51jf2IrfzMdepCjAvXkPMw==": { "id": "51jf2IrfzMdepCjAvXkPMw==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "52sJHqmx5ZJcw5GfZwVEvg==": { "id": "52sJHqmx5ZJcw5GfZwVEvg==", "updater": "rhel-vex", "name": "CVE-2026-27135", "description": "A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service (DoS).", "issued": "2026-03-18T17:59:02Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27135 https://bugzilla.redhat.com/show_bug.cgi?id=2448754 https://www.cve.org/CVERecord?id=CVE-2026-27135 https://nvd.nist.gov/vuln/detail/CVE-2026-27135 https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27135.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "55nFlly0ydgYROdIHNoLjg==": { "id": "55nFlly0ydgYROdIHNoLjg==", "updater": "rhel-vex", "name": "CVE-2024-6119", "description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "issued": "2024-09-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-28.el9_4", "arch_op": "pattern match" }, "55t0Oo9c3cgFDjqyaNS70A==": { "id": "55t0Oo9c3cgFDjqyaNS70A==", "updater": "rhel-vex", "name": "CVE-2026-6844", "description": "A flaw was found in the `readelf` utility of the binutils package. A local attacker could exploit two Denial of Service (DoS) vulnerabilities by providing a specially crafted Executable and Linkable Format (ELF) file. One vulnerability, a resource exhaustion (CWE-400), can lead to an out-of-memory condition. The other, a null pointer dereference (CWE-476), can cause a segmentation fault. Both issues can result in the `readelf` utility becoming unresponsive or crashing, leading to a denial of service.", "issued": "2026-04-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-6844 https://bugzilla.redhat.com/show_bug.cgi?id=2460016 https://www.cve.org/CVERecord?id=CVE-2026-6844 https://nvd.nist.gov/vuln/detail/CVE-2026-6844 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6844.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "562erF6ddCIyzi5oV/IzHQ==": { "id": "562erF6ddCIyzi5oV/IzHQ==", "updater": "rhel-vex", "name": "CVE-2023-32006", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32006 https://bugzilla.redhat.com/show_bug.cgi?id=2230955 https://www.cve.org/CVERecord?id=CVE-2023-32006 https://nvd.nist.gov/vuln/detail/CVE-2023-32006 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-impersonate-other-modules-in-using-moduleconstructorcreaterequire-mediumcve-2023-32006 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32006.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.17.1-1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "59oEBlU3jh6EL6gtZDUaug==": { "id": "59oEBlU3jh6EL6gtZDUaug==", "updater": "rhel-vex", "name": "CVE-2026-4437", "description": "A flaw was found in glibc (the GNU C Library). When an application uses the `gethostbyaddr` or `gethostbyaddr_r` functions with a `nsswitch.conf` configuration that specifies glibc's DNS backend, a remote attacker can send a specially crafted DNS (Domain Name System) response. This crafted response can cause the application to incorrectly interpret a non-answer section of the DNS response as a valid answer, leading to potential misbehavior or incorrect information processing.", "issued": "2026-03-20T19:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4437 https://bugzilla.redhat.com/show_bug.cgi?id=2449777 https://www.cve.org/CVERecord?id=CVE-2026-4437 https://nvd.nist.gov/vuln/detail/CVE-2026-4437 https://sourceware.org/bugzilla/show_bug.cgi?id=34014 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4437.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "5AQXXWGtKGeqoPkMqmVzTg==": { "id": "5AQXXWGtKGeqoPkMqmVzTg==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Fcntl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.13-481.el9", "arch_op": "pattern match" }, "5BXX9+pRVay9wrZAORfhhQ==": { "id": "5BXX9+pRVay9wrZAORfhhQ==", "updater": "rhel-vex", "name": "CVE-2023-23920", "description": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23920 https://bugzilla.redhat.com/show_bug.cgi?id=2172217 https://www.cve.org/CVERecord?id=CVE-2023-23920 https://nvd.nist.gov/vuln/detail/CVE-2023-23920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23920.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "5BksN0izCeDRrtFMsNCyvg==": { "id": "5BksN0izCeDRrtFMsNCyvg==", "updater": "rhel-vex", "name": "CVE-2025-9232", "description": "A flaw was found in the OpenSSL HTTP client API no_proxy handling. This vulnerability allows an application level denial of service (application crash) via an attacker-controlled IPv6 URL when the no_proxy environment variable is set.", "issued": "2025-09-30T23:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9232 https://bugzilla.redhat.com/show_bug.cgi?id=2396056 https://www.cve.org/CVERecord?id=CVE-2025-9232 https://nvd.nist.gov/vuln/detail/CVE-2025-9232 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9232.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "5C8DQrs9fwpmV8rRYlvfCQ==": { "id": "5C8DQrs9fwpmV8rRYlvfCQ==", "updater": "rhel-vex", "name": "CVE-2025-66865", "description": "A flaw was found in binutils. Processing a specially crafted PE file with cxxfilt can trigger a stack overflow in the d_print_comp_inner function in the cp-demangle.c file, causing a crash and resulting in a denial of service.", "issued": "2025-12-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-66865 https://bugzilla.redhat.com/show_bug.cgi?id=2425822 https://www.cve.org/CVERecord?id=CVE-2025-66865 https://nvd.nist.gov/vuln/detail/CVE-2025-66865 https://github.com/caozhzh/CRGF-Vul/blob/main/cxxfilt/crash4.md https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-66865.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "5D5WFK01Su4Lrj4hhwDYGQ==": { "id": "5D5WFK01Su4Lrj4hhwDYGQ==", "updater": "rhel-vex", "name": "CVE-2024-43374", "description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "issued": "2024-08-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "5EJ0MC7TgiGIlilbbiOvfQ==": { "id": "5EJ0MC7TgiGIlilbbiOvfQ==", "updater": "rhel-vex", "name": "CVE-2023-27535", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, several FTP settings were left out from the configuration match checks, making them match too easily. The problematic settings are `CURLOPT_FTP_ACCOUNT`, `CURLOPT_FTP_ALTERNATIVE_TO_USER`, `CURLOPT_FTP_SSL_CCC` and `CURLOPT_USE_SSL` level.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27535 https://bugzilla.redhat.com/show_bug.cgi?id=2179073 https://www.cve.org/CVERecord?id=CVE-2023-27535 https://nvd.nist.gov/vuln/detail/CVE-2023-27535 https://curl.se/docs/CVE-2023-27535.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27535.json https://access.redhat.com/errata/RHSA-2023:2650", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.1", "arch_op": "pattern match" }, "5IIoRCBMIgus62mGlE3F9A==": { "id": "5IIoRCBMIgus62mGlE3F9A==", "updater": "rhel-vex", "name": "CVE-2023-0465", "description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "5K1UAD5Q5lqCB0j11S6DcA==": { "id": "5K1UAD5Q5lqCB0j11S6DcA==", "updater": "rhel-vex", "name": "CVE-2025-13601", "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "issued": "2025-11-24T13:00:15Z", "links": "https://access.redhat.com/security/cve/CVE-2025-13601 https://bugzilla.redhat.com/show_bug.cgi?id=2416741 https://www.cve.org/CVERecord?id=CVE-2025-13601 https://nvd.nist.gov/vuln/detail/CVE-2025-13601 https://gitlab.gnome.org/GNOME/glib/-/issues/3827 https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-13601.json https://access.redhat.com/errata/RHSA-2026:0936", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-18.el9_7.1", "arch_op": "pattern match" }, "5LfrNnR/sOzaqKXS35YFOw==": { "id": "5LfrNnR/sOzaqKXS35YFOw==", "updater": "rhel-vex", "name": "CVE-2026-6845", "description": "A flaw was found in binutils, specifically within the `readelf` utility. This vulnerability allows a local attacker to cause a Denial of Service (DoS) by tricking a user into processing a specially crafted Executable and Linkable Format (ELF) file. The exploitation of this flaw can lead to the system becoming unresponsive due to excessive resource consumption or a program crash.", "issued": "2026-04-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-6845 https://bugzilla.redhat.com/show_bug.cgi?id=2460012 https://www.cve.org/CVERecord?id=CVE-2026-6845 https://nvd.nist.gov/vuln/detail/CVE-2026-6845 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6845.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "5LplZpuSZzAiOH2fmk3HWg==": { "id": "5LplZpuSZzAiOH2fmk3HWg==", "updater": "rhel-vex", "name": "CVE-2025-14104", "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14104 https://bugzilla.redhat.com/show_bug.cgi?id=2419369 https://www.cve.org/CVERecord?id=CVE-2025-14104 https://nvd.nist.gov/vuln/detail/CVE-2025-14104 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14104.json https://access.redhat.com/errata/RHSA-2026:1913", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libblkid-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.37.4-21.el9_7", "arch_op": "pattern match" }, "5MGCN705vR5eWycZyFuYJQ==": { "id": "5MGCN705vR5eWycZyFuYJQ==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "5MqCycBYSRDsdNOzvOandQ==": { "id": "5MqCycBYSRDsdNOzvOandQ==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gcc-plugin-annobin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "5N/eQ/DLmsm7yS6+3apC5A==": { "id": "5N/eQ/DLmsm7yS6+3apC5A==", "updater": "rhel-vex", "name": "CVE-2023-30581", "description": "A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require() can bypass the policy mechanism and require modules outside of the policy.json definition.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30581 https://bugzilla.redhat.com/show_bug.cgi?id=2219824 https://www.cve.org/CVERecord?id=CVE-2023-30581 https://nvd.nist.gov/vuln/detail/CVE-2023-30581 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30581.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "5Prc3wgX2qu0EaSsAQiCqw==": { "id": "5Prc3wgX2qu0EaSsAQiCqw==", "updater": "rhel-vex", "name": "CVE-2025-49796", "description": "A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.", "issued": "2025-06-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-49796 https://bugzilla.redhat.com/show_bug.cgi?id=2372385 https://www.cve.org/CVERecord?id=CVE-2025-49796 https://nvd.nist.gov/vuln/detail/CVE-2025-49796 https://gitlab.gnome.org/GNOME/libxml2/-/issues/933 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-49796.json https://access.redhat.com/errata/RHSA-2025:10699", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-10.el9_6", "arch_op": "pattern match" }, "5RT9+X+8xx3rC02gOnVsjQ==": { "id": "5RT9+X+8xx3rC02gOnVsjQ==", "updater": "rhel-vex", "name": "CVE-2022-41724", "description": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41724 https://bugzilla.redhat.com/show_bug.cgi?id=2178492 https://www.cve.org/CVERecord?id=CVE-2022-41724 https://nvd.nist.gov/vuln/detail/CVE-2022-41724 https://go.dev/cl/468125 https://go.dev/issue/58001 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E https://pkg.go.dev/vuln/GO-2023-1570 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41724.json https://access.redhat.com/errata/RHBA-2023:2181", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.6-2.el9_2", "arch_op": "pattern match" }, "5RkTDL6DiLROYOUsuY5wGA==": { "id": "5RkTDL6DiLROYOUsuY5wGA==", "updater": "rhel-vex", "name": "CVE-2025-59466", "description": "A stack overflow flaw has been discovered in Node.js error handling where \"Maximum call stack size exceeded\" errors become uncatchable when `async_hooks.createHook()` is enabled. Instead of reaching `process.on('uncaughtException')`, the process terminates, making the crash unrecoverable. Applications that rely on `AsyncLocalStorage` (v22, v20) or `async_hooks.createHook()` (v24, v22, v20) become vulnerable to denial-of-service crashes triggered by deep recursion under specific conditions.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-59466 https://bugzilla.redhat.com/show_bug.cgi?id=2431343 https://www.cve.org/CVERecord?id=CVE-2025-59466 https://nvd.nist.gov/vuln/detail/CVE-2025-59466 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-59466.json https://access.redhat.com/errata/RHSA-2026:2782", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.9.4-1.22.22.0.1.module+el9.7.0+23896+b5802de9", "arch_op": "pattern match" }, "5SopsIUut+H2XaFPAa5Sig==": { "id": "5SopsIUut+H2XaFPAa5Sig==", "updater": "rhel-vex", "name": "CVE-2026-1528", "description": "A flaw was found in undici. A remote attacker could exploit this vulnerability by sending a specially crafted WebSocket frame with an extremely large 64-bit length. This causes undici's ByteParser to overflow its internal calculations, leading to an invalid state and a fatal TypeError. The primary consequence is a Denial of Service (DoS), which terminates the process.", "issued": "2026-03-12T20:21:57Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1528 https://bugzilla.redhat.com/show_bug.cgi?id=2447145 https://www.cve.org/CVERecord?id=CVE-2026-1528 https://nvd.nist.gov/vuln/detail/CVE-2026-1528 https://cna.openjsf.org/security-advisories.html https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj https://hackerone.com/reports/3537648 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1528.json https://access.redhat.com/errata/RHSA-2026:7302", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461", "arch_op": "pattern match" }, "5TfU8//dfsOlT82byi0lug==": { "id": "5TfU8//dfsOlT82byi0lug==", "updater": "rhel-vex", "name": "CVE-2025-31498", "description": "A flaw was found in c-ares. This vulnerability allows a remote or local attacker to cause a use-after-free, potentially leading to application-level denial of service or other unexpected behavior via manipulation of DNS responses or network conditions during query processing.", "issued": "2025-04-08T13:53:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-31498 https://bugzilla.redhat.com/show_bug.cgi?id=2358271 https://www.cve.org/CVERecord?id=CVE-2025-31498 https://nvd.nist.gov/vuln/detail/CVE-2025-31498 https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1 https://github.com/c-ares/c-ares/pull/821 https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-31498.json https://access.redhat.com/errata/RHSA-2025:7433", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.15.0-1.module+el9.6.0+23062+9e7801b9", "arch_op": "pattern match" }, "5Wt7PRY2CMVsPwL8nxZwcQ==": { "id": "5Wt7PRY2CMVsPwL8nxZwcQ==", "updater": "rhel-vex", "name": "CVE-2025-5222", "description": "A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.", "issued": "2024-11-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5222 https://bugzilla.redhat.com/show_bug.cgi?id=2368600 https://www.cve.org/CVERecord?id=CVE-2025-5222 https://nvd.nist.gov/vuln/detail/CVE-2025-5222 https://unicode-org.atlassian.net/jira/software/c/projects/ICU/issues/ICU-22957 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5222.json https://access.redhat.com/errata/RHSA-2025:12083", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libicu-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:67.1-10.el9_6", "arch_op": "pattern match" }, "5XT+5ghtfmJFJSJCERGwhQ==": { "id": "5XT+5ghtfmJFJSJCERGwhQ==", "updater": "rhel-vex", "name": "CVE-2024-21892", "description": "A flaw was found in Node.js. On Linux, Node.js ignores certain environment variables if an unprivileged user has set them while the process is running with elevated privileges, except for CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when other capabilities have been set. This flaw allows unprivileged users to inject code that inherits the process's elevated privileges.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21892 https://bugzilla.redhat.com/show_bug.cgi?id=2264582 https://www.cve.org/CVERecord?id=CVE-2024-21892 https://nvd.nist.gov/vuln/detail/CVE-2024-21892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21892.json https://access.redhat.com/errata/RHSA-2024:1503", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.19.1-1.module+el9.3.0+21388+22892fb9", "arch_op": "pattern match" }, "5ZJ6PuXfgRMCarpNow00ew==": { "id": "5ZJ6PuXfgRMCarpNow00ew==", "updater": "rhel-vex", "name": "CVE-2022-25881", "description": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.", "issued": "2023-01-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25881 https://bugzilla.redhat.com/show_bug.cgi?id=2165824 https://www.cve.org/CVERecord?id=CVE-2022-25881 https://nvd.nist.gov/vuln/detail/CVE-2022-25881 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25881.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "5amguv6OT1njd8r+RXMCQQ==": { "id": "5amguv6OT1njd8r+RXMCQQ==", "updater": "rhel-vex", "name": "CVE-2025-66199", "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-66199 https://bugzilla.redhat.com/show_bug.cgi?id=2430379 https://www.cve.org/CVERecord?id=CVE-2025-66199 https://nvd.nist.gov/vuln/detail/CVE-2025-66199 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-66199.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "5dIAtetRd+EnRw+FudplXw==": { "id": "5dIAtetRd+EnRw+FudplXw==", "updater": "rhel-vex", "name": "CVE-2024-45341", "description": "A flaw was found in the crypto/x509 package of the Golang standard library. A certificate with a URI, which has a IPv6 address with a zone ID, may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI; this issue only affects users of private PKIs that make use of URIs.", "issued": "2025-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/show_bug.cgi?id=2341750 https://www.cve.org/CVERecord?id=CVE-2024-45341 https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://github.com/golang/go/commit/2b2314e9f6103de322b2e247387c8b01fd0cd5a4 https://github.com/golang/go/issues/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45341.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "5dsQlAsI3nHmxcFSn4q9Fw==": { "id": "5dsQlAsI3nHmxcFSn4q9Fw==", "updater": "rhel-vex", "name": "CVE-2025-55130", "description": "A flaw in Node.js’s Permissions model allows attackers to bypass `--allow-fs-read` and `--allow-fs-write` restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files. This breaks the expected isolation guarantees and enables arbitrary file read/write.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-55130 https://bugzilla.redhat.com/show_bug.cgi?id=2431352 https://www.cve.org/CVERecord?id=CVE-2025-55130 https://nvd.nist.gov/vuln/detail/CVE-2025-55130 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-55130.json https://access.redhat.com/errata/RHSA-2026:2783", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.2-1.20.20.0.1.module+el9.7.0+23895+0637d423", "arch_op": "pattern match" }, "5ejk3bhFpvIIABy9EwjwqQ==": { "id": "5ejk3bhFpvIIABy9EwjwqQ==", "updater": "rhel-vex", "name": "CVE-2024-36137", "description": "A flaw was found in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. The Node.js Permission Model does not operate on file descriptors. However, operations such as fs.fchown or fs.fchmod can use a \"read-only\" file descriptor to change the owner and permissions of a file.", "issued": "2024-07-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-36137 https://bugzilla.redhat.com/show_bug.cgi?id=2299281 https://www.cve.org/CVERecord?id=CVE-2024-36137 https://nvd.nist.gov/vuln/detail/CVE-2024-36137 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-36137.json https://access.redhat.com/errata/RHSA-2024:5815", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.16.0-1.module+el9.4.0+22197+9e60f127", "arch_op": "pattern match" }, "5gK/V8vtqDYoHf1LFdtSbA==": { "id": "5gK/V8vtqDYoHf1LFdtSbA==", "updater": "rhel-vex", "name": "CVE-2025-58183", "description": "A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.", "issued": "2025-10-29T22:10:14Z", "links": "https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://www.cve.org/CVERecord?id=CVE-2025-58183 https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4014 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-58183.json https://access.redhat.com/errata/RHSA-2025:21815", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.25.3-1.el9_7", "arch_op": "pattern match" }, "5j7D/WXFLHsZYUeUrskpMA==": { "id": "5j7D/WXFLHsZYUeUrskpMA==", "updater": "rhel-vex", "name": "CVE-2024-28835", "description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:2570", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-4.el9_4", "arch_op": "pattern match" }, "5lHEu4ueMJgetLv/GfKHtg==": { "id": "5lHEu4ueMJgetLv/GfKHtg==", "updater": "rhel-vex", "name": "CVE-2023-46809", "description": "A flaw was found in Node.js. The privateDecrypt() API of the crypto library may allow a covert timing side-channel during PKCS#1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decrypt captured RSA ciphertexts or forge signatures, especially in scenarios involving API endpoints processing JSON Web Encryption messages.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46809 https://bugzilla.redhat.com/show_bug.cgi?id=2264569 https://www.cve.org/CVERecord?id=CVE-2023-46809 https://nvd.nist.gov/vuln/detail/CVE-2023-46809 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46809.json https://access.redhat.com/errata/RHSA-2024:1503", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.19.1-1.module+el9.3.0+21388+22892fb9", "arch_op": "pattern match" }, "5pFK2pddNfoGuwrNwC3BlQ==": { "id": "5pFK2pddNfoGuwrNwC3BlQ==", "updater": "rhel-vex", "name": "CVE-2023-1255", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the AES-XTS cipher decryption implementation for the 64-bit ARM platform contains an issue that could cause it to read past the input buffer, leading to a crash.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1255 https://bugzilla.redhat.com/show_bug.cgi?id=2188461 https://www.cve.org/CVERecord?id=CVE-2023-1255 https://nvd.nist.gov/vuln/detail/CVE-2023-1255 https://www.openssl.org/news/secadv/20230420.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1255.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "5pINgBOJXOluBJi9rQyioQ==": { "id": "5pINgBOJXOluBJi9rQyioQ==", "updater": "rhel-vex", "name": "CVE-2021-35065", "description": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "issued": "2022-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35065 https://bugzilla.redhat.com/show_bug.cgi?id=2156324 https://www.cve.org/CVERecord?id=CVE-2021-35065 https://nvd.nist.gov/vuln/detail/CVE-2021-35065 https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35065.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "5sY/WncZRmQ7FUzZZ4kBfQ==": { "id": "5sY/WncZRmQ7FUzZZ4kBfQ==", "updater": "rhel-vex", "name": "CVE-2023-24534", "description": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service.", "issued": "2023-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24534 https://bugzilla.redhat.com/show_bug.cgi?id=2184483 https://www.cve.org/CVERecord?id=CVE-2023-24534 https://nvd.nist.gov/vuln/detail/CVE-2023-24534 https://go.dev/issue/58975 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24534.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "5ua6yduRd8slR+XckPuEJw==": { "id": "5ua6yduRd8slR+XckPuEJw==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1443", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.18.2-1.module+el9.5.0+22758+4ad2c198", "arch_op": "pattern match" }, "5vR/2ZAfb0swnLBKDl3Bzg==": { "id": "5vR/2ZAfb0swnLBKDl3Bzg==", "updater": "rhel-vex", "name": "CVE-2022-3598", "description": "An out-of-bounds write flaw was found in the extractContigSamplesShifted24bits function in tools/tiffcrop.c in the libtiff package. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could cause a denial of service condition.", "issued": "2022-06-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3598 https://bugzilla.redhat.com/show_bug.cgi?id=2142738 https://www.cve.org/CVERecord?id=CVE-2022-3598 https://nvd.nist.gov/vuln/detail/CVE-2022-3598 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3598.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "5xW5MMwESxiksXgaLrFCnQ==": { "id": "5xW5MMwESxiksXgaLrFCnQ==", "updater": "rhel-vex", "name": "CVE-2024-52533", "description": "A flaw was found in the Glib library. A buffer overflow condition can be triggered in certain conditions due to an off-by-one error in SOCKS4_CONN_MSG_LEN. This issue may lead to an application crash or other undefined behavior.", "issued": "2024-11-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52533 https://bugzilla.redhat.com/show_bug.cgi?id=2325340 https://www.cve.org/CVERecord?id=CVE-2024-52533 https://nvd.nist.gov/vuln/detail/CVE-2024-52533 https://gitlab.gnome.org/GNOME/glib/-/issues/3461 https://gitlab.gnome.org/GNOME/glib/-/releases/2.82.1 https://gitlab.gnome.org/Teams/Releng/security/-/wikis/home https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52533.json https://access.redhat.com/errata/RHSA-2025:11140", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-16.el9_6.2", "arch_op": "pattern match" }, "5xY3IHUogqpqvbFwiQURyA==": { "id": "5xY3IHUogqpqvbFwiQURyA==", "updater": "rhel-vex", "name": "CVE-2024-45492", "description": "A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "issued": "2024-08-30T03:15:03Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45492 https://bugzilla.redhat.com/show_bug.cgi?id=2308617 https://www.cve.org/CVERecord?id=CVE-2024-45492 https://nvd.nist.gov/vuln/detail/CVE-2024-45492 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/889 https://github.com/libexpat/libexpat/pull/892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45492.json https://access.redhat.com/errata/RHSA-2024:6754", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-2.el9_4.1", "arch_op": "pattern match" }, "5z9ZOzxJREYn5oM+HAm6dA==": { "id": "5z9ZOzxJREYn5oM+HAm6dA==", "updater": "rhel-vex", "name": "CVE-2023-23946", "description": "A vulnerability was found in Git. This security issue occurs when feeding a crafted input to \"git apply.\" A path outside the working tree can be overwritten by the user running \"git apply.\"", "issued": "2023-02-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23946 https://bugzilla.redhat.com/show_bug.cgi?id=2168161 https://www.cve.org/CVERecord?id=CVE-2023-23946 https://nvd.nist.gov/vuln/detail/CVE-2023-23946 https://github.blog/2023-02-14-git-security-vulnerabilities-announced-3/ https://github.com/git/git/security/advisories/GHSA-r87m-v37r-cwfh https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23946.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "5zg9huqgOp8E89z3dxtcHg==": { "id": "5zg9huqgOp8E89z3dxtcHg==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "6+AE2YxwD/sq8tw4nc1qGA==": { "id": "6+AE2YxwD/sq8tw4nc1qGA==", "updater": "rhel-vex", "name": "CVE-2025-59465", "description": "A denial of service flaw has been discovered in NodeJS. A malformed `HTTP/2 HEADERS` frame with oversized, invalid `HPACK` data can cause Node.js to crash by triggering an unhandled `TLSSocket` error `ECONNRESET`. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not attach explicit error handlers to secure sockets", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-59465 https://bugzilla.redhat.com/show_bug.cgi?id=2431349 https://www.cve.org/CVERecord?id=CVE-2025-59465 https://nvd.nist.gov/vuln/detail/CVE-2025-59465 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-59465.json https://access.redhat.com/errata/RHSA-2026:2782", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.22.0-1.module+el9.7.0+23896+b5802de9", "arch_op": "pattern match" }, "6+K4D2mkqcFFftanju984w==": { "id": "6+K4D2mkqcFFftanju984w==", "updater": "rhel-vex", "name": "CVE-2025-69420", "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69420 https://bugzilla.redhat.com/show_bug.cgi?id=2430388 https://www.cve.org/CVERecord?id=CVE-2025-69420 https://nvd.nist.gov/vuln/detail/CVE-2025-69420 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69420.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "6+TrxTb+GrNbsX7xQgQW9Q==": { "id": "6+TrxTb+GrNbsX7xQgQW9Q==", "updater": "rhel-vex", "name": "CVE-2025-11187", "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11187 https://bugzilla.redhat.com/show_bug.cgi?id=2430375 https://www.cve.org/CVERecord?id=CVE-2025-11187 https://nvd.nist.gov/vuln/detail/CVE-2025-11187 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11187.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "6/J2BNJ50P9dbLT32gy3eA==": { "id": "6/J2BNJ50P9dbLT32gy3eA==", "updater": "rhel-vex", "name": "CVE-2025-55131", "description": "A memory exposure flaw has been discovered in Node.js. A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the `vm` module with the timeout option. Under specific timing conditions, buffers allocated with `Buffer.alloc` and other `TypedArray` instances like `Uint8Array` may contain leftover data from previous operations, allowing in-process secrets like tokens or passwords to leak or causing data corruption.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-55131 https://bugzilla.redhat.com/show_bug.cgi?id=2431350 https://www.cve.org/CVERecord?id=CVE-2025-55131 https://nvd.nist.gov/vuln/detail/CVE-2025-55131 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-55131.json https://access.redhat.com/errata/RHSA-2026:2783", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.20.0-1.module+el9.7.0+23895+0637d423", "arch_op": "pattern match" }, "6/KKbV2mEAFGDxV5hCYPjA==": { "id": "6/KKbV2mEAFGDxV5hCYPjA==", "updater": "rhel-vex", "name": "CVE-2025-69418", "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69418 https://bugzilla.redhat.com/show_bug.cgi?id=2430381 https://www.cve.org/CVERecord?id=CVE-2025-69418 https://nvd.nist.gov/vuln/detail/CVE-2025-69418 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69418.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "6/Rn1WFxVO6aopyr8psGfQ==": { "id": "6/Rn1WFxVO6aopyr8psGfQ==", "updater": "rhel-vex", "name": "CVE-2024-21890", "description": "A flaw was found in the Node.js Permission Model, where it is not clarified in the documentation that wildcards should only be used as the last character of a file path. For example: --allow-fs-read=/home/node/.ssh/*.pub will ignore pub and give access to everything after .ssh/.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21890 https://bugzilla.redhat.com/show_bug.cgi?id=2265722 https://www.cve.org/CVERecord?id=CVE-2024-21890 https://nvd.nist.gov/vuln/detail/CVE-2024-21890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21890.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "60Ucz+CE49NFnmVBiIwnwQ==": { "id": "60Ucz+CE49NFnmVBiIwnwQ==", "updater": "rhel-vex", "name": "CVE-2026-21717", "description": "A flaw was found in V8's string hashing mechanism within Node.js. A remote attacker can exploit this vulnerability by crafting requests containing integer-like strings. These specially crafted strings cause predictable hash collisions in V8's internal string table, particularly when processed by functions like JSON.parse() on attacker-controlled input. This can significantly degrade the performance of the Node.js process, leading to a Denial of Service (DoS) condition.", "issued": "2026-03-30T19:07:28Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21717 https://bugzilla.redhat.com/show_bug.cgi?id=2453162 https://www.cve.org/CVERecord?id=CVE-2026-21717 https://nvd.nist.gov/vuln/detail/CVE-2026-21717 https://nodejs.org/en/blog/vulnerability/march-2026-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21717.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "63po8QED6nDungBQEqHIyA==": { "id": "63po8QED6nDungBQEqHIyA==", "updater": "rhel-vex", "name": "CVE-2022-25881", "description": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.", "issued": "2023-01-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25881 https://bugzilla.redhat.com/show_bug.cgi?id=2165824 https://www.cve.org/CVERecord?id=CVE-2022-25881 https://nvd.nist.gov/vuln/detail/CVE-2022-25881 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25881.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "66LeUA2b+ILx/Qsv0eSJ5w==": { "id": "66LeUA2b+ILx/Qsv0eSJ5w==", "updater": "rhel-vex", "name": "CVE-2026-3832", "description": "A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol (OCSP) response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with OCSP verification enabled may incorrectly accept a revoked server certificate, potentially leading to a compromise of trust.", "issued": "2026-04-30T17:29:25Z", "links": "https://access.redhat.com/security/cve/CVE-2026-3832 https://bugzilla.redhat.com/show_bug.cgi?id=2445762 https://www.cve.org/CVERecord?id=CVE-2026-3832 https://nvd.nist.gov/vuln/detail/CVE-2026-3832 https://gitlab.com/gnutls/gnutls/-/issues/1801 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3832.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "gnutls", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "67Q/SCDsFWutXyKWQ9JQdQ==": { "id": "67Q/SCDsFWutXyKWQ9JQdQ==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "69HZBPjw2QR8kIdKeSUwQg==": { "id": "69HZBPjw2QR8kIdKeSUwQg==", "updater": "rhel-vex", "name": "CVE-2023-5363", "description": "A flaw was found in OpenSSL in how it processes key and initialization vector (IV) lengths. This issue can lead to potential truncation or overruns during the initialization of some symmetric ciphers. A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. Both truncations and overruns of the key and the IV will produce incorrect results and could, in some cases, trigger a memory exception.", "issued": "2023-10-24T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5363 https://bugzilla.redhat.com/show_bug.cgi?id=2243839 https://www.cve.org/CVERecord?id=CVE-2023-5363 https://nvd.nist.gov/vuln/detail/CVE-2023-5363 https://www.openssl.org/news/secadv/20231024.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5363.json https://access.redhat.com/errata/RHSA-2024:0310", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-25.el9_3", "arch_op": "pattern match" }, "6E1YTgmxENPqo7FirtVNvw==": { "id": "6E1YTgmxENPqo7FirtVNvw==", "updater": "rhel-vex", "name": "CVE-2025-7425", "description": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.", "issued": "2025-07-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-7425 https://bugzilla.redhat.com/show_bug.cgi?id=2379274 https://www.cve.org/CVERecord?id=CVE-2025-7425 https://nvd.nist.gov/vuln/detail/CVE-2025-7425 https://gitlab.gnome.org/GNOME/libxslt/-/issues/140 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-7425.json https://access.redhat.com/errata/RHSA-2025:12447", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-11.el9_6", "arch_op": "pattern match" }, "6GILJqctNxTbZFPR6fLtoA==": { "id": "6GILJqctNxTbZFPR6fLtoA==", "updater": "rhel-vex", "name": "CVE-2024-12086", "description": "A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client.", "issued": "2025-01-14T15:06:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12086 https://bugzilla.redhat.com/show_bug.cgi?id=2330577 https://www.cve.org/CVERecord?id=CVE-2024-12086 https://nvd.nist.gov/vuln/detail/CVE-2024-12086 https://kb.cert.org/vuls/id/952657 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12086.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "rsync", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6GzxFtf19XU1Y6ySz6SgYQ==": { "id": "6GzxFtf19XU1Y6ySz6SgYQ==", "updater": "osv/go", "name": "GO-2024-3107", "description": "Stack exhaustion in Parse in go/build/constraint", "issued": "2024-09-06T19:15:23Z", "links": "https://go.dev/cl/611240 https://go.dev/issue/69141 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.22.7" }, "6J86dffyd+kQEKbjTTbD2Q==": { "id": "6J86dffyd+kQEKbjTTbD2Q==", "updater": "rhel-vex", "name": "CVE-2023-1916", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure.", "issued": "2023-03-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1916 https://bugzilla.redhat.com/show_bug.cgi?id=2185074 https://www.cve.org/CVERecord?id=CVE-2023-1916 https://nvd.nist.gov/vuln/detail/CVE-2023-1916 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1916.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6JXvoql3pzMfkGQb7H+Jqg==": { "id": "6JXvoql3pzMfkGQb7H+Jqg==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "6K5O0xmJnJtZcGmUaZ+P/w==": { "id": "6K5O0xmJnJtZcGmUaZ+P/w==", "updater": "rhel-vex", "name": "CVE-2023-24537", "description": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an infinite loop due to integer overflow when calling any of the Parse functions. By sending a specially crafted input, a remote attacker can cause a denial of service.", "issued": "2023-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24537 https://bugzilla.redhat.com/show_bug.cgi?id=2184484 https://www.cve.org/CVERecord?id=CVE-2023-24537 https://nvd.nist.gov/vuln/detail/CVE-2023-24537 https://github.com/golang/go/issues/59180 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24537.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "6LOgJE44rXWziB7/OMO/ig==": { "id": "6LOgJE44rXWziB7/OMO/ig==", "updater": "rhel-vex", "name": "CVE-2026-28422", "description": "A flaw was found in Vim, an open-source command-line text editor. A local user could exploit a stack-buffer-overflow vulnerability in the `build_stl_str_hl()` function by rendering a statusline with a multi-byte fill character on a very wide terminal. This could lead to an integrity impact, where data might be modified.", "issued": "2026-02-27T22:08:11Z", "links": "https://access.redhat.com/security/cve/CVE-2026-28422 https://bugzilla.redhat.com/show_bug.cgi?id=2443475 https://www.cve.org/CVERecord?id=CVE-2026-28422 https://nvd.nist.gov/vuln/detail/CVE-2026-28422 https://github.com/vim/vim/commit/4e5b9e31cb7484ad156f https://github.com/vim/vim/releases/tag/v9.2.0078 https://github.com/vim/vim/security/advisories/GHSA-gmqx-prf2-8mwf https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-28422.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6LazNwUBgu5kQGKPCQnaOw==": { "id": "6LazNwUBgu5kQGKPCQnaOw==", "updater": "rhel-vex", "name": "CVE-2026-26269", "description": "A flaw was found in Vim. A stack-based buffer overflow in the NetBeans integration can be triggered in the special_keys function in the src/netbeans.c file via a malicious NetBeans server due to improper bounds checking, most likely resulting in a denial of service or in arbitrary command execution.", "issued": "2026-02-13T19:18:41Z", "links": "https://access.redhat.com/security/cve/CVE-2026-26269 https://bugzilla.redhat.com/show_bug.cgi?id=2439755 https://www.cve.org/CVERecord?id=CVE-2026-26269 https://nvd.nist.gov/vuln/detail/CVE-2026-26269 https://github.com/vim/vim/commit/c5f312aad8e4179e437f81ad39a860cd0ef11970 https://github.com/vim/vim/releases/tag/v9.1.2148 https://github.com/vim/vim/security/advisories/GHSA-9w5c-hwr9-hc68 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-26269.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6MW1lRUdNNc4s+6uD2JNvw==": { "id": "6MW1lRUdNNc4s+6uD2JNvw==", "updater": "rhel-vex", "name": "CVE-2022-2286", "description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "issued": "2022-07-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2286.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6MrPfKc4s7QjoixYMvK5aQ==": { "id": "6MrPfKc4s7QjoixYMvK5aQ==", "updater": "rhel-vex", "name": "CVE-2025-61731", "description": "A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the '#cgo pkg-config:' directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a '--log-file' argument to the pkg-config command. This vulnerability can lead to arbitrary file write.", "issued": "2026-01-28T19:30:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61731 https://bugzilla.redhat.com/show_bug.cgi?id=2434433 https://www.cve.org/CVERecord?id=CVE-2025-61731 https://nvd.nist.gov/vuln/detail/CVE-2025-61731 https://go.dev/cl/736711 https://go.dev/issue/77100 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://pkg.go.dev/vuln/GO-2026-4339 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61731.json https://access.redhat.com/errata/RHSA-2026:5942", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.25.8-1.el9_7", "arch_op": "pattern match" }, "6PfMuZGMOADiSo4Ifx0/Qw==": { "id": "6PfMuZGMOADiSo4Ifx0/Qw==", "updater": "rhel-vex", "name": "CVE-2021-35937", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "6Q0Sg/Y1lskU2n7rbcxAIw==": { "id": "6Q0Sg/Y1lskU2n7rbcxAIw==", "updater": "rhel-vex", "name": "CVE-2023-39318", "description": "A flaw was found in Golang. The html/template package did not properly handle HMTL-like \"\u003c!--\" and \"--\u003e\" comment tokens, nor hashbang \"#!\" comment tokens, in \u003cscript\u003e contexts. This issue may cause the template parser to improperly interpret the contents of \u003cscript\u003e contexts, causing actions to be improperly escaped.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39318 https://bugzilla.redhat.com/show_bug.cgi?id=2237776 https://www.cve.org/CVERecord?id=CVE-2023-39318 https://nvd.nist.gov/vuln/detail/CVE-2023-39318 https://go.dev/cl/526156 https://go.dev/issue/62196 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2041.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39318.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "6Qa2KBduT2HgJC4kctpUnw==": { "id": "6Qa2KBduT2HgJC4kctpUnw==", "updater": "rhel-vex", "name": "CVE-2021-35065", "description": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "issued": "2022-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35065 https://bugzilla.redhat.com/show_bug.cgi?id=2156324 https://www.cve.org/CVERecord?id=CVE-2021-35065 https://nvd.nist.gov/vuln/detail/CVE-2021-35065 https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35065.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "6VA82zmenvpHf3qd7c6BQg==": { "id": "6VA82zmenvpHf3qd7c6BQg==", "updater": "rhel-vex", "name": "CVE-2023-45289", "description": "A flaw was found in Go's net/http/cookiejar standard library package. When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45289 https://bugzilla.redhat.com/show_bug.cgi?id=2268018 https://www.cve.org/CVERecord?id=CVE-2023-45289 https://nvd.nist.gov/vuln/detail/CVE-2023-45289 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45289.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "6W4lt5SjUgXnbxNap1O0Cg==": { "id": "6W4lt5SjUgXnbxNap1O0Cg==", "updater": "rhel-vex", "name": "CVE-2023-39321", "description": "A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39321 https://bugzilla.redhat.com/show_bug.cgi?id=2237777 https://www.cve.org/CVERecord?id=CVE-2023-39321 https://nvd.nist.gov/vuln/detail/CVE-2023-39321 https://go.dev/cl/523039 https://go.dev/issue/62266 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2044.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39321.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "6WQjHZdyTC+aVOSwNc3+BQ==": { "id": "6WQjHZdyTC+aVOSwNc3+BQ==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "6XzckJlhvkdWwkN1ERVdzg==": { "id": "6XzckJlhvkdWwkN1ERVdzg==", "updater": "rhel-vex", "name": "CVE-2023-5363", "description": "A flaw was found in OpenSSL in how it processes key and initialization vector (IV) lengths. This issue can lead to potential truncation or overruns during the initialization of some symmetric ciphers. A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. Both truncations and overruns of the key and the IV will produce incorrect results and could, in some cases, trigger a memory exception.", "issued": "2023-10-24T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5363 https://bugzilla.redhat.com/show_bug.cgi?id=2243839 https://www.cve.org/CVERecord?id=CVE-2023-5363 https://nvd.nist.gov/vuln/detail/CVE-2023-5363 https://www.openssl.org/news/secadv/20231024.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5363.json https://access.redhat.com/errata/RHSA-2024:0310", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-25.el9_3", "arch_op": "pattern match" }, "6ZTNb8xwQ12tf1lZxG3rMg==": { "id": "6ZTNb8xwQ12tf1lZxG3rMg==", "updater": "rhel-vex", "name": "CVE-2026-1526", "description": "A flaw was found in undici. A remote attacker can exploit this vulnerability by sending a specially crafted compressed frame, known as a \"decompression bomb,\" during permessage-deflate decompression. The undici WebSocket client does not properly limit the size of decompressed data, leading to unbounded memory consumption. This can cause the Node.js process to exhaust available memory, resulting in a denial of service (DoS) where the process crashes or becomes unresponsive.", "issued": "2026-03-12T20:08:05Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1526 https://bugzilla.redhat.com/show_bug.cgi?id=2447142 https://www.cve.org/CVERecord?id=CVE-2026-1526 https://nvd.nist.gov/vuln/detail/CVE-2026-1526 https://cna.openjsf.org/security-advisories.html https://datatracker.ietf.org/doc/html/rfc7692 https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q https://hackerone.com/reports/3481206 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1526.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "6Za/T764+Wnq0wfxFjEvGw==": { "id": "6Za/T764+Wnq0wfxFjEvGw==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "6asSIEJz7ggo9QEXpbSOYg==": { "id": "6asSIEJz7ggo9QEXpbSOYg==", "updater": "rhel-vex", "name": "CVE-2023-48236", "description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "issued": "2023-11-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48236.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6bZ4UNaa9jRLVZoZHQgYtQ==": { "id": "6bZ4UNaa9jRLVZoZHQgYtQ==", "updater": "rhel-vex", "name": "CVE-2024-21896", "description": "A flaw was found in Node.js. The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path is to be treated as a buffer, the implementation uses Buffer.from() to obtain a buffer from the result of path.resolve(). By monkey-patching buffer internals, namely, Buffer.prototype.utf8Write, the application can modify the result of path.resolve(), which leads to a path traversal vulnerability.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21896 https://bugzilla.redhat.com/show_bug.cgi?id=2265717 https://www.cve.org/CVERecord?id=CVE-2024-21896 https://nvd.nist.gov/vuln/detail/CVE-2024-21896 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21896.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "6dwQWrojfQ/1hgTT2PQckg==": { "id": "6dwQWrojfQ/1hgTT2PQckg==", "updater": "rhel-vex", "name": "CVE-2022-2129", "description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "issued": "2022-06-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2129.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6fJcYsi1gPQNv5g1ujEPdA==": { "id": "6fJcYsi1gPQNv5g1ujEPdA==", "updater": "rhel-vex", "name": "CVE-2024-21891", "description": "A flaw was found in Node.js. Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwritten with user-defined implementations, leading to a filesystem permission model bypass through a path traversal attack.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21891 https://bugzilla.redhat.com/show_bug.cgi?id=2265720 https://www.cve.org/CVERecord?id=CVE-2024-21891 https://nvd.nist.gov/vuln/detail/CVE-2024-21891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21891.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "6hAQW3vY9ZA/8datv1rY4g==": { "id": "6hAQW3vY9ZA/8datv1rY4g==", "updater": "rhel-vex", "name": "CVE-2024-41996", "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "issued": "2024-08-26T06:15:04Z", "links": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6miUB07ljV2HaYX/rZ1yjg==": { "id": "6miUB07ljV2HaYX/rZ1yjg==", "updater": "rhel-vex", "name": "CVE-2025-0938", "description": "A flaw was found in Python. The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.", "issued": "2025-01-31T17:51:35Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0938 https://bugzilla.redhat.com/show_bug.cgi?id=2343237 https://www.cve.org/CVERecord?id=CVE-2025-0938 https://nvd.nist.gov/vuln/detail/CVE-2025-0938 https://github.com/python/cpython/issues/105704 https://github.com/python/cpython/pull/129418 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0938.json https://access.redhat.com/errata/RHSA-2025:6977", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9", "arch_op": "pattern match" }, "6o8ui0RxMttDzkyqTDO5tg==": { "id": "6o8ui0RxMttDzkyqTDO5tg==", "updater": "rhel-vex", "name": "CVE-2022-1616", "description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.", "issued": "2022-05-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-1616 https://bugzilla.redhat.com/show_bug.cgi?id=2083017 https://www.cve.org/CVERecord?id=CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-1616.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6otwEH3RP+2A14zXLvGXpg==": { "id": "6otwEH3RP+2A14zXLvGXpg==", "updater": "rhel-vex", "name": "CVE-2023-29402", "description": "A flaw was found in golang. The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program that uses cgo. This can occur when running an untrusted module that contains directories with newline characters in their names. Modules that are retrieved using the go command, for example, via \"go get\", are not affected. Modules retrieved using GOPATH-mode, for example, GO111MODULE=off may be affected.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29402 https://bugzilla.redhat.com/show_bug.cgi?id=2217562 https://www.cve.org/CVERecord?id=CVE-2023-29402 https://nvd.nist.gov/vuln/detail/CVE-2023-29402 https://go.dev/cl/501226 https://go.dev/issue/60167 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1839 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29402.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "6pBzw2YiS9JmVvplQUxl2Q==": { "id": "6pBzw2YiS9JmVvplQUxl2Q==", "updater": "rhel-vex", "name": "CVE-2023-0466", "description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "6pPl5aD/FZ2M/6Yaa588Aw==": { "id": "6pPl5aD/FZ2M/6Yaa588Aw==", "updater": "rhel-vex", "name": "CVE-2023-30590", "description": "A vulnerability has been identified in the Node.js, where a generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30590 https://bugzilla.redhat.com/show_bug.cgi?id=2219842 https://www.cve.org/CVERecord?id=CVE-2023-30590 https://nvd.nist.gov/vuln/detail/CVE-2023-30590 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30590.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.16.1-1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "6q1zANz+NJU+U0TPL1Xa2g==": { "id": "6q1zANz+NJU+U0TPL1Xa2g==", "updater": "rhel-vex", "name": "CVE-2024-12718", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows modification of file metadata, such as timestamps or permissions, outside the intended extraction directory via maliciously crafted tar archives using the filter=\"data\" or filter=\"tar\" extraction filters.", "issued": "2025-06-03T12:59:10Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12718 https://bugzilla.redhat.com/show_bug.cgi?id=2370013 https://www.cve.org/CVERecord?id=CVE-2024-12718 https://nvd.nist.gov/vuln/detail/CVE-2024-12718 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/127987 https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12718.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "6qJXB6OTmGgjS8WJVVTxvQ==": { "id": "6qJXB6OTmGgjS8WJVVTxvQ==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "6qUVSp56FVn/1B93TTNdqw==": { "id": "6qUVSp56FVn/1B93TTNdqw==", "updater": "rhel-vex", "name": "CVE-2025-55132", "description": "A file access flaw has been discovered in NodeJS. A file's access and modification timestamps to be changed via `futimes()` even when the process has only read permissions. Unlike `utimes()`, `futimes()` does not apply the expected write-permission checks, which means file metadata can be modified in read-only directories. This behavior could be used to alter timestamps in ways that obscure activity, reducing the reliability of logs.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-55132 https://bugzilla.redhat.com/show_bug.cgi?id=2431338 https://www.cve.org/CVERecord?id=CVE-2025-55132 https://nvd.nist.gov/vuln/detail/CVE-2025-55132 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-55132.json https://access.redhat.com/errata/RHSA-2026:2783", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.20.0-1.module+el9.7.0+23895+0637d423", "arch_op": "pattern match" }, "6qxVoatDqIolfyN1PZUKnw==": { "id": "6qxVoatDqIolfyN1PZUKnw==", "updater": "rhel-vex", "name": "CVE-2025-55131", "description": "A memory exposure flaw has been discovered in Node.js. A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the `vm` module with the timeout option. Under specific timing conditions, buffers allocated with `Buffer.alloc` and other `TypedArray` instances like `Uint8Array` may contain leftover data from previous operations, allowing in-process secrets like tokens or passwords to leak or causing data corruption.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-55131 https://bugzilla.redhat.com/show_bug.cgi?id=2431350 https://www.cve.org/CVERecord?id=CVE-2025-55131 https://nvd.nist.gov/vuln/detail/CVE-2025-55131 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-55131.json https://access.redhat.com/errata/RHSA-2026:2782", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.9.4-1.22.22.0.1.module+el9.7.0+23896+b5802de9", "arch_op": "pattern match" }, "6rBlrHxkkFbqVRbyfq+scg==": { "id": "6rBlrHxkkFbqVRbyfq+scg==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libstdc++-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "6rEIsdyQtCC456AuGwgsDQ==": { "id": "6rEIsdyQtCC456AuGwgsDQ==", "updater": "rhel-vex", "name": "CVE-2025-15079", "description": "A flaw was found in curl. When performing SSH-based transfers using SCP or SFTP, libcurl could mistakenly connect to hosts not listed in the user-specified knownhosts file. This occurs if the host is present in the libssh global knownhosts file, effectively bypassing the intended host verification. This could allow a remote attacker to connect to an untrusted host, potentially leading to information disclosure or man-in-the-middle attacks.", "issued": "2026-01-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15079 https://bugzilla.redhat.com/show_bug.cgi?id=2426409 https://www.cve.org/CVERecord?id=CVE-2025-15079 https://nvd.nist.gov/vuln/detail/CVE-2025-15079 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15079.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6tML+4g9GkMhdrrSDsX4Zw==": { "id": "6tML+4g9GkMhdrrSDsX4Zw==", "updater": "rhel-vex", "name": "CVE-2023-29007", "description": "A vulnerability was found in Git. This security flaw occurs when renaming or deleting a section from a configuration file, where certain malicious configuration values may be misinterpreted as the beginning of a new configuration section. This flaw leads to arbitrary configuration injection.", "issued": "2023-04-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29007 https://bugzilla.redhat.com/show_bug.cgi?id=2188338 https://www.cve.org/CVERecord?id=CVE-2023-29007 https://nvd.nist.gov/vuln/detail/CVE-2023-29007 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29007.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "6thTxik/0CDWjirwYbVkYw==": { "id": "6thTxik/0CDWjirwYbVkYw==", "updater": "rhel-vex", "name": "CVE-2023-32006", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32006 https://bugzilla.redhat.com/show_bug.cgi?id=2230955 https://www.cve.org/CVERecord?id=CVE-2023-32006 https://nvd.nist.gov/vuln/detail/CVE-2023-32006 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-impersonate-other-modules-in-using-moduleconstructorcreaterequire-mediumcve-2023-32006 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32006.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "6ysC6D7BSkYQ7y8vZ1O7HA==": { "id": "6ysC6D7BSkYQ7y8vZ1O7HA==", "updater": "rhel-vex", "name": "CVE-2023-39325", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39325 https://bugzilla.redhat.com/show_bug.cgi?id=2243296 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-39325 https://nvd.nist.gov/vuln/detail/CVE-2023-39325 https://access.redhat.com/security/cve/CVE-2023-44487 https://go.dev/issue/63417 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39325.json https://access.redhat.com/errata/RHSA-2023:5738", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.13-1.el9_2", "arch_op": "pattern match" }, "7+mdkcJcBwtv88RB9AcmHQ==": { "id": "7+mdkcJcBwtv88RB9AcmHQ==", "updater": "rhel-vex", "name": "CVE-2021-29390", "description": "A heap buffer over-read flaw was found in libjpeg-turbo. For certain types of smoothed jpeg images, the decompress_smooth_data() function may improperly enter a condition statement that leads to heap memory read of uninitialized data, which may cause an application crash or loss of confidentiality.", "issued": "2023-08-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-29390 https://bugzilla.redhat.com/show_bug.cgi?id=2235521 https://www.cve.org/CVERecord?id=CVE-2021-29390 https://nvd.nist.gov/vuln/detail/CVE-2021-29390 https://github.com/libjpeg-turbo/libjpeg-turbo/commit/ccaba5d7894ecfb5a8f11e48d3f86e1f14d5a469 https://github.com/libjpeg-turbo/libjpeg-turbo/issues/459#issuecomment-733720010 https://github.com/libjpeg-turbo/libjpeg-turbo/pull/476 https://github.com/libjpeg-turbo/libjpeg-turbo/pull/724 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-29390.json https://access.redhat.com/errata/RHSA-2024:2295", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libjpeg-turbo-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.0.90-7.el9", "arch_op": "pattern match" }, "7+zZLUPhCOA3BFrcusoKFg==": { "id": "7+zZLUPhCOA3BFrcusoKFg==", "updater": "rhel-vex", "name": "CVE-2025-1152", "description": "A flaw was found in the ld linker utility of GNU Binutils. A specially-crafted payload may be able to trigger a memory leak, which can lead to an application crash or other undefined behavior.", "issued": "2025-02-10T18:00:09Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1152 https://bugzilla.redhat.com/show_bug.cgi?id=2344723 https://www.cve.org/CVERecord?id=CVE-2025-1152 https://nvd.nist.gov/vuln/detail/CVE-2025-1152 https://sourceware.org/bugzilla/attachment.cgi?id=15887 https://sourceware.org/bugzilla/show_bug.cgi?id=32576 https://vuldb.com/?ctiid.295056 https://vuldb.com/?id.295056 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1152.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "70+Z8jFk8NJbHxPCoxDRng==": { "id": "70+Z8jFk8NJbHxPCoxDRng==", "updater": "rhel-vex", "name": "CVE-2023-30588", "description": "A vulnerability has been identified in the Node.js, where an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30588 https://bugzilla.redhat.com/show_bug.cgi?id=2219838 https://www.cve.org/CVERecord?id=CVE-2023-30588 https://nvd.nist.gov/vuln/detail/CVE-2023-30588 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30588.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.16.1-1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "70Ajh2QFCXmrQTWVljWbIg==": { "id": "70Ajh2QFCXmrQTWVljWbIg==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "70HU3efHkL/3G4Y44qZmGA==": { "id": "70HU3efHkL/3G4Y44qZmGA==", "updater": "rhel-vex", "name": "CVE-2022-3597", "description": "An out-of-bounds write flaw was found in the _TIFFmemcpy function in libtiff/tif_unix.c in the libtiff package. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could cause a denial of service condition.", "issued": "2022-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3597 https://bugzilla.redhat.com/show_bug.cgi?id=2142736 https://www.cve.org/CVERecord?id=CVE-2022-3597 https://nvd.nist.gov/vuln/detail/CVE-2022-3597 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3597.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "70hF296ZfY1ODiaUXL3gcQ==": { "id": "70hF296ZfY1ODiaUXL3gcQ==", "updater": "rhel-vex", "name": "CVE-2026-27903", "description": "A flaw was found in minimatch, a utility for converting glob expressions into JavaScript regular expressions. A remote attacker can exploit this vulnerability by providing a specially crafted glob pattern containing multiple non-adjacent `**` (GLOBSTAR) segments. This can lead to unbounded recursive backtracking in the `matchOne()` function, causing a Denial of Service (DoS) by stalling the Node.js event loop for an extended period.", "issued": "2026-02-26T01:06:32Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27903 https://bugzilla.redhat.com/show_bug.cgi?id=2442919 https://www.cve.org/CVERecord?id=CVE-2026-27903 https://nvd.nist.gov/vuln/detail/CVE-2026-27903 https://github.com/isaacs/minimatch/security/advisories/GHSA-7r86-cg39-jmmj https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27903.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "llvm", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "70rtBro0k4gOrF1v9b0LPQ==": { "id": "70rtBro0k4gOrF1v9b0LPQ==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "71rWwrWl22424P8D9sWBZg==": { "id": "71rWwrWl22424P8D9sWBZg==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "72/cPQH5mNLd1/e3j2Vn+Q==": { "id": "72/cPQH5mNLd1/e3j2Vn+Q==", "updater": "rhel-vex", "name": "CVE-2024-8088", "description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "issued": "2024-08-22T19:15:09Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:6163", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.5", "arch_op": "pattern match" }, "72HhoIyfPMwkQyR2IF7qqw==": { "id": "72HhoIyfPMwkQyR2IF7qqw==", "updater": "rhel-vex", "name": "CVE-2026-4878", "description": "A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.", "issued": "2026-04-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4878 https://bugzilla.redhat.com/show_bug.cgi?id=2451615 https://www.cve.org/CVERecord?id=CVE-2026-4878 https://nvd.nist.gov/vuln/detail/CVE-2026-4878 https://bugzilla.redhat.com/show_bug.cgi?id=2447554 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4878.json https://access.redhat.com/errata/RHSA-2026:12441", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libcap", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.48-10.el9_7.1", "arch_op": "pattern match" }, "748UmdVwB73z0xvCImrQmA==": { "id": "748UmdVwB73z0xvCImrQmA==", "updater": "rhel-vex", "name": "CVE-2023-28322", "description": "A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28322 https://bugzilla.redhat.com/show_bug.cgi?id=2196793 https://www.cve.org/CVERecord?id=CVE-2023-28322 https://nvd.nist.gov/vuln/detail/CVE-2023-28322 https://curl.se/docs/CVE-2023-28322.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28322.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "74B4VkBJHkNvj2AsRU4uTw==": { "id": "74B4VkBJHkNvj2AsRU4uTw==", "updater": "rhel-vex", "name": "CVE-2023-7008", "description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "issued": "2022-12-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd-pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:252-32.el9_4", "arch_op": "pattern match" }, "75kzXqx/LGJU9hkFlgdGGA==": { "id": "75kzXqx/LGJU9hkFlgdGGA==", "updater": "rhel-vex", "name": "CVE-2025-53905", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:48:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53905 https://bugzilla.redhat.com/show_bug.cgi?id=2380362 https://www.cve.org/CVERecord?id=CVE-2025-53905 https://nvd.nist.gov/vuln/detail/CVE-2025-53905 https://github.com/vim/vim/commit/87757c6b0a4b2c1f71c72ea8e1438b8fb116b239 https://github.com/vim/vim/security/advisories/GHSA-74v4-f3x9-ppvr https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53905.json https://access.redhat.com/errata/RHSA-2025:20945", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-23.el9_7", "arch_op": "pattern match" }, "76mWuVYhbmIFsc4DNorK9A==": { "id": "76mWuVYhbmIFsc4DNorK9A==", "updater": "rhel-vex", "name": "CVE-2025-5917", "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5917 https://bugzilla.redhat.com/show_bug.cgi?id=2370874 https://www.cve.org/CVERecord?id=CVE-2025-5917 https://nvd.nist.gov/vuln/detail/CVE-2025-5917 https://github.com/libarchive/libarchive/pull/2588 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5917.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "76ytKtBeQe8L2T7nxeVp/g==": { "id": "76ytKtBeQe8L2T7nxeVp/g==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "76z9Mpn8Jp7lhZSPsHTHug==": { "id": "76z9Mpn8Jp7lhZSPsHTHug==", "updater": "rhel-vex", "name": "CVE-2025-68973", "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "issued": "2025-12-28T16:19:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-68973 https://bugzilla.redhat.com/show_bug.cgi?id=2425966 https://www.cve.org/CVERecord?id=CVE-2025-68973 https://nvd.nist.gov/vuln/detail/CVE-2025-68973 https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306 https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9 https://gpg.fail/memcpy https://news.ycombinator.com/item?id=46403200 https://www.openwall.com/lists/oss-security/2025/12/28/5 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68973.json https://access.redhat.com/errata/RHSA-2026:0719", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.3.3-5.el9_7", "arch_op": "pattern match" }, "78ARTcr/iVbEbtXWNEyadA==": { "id": "78ARTcr/iVbEbtXWNEyadA==", "updater": "rhel-vex", "name": "CVE-2025-15467", "description": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.", "issued": "2026-01-27T14:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15467 https://bugzilla.redhat.com/show_bug.cgi?id=2430376 https://www.cve.org/CVERecord?id=CVE-2025-15467 https://nvd.nist.gov/vuln/detail/CVE-2025-15467 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15467.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "78Ya60ppwS4OL6ZK9P90Qw==": { "id": "78Ya60ppwS4OL6ZK9P90Qw==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "791CRjnt/pj2GXzRz2PiHg==": { "id": "791CRjnt/pj2GXzRz2PiHg==", "updater": "rhel-vex", "name": "CVE-2026-21714", "description": "A flaw was found in Node.js. A remote attacker can exploit this vulnerability in Node.js HTTP/2 servers by sending specially crafted WINDOW_UPDATE frames on stream 0 (connection-level). These frames can cause the flow control window to exceed its maximum value, leading to a memory leak as Http2Session objects are not properly cleaned up. This can result in resource exhaustion and a Denial of Service (DoS) condition for the server.", "issued": "2026-03-30T19:07:28Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21714 https://bugzilla.redhat.com/show_bug.cgi?id=2453161 https://www.cve.org/CVERecord?id=CVE-2026-21714 https://nvd.nist.gov/vuln/detail/CVE-2026-21714 https://nodejs.org/en/blog/vulnerability/march-2026-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21714.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "7AoZZiCMmvqX9d9WD62FnQ==": { "id": "7AoZZiCMmvqX9d9WD62FnQ==", "updater": "rhel-vex", "name": "CVE-2023-4781", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "issued": "2023-09-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4781.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "7B4LUCjMkCM+NcHtyQXyFA==": { "id": "7B4LUCjMkCM+NcHtyQXyFA==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "7BER6omsA92tkjpEqGZJLA==": { "id": "7BER6omsA92tkjpEqGZJLA==", "updater": "rhel-vex", "name": "CVE-2025-3277", "description": "A flaw was found in SQLite’s `concat_ws()` function, where an integer overflow can be triggered. The resulting truncated integer can allocate a buffer. When SQLite writes the resulting string to the buffer, it uses the original, untruncated size, and a wild heap buffer overflow size of around 4GB can occur. This issue can result in arbitrary code execution.", "issued": "2025-04-14T16:50:48Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3277 https://bugzilla.redhat.com/show_bug.cgi?id=2359553 https://www.cve.org/CVERecord?id=CVE-2025-3277 https://nvd.nist.gov/vuln/detail/CVE-2025-3277 https://sqlite.org/src/info/498e3f1cf57f164f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3277.json https://access.redhat.com/errata/RHSA-2025:7433", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.15.0-1.module+el9.6.0+23062+9e7801b9", "arch_op": "pattern match" }, "7CoZtRXELVa05aD7HVx7dg==": { "id": "7CoZtRXELVa05aD7HVx7dg==", "updater": "rhel-vex", "name": "CVE-2026-21710", "description": "A flaw was found in Node.js. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request that includes a header named `__proto__`. When a Node.js application processes this request and attempts to access distinct headers, it encounters an unhandled error, leading to an application crash. This can result in a Denial of Service (DoS), making the affected service unavailable to users.", "issued": "2026-03-30T19:07:28Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21710 https://bugzilla.redhat.com/show_bug.cgi?id=2453151 https://www.cve.org/CVERecord?id=CVE-2026-21710 https://nvd.nist.gov/vuln/detail/CVE-2026-21710 https://nodejs.org/en/blog/vulnerability/march-2026-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21710.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "7CqLd0zk1hiFU3yrvTTdyg==": { "id": "7CqLd0zk1hiFU3yrvTTdyg==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "7FDf95fwOcyZ1YXNVDIx0A==": { "id": "7FDf95fwOcyZ1YXNVDIx0A==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1438", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-4.el9_3", "arch_op": "pattern match" }, "7HuMMq7XSYKaQG/oWdxnyg==": { "id": "7HuMMq7XSYKaQG/oWdxnyg==", "updater": "rhel-vex", "name": "CVE-2025-1094", "description": "A flaw was found in PostgreSQL. Due to improper neutralization of quoting syntax, affected versions potentially allow a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the affected function's result to construct input to psql, the PostgreSQL interactive terminal. Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when `client_encoding` is `BIG5` and `server_encoding` is one of `EUC_TW` or `MULE_INTERNAL`.", "issued": "2025-02-13T13:00:02Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1094 https://bugzilla.redhat.com/show_bug.cgi?id=2345548 https://www.cve.org/CVERecord?id=CVE-2025-1094 https://nvd.nist.gov/vuln/detail/CVE-2025-1094 https://attackerkb.com/topics/G5s8ZWAbYH/cve-2024-12356/rapid7-analysis https://www.postgresql.org/support/security/CVE-2025-1094/ https://www.rapid7.com/blog/post/2025/02/13/cve-2025-1094-postgresql-psql-sql-injection-fixed/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1094.json https://access.redhat.com/errata/RHSA-2025:1738", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libpq-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:13.20-1.el9_5", "arch_op": "pattern match" }, "7MUqmqmB2hEWys43ktPpcQ==": { "id": "7MUqmqmB2hEWys43ktPpcQ==", "updater": "rhel-vex", "name": "CVE-2022-28131", "description": "A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-28131 https://bugzilla.redhat.com/show_bug.cgi?id=2107390 https://www.cve.org/CVERecord?id=CVE-2022-28131 https://nvd.nist.gov/vuln/detail/CVE-2022-28131 https://go.dev/issue/53614 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-28131.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "7NIMWPjl58dCiuwwIe4bGg==": { "id": "7NIMWPjl58dCiuwwIe4bGg==", "updater": "rhel-vex", "name": "CVE-2023-5129", "description": "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", "issued": "2023-09-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5129 https://bugzilla.redhat.com/show_bug.cgi?id=2240759 https://www.cve.org/CVERecord?id=CVE-2023-5129 https://nvd.nist.gov/vuln/detail/CVE-2023-5129 https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76 https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5129.json https://access.redhat.com/errata/RHSA-2023:5214", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", "normalized_severity": "Unknown", "package": { "id": "", "name": "libwebp-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.2.0-7.el9_2", "arch_op": "pattern match" }, "7Q0Bus9RTfFy/UrxkfH2sQ==": { "id": "7Q0Bus9RTfFy/UrxkfH2sQ==", "updater": "rhel-vex", "name": "CVE-2024-28863", "description": "A flaw was found in ISAACS's node-tar, where it is vulnerable to a denial of service, caused by the lack of folder count validation. The vulnerability exists due to the application not properly controlling the consumption of internal resources while parsing a tar file. By sending a specially crafted request, a remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28863 https://bugzilla.redhat.com/show_bug.cgi?id=2293200 https://www.cve.org/CVERecord?id=CVE-2024-28863 https://nvd.nist.gov/vuln/detail/CVE-2024-28863 https://github.com/isaacs/node-tar/security/advisories/GHSA-f5x3-32g6-xq36 https://security.netapp.com/advisory/ntap-20240524-0005/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28863.json https://access.redhat.com/errata/RHSA-2024:6147", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.7.0-1.18.20.4.1.module+el9.4.0+22195+c221878e", "arch_op": "pattern match" }, "7Q4dYBj4wFa2768mWculSQ==": { "id": "7Q4dYBj4wFa2768mWculSQ==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "7QBYsSaCu8T87GZR3WHxyw==": { "id": "7QBYsSaCu8T87GZR3WHxyw==", "updater": "rhel-vex", "name": "CVE-2024-6409", "description": "A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server.", "issued": "2024-07-08T17:45:07Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6409 https://bugzilla.redhat.com/show_bug.cgi?id=2295085 https://www.cve.org/CVERecord?id=CVE-2024-6409 https://nvd.nist.gov/vuln/detail/CVE-2024-6409 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6409.json https://access.redhat.com/errata/RHSA-2024:4457", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-38.el9_4.4", "arch_op": "pattern match" }, "7SutUCP3yRd4o5ryN/dDZA==": { "id": "7SutUCP3yRd4o5ryN/dDZA==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "7SyD51cUTMP7ddBSGNw3Iw==": { "id": "7SyD51cUTMP7ddBSGNw3Iw==", "updater": "rhel-vex", "name": "CVE-2024-1394", "description": "A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey​ and ctx​. That function uses named return parameters to free pkey​ and ctx​ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the \"return nil, nil, fail(...)\" pattern, meaning that pkey​ and ctx​ will be nil inside the deferred function that should free them.", "issued": "2024-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-1394 https://bugzilla.redhat.com/show_bug.cgi?id=2262921 https://www.cve.org/CVERecord?id=CVE-2024-1394 https://nvd.nist.gov/vuln/detail/CVE-2024-1394 https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136 https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6 https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f https://pkg.go.dev/vuln/GO-2024-2660 https://vuln.go.dev/ID/GO-2024-2660.json https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1394.json https://access.redhat.com/errata/RHSA-2024:1462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-2.el9_3", "arch_op": "pattern match" }, "7T9qiwKBE1swIXuW9Zvewg==": { "id": "7T9qiwKBE1swIXuW9Zvewg==", "updater": "rhel-vex", "name": "CVE-2023-27534", "description": "A path traversal vulnerability exists in curl \u003c8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27534.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "7TWJhc3cfFgph89dsQ0nBA==": { "id": "7TWJhc3cfFgph89dsQ0nBA==", "updater": "rhel-vex", "name": "CVE-2023-31130", "description": "A vulnerability was found in c-ares. This issue occurs in the ares_inet_net_pton() function, which is vulnerable to a buffer underflow for certain ipv6 addresses. \"0::00:00:00/2\" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which would require an administrator to configure such an address via ares_set_sortlist().", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31130 https://bugzilla.redhat.com/show_bug.cgi?id=2209497 https://www.cve.org/CVERecord?id=CVE-2023-31130 https://nvd.nist.gov/vuln/detail/CVE-2023-31130 https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31130.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "7U+8ffRP7ahu1ot4Zj5Zlw==": { "id": "7U+8ffRP7ahu1ot4Zj5Zlw==", "updater": "rhel-vex", "name": "CVE-2024-34156", "description": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://www.cve.org/CVERecord?id=CVE-2024-34156 https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3106 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34156.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "delve", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.1-2.el9_5", "arch_op": "pattern match" }, "7UXEplX43qBZDj2wJI621A==": { "id": "7UXEplX43qBZDj2wJI621A==", "updater": "rhel-vex", "name": "CVE-2025-32989", "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", "issued": "2025-07-10T07:54:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32989 https://bugzilla.redhat.com/show_bug.cgi?id=2359621 https://www.cve.org/CVERecord?id=CVE-2025-32989 https://nvd.nist.gov/vuln/detail/CVE-2025-32989 https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32989.json https://access.redhat.com/errata/RHSA-2025:16116", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-6.el9_6.2", "arch_op": "pattern match" }, "7W/pTtx9kAg13U/6tl322g==": { "id": "7W/pTtx9kAg13U/6tl322g==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://inbox.sourceware.org/libc-announce/3ac997b0-28a5-4129-af53-675efe4c2dec@redhat.com/T/#u https://sourceware.org/bugzilla/show_bug.cgi?id=32976 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "7XOAm91CGfyc8WKL2gtbrA==": { "id": "7XOAm91CGfyc8WKL2gtbrA==", "updater": "rhel-vex", "name": "CVE-2026-1528", "description": "A flaw was found in undici. A remote attacker could exploit this vulnerability by sending a specially crafted WebSocket frame with an extremely large 64-bit length. This causes undici's ByteParser to overflow its internal calculations, leading to an invalid state and a fatal TypeError. The primary consequence is a Denial of Service (DoS), which terminates the process.", "issued": "2026-03-12T20:21:57Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1528 https://bugzilla.redhat.com/show_bug.cgi?id=2447145 https://www.cve.org/CVERecord?id=CVE-2026-1528 https://nvd.nist.gov/vuln/detail/CVE-2026-1528 https://cna.openjsf.org/security-advisories.html https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj https://hackerone.com/reports/3537648 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1528.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "7XSgHUx9G277ukge5cFkHw==": { "id": "7XSgHUx9G277ukge5cFkHw==", "updater": "rhel-vex", "name": "CVE-2025-6075", "description": "A vulnerability in Python’s os.path.expandvars() function that can cause performance degradation. When processing specially crafted, user-controlled input with nested environment variable patterns, the function exhibits quadratic time complexity, potentially leading to excessive CPU usage and denial of service (DoS) conditions. No code execution or data exposure occurs, so the impact is limited to performance slowdown.", "issued": "2025-10-31T16:41:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6075 https://bugzilla.redhat.com/show_bug.cgi?id=2408891 https://www.cve.org/CVERecord?id=CVE-2025-6075 https://nvd.nist.gov/vuln/detail/CVE-2025-6075 https://github.com/python/cpython/issues/136065 https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6075.json https://access.redhat.com/errata/RHSA-2025:23342", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.25-2.el9_7", "arch_op": "pattern match" }, "7Z352FfiS2LxToBH4DWhEg==": { "id": "7Z352FfiS2LxToBH4DWhEg==", "updater": "rhel-vex", "name": "CVE-2025-9230", "description": "A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).", "issued": "2025-09-30T23:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9230 https://bugzilla.redhat.com/show_bug.cgi?id=2396054 https://www.cve.org/CVERecord?id=CVE-2025-9230 https://nvd.nist.gov/vuln/detail/CVE-2025-9230 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9230.json https://access.redhat.com/errata/RHSA-2025:21255", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-4.el9_7", "arch_op": "pattern match" }, "7ZyXE8z7uZKjHitrjhSWQQ==": { "id": "7ZyXE8z7uZKjHitrjhSWQQ==", "updater": "rhel-vex", "name": "CVE-2023-32006", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32006 https://bugzilla.redhat.com/show_bug.cgi?id=2230955 https://www.cve.org/CVERecord?id=CVE-2023-32006 https://nvd.nist.gov/vuln/detail/CVE-2023-32006 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-impersonate-other-modules-in-using-moduleconstructorcreaterequire-mediumcve-2023-32006 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32006.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.6.7-1.18.17.1.1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "7aI+wyLEqkIPj2Wh4f1UKg==": { "id": "7aI+wyLEqkIPj2Wh4f1UKg==", "updater": "rhel-vex", "name": "CVE-2026-40356", "description": "A flaw was found in MIT Kerberos 5 (krb5). An unauthenticated remote attacker can exploit an integer underflow and an out-of-bounds read vulnerability by calling `gss_accept_sec_context()` on a system with a NegoEx mechanism registered. This can lead to the process terminating, resulting in a Denial of Service (DoS).", "issued": "2026-04-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-40356 https://bugzilla.redhat.com/show_bug.cgi?id=2463368 https://www.cve.org/CVERecord?id=CVE-2026-40356 https://nvd.nist.gov/vuln/detail/CVE-2026-40356 https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f https://web.mit.edu/kerberos/advisories/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-40356.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "7aOJwf1br9gIaC1RH6UwDQ==": { "id": "7aOJwf1br9gIaC1RH6UwDQ==", "updater": "osv/go", "name": "GO-2022-0537", "description": "Panic when decoding Float and Rat types in math/big", "issued": "2022-08-01T22:21:06Z", "links": "https://go.dev/cl/417774 https://go.googlesource.com/go/+/055113ef364337607e3e72ed7d48df67fde6fc66 https://go.dev/issue/53871 https://groups.google.com/g/golang-announce/c/YqYYG87xB10", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.5" }, "7bYXVEfvDWEIL53s8ARxGg==": { "id": "7bYXVEfvDWEIL53s8ARxGg==", "updater": "rhel-vex", "name": "CVE-2025-22866", "description": "A flaw was found in the Golang crypto/internal/nistec package. Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Considering how this function is used, this leakage is likely insufficient to recover the private key when P-256 is used in any well-known protocols.", "issued": "2025-02-06T16:54:10Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22866 https://bugzilla.redhat.com/show_bug.cgi?id=2344219 https://www.cve.org/CVERecord?id=CVE-2025-22866 https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://pkg.go.dev/vuln/GO-2025-3447 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22866.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "7cYNZPh51XXj7WctPkn2Ww==": { "id": "7cYNZPh51XXj7WctPkn2Ww==", "updater": "rhel-vex", "name": "CVE-2026-25547", "description": "A flaw was found in the brace-expansion component. This denial of service (DoS) vulnerability allows a remote attacker to provide specially crafted input containing repeated numeric brace ranges. This input causes the library to attempt an unbounded expansion, consuming excessive CPU and memory resources. This can lead to a system crash, impacting the availability of the service.", "issued": "2026-02-04T21:51:17Z", "links": "https://access.redhat.com/security/cve/CVE-2026-25547 https://bugzilla.redhat.com/show_bug.cgi?id=2436942 https://www.cve.org/CVERecord?id=CVE-2026-25547 https://nvd.nist.gov/vuln/detail/CVE-2026-25547 https://github.com/isaacs/brace-expansion/security/advisories/GHSA-7h2j-956f-4vf2 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25547.json https://access.redhat.com/errata/RHSA-2026:7302", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.22.2-1.module+el9.7.0+24157+8ddb2461", "arch_op": "pattern match" }, "7cqLG7sQEqqh9WoHfpekpw==": { "id": "7cqLG7sQEqqh9WoHfpekpw==", "updater": "rhel-vex", "name": "CVE-2025-61724", "description": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.", "issued": "2025-10-29T22:10:14Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61724 https://bugzilla.redhat.com/show_bug.cgi?id=2407257 https://www.cve.org/CVERecord?id=CVE-2025-61724 https://nvd.nist.gov/vuln/detail/CVE-2025-61724 https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4015 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61724.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "7czTMSwqOjLz2LigIYHAeg==": { "id": "7czTMSwqOjLz2LigIYHAeg==", "updater": "rhel-vex", "name": "CVE-2025-4673", "description": "A flaw was found in net/http. Handling Proxy-Authorization and Proxy-Authenticate headers during cross-origin redirects allows these headers to be inadvertently forwarded, potentially exposing sensitive authentication credentials. This flaw allows a network-based attacker to manipulate redirect responses, unintentionally exposing authentication details to unauthorized parties.", "issued": "2025-06-11T16:42:53Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4673 https://bugzilla.redhat.com/show_bug.cgi?id=2373305 https://www.cve.org/CVERecord?id=CVE-2025-4673 https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://pkg.go.dev/vuln/GO-2025-3751 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4673.json https://access.redhat.com/errata/RHSA-2025:10676", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.4-1.el9_6", "arch_op": "pattern match" }, "7d4YdteAff532bV2Gg5lmw==": { "id": "7d4YdteAff532bV2Gg5lmw==", "updater": "rhel-vex", "name": "CVE-2026-22795", "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22795 https://bugzilla.redhat.com/show_bug.cgi?id=2430389 https://www.cve.org/CVERecord?id=CVE-2026-22795 https://nvd.nist.gov/vuln/detail/CVE-2026-22795 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22795.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "7df4FOgRU0BSF6P5QJkjaQ==": { "id": "7df4FOgRU0BSF6P5QJkjaQ==", "updater": "rhel-vex", "name": "CVE-2024-9355", "description": "A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum.  It is also possible to force a derived key to be all zeros instead of an unpredictable value.  This may have follow-on implications for the Go TLS stack.", "issued": "2024-09-30T20:53:42Z", "links": "https://access.redhat.com/security/cve/CVE-2024-9355 https://bugzilla.redhat.com/show_bug.cgi?id=2315719 https://www.cve.org/CVERecord?id=CVE-2024-9355 https://nvd.nist.gov/vuln/detail/CVE-2024-9355 https://github.com/golang-fips/openssl/pull/198 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9355.json https://access.redhat.com/errata/RHSA-2024:7550", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-4.el9_4", "arch_op": "pattern match" }, "7eKrcl3YwGJqhWmZNbH7Eg==": { "id": "7eKrcl3YwGJqhWmZNbH7Eg==", "updater": "rhel-vex", "name": "CVE-2025-11187", "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11187 https://bugzilla.redhat.com/show_bug.cgi?id=2430375 https://www.cve.org/CVERecord?id=CVE-2025-11187 https://nvd.nist.gov/vuln/detail/CVE-2025-11187 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11187.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "7gOP9DIpChjY4waX+o9WXg==": { "id": "7gOP9DIpChjY4waX+o9WXg==", "updater": "rhel-vex", "name": "CVE-2025-61727", "description": "A flaw was found in the crypto/x509 package in the Go standard library. This vulnerability allows a certificate validation bypass via an excluded subdomain constraint in a certificated chain as it does not restrict the usage of wildcard SANs in the leaf certificate.", "issued": "2025-12-03T19:37:15Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61727 https://bugzilla.redhat.com/show_bug.cgi?id=2418677 https://www.cve.org/CVERecord?id=CVE-2025-61727 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://pkg.go.dev/vuln/GO-2025-4175 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61727.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "7jE4UN8ZNzWXfNDZ8BZq3Q==": { "id": "7jE4UN8ZNzWXfNDZ8BZq3Q==", "updater": "rhel-vex", "name": "CVE-2025-47279", "description": "A memory leak vulnerability has been discovered in the Undici HTTP/1.1 client library. This flaw can be triggered by repeatedly calling a webhook endpoint that presents an invalid TLS certificate. Continuous interaction with such an endpoint can cause the Undici library to allocate memory without properly releasing it, potentially leading to excessive memory consumption. Over time, this could result in resource exhaustion, impacting the availability and stability of applications relying on Undici for webhook communication.", "issued": "2025-05-15T17:16:02Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47279 https://bugzilla.redhat.com/show_bug.cgi?id=2366632 https://www.cve.org/CVERecord?id=CVE-2025-47279 https://nvd.nist.gov/vuln/detail/CVE-2025-47279 https://github.com/nodejs/undici/issues/3895 https://github.com/nodejs/undici/pull/4088 https://github.com/nodejs/undici/security/advisories/GHSA-cxrh-j4jr-qwg3 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47279.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "7oEe6HdmVrscCmplGQsEeQ==": { "id": "7oEe6HdmVrscCmplGQsEeQ==", "updater": "rhel-vex", "name": "CVE-2023-23936", "description": "A flaw was found in the fetch API in Node.js that did not prevent CRLF injection in the 'host' header. This issue could allow HTTP response splitting and HTTP header injection.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23936 https://bugzilla.redhat.com/show_bug.cgi?id=2172190 https://www.cve.org/CVERecord?id=CVE-2023-23936 https://nvd.nist.gov/vuln/detail/CVE-2023-23936 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23936.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "7sGexlbSpX41SOBbWHg8BQ==": { "id": "7sGexlbSpX41SOBbWHg8BQ==", "updater": "rhel-vex", "name": "CVE-2026-39881", "description": "A flaw was found in Vim. A command injection vulnerability in Vim's NetBeans interface allows a malicious NetBeans server to execute arbitrary Ex commands when Vim connects to it. This occurs due to unsanitized strings in the defineAnnoType and specialKeys protocol messages, leading to arbitrary code execution.", "issued": "2026-04-08T20:18:19Z", "links": "https://access.redhat.com/security/cve/CVE-2026-39881 https://bugzilla.redhat.com/show_bug.cgi?id=2456722 https://www.cve.org/CVERecord?id=CVE-2026-39881 https://nvd.nist.gov/vuln/detail/CVE-2026-39881 https://github.com/vim/vim/commit/7ab76a86048ed492374ac6b19 https://github.com/vim/vim/releases/tag/v9.2.0316 https://github.com/vim/vim/security/advisories/GHSA-mr87-rhgv-7pw6 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-39881.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "7tWeNpgpS6TZ4aQUo8g9NQ==": { "id": "7tWeNpgpS6TZ4aQUo8g9NQ==", "updater": "rhel-vex", "name": "CVE-2023-30590", "description": "A vulnerability has been identified in the Node.js, where a generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30590 https://bugzilla.redhat.com/show_bug.cgi?id=2219842 https://www.cve.org/CVERecord?id=CVE-2023-30590 https://nvd.nist.gov/vuln/detail/CVE-2023-30590 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30590.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.1-1.18.16.1.1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "7tbcfIdYm3nwAiNQR5eK/Q==": { "id": "7tbcfIdYm3nwAiNQR5eK/Q==", "updater": "rhel-vex", "name": "CVE-2025-15467", "description": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.", "issued": "2026-01-27T14:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15467 https://bugzilla.redhat.com/show_bug.cgi?id=2430376 https://www.cve.org/CVERecord?id=CVE-2025-15467 https://nvd.nist.gov/vuln/detail/CVE-2025-15467 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15467.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "7uj4PEKyThSRh2msjDtceg==": { "id": "7uj4PEKyThSRh2msjDtceg==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "7v+kCrIi/mMmyn+o9Uh+oA==": { "id": "7v+kCrIi/mMmyn+o9Uh+oA==", "updater": "rhel-vex", "name": "CVE-2022-48337", "description": "A flaw was found in the Emacs package. This flaw allows attackers to execute commands via shell metacharacters in the name of a source-code file.", "issued": "2023-02-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-48337 https://bugzilla.redhat.com/show_bug.cgi?id=2171987 https://www.cve.org/CVERecord?id=CVE-2022-48337 https://nvd.nist.gov/vuln/detail/CVE-2022-48337 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-48337.json https://access.redhat.com/errata/RHSA-2023:2626", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-8.el9_2.1", "arch_op": "pattern match" }, "7y5jXLyua18Srex9lNrfkQ==": { "id": "7y5jXLyua18Srex9lNrfkQ==", "updater": "rhel-vex", "name": "CVE-2024-4741", "description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "issued": "2024-05-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "81pNWZHPHOUJjusdIRcrCg==": { "id": "81pNWZHPHOUJjusdIRcrCg==", "updater": "rhel-vex", "name": "CVE-2025-45582", "description": "A relative path traversal flaw was found in the gnu tar utility. When archives with relative paths are extracted without the ‘--keep-old-files’ (‘-k’), the extraction process may overwrite existing files that the current user has access to. The server may be impacted if these files are critical to the operation of some service.", "issued": "2025-07-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-45582 https://bugzilla.redhat.com/show_bug.cgi?id=2379592 https://www.cve.org/CVERecord?id=CVE-2025-45582 https://nvd.nist.gov/vuln/detail/CVE-2025-45582 https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md https://www.gnu.org/software/tar/ https://www.gnu.org/software/tar/manual/html_node/Integrity.html#Integrity https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-45582.json https://access.redhat.com/errata/RHSA-2026:0067", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "tar", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:1.34-9.el9_7", "arch_op": "pattern match" }, "82S4cf8ecOlHYb8LNQQn+w==": { "id": "82S4cf8ecOlHYb8LNQQn+w==", "updater": "rhel-vex", "name": "CVE-2023-28322", "description": "A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28322 https://bugzilla.redhat.com/show_bug.cgi?id=2196793 https://www.cve.org/CVERecord?id=CVE-2023-28322 https://nvd.nist.gov/vuln/detail/CVE-2023-28322 https://curl.se/docs/CVE-2023-28322.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28322.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "830L36AKCoBHnXPHE6R6uQ==": { "id": "830L36AKCoBHnXPHE6R6uQ==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "833/aZmn4g2C0czWW40RBQ==": { "id": "833/aZmn4g2C0czWW40RBQ==", "updater": "osv/go", "name": "GO-2025-3503", "description": "HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net", "issued": "2025-03-12T18:17:07Z", "links": "https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.23.7" }, "842T09LMtibo6aQ7X6A47A==": { "id": "842T09LMtibo6aQ7X6A47A==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-mro", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23-481.1.el9_6", "arch_op": "pattern match" }, "84g+WJ21VVZ5YgyE9krInA==": { "id": "84g+WJ21VVZ5YgyE9krInA==", "updater": "rhel-vex", "name": "CVE-2025-4435", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows unauthorized file extraction via crafted tar archives when TarFile.errorlevel=0, bypassing expected filtering mechanisms.", "issued": "2025-06-03T12:59:06Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4435 https://bugzilla.redhat.com/show_bug.cgi?id=2370010 https://www.cve.org/CVERecord?id=CVE-2025-4435 https://nvd.nist.gov/vuln/detail/CVE-2025-4435 https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4435.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "8563iLEht/ghMGItALTFUw==": { "id": "8563iLEht/ghMGItALTFUw==", "updater": "rhel-vex", "name": "CVE-2026-28419", "description": "A flaw was found in Vim, an open-source command-line text editor. This vulnerability, a heap-based buffer underflow, occurs when Vim processes a specially crafted Emacs-style tags file. If a malicious file with a delimiter at the start of a line is opened, Vim attempts to read memory outside its designated area. This could lead to the disclosure of sensitive information or cause the application to crash, resulting in a denial of service.", "issued": "2026-02-27T22:02:55Z", "links": "https://access.redhat.com/security/cve/CVE-2026-28419 https://bugzilla.redhat.com/show_bug.cgi?id=2443482 https://www.cve.org/CVERecord?id=CVE-2026-28419 https://nvd.nist.gov/vuln/detail/CVE-2026-28419 https://github.com/vim/vim/commit/9b7dfa2948c9e1e5e32a5812 https://github.com/vim/vim/releases/tag/v9.2.0075 https://github.com/vim/vim/security/advisories/GHSA-xcc8-r6c5-hvwv https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-28419.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "869xwjsmIoG+JuVnJO5pSA==": { "id": "869xwjsmIoG+JuVnJO5pSA==", "updater": "rhel-vex", "name": "CVE-2025-6176", "description": "Scrapy are vulnerable to a denial of service (DoS) attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occurs because brotli can achieve extremely high compression ratios for zero-filled data, leading to excessive memory consumption during decompression.", "issued": "2025-10-31T00:00:21Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6176 https://bugzilla.redhat.com/show_bug.cgi?id=2408762 https://www.cve.org/CVERecord?id=CVE-2025-6176 https://nvd.nist.gov/vuln/detail/CVE-2025-6176 https://huntr.com/bounties/2c26a886-5984-47ee-a421-0d5fe1344eb0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6176.json https://access.redhat.com/errata/RHSA-2026:2042", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "brotli", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.0.9-9.el9_7", "arch_op": "pattern match" }, "87p97+dH2sU2JVQ8vQ+Xuw==": { "id": "87p97+dH2sU2JVQ8vQ+Xuw==", "updater": "rhel-vex", "name": "CVE-2023-48795", "description": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.", "issued": "2023-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48795 https://bugzilla.redhat.com/show_bug.cgi?id=2254210 https://www.cve.org/CVERecord?id=CVE-2023-48795 https://nvd.nist.gov/vuln/detail/CVE-2023-48795 https://access.redhat.com/solutions/7071748 https://terrapin-attack.com/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48795.json https://access.redhat.com/errata/RHSA-2024:1130", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-34.el9_3.3", "arch_op": "pattern match" }, "88J81+RFP5n56+M0nMV4iQ==": { "id": "88J81+RFP5n56+M0nMV4iQ==", "updater": "rhel-vex", "name": "CVE-2025-55130", "description": "A flaw in Node.js’s Permissions model allows attackers to bypass `--allow-fs-read` and `--allow-fs-write` restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files. This breaks the expected isolation guarantees and enables arbitrary file read/write.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-55130 https://bugzilla.redhat.com/show_bug.cgi?id=2431352 https://www.cve.org/CVERecord?id=CVE-2025-55130 https://nvd.nist.gov/vuln/detail/CVE-2025-55130 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-55130.json https://access.redhat.com/errata/RHSA-2026:2782", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.9.4-1.22.22.0.1.module+el9.7.0+23896+b5802de9", "arch_op": "pattern match" }, "89XrIFUuuXy08LkDR6XMOw==": { "id": "89XrIFUuuXy08LkDR6XMOw==", "updater": "rhel-vex", "name": "CVE-2021-31879", "description": "A flaw was found in wget. If wget sends an Authorization header as part of a query and receives an HTTP REDIRECT to a third party in return, the Authorization header will be forwarded as part of the redirected request. This issue creates a password leak, as the second server receives the password. The highest threat from this vulnerability is confidentiality.", "issued": "2019-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-31879 https://bugzilla.redhat.com/show_bug.cgi?id=1955316 https://www.cve.org/CVERecord?id=CVE-2021-31879 https://nvd.nist.gov/vuln/detail/CVE-2021-31879 https://savannah.gnu.org/bugs/?56909 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-31879.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "wget", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8BMA6LbX8vjrr4aUcmHB5w==": { "id": "8BMA6LbX8vjrr4aUcmHB5w==", "updater": "rhel-vex", "name": "CVE-2023-24329", "description": "A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity.", "issued": "2023-02-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24329 https://bugzilla.redhat.com/show_bug.cgi?id=2173917 https://www.cve.org/CVERecord?id=CVE-2023-24329 https://nvd.nist.gov/vuln/detail/CVE-2023-24329 https://pointernull.com/security/python-url-parse-problem.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24329.json https://access.redhat.com/errata/RHSA-2023:3595", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.16-1.el9_2.1", "arch_op": "pattern match" }, "8BsUEMjLB96UtpRd1ludrg==": { "id": "8BsUEMjLB96UtpRd1ludrg==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "8CpdPmXa4Bke5riHaKWhcQ==": { "id": "8CpdPmXa4Bke5riHaKWhcQ==", "updater": "rhel-vex", "name": "CVE-2025-55132", "description": "A file access flaw has been discovered in NodeJS. A file's access and modification timestamps to be changed via `futimes()` even when the process has only read permissions. Unlike `utimes()`, `futimes()` does not apply the expected write-permission checks, which means file metadata can be modified in read-only directories. This behavior could be used to alter timestamps in ways that obscure activity, reducing the reliability of logs.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-55132 https://bugzilla.redhat.com/show_bug.cgi?id=2431338 https://www.cve.org/CVERecord?id=CVE-2025-55132 https://nvd.nist.gov/vuln/detail/CVE-2025-55132 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-55132.json https://access.redhat.com/errata/RHSA-2026:2782", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.9.4-1.22.22.0.1.module+el9.7.0+23896+b5802de9", "arch_op": "pattern match" }, "8Efa1m3XsyOFY5vSd2fHNQ==": { "id": "8Efa1m3XsyOFY5vSd2fHNQ==", "updater": "rhel-vex", "name": "CVE-2023-7104", "description": "A vulnerability has been identified in SQLite3. This issue affects the sessionReadRecord function of the ext/session/sqlite3session.c function in the make alltest Handler component. Manipulation may cause a heap-based buffer overflow to occur.", "issued": "2023-12-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7104 https://bugzilla.redhat.com/show_bug.cgi?id=2256194 https://www.cve.org/CVERecord?id=CVE-2023-7104 https://nvd.nist.gov/vuln/detail/CVE-2023-7104 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7104.json https://access.redhat.com/errata/RHSA-2024:0465", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "sqlite-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-7.el9_3", "arch_op": "pattern match" }, "8Gv2MnEpGRP5xQ5SzNJn8w==": { "id": "8Gv2MnEpGRP5xQ5SzNJn8w==", "updater": "rhel-vex", "name": "CVE-2026-21637", "description": "A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when `pskCallback` or `ALPNCallback` are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths (tlsClientError and error), causing either immediate process termination or silent file descriptor leaks that eventually lead to denial of service. Because these callbacks process attacker-controlled input during the TLS handshake, a remote client can repeatedly trigger the issue. This vulnerability affects TLS servers using PSK or ALPN callbacks across Node.js versions where these callbacks throw without being safely wrapped.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21637 https://bugzilla.redhat.com/show_bug.cgi?id=2431340 https://www.cve.org/CVERecord?id=CVE-2026-21637 https://nvd.nist.gov/vuln/detail/CVE-2026-21637 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21637.json https://access.redhat.com/errata/RHSA-2026:2782", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.22.0-1.module+el9.7.0+23896+b5802de9", "arch_op": "pattern match" }, "8I+OMKXto/vUm6tBBR6EYQ==": { "id": "8I+OMKXto/vUm6tBBR6EYQ==", "updater": "rhel-vex", "name": "CVE-2026-25646", "description": "A heap based buffer overflow flaw has been discovered in LibPNG. Prior to version 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification.", "issued": "2026-02-10T17:04:38Z", "links": "https://access.redhat.com/security/cve/CVE-2026-25646 https://bugzilla.redhat.com/show_bug.cgi?id=2438542 https://www.cve.org/CVERecord?id=CVE-2026-25646 https://nvd.nist.gov/vuln/detail/CVE-2026-25646 http://www.openwall.com/lists/oss-security/2026/02/09/7 https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88 https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25646.json https://access.redhat.com/errata/RHSA-2026:3405", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libpng", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:1.6.37-12.el9_7.2", "arch_op": "pattern match" }, "8ImlkqI0B9hvKdKXJLla/w==": { "id": "8ImlkqI0B9hvKdKXJLla/w==", "updater": "rhel-vex", "name": "CVE-2025-47907", "description": "A flaw was found in database/sql. Concurrent queries can produce unexpected results when a query is cancelled during a Scan method call on returned Rows, creating a race condition. This vulnerability allows an attacker who can initiate and cancel queries to trigger this condition, possibly leading to inconsistent data being returned to the application.", "issued": "2025-08-07T15:25:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47907 https://bugzilla.redhat.com/show_bug.cgi?id=2387083 https://www.cve.org/CVERecord?id=CVE-2025-47907 https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://pkg.go.dev/vuln/GO-2025-3849 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47907.json https://access.redhat.com/errata/RHSA-2025:13935", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.6-1.el9_6", "arch_op": "pattern match" }, "8Ldq46rf2Z9JTBjkrtfV0g==": { "id": "8Ldq46rf2Z9JTBjkrtfV0g==", "updater": "rhel-vex", "name": "CVE-2023-5678", "description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "issued": "2023-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "8ML0IVFlCjXlypnsSOqB1Q==": { "id": "8ML0IVFlCjXlypnsSOqB1Q==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "8MfvwX+dRI6Qt2H+x71rZg==": { "id": "8MfvwX+dRI6Qt2H+x71rZg==", "updater": "rhel-vex", "name": "CVE-2025-15224", "description": "A flaw was found in libcurl. When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.", "issued": "2026-01-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15224 https://bugzilla.redhat.com/show_bug.cgi?id=2426410 https://www.cve.org/CVERecord?id=CVE-2025-15224 https://nvd.nist.gov/vuln/detail/CVE-2025-15224 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15224.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8OhIIjb+vwm01NjtGgcnDw==": { "id": "8OhIIjb+vwm01NjtGgcnDw==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "8Q2ZBhYapsH90MwXLMDOQQ==": { "id": "8Q2ZBhYapsH90MwXLMDOQQ==", "updater": "rhel-vex", "name": "CVE-2026-27904", "description": "A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and resulting in a Denial of Service (DoS).", "issued": "2026-02-26T01:07:42Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27904 https://bugzilla.redhat.com/show_bug.cgi?id=2442922 https://www.cve.org/CVERecord?id=CVE-2026-27904 https://nvd.nist.gov/vuln/detail/CVE-2026-27904 https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27904.json https://access.redhat.com/errata/RHSA-2026:7896", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.20.2-1.module+el9.7.0+24193+41b7b572", "arch_op": "pattern match" }, "8QRmG/+fMsQQzP2maaxOag==": { "id": "8QRmG/+fMsQQzP2maaxOag==", "updater": "rhel-vex", "name": "CVE-2025-48386", "description": "A credential handling flaw has been discovered in git. The wincred credential helper uses a static buffer (target) as a unique key for storing and comparing against internal storage. This credential helper does not properly bounds check the available space remaining in the buffer before appending to it with wcsncat(), which can lead to buffer overflows.", "issued": "2025-07-08T18:23:41Z", "links": "https://access.redhat.com/security/cve/CVE-2025-48386 https://bugzilla.redhat.com/show_bug.cgi?id=2378807 https://www.cve.org/CVERecord?id=CVE-2025-48386 https://nvd.nist.gov/vuln/detail/CVE-2025-48386 https://github.com/git/git/security/advisories/GHSA-4v56-3xvj-xvfr https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-48386.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8T8GNMb/g1PeB57LD09kow==": { "id": "8T8GNMb/g1PeB57LD09kow==", "updater": "rhel-vex", "name": "CVE-2025-55131", "description": "A memory exposure flaw has been discovered in Node.js. A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the `vm` module with the timeout option. Under specific timing conditions, buffers allocated with `Buffer.alloc` and other `TypedArray` instances like `Uint8Array` may contain leftover data from previous operations, allowing in-process secrets like tokens or passwords to leak or causing data corruption.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-55131 https://bugzilla.redhat.com/show_bug.cgi?id=2431350 https://www.cve.org/CVERecord?id=CVE-2025-55131 https://nvd.nist.gov/vuln/detail/CVE-2025-55131 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-55131.json https://access.redhat.com/errata/RHSA-2026:2782", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.22.0-1.module+el9.7.0+23896+b5802de9", "arch_op": "pattern match" }, "8TL7OmwuwkB+6m9uO5u62g==": { "id": "8TL7OmwuwkB+6m9uO5u62g==", "updater": "rhel-vex", "name": "CVE-2026-2581", "description": "A flaw was found in Undici. When the `interceptors.deduplicate()` feature is enabled, response data for deduplicated requests can accumulate in memory. A remote attacker, by sending large or chunked responses and concurrent identical requests from an untrusted endpoint, can exploit this uncontrolled resource consumption. This leads to high memory usage and potential Out-Of-Memory (OOM) process termination, resulting in a Denial of Service (DoS) for the application.", "issued": "2026-03-12T20:13:19Z", "links": "https://access.redhat.com/security/cve/CVE-2026-2581 https://bugzilla.redhat.com/show_bug.cgi?id=2447140 https://www.cve.org/CVERecord?id=CVE-2026-2581 https://nvd.nist.gov/vuln/detail/CVE-2026-2581 https://cna.openjsf.org/security-advisories.html https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h https://hackerone.com/reports/3513473 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2581.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8Ug8/LJbCT7/mzHPjLi21A==": { "id": "8Ug8/LJbCT7/mzHPjLi21A==", "updater": "osv/go", "name": "GO-2023-1987", "description": "Large RSA keys can cause high CPU usage in crypto/tls", "issued": "2023-08-02T17:25:58Z", "links": "https://go.dev/issue/61460 https://go.dev/cl/515257 https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.12" }, "8WJdLrW8n72AHCvZK8pH9w==": { "id": "8WJdLrW8n72AHCvZK8pH9w==", "updater": "rhel-vex", "name": "CVE-2025-47273", "description": "A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of important system files, creating opportunities for further compromise. While it doesn't expose data or require user interaction, it poses a high integrity risk and is especially concerning in environments that rely on automated package handling or internal tooling built on setuptools.", "issued": "2025-05-17T15:46:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47273 https://bugzilla.redhat.com/show_bug.cgi?id=2366982 https://www.cve.org/CVERecord?id=CVE-2025-47273 https://nvd.nist.gov/vuln/detail/CVE-2025-47273 https://github.com/pypa/setuptools/blob/6ead555c5fb29bc57fe6105b1bffc163f56fd558/setuptools/package_index.py#L810C1-L825C88 https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b https://github.com/pypa/setuptools/issues/4946 https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47273.json https://access.redhat.com/errata/RHSA-2025:10407", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-setuptools", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:53.0.0-13.el9_6.1", "arch_op": "pattern match" }, "8XLKalkulxeAh8qfecmGlA==": { "id": "8XLKalkulxeAh8qfecmGlA==", "updater": "rhel-vex", "name": "CVE-2025-66861", "description": "A flaw was found in binutils. Processing a specially crafted PE file with cxxfilt can trigger an out-of-bounds read in the d_unqualified_name function in the cp-demangle.c file, causing a crash and resulting in a denial of service.", "issued": "2025-12-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-66861 https://bugzilla.redhat.com/show_bug.cgi?id=2425823 https://www.cve.org/CVERecord?id=CVE-2025-66861 https://nvd.nist.gov/vuln/detail/CVE-2025-66861 https://github.com/caozhzh/CRGF-Vul/blob/main/cxxfilt/crash1.md https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-66861.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8ZCpE1M7eqNdy615aO2gLQ==": { "id": "8ZCpE1M7eqNdy615aO2gLQ==", "updater": "rhel-vex", "name": "CVE-2026-0992", "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated \u003cnextCatalog\u003e elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "issued": "2026-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0992 https://bugzilla.redhat.com/show_bug.cgi?id=2429975 https://www.cve.org/CVERecord?id=CVE-2026-0992 https://nvd.nist.gov/vuln/detail/CVE-2026-0992 https://gitlab.gnome.org/GNOME/libxml2/-/issues/1019 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0992.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8ZrkaQ6B1f36PC2cIg9i6A==": { "id": "8ZrkaQ6B1f36PC2cIg9i6A==", "updater": "rhel-vex", "name": "CVE-2024-6409", "description": "A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server.", "issued": "2024-07-08T17:45:07Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6409 https://bugzilla.redhat.com/show_bug.cgi?id=2295085 https://www.cve.org/CVERecord?id=CVE-2024-6409 https://nvd.nist.gov/vuln/detail/CVE-2024-6409 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6409.json https://access.redhat.com/errata/RHSA-2024:4457", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-38.el9_4.4", "arch_op": "pattern match" }, "8Zz8gP9QPTYBttUQXDeNpg==": { "id": "8Zz8gP9QPTYBttUQXDeNpg==", "updater": "rhel-vex", "name": "CVE-2025-4373", "description": "A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.", "issued": "2025-05-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4373 https://bugzilla.redhat.com/show_bug.cgi?id=2364265 https://www.cve.org/CVERecord?id=CVE-2025-4373 https://nvd.nist.gov/vuln/detail/CVE-2025-4373 https://gitlab.gnome.org/GNOME/glib/-/issues/3677 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4373.json https://access.redhat.com/errata/RHSA-2025:11140", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-16.el9_6.2", "arch_op": "pattern match" }, "8bMBj5vTG1tOpQ1wuVD1bQ==": { "id": "8bMBj5vTG1tOpQ1wuVD1bQ==", "updater": "osv/go", "name": "GO-2022-0532", "description": "Empty Cmd.Path can trigger unintended binary in os/exec on Windows", "issued": "2022-07-26T21:41:20Z", "links": "https://go.dev/cl/403759 https://go.googlesource.com/go/+/960ffa98ce73ef2c2060c84c7ac28d37a83f345e https://go.dev/issue/52574 https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.3" }, "8dARvXsFfslEQUJNpOVqyQ==": { "id": "8dARvXsFfslEQUJNpOVqyQ==", "updater": "osv/go", "name": "GO-2025-4007", "description": "Quadratic complexity when checking name constraints in crypto/x509", "issued": "2025-10-29T21:49:50Z", "links": "https://go.dev/issue/75681 https://go.dev/cl/709854 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.9" }, "8dqpgv7n5GVlIYVt/hP0Gg==": { "id": "8dqpgv7n5GVlIYVt/hP0Gg==", "updater": "rhel-vex", "name": "CVE-2025-24855", "description": "A flaw was found in libxslt numbers.c. This vulnerability allows a use-after-free, potentially leading to memory corruption or code execution via nested XPath evaluations where an XPath context node can be modified but not restored.", "issued": "2025-03-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-24855 https://bugzilla.redhat.com/show_bug.cgi?id=2352483 https://www.cve.org/CVERecord?id=CVE-2025-24855 https://nvd.nist.gov/vuln/detail/CVE-2025-24855 https://gitlab.gnome.org/GNOME/libxslt/-/issues/128 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-24855.json https://access.redhat.com/errata/RHSA-2025:3107", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxslt", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.1.34-9.el9_5.1", "arch_op": "pattern match" }, "8eY8PV83CN3R/MV2hK7XHA==": { "id": "8eY8PV83CN3R/MV2hK7XHA==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "8efBqSZ3OYqd+nT8a21FNA==": { "id": "8efBqSZ3OYqd+nT8a21FNA==", "updater": "rhel-vex", "name": "CVE-2022-2287", "description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "issued": "2022-07-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2287.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8ez1JQpqUyVUQaplF/dpog==": { "id": "8ez1JQpqUyVUQaplF/dpog==", "updater": "rhel-vex", "name": "CVE-2023-46218", "description": "A flaw was found in curl that verifies a given cookie domain against the Public Suffix List. This issue could allow a malicious HTTP server to set \"super cookies\" in curl that are passed back to more origins than what is otherwise allowed or possible.", "issued": "2023-12-06T07:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46218 https://bugzilla.redhat.com/show_bug.cgi?id=2252030 https://www.cve.org/CVERecord?id=CVE-2023-46218 https://nvd.nist.gov/vuln/detail/CVE-2023-46218 https://curl.se/docs/CVE-2023-46218.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46218.json https://access.redhat.com/errata/RHSA-2024:1129", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.3", "arch_op": "pattern match" }, "8gEKPHHBHHTuUEvwhsnEFQ==": { "id": "8gEKPHHBHHTuUEvwhsnEFQ==", "updater": "rhel-vex", "name": "CVE-2026-27135", "description": "A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service (DoS).", "issued": "2026-03-18T17:59:02Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27135 https://bugzilla.redhat.com/show_bug.cgi?id=2448754 https://www.cve.org/CVERecord?id=CVE-2026-27135 https://nvd.nist.gov/vuln/detail/CVE-2026-27135 https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27135.json https://access.redhat.com/errata/RHSA-2026:7302", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.22.2-1.module+el9.7.0+24157+8ddb2461", "arch_op": "pattern match" }, "8gQtKtb/Xr3aGfsLtKyetA==": { "id": "8gQtKtb/Xr3aGfsLtKyetA==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "8ix99v6BzhAwu2rRaagVKw==": { "id": "8ix99v6BzhAwu2rRaagVKw==", "updater": "rhel-vex", "name": "CVE-2025-47273", "description": "A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of important system files, creating opportunities for further compromise. While it doesn't expose data or require user interaction, it poses a high integrity risk and is especially concerning in environments that rely on automated package handling or internal tooling built on setuptools.", "issued": "2025-05-17T15:46:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47273 https://bugzilla.redhat.com/show_bug.cgi?id=2366982 https://www.cve.org/CVERecord?id=CVE-2025-47273 https://nvd.nist.gov/vuln/detail/CVE-2025-47273 https://github.com/pypa/setuptools/blob/6ead555c5fb29bc57fe6105b1bffc163f56fd558/setuptools/package_index.py#L810C1-L825C88 https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b https://github.com/pypa/setuptools/issues/4946 https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47273.json https://access.redhat.com/errata/RHSA-2025:10407", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-setuptools-wheel", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:53.0.0-13.el9_6.1", "arch_op": "pattern match" }, "8kPW6EH9br7BQBK1DHvQsA==": { "id": "8kPW6EH9br7BQBK1DHvQsA==", "updater": "rhel-vex", "name": "CVE-2024-21892", "description": "A flaw was found in Node.js. On Linux, Node.js ignores certain environment variables if an unprivileged user has set them while the process is running with elevated privileges, except for CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when other capabilities have been set. This flaw allows unprivileged users to inject code that inherits the process's elevated privileges.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21892 https://bugzilla.redhat.com/show_bug.cgi?id=2264582 https://www.cve.org/CVERecord?id=CVE-2024-21892 https://nvd.nist.gov/vuln/detail/CVE-2024-21892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21892.json https://access.redhat.com/errata/RHSA-2024:1503", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.19.1-1.module+el9.3.0+21388+22892fb9", "arch_op": "pattern match" }, "8kndQj/aRn+NNJdGVP9v4g==": { "id": "8kndQj/aRn+NNJdGVP9v4g==", "updater": "rhel-vex", "name": "CVE-2023-45322", "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "issued": "2023-08-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45322.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8lLGaMUZk8kOHbicsIjPjw==": { "id": "8lLGaMUZk8kOHbicsIjPjw==", "updater": "rhel-vex", "name": "CVE-2023-27535", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, several FTP settings were left out from the configuration match checks, making them match too easily. The problematic settings are `CURLOPT_FTP_ACCOUNT`, `CURLOPT_FTP_ALTERNATIVE_TO_USER`, `CURLOPT_FTP_SSL_CCC` and `CURLOPT_USE_SSL` level.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27535 https://bugzilla.redhat.com/show_bug.cgi?id=2179073 https://www.cve.org/CVERecord?id=CVE-2023-27535 https://nvd.nist.gov/vuln/detail/CVE-2023-27535 https://curl.se/docs/CVE-2023-27535.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27535.json https://access.redhat.com/errata/RHSA-2023:2650", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.1", "arch_op": "pattern match" }, "8m+MeF1Vk+YvSROjY2pN5Q==": { "id": "8m+MeF1Vk+YvSROjY2pN5Q==", "updater": "osv/go", "name": "GO-2022-0969", "description": "Denial of service in net/http and golang.org/x/net/http2", "issued": "2022-09-12T20:23:06Z", "links": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s https://go.dev/issue/54658 https://go.dev/cl/428735", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.6" }, "8oKavHMm8C7p1QC+rNA0zA==": { "id": "8oKavHMm8C7p1QC+rNA0zA==", "updater": "rhel-vex", "name": "CVE-2024-52005", "description": "A flaw was found in Git. When cloning, fetching, or pushing from a server, informational or error messages are transported from the remote Git process to the client via a sideband channel. These messages are prefixed with \"remote:\" and printed directly to the standard error output. Typically, this standard error output is connected to a terminal that understands ANSI escape sequences, which Git did not protect against. Most modern terminals support control sequences that can be used by a malicious actor to hide and misrepresent information or to mislead the user into executing untrusted scripts.", "issued": "2025-01-15T17:35:02Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52005 https://bugzilla.redhat.com/show_bug.cgi?id=2338289 https://www.cve.org/CVERecord?id=CVE-2024-52005 https://nvd.nist.gov/vuln/detail/CVE-2024-52005 https://github.com/git/git/security/advisories/GHSA-7jjc-gg6m-3329 https://lore.kernel.org/git/1M9FnZ-1taoNo1wwh-00ESSd@mail.gmx.net https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52005.json https://access.redhat.com/errata/RHSA-2025:7409", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.1-2.el9_6", "arch_op": "pattern match" }, "8qeM99NPNtS3R0CIVDnqTw==": { "id": "8qeM99NPNtS3R0CIVDnqTw==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "8utuZQ/Ix8fDNAmmSZivvQ==": { "id": "8utuZQ/Ix8fDNAmmSZivvQ==", "updater": "rhel-vex", "name": "CVE-2022-48624", "description": "A flaw was found in less. The close_altfile() function in filename.c omits shell_quote calls for LESSCLOSE, a command line to invoke the optional input postprocessor. This issue could lead to an OS command injection vulnerability and arbitrary command execution on the host operating system.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-48624 https://bugzilla.redhat.com/show_bug.cgi?id=2265081 https://www.cve.org/CVERecord?id=CVE-2022-48624 https://nvd.nist.gov/vuln/detail/CVE-2022-48624 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-48624.json https://access.redhat.com/errata/RHSA-2024:1692", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "less", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:590-3.el9_3", "arch_op": "pattern match" }, "8wGYNPE2+g59IfMX+q95UQ==": { "id": "8wGYNPE2+g59IfMX+q95UQ==", "updater": "rhel-vex", "name": "CVE-2025-55132", "description": "A file access flaw has been discovered in NodeJS. A file's access and modification timestamps to be changed via `futimes()` even when the process has only read permissions. Unlike `utimes()`, `futimes()` does not apply the expected write-permission checks, which means file metadata can be modified in read-only directories. This behavior could be used to alter timestamps in ways that obscure activity, reducing the reliability of logs.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-55132 https://bugzilla.redhat.com/show_bug.cgi?id=2431338 https://www.cve.org/CVERecord?id=CVE-2025-55132 https://nvd.nist.gov/vuln/detail/CVE-2025-55132 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-55132.json https://access.redhat.com/errata/RHSA-2026:2783", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.20.0-1.module+el9.7.0+23895+0637d423", "arch_op": "pattern match" }, "8zIRit7VqNRaBPLxL/+VAg==": { "id": "8zIRit7VqNRaBPLxL/+VAg==", "updater": "rhel-vex", "name": "CVE-2025-66471", "description": "A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data; CWE-409) on the client side, even if the application only requested a small chunk of data.", "issued": "2025-12-05T16:06:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-66471 https://bugzilla.redhat.com/show_bug.cgi?id=2419467 https://www.cve.org/CVERecord?id=CVE-2025-66471 https://nvd.nist.gov/vuln/detail/CVE-2025-66471 https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7 https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-66471.json https://access.redhat.com/errata/RHSA-2026:1087", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "python3-urllib3", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.26.5-6.el9_7.1", "arch_op": "pattern match" }, "9/6RhDAFXPVo7L6QeEsy9w==": { "id": "9/6RhDAFXPVo7L6QeEsy9w==", "updater": "rhel-vex", "name": "CVE-2023-39321", "description": "A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39321 https://bugzilla.redhat.com/show_bug.cgi?id=2237777 https://www.cve.org/CVERecord?id=CVE-2023-39321 https://nvd.nist.gov/vuln/detail/CVE-2023-39321 https://go.dev/cl/523039 https://go.dev/issue/62266 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2044.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39321.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "92O2+eS3W5hGvsWPMPwTRQ==": { "id": "92O2+eS3W5hGvsWPMPwTRQ==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gcc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "936XDvlfcwVB/34fQscf7w==": { "id": "936XDvlfcwVB/34fQscf7w==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "4:5.32.1-481.el9", "arch_op": "pattern match" }, "93O9BjbBwz1jYmTNCzgkUw==": { "id": "93O9BjbBwz1jYmTNCzgkUw==", "updater": "rhel-vex", "name": "CVE-2022-2849", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "issued": "2022-08-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2849.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "948mcXHuK8LL3gmmFQKgVg==": { "id": "948mcXHuK8LL3gmmFQKgVg==", "updater": "rhel-vex", "name": "CVE-2026-2581", "description": "A flaw was found in Undici. When the `interceptors.deduplicate()` feature is enabled, response data for deduplicated requests can accumulate in memory. A remote attacker, by sending large or chunked responses and concurrent identical requests from an untrusted endpoint, can exploit this uncontrolled resource consumption. This leads to high memory usage and potential Out-Of-Memory (OOM) process termination, resulting in a Denial of Service (DoS) for the application.", "issued": "2026-03-12T20:13:19Z", "links": "https://access.redhat.com/security/cve/CVE-2026-2581 https://bugzilla.redhat.com/show_bug.cgi?id=2447140 https://www.cve.org/CVERecord?id=CVE-2026-2581 https://nvd.nist.gov/vuln/detail/CVE-2026-2581 https://cna.openjsf.org/security-advisories.html https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h https://hackerone.com/reports/3513473 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2581.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "95p6rGNUFNsCWfXMBirOLg==": { "id": "95p6rGNUFNsCWfXMBirOLg==", "updater": "rhel-vex", "name": "CVE-2023-38552", "description": "When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to node's policy implementation, thus effectively disabling the integrity check.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38552 https://bugzilla.redhat.com/show_bug.cgi?id=2244415 https://www.cve.org/CVERecord?id=CVE-2023-38552 https://nvd.nist.gov/vuln/detail/CVE-2023-38552 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38552.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "96QbNqFHhG4RmHyIqvnk+w==": { "id": "96QbNqFHhG4RmHyIqvnk+w==", "updater": "rhel-vex", "name": "CVE-2024-9355", "description": "A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum.  It is also possible to force a derived key to be all zeros instead of an unpredictable value.  This may have follow-on implications for the Go TLS stack.", "issued": "2024-09-30T20:53:42Z", "links": "https://access.redhat.com/security/cve/CVE-2024-9355 https://bugzilla.redhat.com/show_bug.cgi?id=2315719 https://www.cve.org/CVERecord?id=CVE-2024-9355 https://nvd.nist.gov/vuln/detail/CVE-2024-9355 https://github.com/golang-fips/openssl/pull/198 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9355.json https://access.redhat.com/errata/RHSA-2024:7550", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-4.el9_4", "arch_op": "pattern match" }, "98vR1ByhE/Y9cvB+lRN3LA==": { "id": "98vR1ByhE/Y9cvB+lRN3LA==", "updater": "rhel-vex", "name": "CVE-2023-30588", "description": "A vulnerability has been identified in the Node.js, where an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30588 https://bugzilla.redhat.com/show_bug.cgi?id=2219838 https://www.cve.org/CVERecord?id=CVE-2023-30588 https://nvd.nist.gov/vuln/detail/CVE-2023-30588 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30588.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.1-1.18.16.1.1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "99Q540ZW70Bq59gE8MRNHA==": { "id": "99Q540ZW70Bq59gE8MRNHA==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "9Ad5Q6DJD1JusuIjCNfUvQ==": { "id": "9Ad5Q6DJD1JusuIjCNfUvQ==", "updater": "rhel-vex", "name": "CVE-2023-25815", "description": "A vulnerability was found in Git. This security flaw occurs when Git compiles with runtime prefix support and runs without translated messages, and it still uses the gettext machinery to display messages, which subsequently looks for translated messages in unexpected places. This flaw allows the malicious placement of crafted messages.", "issued": "2023-04-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25815 https://bugzilla.redhat.com/show_bug.cgi?id=2188337 https://www.cve.org/CVERecord?id=CVE-2023-25815 https://nvd.nist.gov/vuln/detail/CVE-2023-25815 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25815.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "9Bnr48B1Gkm5b1u7nixqng==": { "id": "9Bnr48B1Gkm5b1u7nixqng==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "9C6WGntg4UmJkjiylWVxnw==": { "id": "9C6WGntg4UmJkjiylWVxnw==", "updater": "rhel-vex", "name": "CVE-2023-30590", "description": "A vulnerability has been identified in the Node.js, where a generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30590 https://bugzilla.redhat.com/show_bug.cgi?id=2219842 https://www.cve.org/CVERecord?id=CVE-2023-30590 https://nvd.nist.gov/vuln/detail/CVE-2023-30590 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30590.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.1.1.el9_2", "arch_op": "pattern match" }, "9Ck8qx7KCeVOhknvjhQwsA==": { "id": "9Ck8qx7KCeVOhknvjhQwsA==", "updater": "rhel-vex", "name": "CVE-2025-23083", "description": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.", "issued": "2025-01-22T01:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23083 https://bugzilla.redhat.com/show_bug.cgi?id=2339392 https://www.cve.org/CVERecord?id=CVE-2025-23083 https://nvd.nist.gov/vuln/detail/CVE-2025-23083 https://nodejs.org/en/blog/vulnerability/january-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23083.json https://access.redhat.com/errata/RHSA-2025:1443", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.18.2-1.module+el9.5.0+22758+4ad2c198", "arch_op": "pattern match" }, "9CmH5Y/MDHXGbta8UBA5HQ==": { "id": "9CmH5Y/MDHXGbta8UBA5HQ==", "updater": "rhel-vex", "name": "CVE-2025-25724", "description": "A flaw was found in the libarchive package. Affected versions of libarchive do not check a strftime return value, which can lead to a denial of service or unspecified other impacts via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.", "issued": "2025-03-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-25724 https://bugzilla.redhat.com/show_bug.cgi?id=2349221 https://www.cve.org/CVERecord?id=CVE-2025-25724 https://nvd.nist.gov/vuln/detail/CVE-2025-25724 https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92 https://github.com/Ekkosun/pocs/blob/main/bsdtarbug https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-25724.json https://access.redhat.com/errata/RHSA-2025:9431", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-5.el9_6", "arch_op": "pattern match" }, "9EdIuoneTMp3CNIfY+O6eQ==": { "id": "9EdIuoneTMp3CNIfY+O6eQ==", "updater": "rhel-vex", "name": "CVE-2025-8194", "description": "A flaw was found in the Python tarfile module. Processing a specially crafted tar archive, specifically an archive with negative offsets, can cause an infinite loop and deadlock. This issue results in a denial of service in the Python application using the tarfile module.", "issued": "2025-07-28T18:42:44Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8194 https://bugzilla.redhat.com/show_bug.cgi?id=2384043 https://www.cve.org/CVERecord?id=CVE-2025-8194 https://nvd.nist.gov/vuln/detail/CVE-2025-8194 https://github.com/python/cpython/issues/130577 https://github.com/python/cpython/pull/137027 https://mail.python.org/archives/list/security-announce@python.org/thread/ZULLF3IZ726XP5EY7XJ7YIN3K5MDYR2D/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8194.json https://access.redhat.com/errata/RHSA-2025:15019", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.2", "arch_op": "pattern match" }, "9HK6XfbtFUbx1tNKJlBYeg==": { "id": "9HK6XfbtFUbx1tNKJlBYeg==", "updater": "rhel-vex", "name": "CVE-2025-61732", "description": "A flaw was found in Go's 'cgo tool'. This vulnerability arises from a discrepancy in how Go and C/C++ comments are parsed, which allows for malicious code to be hidden within comments and then \"smuggled\" into the compiled `cgo` binary. An attacker could exploit this to embed and execute arbitrary code, potentially leading to significant system compromise.", "issued": "2026-02-05T03:42:26Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61732 https://bugzilla.redhat.com/show_bug.cgi?id=2437016 https://www.cve.org/CVERecord?id=CVE-2025-61732 https://nvd.nist.gov/vuln/detail/CVE-2025-61732 https://go.dev/cl/734220 https://go.dev/issue/76697 https://groups.google.com/g/golang-announce/c/K09ubi9FQFk https://pkg.go.dev/vuln/GO-2026-4433 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61732.json https://access.redhat.com/errata/RHSA-2026:2709", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.25.7-1.el9_7", "arch_op": "pattern match" }, "9HkrQyk+mvh4YcyBYw6eQg==": { "id": "9HkrQyk+mvh4YcyBYw6eQg==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "9LiBp4nDSgt/Uyk2VD23Ig==": { "id": "9LiBp4nDSgt/Uyk2VD23Ig==", "updater": "rhel-vex", "name": "CVE-2026-22801", "description": "A flaw was found in libpng, a reference library for PNG (Portable Network Graphics) raster image files. An integer truncation vulnerability exists in the png_write_image_16bit and png_write_image_8bit simplified write API functions. A local attacker could exploit this flaw by providing a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes, leading to a heap buffer over-read. This can result in information disclosure or a denial of service (DoS) to the system.", "issued": "2026-01-12T22:57:58Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22801 https://bugzilla.redhat.com/show_bug.cgi?id=2428824 https://www.cve.org/CVERecord?id=CVE-2026-22801 https://nvd.nist.gov/vuln/detail/CVE-2026-22801 https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22801.json https://access.redhat.com/errata/RHSA-2026:3405", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libpng-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:1.6.37-12.el9_7.2", "arch_op": "pattern match" }, "9M1meEoYiMYlmYR7kKfweg==": { "id": "9M1meEoYiMYlmYR7kKfweg==", "updater": "rhel-vex", "name": "CVE-2022-3626", "description": "An out-of-bounds write flaw was found in the _TIFFmemset function in libtiff/tif_unix.c in the libtiff package. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could cause a denial of service condition.", "issued": "2022-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3626 https://bugzilla.redhat.com/show_bug.cgi?id=2142741 https://www.cve.org/CVERecord?id=CVE-2022-3626 https://nvd.nist.gov/vuln/detail/CVE-2022-3626 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3626.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "9NxQaPp619Bd0qky1dvzZg==": { "id": "9NxQaPp619Bd0qky1dvzZg==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1503", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.19.1-1.module+el9.3.0+21388+22892fb9", "arch_op": "pattern match" }, "9PE6ZiUdIaAWtCsUgesEZA==": { "id": "9PE6ZiUdIaAWtCsUgesEZA==", "updater": "rhel-vex", "name": "CVE-2023-31130", "description": "A vulnerability was found in c-ares. This issue occurs in the ares_inet_net_pton() function, which is vulnerable to a buffer underflow for certain ipv6 addresses. \"0::00:00:00/2\" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which would require an administrator to configure such an address via ares_set_sortlist().", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31130 https://bugzilla.redhat.com/show_bug.cgi?id=2209497 https://www.cve.org/CVERecord?id=CVE-2023-31130 https://nvd.nist.gov/vuln/detail/CVE-2023-31130 https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31130.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.3-1.16.19.1.2.el9_2", "arch_op": "pattern match" }, "9R8nFX27y8SI3yR7d7vH5A==": { "id": "9R8nFX27y8SI3yR7d7vH5A==", "updater": "rhel-vex", "name": "CVE-2025-61726", "description": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.", "issued": "2026-01-28T19:30:31Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61726 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://www.cve.org/CVERecord?id=CVE-2025-61726 https://nvd.nist.gov/vuln/detail/CVE-2025-61726 https://go.dev/cl/736712 https://go.dev/issue/77101 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://pkg.go.dev/vuln/GO-2026-4341 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61726.json https://access.redhat.com/errata/RHSA-2026:2709", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.25.7-1.el9_7", "arch_op": "pattern match" }, "9RLVzTylr5Ocdbql97n+1Q==": { "id": "9RLVzTylr5Ocdbql97n+1Q==", "updater": "rhel-vex", "name": "CVE-2024-37370", "description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-37370 https://bugzilla.redhat.com/show_bug.cgi?id=2294677 https://www.cve.org/CVERecord?id=CVE-2024-37370 https://nvd.nist.gov/vuln/detail/CVE-2024-37370 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37370.json https://access.redhat.com/errata/RHSA-2024:6166", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-2.el9_4", "arch_op": "pattern match" }, "9ScYbT0nSftN/jrx/8pPuA==": { "id": "9ScYbT0nSftN/jrx/8pPuA==", "updater": "rhel-vex", "name": "CVE-2026-35414", "description": "A flaw was found in OpenSSH. This vulnerability arises from the incorrect handling of the authorized_keys principals option in uncommon scenarios. Specifically, when a principals list is used with a Certificate Authority that includes comma characters, OpenSSH may misinterpret the input. This could lead to security bypasses, potentially allowing unintended access or information disclosure in specific authentication contexts.", "issued": "2026-04-02T17:08:15Z", "links": "https://access.redhat.com/security/cve/CVE-2026-35414 https://bugzilla.redhat.com/show_bug.cgi?id=2454490 https://www.cve.org/CVERecord?id=CVE-2026-35414 https://nvd.nist.gov/vuln/detail/CVE-2026-35414 https://marc.info/?l=openssh-unix-dev\u0026m=177513443901484\u0026w=2 https://www.openssh.org/releasenotes.html#10.3p1 https://www.openwall.com/lists/oss-security/2026/04/02/3 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-35414.json https://access.redhat.com/errata/RHSA-2026:13381", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-49.el9_7", "arch_op": "pattern match" }, "9SrODyBGF+py5BfKYxVllg==": { "id": "9SrODyBGF+py5BfKYxVllg==", "updater": "rhel-vex", "name": "CVE-2025-4373", "description": "A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.", "issued": "2025-05-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4373 https://bugzilla.redhat.com/show_bug.cgi?id=2364265 https://www.cve.org/CVERecord?id=CVE-2025-4373 https://nvd.nist.gov/vuln/detail/CVE-2025-4373 https://gitlab.gnome.org/GNOME/glib/-/issues/3677 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4373.json https://access.redhat.com/errata/RHSA-2025:11140", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-16.el9_6.2", "arch_op": "pattern match" }, "9U8BTRqVPM+WCls5RolwuQ==": { "id": "9U8BTRqVPM+WCls5RolwuQ==", "updater": "rhel-vex", "name": "CVE-2023-45288", "description": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45288 https://bugzilla.redhat.com/show_bug.cgi?id=2268273 https://www.cve.org/CVERecord?id=CVE-2023-45288 https://nvd.nist.gov/vuln/detail/CVE-2023-45288 https://nowotarski.info/http2-continuation-flood/ https://pkg.go.dev/vuln/GO-2024-2687 https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45288.json https://access.redhat.com/errata/RHSA-2024:1963", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-4.el9_3", "arch_op": "pattern match" }, "9UTiJlsfYxfa60iynbYgLg==": { "id": "9UTiJlsfYxfa60iynbYgLg==", "updater": "rhel-vex", "name": "CVE-2022-39260", "description": "Git is an open source, scalable, distributed revision control system. `git shell` is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an `int` to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to `execv()`, it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to `git shell` as a login shell in order to be vulnerable to this attack. This problem is patched in versions 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 and users are advised to upgrade to the latest version. Disabling `git shell` access via remote logins is a viable short-term workaround.", "issued": "2022-10-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-39260 https://bugzilla.redhat.com/show_bug.cgi?id=2137423 https://www.cve.org/CVERecord?id=CVE-2022-39260 https://nvd.nist.gov/vuln/detail/CVE-2022-39260 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-39260.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "9Wku9APf1oJxEbcM0XqrLQ==": { "id": "9Wku9APf1oJxEbcM0XqrLQ==", "updater": "rhel-vex", "name": "CVE-2025-27614", "description": "There's a vulnerability in gitk where an user can be tricked to run malicious scripts supplied by the attacker when running gitk filename command. When successfully exploited this vulnerability may result in arbitrary code execution.", "issued": "2025-07-08T13:01:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27614 https://bugzilla.redhat.com/show_bug.cgi?id=2379125 https://www.cve.org/CVERecord?id=CVE-2025-27614 https://nvd.nist.gov/vuln/detail/CVE-2025-27614 https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/ https://www.openwall.com/lists/oss-security/2025/07/08/4 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27614.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "9XbremjCd0rS6zu/GB+mjA==": { "id": "9XbremjCd0rS6zu/GB+mjA==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "9Yjf3Ev3R8wbqlhNdfwPQQ==": { "id": "9Yjf3Ev3R8wbqlhNdfwPQQ==", "updater": "rhel-vex", "name": "CVE-2024-53920", "description": "A flaw was found in Emacs. Viewing or editing an untrusted Emacs Lisp source code file can cause arbitrary code execution due to unsafe macro expansion when a user has configured elisp-completion-at-point for code completion or has enabled automatic error checking, such as Flymake or Flycheck.", "issued": "2024-11-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-53920 https://bugzilla.redhat.com/show_bug.cgi?id=2329161 https://www.cve.org/CVERecord?id=CVE-2024-53920 https://nvd.nist.gov/vuln/detail/CVE-2024-53920 https://eshelyaron.com/posts/2024-11-27-emacs-aritrary-code-execution-and-how-to-avoid-it.html https://yhetil.org/emacs/CAFXAjY5f4YfHAtZur1RAqH34UbYU56_t6t2Er0YEh1Sb7-W=hg%40mail.gmail.com/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-53920.json https://access.redhat.com/errata/RHSA-2025:9448", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-14.el9_6.2", "arch_op": "pattern match" }, "9b3CWaJsQwdqnuBJDBMt8g==": { "id": "9b3CWaJsQwdqnuBJDBMt8g==", "updater": "rhel-vex", "name": "CVE-2024-52006", "description": "A flaw was found in Git. Git defines a line-based protocol that is used to exchange information between Git and Git credential helpers. Some ecosystems, most notably .NET and node.js, interpret single Carriage Return characters as newlines, which render the protections against CVE-2020-5260 incomplete for credential helpers, which has the potential to expose stored credentials to malicious URLs.", "issued": "2025-01-14T18:39:52Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52006 https://bugzilla.redhat.com/show_bug.cgi?id=2337956 https://www.cve.org/CVERecord?id=CVE-2024-52006 https://nvd.nist.gov/vuln/detail/CVE-2024-52006 https://github.com/git-ecosystem/git-credential-manager/security/advisories/GHSA-86c2-4x57-wc8g https://github.com/git/git/commit/b01b9b81d36759cdcd07305e78765199e1bc2060 https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q https://github.com/git/git/security/advisories/GHSA-r5ph-xg7q-xfrp https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52006.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "9b3hAQW/ubh4v6zyl2M5Ig==": { "id": "9b3hAQW/ubh4v6zyl2M5Ig==", "updater": "rhel-vex", "name": "CVE-2024-35195", "description": "An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.", "issued": "2024-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-35195 https://bugzilla.redhat.com/show_bug.cgi?id=2282114 https://www.cve.org/CVERecord?id=CVE-2024-35195 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35195.json https://access.redhat.com/errata/RHSA-2025:7049", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-requests", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.25.1-9.el9", "arch_op": "pattern match" }, "9bjl4H6CMWLL3h1g5y6i9Q==": { "id": "9bjl4H6CMWLL3h1g5y6i9Q==", "updater": "rhel-vex", "name": "CVE-2026-5928", "description": "A flaw was found in glibc (GNU C Library). When the `ungetwc` function is called on a file stream using wide characters with specific overlapping single-byte and multi-byte encodings, it may attempt to read data outside of its allocated buffer. This can lead to the unintentional disclosure of sensitive information from memory or cause the program to crash, resulting in a denial of service.", "issued": "2026-04-20T20:37:31Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5928 https://bugzilla.redhat.com/show_bug.cgi?id=2459854 https://www.cve.org/CVERecord?id=CVE-2026-5928 https://nvd.nist.gov/vuln/detail/CVE-2026-5928 https://sourceware.org/bugzilla/show_bug.cgi?id=33998 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5928.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "9ca/WR2Db6VUKD0h31yyGw==": { "id": "9ca/WR2Db6VUKD0h31yyGw==", "updater": "rhel-vex", "name": "CVE-2022-36227", "description": "A flaw was found in libarchive. A missing check of the return value of the calloc function can cause a NULL pointer dereference in an out-of-memory condition or when a memory allocation limit is reached, resulting in the program linked with libarchive to crash.", "issued": "2022-07-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-36227 https://bugzilla.redhat.com/show_bug.cgi?id=2144972 https://www.cve.org/CVERecord?id=CVE-2022-36227 https://nvd.nist.gov/vuln/detail/CVE-2022-36227 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-36227.json https://access.redhat.com/errata/RHSA-2023:2532", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-4.el9", "arch_op": "pattern match" }, "9feM+1JJIYgC5OZCglyV3w==": { "id": "9feM+1JJIYgC5OZCglyV3w==", "updater": "rhel-vex", "name": "CVE-2023-23946", "description": "A vulnerability was found in Git. This security issue occurs when feeding a crafted input to \"git apply.\" A path outside the working tree can be overwritten by the user running \"git apply.\"", "issued": "2023-02-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23946 https://bugzilla.redhat.com/show_bug.cgi?id=2168161 https://www.cve.org/CVERecord?id=CVE-2023-23946 https://nvd.nist.gov/vuln/detail/CVE-2023-23946 https://github.blog/2023-02-14-git-security-vulnerabilities-announced-3/ https://github.com/git/git/security/advisories/GHSA-r87m-v37r-cwfh https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23946.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "9fvqDo3ARbJLIgwR1oX6QQ==": { "id": "9fvqDo3ARbJLIgwR1oX6QQ==", "updater": "rhel-vex", "name": "CVE-2023-24329", "description": "A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity.", "issued": "2023-02-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24329 https://bugzilla.redhat.com/show_bug.cgi?id=2173917 https://www.cve.org/CVERecord?id=CVE-2023-24329 https://nvd.nist.gov/vuln/detail/CVE-2023-24329 https://pointernull.com/security/python-url-parse-problem.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24329.json https://access.redhat.com/errata/RHSA-2023:3595", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.16-1.el9_2.1", "arch_op": "pattern match" }, "9gB7mQN0y1Zy9EiaXIHFew==": { "id": "9gB7mQN0y1Zy9EiaXIHFew==", "updater": "rhel-vex", "name": "CVE-2022-43548", "description": "A flaw was found in NodeJS. The issue occurs in the Node.js rebinding protector for --inspect that still allows invalid IP addresses, specifically, the octal format. This flaw allows an attacker to perform DNS rebinding and execute arbitrary code.", "issued": "2022-11-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-43548 https://bugzilla.redhat.com/show_bug.cgi?id=2140911 https://www.cve.org/CVERecord?id=CVE-2022-43548 https://nvd.nist.gov/vuln/detail/CVE-2022-43548 https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-octal-ip-address-medium-cve-2022-43548 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-43548.json https://access.redhat.com/errata/RHSA-2022:8832", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.2-1.18.12.1.1.module+el9.1.0.z+17326+318294bb", "arch_op": "pattern match" }, "9hzf7VYOdcRePOTqOS2DHA==": { "id": "9hzf7VYOdcRePOTqOS2DHA==", "updater": "rhel-vex", "name": "CVE-2026-1528", "description": "A flaw was found in undici. A remote attacker could exploit this vulnerability by sending a specially crafted WebSocket frame with an extremely large 64-bit length. This causes undici's ByteParser to overflow its internal calculations, leading to an invalid state and a fatal TypeError. The primary consequence is a Denial of Service (DoS), which terminates the process.", "issued": "2026-03-12T20:21:57Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1528 https://bugzilla.redhat.com/show_bug.cgi?id=2447145 https://www.cve.org/CVERecord?id=CVE-2026-1528 https://nvd.nist.gov/vuln/detail/CVE-2026-1528 https://cna.openjsf.org/security-advisories.html https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj https://hackerone.com/reports/3537648 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1528.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "9ia70lNV6NYvmzB7WlbYQw==": { "id": "9ia70lNV6NYvmzB7WlbYQw==", "updater": "rhel-vex", "name": "CVE-2023-32559", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding() can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding('spawn_sync') to run arbitrary code outside of the limits defined in a policy.json file.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32559 https://bugzilla.redhat.com/show_bug.cgi?id=2230956 https://www.cve.org/CVERecord?id=CVE-2023-32559 https://nvd.nist.gov/vuln/detail/CVE-2023-32559 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-processbinding-mediumcve-2023-32559 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32559.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.17.1-1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "9iigvnuYDaC8UzcOIDLjIQ==": { "id": "9iigvnuYDaC8UzcOIDLjIQ==", "updater": "rhel-vex", "name": "CVE-2026-24883", "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", "issued": "2026-01-27T18:43:18Z", "links": "https://access.redhat.com/security/cve/CVE-2026-24883 https://bugzilla.redhat.com/show_bug.cgi?id=2433463 https://www.cve.org/CVERecord?id=CVE-2026-24883 https://nvd.nist.gov/vuln/detail/CVE-2026-24883 https://dev.gnupg.org/T8049 https://www.openwall.com/lists/oss-security/2026/01/27/8 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-24883.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "9kpPzhUEkQr6h/4fDNnSuA==": { "id": "9kpPzhUEkQr6h/4fDNnSuA==", "updater": "rhel-vex", "name": "CVE-2024-28863", "description": "A flaw was found in ISAACS's node-tar, where it is vulnerable to a denial of service, caused by the lack of folder count validation. The vulnerability exists due to the application not properly controlling the consumption of internal resources while parsing a tar file. By sending a specially crafted request, a remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28863 https://bugzilla.redhat.com/show_bug.cgi?id=2293200 https://www.cve.org/CVERecord?id=CVE-2024-28863 https://nvd.nist.gov/vuln/detail/CVE-2024-28863 https://github.com/isaacs/node-tar/security/advisories/GHSA-f5x3-32g6-xq36 https://security.netapp.com/advisory/ntap-20240524-0005/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28863.json https://access.redhat.com/errata/RHSA-2024:6147", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.4-1.module+el9.4.0+22195+c221878e", "arch_op": "pattern match" }, "9lAt/24IrVKtsskC+grSQQ==": { "id": "9lAt/24IrVKtsskC+grSQQ==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5738", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.13-1.el9_2", "arch_op": "pattern match" }, "9lOT/bRPy9mu1knhwrLw8Q==": { "id": "9lOT/bRPy9mu1knhwrLw8Q==", "updater": "rhel-vex", "name": "CVE-2023-46809", "description": "A flaw was found in Node.js. The privateDecrypt() API of the crypto library may allow a covert timing side-channel during PKCS#1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decrypt captured RSA ciphertexts or forge signatures, especially in scenarios involving API endpoints processing JSON Web Encryption messages.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46809 https://bugzilla.redhat.com/show_bug.cgi?id=2264569 https://www.cve.org/CVERecord?id=CVE-2023-46809 https://nvd.nist.gov/vuln/detail/CVE-2023-46809 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46809.json https://access.redhat.com/errata/RHSA-2024:1503", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9", "arch_op": "pattern match" }, "9lOiMN/e99o1oI1dhS9S2Q==": { "id": "9lOiMN/e99o1oI1dhS9S2Q==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "9lqG2xu+85HJHcn8UQyZ2A==": { "id": "9lqG2xu+85HJHcn8UQyZ2A==", "updater": "rhel-vex", "name": "CVE-2023-24538", "description": "A flaw was found in Golang Go. This flaw allows a remote attacker to execute arbitrary code on the system, caused by not properly considering backticks (`) as Javascript string delimiters. By sending a specially crafted request, an attacker execute arbitrary code on the system.", "issued": "2023-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24538 https://bugzilla.redhat.com/show_bug.cgi?id=2184481 https://www.cve.org/CVERecord?id=CVE-2023-24538 https://nvd.nist.gov/vuln/detail/CVE-2023-24538 https://github.com/golang/go/issues/59234 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24538.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "9lxLFgIezXSh1WnSsRhwNQ==": { "id": "9lxLFgIezXSh1WnSsRhwNQ==", "updater": "rhel-vex", "name": "CVE-2022-36227", "description": "A flaw was found in libarchive. A missing check of the return value of the calloc function can cause a NULL pointer dereference in an out-of-memory condition or when a memory allocation limit is reached, resulting in the program linked with libarchive to crash.", "issued": "2022-07-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-36227 https://bugzilla.redhat.com/show_bug.cgi?id=2144972 https://www.cve.org/CVERecord?id=CVE-2022-36227 https://nvd.nist.gov/vuln/detail/CVE-2022-36227 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-36227.json https://access.redhat.com/errata/RHSA-2023:2532", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "bsdtar", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-4.el9", "arch_op": "pattern match" }, "9oQBIjmHHZP7ZEjuqVHO7Q==": { "id": "9oQBIjmHHZP7ZEjuqVHO7Q==", "updater": "rhel-vex", "name": "CVE-2024-6923", "description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "issued": "2024-08-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.5", "arch_op": "pattern match" }, "9rfGlkZ9WMAUo942FMnq5A==": { "id": "9rfGlkZ9WMAUo942FMnq5A==", "updater": "rhel-vex", "name": "CVE-2025-32415", "description": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.", "issued": "2025-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32415 https://bugzilla.redhat.com/show_bug.cgi?id=2360768 https://www.cve.org/CVERecord?id=CVE-2025-32415 https://nvd.nist.gov/vuln/detail/CVE-2025-32415 https://gitlab.gnome.org/GNOME/libxml2/-/issues/890 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32415.json https://access.redhat.com/errata/RHSA-2025:13428", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-12.el9_6", "arch_op": "pattern match" }, "9uaveyIiSEcdU4MrDHbJ2Q==": { "id": "9uaveyIiSEcdU4MrDHbJ2Q==", "updater": "rhel-vex", "name": "CVE-2023-0802", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted32bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0802 https://bugzilla.redhat.com/show_bug.cgi?id=2170178 https://www.cve.org/CVERecord?id=CVE-2023-0802 https://nvd.nist.gov/vuln/detail/CVE-2023-0802 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0802.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "9uo4qIbgVv97/yzslhE6/g==": { "id": "9uo4qIbgVv97/yzslhE6/g==", "updater": "rhel-vex", "name": "CVE-2023-28484", "description": "A NULL pointer dereference vulnerability was found in libxml2. This issue occurs when parsing (invalid) XML schemas.", "issued": "2023-04-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28484 https://bugzilla.redhat.com/show_bug.cgi?id=2185994 https://www.cve.org/CVERecord?id=CVE-2023-28484 https://nvd.nist.gov/vuln/detail/CVE-2023-28484 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28484.json https://access.redhat.com/errata/RHSA-2023:4349", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-3.el9_2.1", "arch_op": "pattern match" }, "9vaAmbFDwko+7w/wBDHWvg==": { "id": "9vaAmbFDwko+7w/wBDHWvg==", "updater": "rhel-vex", "name": "CVE-2023-28617", "description": "A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the function org-babel-execute:latex in ob-latex.el can result in arbitrary command execution.", "issued": "2023-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28617 https://bugzilla.redhat.com/show_bug.cgi?id=2180544 https://www.cve.org/CVERecord?id=CVE-2023-28617 https://nvd.nist.gov/vuln/detail/CVE-2023-28617 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28617.json https://access.redhat.com/errata/RHSA-2023:2074", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-6.el9_1.1", "arch_op": "pattern match" }, "9z2MVdoreqGVJcUFUz72OA==": { "id": "9z2MVdoreqGVJcUFUz72OA==", "updater": "rhel-vex", "name": "CVE-2023-32002", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of Module._load() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2230948 https://www.cve.org/CVERecord?id=CVE-2023-32002 https://nvd.nist.gov/vuln/detail/CVE-2023-32002 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-module_load-highcve-2023-32002 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32002.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "A/za5QfQmT4HYcIQ4RyCzA==": { "id": "A/za5QfQmT4HYcIQ4RyCzA==", "updater": "osv/go", "name": "GO-2024-2887", "description": "Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip", "issued": "2024-06-04T22:48:55Z", "links": "https://go.dev/cl/590316 https://go.dev/issue/67680 https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.21.11" }, "A0davrN208bKuUZqpayi4g==": { "id": "A0davrN208bKuUZqpayi4g==", "updater": "rhel-vex", "name": "CVE-2026-22801", "description": "A flaw was found in libpng, a reference library for PNG (Portable Network Graphics) raster image files. An integer truncation vulnerability exists in the png_write_image_16bit and png_write_image_8bit simplified write API functions. A local attacker could exploit this flaw by providing a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes, leading to a heap buffer over-read. This can result in information disclosure or a denial of service (DoS) to the system.", "issued": "2026-01-12T22:57:58Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22801 https://bugzilla.redhat.com/show_bug.cgi?id=2428824 https://www.cve.org/CVERecord?id=CVE-2026-22801 https://nvd.nist.gov/vuln/detail/CVE-2026-22801 https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22801.json https://access.redhat.com/errata/RHSA-2026:3405", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libpng", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:1.6.37-12.el9_7.2", "arch_op": "pattern match" }, "A2AnBV79RO3+WE0eMQnW8Q==": { "id": "A2AnBV79RO3+WE0eMQnW8Q==", "updater": "rhel-vex", "name": "CVE-2026-21716", "description": "A flaw was found in Node.js. An incomplete security fix allows code operating under restricted file system write permissions to bypass these limitations. This vulnerability enables the modification of file permissions and ownership on already-open files, even when explicit write access is denied. Such a bypass could lead to unauthorized changes to system files.", "issued": "2026-03-30T19:07:28Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21716 https://bugzilla.redhat.com/show_bug.cgi?id=2453157 https://www.cve.org/CVERecord?id=CVE-2026-21716 https://nvd.nist.gov/vuln/detail/CVE-2026-21716 https://nodejs.org/en/blog/vulnerability/march-2026-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21716.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "A2YTvJXiGwe7aOSqWlEZhQ==": { "id": "A2YTvJXiGwe7aOSqWlEZhQ==", "updater": "rhel-vex", "name": "CVE-2023-32067", "description": "A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32067 https://bugzilla.redhat.com/show_bug.cgi?id=2209502 https://www.cve.org/CVERecord?id=CVE-2023-32067 https://nvd.nist.gov/vuln/detail/CVE-2023-32067 https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32067.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.3-1.16.19.1.2.el9_2", "arch_op": "pattern match" }, "A3ZYVQ8Z63tDAx8FSltQHw==": { "id": "A3ZYVQ8Z63tDAx8FSltQHw==", "updater": "rhel-vex", "name": "CVE-2025-7458", "description": "An integer overflow flaw has been discovered in SQLite. This flaw allows an attacker who has the ability to execute raw SQL statements to induce a denial of service or leak process memory.", "issued": "2025-07-29T12:43:19Z", "links": "https://access.redhat.com/security/cve/CVE-2025-7458 https://bugzilla.redhat.com/show_bug.cgi?id=2384237 https://www.cve.org/CVERecord?id=CVE-2025-7458 https://nvd.nist.gov/vuln/detail/CVE-2025-7458 https://sqlite.org/forum/forumpost/16ce2bb7a639e29b https://sqlite.org/src/info/12ad822d9b827777 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-7458.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "A98JJ8FAQWnMhx8Nb3TYXA==": { "id": "A98JJ8FAQWnMhx8Nb3TYXA==", "updater": "rhel-vex", "name": "CVE-2022-49043", "description": "A flaw was found in libxml2 where improper handling of memory allocation failures in `libxml2` can lead to crashes, memory leaks, or inconsistent states. While an attacker cannot directly control allocation failures, they may trigger denial-of-service conditions under extreme system stress.", "issued": "2025-01-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-49043 https://bugzilla.redhat.com/show_bug.cgi?id=2342118 https://www.cve.org/CVERecord?id=CVE-2022-49043 https://nvd.nist.gov/vuln/detail/CVE-2022-49043 https://github.com/php/php-src/issues/17467 https://gitlab.gnome.org/GNOME/libxml2/-/commit/5a19e21605398cef6a8b1452477a8705cb41562b https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-49043.json https://access.redhat.com/errata/RHSA-2025:1350", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.1", "arch_op": "pattern match" }, "ABh4yTmrbQSCnnP4F8iX5A==": { "id": "ABh4yTmrbQSCnnP4F8iX5A==", "updater": "rhel-vex", "name": "CVE-2023-3446", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "AD3UsMwxeXvBzVWIm5l5yw==": { "id": "AD3UsMwxeXvBzVWIm5l5yw==", "updater": "rhel-vex", "name": "CVE-2025-5278", "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "issued": "2025-05-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5278 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://www.cve.org/CVERecord?id=CVE-2025-5278 https://nvd.nist.gov/vuln/detail/CVE-2025-5278 https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5278.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "coreutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AEXyQvL2wFfW+v4I9XmTaQ==": { "id": "AEXyQvL2wFfW+v4I9XmTaQ==", "updater": "rhel-vex", "name": "CVE-2023-3316", "description": "A flaw was found in LibTiff. A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones.", "issued": "2023-06-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3316 https://bugzilla.redhat.com/show_bug.cgi?id=2216080 https://www.cve.org/CVERecord?id=CVE-2023-3316 https://nvd.nist.gov/vuln/detail/CVE-2023-3316 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3316.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "AF4l+pfrs0Si/0Bf3toHtA==": { "id": "AF4l+pfrs0Si/0Bf3toHtA==", "updater": "rhel-vex", "name": "CVE-2025-69419", "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69419 https://bugzilla.redhat.com/show_bug.cgi?id=2430386 https://www.cve.org/CVERecord?id=CVE-2025-69419 https://nvd.nist.gov/vuln/detail/CVE-2025-69419 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69419.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "AI5OCFigX+y57buhAMK1UA==": { "id": "AI5OCFigX+y57buhAMK1UA==", "updater": "rhel-vex", "name": "CVE-2024-2398", "description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "issued": "2024-03-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-29.el9_4.1", "arch_op": "pattern match" }, "AILk1bhdEUQriiNdRe9Buw==": { "id": "AILk1bhdEUQriiNdRe9Buw==", "updater": "rhel-vex", "name": "CVE-2025-4598", "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "issued": "2025-05-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4598 https://bugzilla.redhat.com/show_bug.cgi?id=2369242 https://www.cve.org/CVERecord?id=CVE-2025-4598 https://nvd.nist.gov/vuln/detail/CVE-2025-4598 https://www.openwall.com/lists/oss-security/2025/05/29/3 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4598.json https://access.redhat.com/errata/RHSA-2025:22660", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd-rpm-macros", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:252-55.el9_7.7", "arch_op": "pattern match" }, "AIlN8RmMOvhBveVuVAyHQQ==": { "id": "AIlN8RmMOvhBveVuVAyHQQ==", "updater": "rhel-vex", "name": "CVE-2022-2874", "description": "A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "issued": "2022-08-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2874 https://bugzilla.redhat.com/show_bug.cgi?id=2193207 https://www.cve.org/CVERecord?id=CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2874.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AJcMDco3zISLrE/7+42hGA==": { "id": "AJcMDco3zISLrE/7+42hGA==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "AJgpOdbNJblqS+xC52p8RA==": { "id": "AJgpOdbNJblqS+xC52p8RA==", "updater": "rhel-vex", "name": "CVE-2023-32067", "description": "A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32067 https://bugzilla.redhat.com/show_bug.cgi?id=2209502 https://www.cve.org/CVERecord?id=CVE-2023-32067 https://nvd.nist.gov/vuln/detail/CVE-2023-32067 https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32067.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "ANawluW+m7SrGs8Q9Odgow==": { "id": "ANawluW+m7SrGs8Q9Odgow==", "updater": "rhel-vex", "name": "CVE-2022-3517", "description": "A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.", "issued": "2022-02-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3517 https://bugzilla.redhat.com/show_bug.cgi?id=2134609 https://www.cve.org/CVERecord?id=CVE-2022-3517 https://nvd.nist.gov/vuln/detail/CVE-2022-3517 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3517.json https://access.redhat.com/errata/RHSA-2022:8832", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.12.1-1.module+el9.1.0.z+17326+318294bb", "arch_op": "pattern match" }, "ANxFBq/yNQoElX4dsXb0wA==": { "id": "ANxFBq/yNQoElX4dsXb0wA==", "updater": "rhel-vex", "name": "CVE-2023-32006", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32006 https://bugzilla.redhat.com/show_bug.cgi?id=2230955 https://www.cve.org/CVERecord?id=CVE-2023-32006 https://nvd.nist.gov/vuln/detail/CVE-2023-32006 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-impersonate-other-modules-in-using-moduleconstructorcreaterequire-mediumcve-2023-32006 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32006.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "AOVkipVLZLxGjwVCB/7mwg==": { "id": "AOVkipVLZLxGjwVCB/7mwg==", "updater": "rhel-vex", "name": "CVE-2022-4645", "description": "A flaw was found in tiffcp, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the tiffcp function in tools/tiffcp.c, resulting in a denial of service and limited information disclosure.", "issued": "2023-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4645 https://bugzilla.redhat.com/show_bug.cgi?id=2176220 https://www.cve.org/CVERecord?id=CVE-2022-4645 https://nvd.nist.gov/vuln/detail/CVE-2022-4645 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4645.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "APh1+6yq/mlF0fXLxUkIDw==": { "id": "APh1+6yq/mlF0fXLxUkIDw==", "updater": "rhel-vex", "name": "CVE-2026-41989", "description": "A flaw was found in Libgcrypt. A remote attacker could exploit this vulnerability by sending crafted Elliptic Curve Diffie-Hellman (ECDH) ciphertext to the `gcry_pk_decrypt` function. This can lead to a heap-based buffer overflow, potentially causing a denial of service (DoS) condition.", "issued": "2026-04-23T04:30:26Z", "links": "https://access.redhat.com/security/cve/CVE-2026-41989 https://bugzilla.redhat.com/show_bug.cgi?id=2461063 https://www.cve.org/CVERecord?id=CVE-2026-41989 https://nvd.nist.gov/vuln/detail/CVE-2026-41989 https://dev.gnupg.org/T8211 https://lists.gnupg.org/pipermail/gnupg-announce/2026q2/000503.html https://www.openwall.com/lists/oss-security/2026/04/21/1 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-41989.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libgcrypt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AQa/gDZ0IemFxWbJIsU4yQ==": { "id": "AQa/gDZ0IemFxWbJIsU4yQ==", "updater": "rhel-vex", "name": "CVE-2023-52355", "description": "An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB.", "issued": "2023-11-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-52355 https://bugzilla.redhat.com/show_bug.cgi?id=2251326 https://www.cve.org/CVERecord?id=CVE-2023-52355 https://nvd.nist.gov/vuln/detail/CVE-2023-52355 https://gitlab.com/libtiff/libtiff/-/issues/621 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52355.json https://access.redhat.com/errata/RHSA-2025:20801", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-15.el9", "arch_op": "pattern match" }, "AUiFITCnRjRxctzqqbDeeA==": { "id": "AUiFITCnRjRxctzqqbDeeA==", "updater": "rhel-vex", "name": "CVE-2022-3219", "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "issued": "2022-09-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3219.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AYOaUiAITXfmzrid+CR2Og==": { "id": "AYOaUiAITXfmzrid+CR2Og==", "updater": "rhel-vex", "name": "CVE-2021-3903", "description": "vim is vulnerable to Heap-based Buffer Overflow", "issued": "2021-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3903.json https://access.redhat.com/errata/RHSA-2024:9405", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-21.el9", "arch_op": "pattern match" }, "AYXw2VaylssI+NkH09HL4Q==": { "id": "AYXw2VaylssI+NkH09HL4Q==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "AcbVYbhZ/tTIOm89OCy5kQ==": { "id": "AcbVYbhZ/tTIOm89OCy5kQ==", "updater": "rhel-vex", "name": "CVE-2023-30588", "description": "A vulnerability has been identified in the Node.js, where an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30588 https://bugzilla.redhat.com/show_bug.cgi?id=2219838 https://www.cve.org/CVERecord?id=CVE-2023-30588 https://nvd.nist.gov/vuln/detail/CVE-2023-30588 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30588.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.16.1-1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "AdhtRMEnBdpFFyeSlUP6fA==": { "id": "AdhtRMEnBdpFFyeSlUP6fA==", "updater": "rhel-vex", "name": "CVE-2024-32002", "description": "A vulnerability was found in Git. This vulnerability allows the malicious manipulation of repositories containing submodules, exploiting a bug that enables the writing of files into the .git/ directory instead of the submodule's intended worktree. This manipulation facilitates the execution of arbitrary code during the cloning process, bypassing user inspection and control.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2280421 https://www.cve.org/CVERecord?id=CVE-2024-32002 https://nvd.nist.gov/vuln/detail/CVE-2024-32002 https://github.com/git/git/security/advisories/GHSA-8h77-4q3w-gfgv https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32002.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "Aet749oXCwhRnnY9gEGYGw==": { "id": "Aet749oXCwhRnnY9gEGYGw==", "updater": "rhel-vex", "name": "CVE-2023-38552", "description": "When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to node's policy implementation, thus effectively disabling the integrity check.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38552 https://bugzilla.redhat.com/show_bug.cgi?id=2244415 https://www.cve.org/CVERecord?id=CVE-2023-38552 https://nvd.nist.gov/vuln/detail/CVE-2023-38552 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38552.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AfEBBMV7R48kk4frVmVcAg==": { "id": "AfEBBMV7R48kk4frVmVcAg==", "updater": "rhel-vex", "name": "CVE-2024-34156", "description": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://www.cve.org/CVERecord?id=CVE-2024-34156 https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3106 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34156.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "Ag/7bmjihl8O9dsSQf/ivg==": { "id": "Ag/7bmjihl8O9dsSQf/ivg==", "updater": "rhel-vex", "name": "CVE-2025-5222", "description": "A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.", "issued": "2024-11-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5222 https://bugzilla.redhat.com/show_bug.cgi?id=2368600 https://www.cve.org/CVERecord?id=CVE-2025-5222 https://nvd.nist.gov/vuln/detail/CVE-2025-5222 https://unicode-org.atlassian.net/jira/software/c/projects/ICU/issues/ICU-22957 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5222.json https://access.redhat.com/errata/RHSA-2025:12083", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libicu", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:67.1-10.el9_6", "arch_op": "pattern match" }, "Ah03jmj/7fQOqUbg05PtZg==": { "id": "Ah03jmj/7fQOqUbg05PtZg==", "updater": "rhel-vex", "name": "CVE-2023-0049", "description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "issued": "2023-01-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0049.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Argl342WI7oZtgSo+p9kMA==": { "id": "Argl342WI7oZtgSo+p9kMA==", "updater": "rhel-vex", "name": "CVE-2025-69418", "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69418 https://bugzilla.redhat.com/show_bug.cgi?id=2430381 https://www.cve.org/CVERecord?id=CVE-2025-69418 https://nvd.nist.gov/vuln/detail/CVE-2025-69418 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69418.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "Aspz79uO5bKpApwSqMsL8A==": { "id": "Aspz79uO5bKpApwSqMsL8A==", "updater": "rhel-vex", "name": "CVE-2024-28757", "description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "issued": "2024-03-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json https://access.redhat.com/errata/RHSA-2024:1530", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-1.el9_3.1", "arch_op": "pattern match" }, "AuT5DLBrUT23i8Fkzi5nrA==": { "id": "AuT5DLBrUT23i8Fkzi5nrA==", "updater": "rhel-vex", "name": "CVE-2023-23918", "description": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23918 https://bugzilla.redhat.com/show_bug.cgi?id=2171935 https://www.cve.org/CVERecord?id=CVE-2023-23918 https://nvd.nist.gov/vuln/detail/CVE-2023-23918 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23918.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "Av6IvPz8z+8JAyypXmkbTA==": { "id": "Av6IvPz8z+8JAyypXmkbTA==", "updater": "rhel-vex", "name": "CVE-2025-23050", "description": "QLowEnergyController in Qt before 6.8.2 mishandles malformed Bluetooth ATT commands, leading to an out-of-bounds read (or division by zero). This is fixed in 5.15.19, 6.5.9, and 6.8.2.", "issued": "2025-10-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23050 https://bugzilla.redhat.com/show_bug.cgi?id=2408769 https://www.cve.org/CVERecord?id=CVE-2025-23050 https://nvd.nist.gov/vuln/detail/CVE-2025-23050 https://codereview.qt-project.org/c/qt/qtconnectivity/+/614538 https://codereview.qt-project.org/q/QLowEnergyController https://www.qt.io/blog/security-advisory-qlowenergycontroller-on-linux https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23050.json", "severity": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "qt5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Aw4zZDl3LL7dRv7HVDTRTw==": { "id": "Aw4zZDl3LL7dRv7HVDTRTw==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://nodejs.org/pt/blog/vulnerability/january-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1443", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.18.2-1.module+el9.5.0+22758+4ad2c198", "arch_op": "pattern match" }, "AwUdH/KSEhHnx1nx0tagUQ==": { "id": "AwUdH/KSEhHnx1nx0tagUQ==", "updater": "rhel-vex", "name": "CVE-2022-2183", "description": "AV:L/AC:L/PR:N/UI:R/S:U/\nC:H ==\u003e C:N\nI:H ==\u003e I:N\nA:H ==\u003e A:L", "issued": "2022-06-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2183.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AwYRRq6SmgfJLn2NZxQUdw==": { "id": "AwYRRq6SmgfJLn2NZxQUdw==", "updater": "rhel-vex", "name": "CVE-2024-34459", "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "issued": "2024-05-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Ax9cBjsH+o8aWMbSV/GNMA==": { "id": "Ax9cBjsH+o8aWMbSV/GNMA==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://nodejs.org/pt/blog/vulnerability/january-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1446", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.6-1.module+el9.5.0+22773+9a359385", "arch_op": "pattern match" }, "AyHFH4N7lNUZlwVfgigcMA==": { "id": "AyHFH4N7lNUZlwVfgigcMA==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "AyZ2Ys1oI8T5ntmwQE0+Qg==": { "id": "AyZ2Ys1oI8T5ntmwQE0+Qg==", "updater": "rhel-vex", "name": "CVE-2025-55131", "description": "A memory exposure flaw has been discovered in Node.js. A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the `vm` module with the timeout option. Under specific timing conditions, buffers allocated with `Buffer.alloc` and other `TypedArray` instances like `Uint8Array` may contain leftover data from previous operations, allowing in-process secrets like tokens or passwords to leak or causing data corruption.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-55131 https://bugzilla.redhat.com/show_bug.cgi?id=2431350 https://www.cve.org/CVERecord?id=CVE-2025-55131 https://nvd.nist.gov/vuln/detail/CVE-2025-55131 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-55131.json https://access.redhat.com/errata/RHSA-2026:2782", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.22.0-1.module+el9.7.0+23896+b5802de9", "arch_op": "pattern match" }, "Ayn8XyGcXwYPR+J1PSWdHQ==": { "id": "Ayn8XyGcXwYPR+J1PSWdHQ==", "updater": "rhel-vex", "name": "CVE-2022-41725", "description": "A flaw was found in Go, where it is vulnerable to a denial of service caused by an excessive resource consumption flaw in the net/http and mime/multipart packages. By sending a specially-crafted request, a remote attacker can cause a denial of service.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41725 https://bugzilla.redhat.com/show_bug.cgi?id=2178488 https://www.cve.org/CVERecord?id=CVE-2022-41725 https://nvd.nist.gov/vuln/detail/CVE-2022-41725 https://go.dev/cl/468124 https://go.dev/issue/58006 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E https://pkg.go.dev/vuln/GO-2023-1569 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41725.json https://access.redhat.com/errata/RHBA-2023:2181", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.6-2.el9_2", "arch_op": "pattern match" }, "AzHq3xNdZjrdl02cKyAV8A==": { "id": "AzHq3xNdZjrdl02cKyAV8A==", "updater": "rhel-vex", "name": "CVE-2026-21710", "description": "A flaw was found in Node.js. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request that includes a header named `__proto__`. When a Node.js application processes this request and attempts to access distinct headers, it encounters an unhandled error, leading to an application crash. This can result in a Denial of Service (DoS), making the affected service unavailable to users.", "issued": "2026-03-30T19:07:28Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21710 https://bugzilla.redhat.com/show_bug.cgi?id=2453151 https://www.cve.org/CVERecord?id=CVE-2026-21710 https://nvd.nist.gov/vuln/detail/CVE-2026-21710 https://nodejs.org/en/blog/vulnerability/march-2026-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21710.json https://access.redhat.com/errata/RHSA-2026:7302", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.22.2-1.module+el9.7.0+24157+8ddb2461", "arch_op": "pattern match" }, "B+E5cjNC599y+nmprS3J2Q==": { "id": "B+E5cjNC599y+nmprS3J2Q==", "updater": "rhel-vex", "name": "CVE-2025-15366", "description": "A flaw was found in the imaplib module in the Python standard library. The imaplib module does not reject control characters, such as newlines, in user-controlled input passed to IMAP commands. This issue allows an attacker to inject additional commands to be executed in the IMAP server.", "issued": "2026-01-20T21:40:24Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15366 https://bugzilla.redhat.com/show_bug.cgi?id=2431368 https://www.cve.org/CVERecord?id=CVE-2025-15366 https://nvd.nist.gov/vuln/detail/CVE-2025-15366 https://github.com/python/cpython/issues/143921 https://github.com/python/cpython/pull/143922 https://mail.python.org/archives/list/security-announce@python.org/thread/DD7C7JZJYTBXMDOWKCEIEBJLBRU64OMR/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15366.json https://access.redhat.com/errata/RHSA-2026:4168", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.25-3.el9_7.1", "arch_op": "pattern match" }, "B+xaJOiguNTw6xGmTB+mZw==": { "id": "B+xaJOiguNTw6xGmTB+mZw==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "B/+SfhbeumQponnHheNEVg==": { "id": "B/+SfhbeumQponnHheNEVg==", "updater": "rhel-vex", "name": "CVE-2023-3138", "description": "A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.", "issued": "2023-06-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3138 https://bugzilla.redhat.com/show_bug.cgi?id=2213748 https://www.cve.org/CVERecord?id=CVE-2023-3138 https://nvd.nist.gov/vuln/detail/CVE-2023-3138 https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c https://lists.x.org/archives/xorg-announce/2023-June/003406.html https://lists.x.org/archives/xorg-announce/2023-June/003407.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3138.json https://access.redhat.com/errata/RHSA-2023:6497", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-8.el9", "arch_op": "pattern match" }, "B0ZJnlI3io/AXTPjqyoADA==": { "id": "B0ZJnlI3io/AXTPjqyoADA==", "updater": "rhel-vex", "name": "CVE-2025-23083", "description": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.", "issued": "2025-01-22T01:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23083 https://bugzilla.redhat.com/show_bug.cgi?id=2339392 https://www.cve.org/CVERecord?id=CVE-2025-23083 https://nvd.nist.gov/vuln/detail/CVE-2025-23083 https://nodejs.org/en/blog/vulnerability/january-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23083.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.13.1-1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "B1FsL93s2G1YxIvrdDvTfg==": { "id": "B1FsL93s2G1YxIvrdDvTfg==", "updater": "rhel-vex", "name": "CVE-2023-3817", "description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "B1THb18jP+rSUaY77CvPng==": { "id": "B1THb18jP+rSUaY77CvPng==", "updater": "rhel-vex", "name": "CVE-2023-22490", "description": "A vulnerability was found in Git. Using a specially-crafted repository, Git can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source $GIT_DIR/objects directory contains symbolic links (CVE-2022-39253), the objects directory may still be a symbolic link.", "issued": "2023-02-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-22490 https://bugzilla.redhat.com/show_bug.cgi?id=2168160 https://www.cve.org/CVERecord?id=CVE-2023-22490 https://nvd.nist.gov/vuln/detail/CVE-2023-22490 https://github.blog/2023-02-14-git-security-vulnerabilities-announced-3/ https://github.com/git/git/security/advisories/GHSA-gw92-x3fm-3g3q https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-22490.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "B1gQIzGtgKR02WiRgVPUgQ==": { "id": "B1gQIzGtgKR02WiRgVPUgQ==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "B3tKTgCVG9JSLHIgfbUFmw==": { "id": "B3tKTgCVG9JSLHIgfbUFmw==", "updater": "rhel-vex", "name": "CVE-2024-34397", "description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "issued": "2024-05-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json https://access.redhat.com/errata/RHSA-2024:6464", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-14.el9_4.1", "arch_op": "pattern match" }, "B6Y4wCqGGirgAxQnKrzDxQ==": { "id": "B6Y4wCqGGirgAxQnKrzDxQ==", "updater": "rhel-vex", "name": "CVE-2026-33809", "description": "A flaw was found in golang.org/x/image/tiff. A remote attacker could exploit this vulnerability by providing a maliciously crafted Tagged Image File Format (TIFF) file. This could cause the image decoding process to attempt to allocate up to 4 gigabytes (GiB) of memory. The excessive resource consumption or an out-of-memory error would lead to a Denial of Service (DoS) condition.", "issued": "2026-03-25T18:24:04Z", "links": "https://access.redhat.com/security/cve/CVE-2026-33809 https://bugzilla.redhat.com/show_bug.cgi?id=2451437 https://www.cve.org/CVERecord?id=CVE-2026-33809 https://nvd.nist.gov/vuln/detail/CVE-2026-33809 https://go.dev/cl/757660 https://go.dev/issue/78267 https://pkg.go.dev/vuln/GO-2026-4815 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33809.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "B6kRennXxnam4nW6s2O9mQ==": { "id": "B6kRennXxnam4nW6s2O9mQ==", "updater": "rhel-vex", "name": "CVE-2022-30633", "description": "A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the \"any\" field tag, can cause a panic due to stack exhaustion.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-30633 https://bugzilla.redhat.com/show_bug.cgi?id=2107392 https://www.cve.org/CVERecord?id=CVE-2022-30633 https://nvd.nist.gov/vuln/detail/CVE-2022-30633 https://go.dev/issue/53611 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-30633.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "B7rM39vvdeIIjmDnRAuTIQ==": { "id": "B7rM39vvdeIIjmDnRAuTIQ==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "B9qUokfV8wr0vL8EYHLo5g==": { "id": "B9qUokfV8wr0vL8EYHLo5g==", "updater": "rhel-vex", "name": "CVE-2025-14104", "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14104 https://bugzilla.redhat.com/show_bug.cgi?id=2419369 https://www.cve.org/CVERecord?id=CVE-2025-14104 https://nvd.nist.gov/vuln/detail/CVE-2025-14104 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14104.json https://access.redhat.com/errata/RHSA-2026:1913", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libfdisk", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.37.4-21.el9_7", "arch_op": "pattern match" }, "BBNgt41sCJ+dkDLhh8RM2Q==": { "id": "BBNgt41sCJ+dkDLhh8RM2Q==", "updater": "rhel-vex", "name": "CVE-2024-6387", "description": "A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.", "issued": "2024-07-01T08:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6387 https://bugzilla.redhat.com/show_bug.cgi?id=2294604 https://www.cve.org/CVERecord?id=CVE-2024-6387 https://nvd.nist.gov/vuln/detail/CVE-2024-6387 https://santandersecurityresearch.github.io/blog/sshing_the_masses.html https://www.openssh.com/txt/release-9.8 https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6387.json https://access.redhat.com/errata/RHSA-2024:4312", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-38.el9_4.1", "arch_op": "pattern match" }, "BBVHDYnqIwi0Vk9ZX1yGIw==": { "id": "BBVHDYnqIwi0Vk9ZX1yGIw==", "updater": "rhel-vex", "name": "CVE-2026-23865", "description": "A flaw was found in Freetype. An integer overflow vulnerability exists when processing specially crafted OpenType variable fonts. A local attacker could exploit this by convincing a user to open a malicious font file, which may lead to an out-of-bounds read and potential information disclosure or denial of service.", "issued": "2026-03-02T16:09:42Z", "links": "https://access.redhat.com/security/cve/CVE-2026-23865 https://bugzilla.redhat.com/show_bug.cgi?id=2443891 https://www.cve.org/CVERecord?id=CVE-2026-23865 https://nvd.nist.gov/vuln/detail/CVE-2026-23865 https://gitlab.com/freetype/freetype/-/commit/fc85a255849229c024c8e65f536fe1875d84841c https://sourceforge.net/projects/freetype/files/freetype2/2.14.2/ https://www.facebook.com/security/advisories/cve-2026-23865 https://www.oracle.com/security-alerts/cpuapr2026.html#AppendixJAVA https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-23865.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "freetype", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "BCUOacmvjky6+oK/3U158Q==": { "id": "BCUOacmvjky6+oK/3U158Q==", "updater": "rhel-vex", "name": "CVE-2023-0464", "description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "BDC/Jijmwb4kfsAYqG7t2Q==": { "id": "BDC/Jijmwb4kfsAYqG7t2Q==", "updater": "rhel-vex", "name": "CVE-2025-64720", "description": "A buffer overflow flaw has been discovered in libpng. An out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component ≤ alpha × 257 required by the simplified PNG API.", "issued": "2025-11-24T23:45:38Z", "links": "https://access.redhat.com/security/cve/CVE-2025-64720 https://bugzilla.redhat.com/show_bug.cgi?id=2416904 https://www.cve.org/CVERecord?id=CVE-2025-64720 https://nvd.nist.gov/vuln/detail/CVE-2025-64720 https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643 https://github.com/pnggroup/libpng/issues/686 https://github.com/pnggroup/libpng/pull/751 https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-64720.json https://access.redhat.com/errata/RHSA-2026:0238", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libpng-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:1.6.37-12.el9_7.1", "arch_op": "pattern match" }, "BHd7IxntWhEzC1s7XOworQ==": { "id": "BHd7IxntWhEzC1s7XOworQ==", "updater": "rhel-vex", "name": "CVE-2025-11083", "description": "A head based buffer overflow flaw has been discovered in GNU bin utilities. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally.", "issued": "2025-09-27T23:02:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11083 https://bugzilla.redhat.com/show_bug.cgi?id=2399948 https://www.cve.org/CVERecord?id=CVE-2025-11083 https://nvd.nist.gov/vuln/detail/CVE-2025-11083 https://sourceware.org/bugzilla/attachment.cgi?id=16353 https://sourceware.org/bugzilla/show_bug.cgi?id=33457 https://sourceware.org/bugzilla/show_bug.cgi?id=33457#c1 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=9ca499644a21ceb3f946d1c179c38a83be084490 https://vuldb.com/?ctiid.326124 https://vuldb.com/?id.326124 https://vuldb.com/?submit.661277 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11083.json https://access.redhat.com/errata/RHSA-2025:23343", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils-gold", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.35.2-67.el9_7.1", "arch_op": "pattern match" }, "BLPjiJKh0zrGI5mH+bPIGw==": { "id": "BLPjiJKh0zrGI5mH+bPIGw==", "updater": "rhel-vex", "name": "CVE-2023-39323", "description": "A flaw was found in the golang cmd/go standard library. A line directive (\"//line\") can be used to bypass the restrictions on \"//go:cgo_\" directives, allowing blocked linker and compiler flags to pass during compilation. This can result in the unexpected execution of arbitrary code when running \"go build\". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.", "issued": "2023-10-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39323 https://bugzilla.redhat.com/show_bug.cgi?id=2242544 https://www.cve.org/CVERecord?id=CVE-2023-39323 https://nvd.nist.gov/vuln/detail/CVE-2023-39323 https://go.dev/cl/533215 https://go.dev/issue/63211 https://groups.google.com/g/golang-announce/c/XBa1oHDevAo https://vuln.go.dev/ID/GO-2023-2095.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39323.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "BQivQt20Anl3mLgiJoMKAA==": { "id": "BQivQt20Anl3mLgiJoMKAA==", "updater": "rhel-vex", "name": "CVE-2024-30205", "description": "A flaw was found in Emacs. Org mode considers the content of remote files, such as files opened with TRAMP on remote systems, to be trusted, resulting in arbitrary code execution.", "issued": "2024-03-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-30205 https://bugzilla.redhat.com/show_bug.cgi?id=2280298 https://www.cve.org/CVERecord?id=CVE-2024-30205 https://nvd.nist.gov/vuln/detail/CVE-2024-30205 https://www.openwall.com/lists/oss-security/2024/03/25/2 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-30205.json https://access.redhat.com/errata/RHSA-2024:9302", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-10.el9", "arch_op": "pattern match" }, "BS5Qx6nN3HmM64VVoKmayw==": { "id": "BS5Qx6nN3HmM64VVoKmayw==", "updater": "rhel-vex", "name": "CVE-2022-3134", "description": "A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3134 https://bugzilla.redhat.com/show_bug.cgi?id=2126085 https://www.cve.org/CVERecord?id=CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3134.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "BSSJGCoYu7W24g5Emwqfdg==": { "id": "BSSJGCoYu7W24g5Emwqfdg==", "updater": "rhel-vex", "name": "CVE-2024-10963", "description": "A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.", "issued": "2024-11-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://github.com/linux-pam/linux-pam/issues/834 https://github.com/linux-pam/linux-pam/pull/835 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json https://access.redhat.com/errata/RHSA-2024:10244", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-22.el9_5", "arch_op": "pattern match" }, "BTToHfvg0weSXCH9D0acFA==": { "id": "BTToHfvg0weSXCH9D0acFA==", "updater": "rhel-vex", "name": "CVE-2026-28420", "description": "A flaw was found in Vim. A remote attacker could exploit a heap-based buffer overflow and an out-of-bounds read vulnerability in Vim's terminal emulator. This occurs when processing specially crafted Unicode supplementary plane characters, potentially leading to information disclosure and denial of service.", "issued": "2026-02-27T22:04:36Z", "links": "https://access.redhat.com/security/cve/CVE-2026-28420 https://bugzilla.redhat.com/show_bug.cgi?id=2443484 https://www.cve.org/CVERecord?id=CVE-2026-28420 https://nvd.nist.gov/vuln/detail/CVE-2026-28420 https://github.com/vim/vim/commit/bb6de2105b160e729c34063 https://github.com/vim/vim/releases/tag/v9.2.0076 https://github.com/vim/vim/security/advisories/GHSA-rvj2-jrf9-2phg https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-28420.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "BXlYoXrAW947O+Adruh7Zw==": { "id": "BXlYoXrAW947O+Adruh7Zw==", "updater": "rhel-vex", "name": "CVE-2025-32415", "description": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.", "issued": "2025-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32415 https://bugzilla.redhat.com/show_bug.cgi?id=2360768 https://www.cve.org/CVERecord?id=CVE-2025-32415 https://nvd.nist.gov/vuln/detail/CVE-2025-32415 https://gitlab.gnome.org/GNOME/libxml2/-/issues/890 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32415.json https://access.redhat.com/errata/RHSA-2025:13428", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-12.el9_6", "arch_op": "pattern match" }, "BbM0NZsMsZnNUi1ybIzssw==": { "id": "BbM0NZsMsZnNUi1ybIzssw==", "updater": "rhel-vex", "name": "CVE-2025-1151", "description": "A flaw was found in the ld linker utility of GNU Binutils. A specially-crafted payload may be able to trigger a memory leak, which can lead to an application crash or other undefined behavior.", "issued": "2025-02-10T17:00:10Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1151 https://bugzilla.redhat.com/show_bug.cgi?id=2344713 https://www.cve.org/CVERecord?id=CVE-2025-1151 https://nvd.nist.gov/vuln/detail/CVE-2025-1151 https://sourceware.org/bugzilla/attachment.cgi?id=15887 https://sourceware.org/bugzilla/show_bug.cgi?id=32576 https://vuldb.com/?ctiid.295055 https://vuldb.com/?id.295055 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1151.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "BbiEB28Kb+GaQAOEIfj+qQ==": { "id": "BbiEB28Kb+GaQAOEIfj+qQ==", "updater": "rhel-vex", "name": "CVE-2025-58190", "description": "The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) in an exposed go application if an attacker provides specially crafted HTML content.", "issued": "2026-02-05T17:48:44Z", "links": "https://access.redhat.com/security/cve/CVE-2025-58190 https://bugzilla.redhat.com/show_bug.cgi?id=2437110 https://www.cve.org/CVERecord?id=CVE-2025-58190 https://nvd.nist.gov/vuln/detail/CVE-2025-58190 https://github.com/golang/vulndb/issues/4441 https://go.dev/cl/709875 https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c https://pkg.go.dev/vuln/GO-2026-4441 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-58190.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "BceQQXlChHEbiy2YYN7FvA==": { "id": "BceQQXlChHEbiy2YYN7FvA==", "updater": "rhel-vex", "name": "CVE-2023-25136", "description": "A flaw was found in the OpenSSH server (sshd), which introduced a double-free vulnerability during options.kex_algorithms handling. An unauthenticated attacker can trigger the double-free in the default configuration.", "issued": "2023-02-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25136 https://bugzilla.redhat.com/show_bug.cgi?id=2167636 https://www.cve.org/CVERecord?id=CVE-2023-25136 https://nvd.nist.gov/vuln/detail/CVE-2023-25136 https://bugzilla.mindrot.org/show_bug.cgi?id=3522 https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/017_sshd.patch.sig https://github.com/openssh/openssh-portable/commit/486c4dc3b83b4b67d663fb0fa62bc24138ec3946 https://www.openwall.com/lists/oss-security/2023/02/02/2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25136.json https://access.redhat.com/errata/RHSA-2023:2645", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-29.el9_2", "arch_op": "pattern match" }, "Bd+yU6xHUdyyaw65uiacIw==": { "id": "Bd+yU6xHUdyyaw65uiacIw==", "updater": "osv/go", "name": "GO-2023-1752", "description": "Improper handling of JavaScript whitespace in html/template", "issued": "2023-05-05T21:10:22Z", "links": "https://go.dev/issue/59721 https://go.dev/cl/491616 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.9" }, "BfDjqoaYrd0NKCGGxtokTg==": { "id": "BfDjqoaYrd0NKCGGxtokTg==", "updater": "rhel-vex", "name": "CVE-2023-48231", "description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "issued": "2023-11-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48231.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "BfJzk+M/zKnbrBHcCrvIlA==": { "id": "BfJzk+M/zKnbrBHcCrvIlA==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "BgLn2RypgHsjIVj0SLunZg==": { "id": "BgLn2RypgHsjIVj0SLunZg==", "updater": "rhel-vex", "name": "CVE-2023-29405", "description": "A flaw was found in golang. The go command may execute arbitrary code at build time when using cgo. This can occur when running \"go get\" on a malicious module, or when running any other command which builds untrusted code. This can be triggered by linker flags, specified via a \"#cgo LDFLAGS\" directive. Flags containing embedded spaces are mishandled, allowing disallowed flags to be smuggled through the LDFLAGS sanitization by including them in the argument of another flag. This only affects usage of the gccgo compiler.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29405 https://bugzilla.redhat.com/show_bug.cgi?id=2217569 https://www.cve.org/CVERecord?id=CVE-2023-29405 https://nvd.nist.gov/vuln/detail/CVE-2023-29405 https://go.dev/cl/501224 https://go.dev/issue/60306 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1842 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29405.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "Bh96oSV9q0619slTJCaM0Q==": { "id": "Bh96oSV9q0619slTJCaM0Q==", "updater": "rhel-vex", "name": "CVE-2023-40403", "description": "A flaw was found in libxslt package. Processing web content may disclose sensitive information. This issue was addressed with improved memory handling.", "issued": "2023-09-26T20:14:54Z", "links": "https://access.redhat.com/security/cve/CVE-2023-40403 https://bugzilla.redhat.com/show_bug.cgi?id=2349766 https://www.cve.org/CVERecord?id=CVE-2023-40403 https://nvd.nist.gov/vuln/detail/CVE-2023-40403 http://seclists.org/fulldisclosure/2023/Oct/10 http://seclists.org/fulldisclosure/2023/Oct/3 http://seclists.org/fulldisclosure/2023/Oct/4 http://seclists.org/fulldisclosure/2023/Oct/5 http://seclists.org/fulldisclosure/2023/Oct/6 http://seclists.org/fulldisclosure/2023/Oct/8 http://seclists.org/fulldisclosure/2023/Oct/9 https://bugs.chromium.org/p/chromium/issues/detail?id=1356211 https://bugzilla.gnome.org/show_bug.cgi?id=751621 https://gitlab.gnome.org/GNOME/libxslt/-/issues/94 https://support.apple.com/en-us/HT213927 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-40403.json https://access.redhat.com/errata/RHSA-2026:6266", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libxslt-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.1.34-14.el9_7.1", "arch_op": "pattern match" }, "BhK7UpiFjhg7FsRQcftqbg==": { "id": "BhK7UpiFjhg7FsRQcftqbg==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:11992", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-8.el9_6", "arch_op": "pattern match" }, "BheYJlsY7UG2Ru8eF1IU4g==": { "id": "BheYJlsY7UG2Ru8eF1IU4g==", "updater": "rhel-vex", "name": "CVE-2025-14104", "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14104 https://bugzilla.redhat.com/show_bug.cgi?id=2419369 https://www.cve.org/CVERecord?id=CVE-2025-14104 https://nvd.nist.gov/vuln/detail/CVE-2025-14104 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14104.json https://access.redhat.com/errata/RHSA-2026:1913", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libmount", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.37.4-21.el9_7", "arch_op": "pattern match" }, "Bo7awcYyKS5mr2PoscvH4g==": { "id": "Bo7awcYyKS5mr2PoscvH4g==", "updater": "rhel-vex", "name": "CVE-2026-32280", "description": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.", "issued": "2026-04-08T01:06:58Z", "links": "https://access.redhat.com/security/cve/CVE-2026-32280 https://bugzilla.redhat.com/show_bug.cgi?id=2456339 https://www.cve.org/CVERecord?id=CVE-2026-32280 https://nvd.nist.gov/vuln/detail/CVE-2026-32280 https://go.dev/cl/758320 https://go.dev/issue/78282 https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU https://pkg.go.dev/vuln/GO-2026-4947 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32280.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "BofAiVtqC38hX5ZAkBLTpA==": { "id": "BofAiVtqC38hX5ZAkBLTpA==", "updater": "osv/go", "name": "GO-2024-2599", "description": "Memory exhaustion in multipart form parsing in net/textproto and net/http", "issued": "2024-03-05T22:15:00Z", "links": "https://go.dev/issue/65383 https://go.dev/cl/569341 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.21.8" }, "Bp0jmZLVDqekxjq/Mq7PPA==": { "id": "Bp0jmZLVDqekxjq/Mq7PPA==", "updater": "rhel-vex", "name": "CVE-2022-1962", "description": "A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-1962 https://bugzilla.redhat.com/show_bug.cgi?id=2107376 https://www.cve.org/CVERecord?id=CVE-2022-1962 https://nvd.nist.gov/vuln/detail/CVE-2022-1962 https://go.dev/issue/53616 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-1962.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Bp4O+K+hM5aEmCc59xUWdA==": { "id": "Bp4O+K+hM5aEmCc59xUWdA==", "updater": "rhel-vex", "name": "CVE-2023-24807", "description": "Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24807 https://bugzilla.redhat.com/show_bug.cgi?id=2172204 https://www.cve.org/CVERecord?id=CVE-2023-24807 https://nvd.nist.gov/vuln/detail/CVE-2023-24807 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24807.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "BqzAZ5iQVHE6OkJ+a2YydQ==": { "id": "BqzAZ5iQVHE6OkJ+a2YydQ==", "updater": "osv/go", "name": "GO-2026-4342", "description": "Excessive CPU consumption when building archive index in archive/zip", "issued": "2026-01-28T19:08:28Z", "links": "https://go.dev/cl/736713 https://go.dev/issue/77102 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.12" }, "BsGuSaqfP6qrCK8KTTY4qw==": { "id": "BsGuSaqfP6qrCK8KTTY4qw==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1443", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198", "arch_op": "pattern match" }, "Bu9dxnhmsLXDd3x0oRPHfA==": { "id": "Bu9dxnhmsLXDd3x0oRPHfA==", "updater": "rhel-vex", "name": "CVE-2025-11413", "description": "A flaw was found in binutils. Processing a specially crafted object file with the ld linker can trigger an out-of-bounds write in the bfd_putl64 function in the bfd/libbfd.c file due to an improper check, causing a crash and resulting in a denial of service.", "issued": "2025-10-07T22:02:12Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11413 https://bugzilla.redhat.com/show_bug.cgi?id=2402423 https://www.cve.org/CVERecord?id=CVE-2025-11413 https://nvd.nist.gov/vuln/detail/CVE-2025-11413 https://sourceware.org/bugzilla/show_bug.cgi?id=33456 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=72efdf166aa0ed72ecc69fc2349af6591a7a19c0 https://vuldb.com/?id.327349 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11413.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Bua36N02B8W4H7+P8yixkw==": { "id": "Bua36N02B8W4H7+P8yixkw==", "updater": "rhel-vex", "name": "CVE-2024-24791", "description": "A flaw was found in Go. The net/http module mishandles specific server responses from HTTP/1.1 client requests. This issue may render a connection invalid and cause a denial of service.", "issued": "2024-07-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24791 https://bugzilla.redhat.com/show_bug.cgi?id=2295310 https://www.cve.org/CVERecord?id=CVE-2024-24791 https://nvd.nist.gov/vuln/detail/CVE-2024-24791 https://go.dev/cl/591255 https://go.dev/issue/67555 https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24791.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "BwQexIGmUvV9ONa+9gpe2w==": { "id": "BwQexIGmUvV9ONa+9gpe2w==", "updater": "rhel-vex", "name": "CVE-2024-26461", "description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "issued": "2024-02-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-26461.json https://access.redhat.com/errata/RHSA-2024:9331", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-3.el9", "arch_op": "pattern match" }, "ByykkIf8cqMarBUwgOjK0g==": { "id": "ByykkIf8cqMarBUwgOjK0g==", "updater": "rhel-vex", "name": "CVE-2023-30588", "description": "A vulnerability has been identified in the Node.js, where an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30588 https://bugzilla.redhat.com/show_bug.cgi?id=2219838 https://www.cve.org/CVERecord?id=CVE-2023-30588 https://nvd.nist.gov/vuln/detail/CVE-2023-30588 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30588.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "BzOgc4nzX2HHoodQY6X6vQ==": { "id": "BzOgc4nzX2HHoodQY6X6vQ==", "updater": "rhel-vex", "name": "CVE-2023-45288", "description": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45288 https://bugzilla.redhat.com/show_bug.cgi?id=2268273 https://www.cve.org/CVERecord?id=CVE-2023-45288 https://nvd.nist.gov/vuln/detail/CVE-2023-45288 https://nowotarski.info/http2-continuation-flood/ https://pkg.go.dev/vuln/GO-2024-2687 https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45288.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "Bzc4r1UXMoCf7blNLHkQGw==": { "id": "Bzc4r1UXMoCf7blNLHkQGw==", "updater": "rhel-vex", "name": "CVE-2025-4330", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows bypassing of extraction filters, enabling symlink traversal outside the intended extraction directory and potential modification of file metadata via malicious tar archives using TarFile.extractall() or TarFile.extract() with the filter=\"data\" or filter=\"tar\" parameters. This issue leads to potentially overwriting or modifying system files and metadata.", "issued": "2025-06-03T12:58:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4330 https://bugzilla.redhat.com/show_bug.cgi?id=2370014 https://www.cve.org/CVERecord?id=CVE-2025-4330 https://nvd.nist.gov/vuln/detail/CVE-2025-4330 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4330.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "C+2GxqMTQEZYKlJYDQE1Pg==": { "id": "C+2GxqMTQEZYKlJYDQE1Pg==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "C+zOyZD8CwAZei0FDIvlTA==": { "id": "C+zOyZD8CwAZei0FDIvlTA==", "updater": "rhel-vex", "name": "CVE-2026-27140", "description": "A flaw was found in the Go programming language (golang) and its command-line tool (cmd/go). A remote attacker could exploit this during the build process by crafting malicious SWIG (Simplified Wrapper and Interface Generator) file names that contain \"cgo\" and specific payloads. This could lead to code smuggling and arbitrary code execution, bypassing trust mechanisms and allowing the attacker to run unauthorized code.", "issued": "2026-04-08T01:06:57Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27140 https://bugzilla.redhat.com/show_bug.cgi?id=2456341 https://www.cve.org/CVERecord?id=CVE-2026-27140 https://nvd.nist.gov/vuln/detail/CVE-2026-27140 https://go.dev/cl/763768 https://go.dev/issue/78335 https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU https://pkg.go.dev/vuln/GO-2026-4871 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27140.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "C/qQQwNpHdvLBRbvV/RD1Q==": { "id": "C/qQQwNpHdvLBRbvV/RD1Q==", "updater": "rhel-vex", "name": "CVE-2026-21710", "description": "A flaw was found in Node.js. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request that includes a header named `__proto__`. When a Node.js application processes this request and attempts to access distinct headers, it encounters an unhandled error, leading to an application crash. This can result in a Denial of Service (DoS), making the affected service unavailable to users.", "issued": "2026-03-30T19:07:28Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21710 https://bugzilla.redhat.com/show_bug.cgi?id=2453151 https://www.cve.org/CVERecord?id=CVE-2026-21710 https://nvd.nist.gov/vuln/detail/CVE-2026-21710 https://nodejs.org/en/blog/vulnerability/march-2026-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21710.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "C0udSo+foVK8TphEaJ9u7g==": { "id": "C0udSo+foVK8TphEaJ9u7g==", "updater": "rhel-vex", "name": "CVE-2017-1000383", "description": "It was found that emacs applies the opened file read permissions to the swap file, overriding the process' umask. An attacker might search for vim swap files, that were not deleted properly, in order to retrieve sensible data.", "issued": "2017-10-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2017-1000383 https://bugzilla.redhat.com/show_bug.cgi?id=1508788 https://www.cve.org/CVERecord?id=CVE-2017-1000383 https://nvd.nist.gov/vuln/detail/CVE-2017-1000383 https://security.access.redhat.com/data/csaf/v2/vex/2017/cve-2017-1000383.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "emacs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "C2ejCCBwa9n29Fq9gpW/sw==": { "id": "C2ejCCBwa9n29Fq9gpW/sw==", "updater": "rhel-vex", "name": "CVE-2024-26458", "description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "issued": "2024-02-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-26458.json https://access.redhat.com/errata/RHSA-2024:9331", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-3.el9", "arch_op": "pattern match" }, "C7VuSVoDHe6g3ERpzwYLFg==": { "id": "C7VuSVoDHe6g3ERpzwYLFg==", "updater": "rhel-vex", "name": "CVE-2025-11731", "description": "A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT \u003cfunc:result\u003e elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regular XML element node, resulting in a type confusion. This can cause unexpected memory reads and potential crashes. While difficult to exploit, the flaw could lead to application instability or denial of service.", "issued": "2025-10-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11731 https://bugzilla.redhat.com/show_bug.cgi?id=2403688 https://www.cve.org/CVERecord?id=CVE-2025-11731 https://nvd.nist.gov/vuln/detail/CVE-2025-11731 https://gitlab.gnome.org/GNOME/libxslt/-/issues/151 https://gitlab.gnome.org/GNOME/libxslt/-/merge_requests/78 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11731.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxslt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "C7v5oMuGS9CuS5bfckNF/w==": { "id": "C7v5oMuGS9CuS5bfckNF/w==", "updater": "osv/go", "name": "GO-2022-0477", "description": "Indefinite hang with large buffers on Windows in crypto/rand", "issued": "2022-06-09T01:43:37Z", "links": "https://go.dev/cl/402257 https://go.googlesource.com/go/+/bb1f4416180511231de6d17a1f2f55c82aafc863 https://go.dev/issue/52561 https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.3" }, "C9NKmmH/EbcYxVOEg1uY9g==": { "id": "C9NKmmH/EbcYxVOEg1uY9g==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "CBFMybHyX4sHIYPIO6U5nw==": { "id": "CBFMybHyX4sHIYPIO6U5nw==", "updater": "rhel-vex", "name": "CVE-2026-26996", "description": "A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.", "issued": "2026-02-20T03:05:21Z", "links": "https://access.redhat.com/security/cve/CVE-2026-26996 https://bugzilla.redhat.com/show_bug.cgi?id=2441268 https://www.cve.org/CVERecord?id=CVE-2026-26996 https://nvd.nist.gov/vuln/detail/CVE-2026-26996 https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5 https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-26996.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "CBxUpiwpFiagAj3ihqf+vQ==": { "id": "CBxUpiwpFiagAj3ihqf+vQ==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "CCQ15lzJdM5OqfQf0dLnJQ==": { "id": "CCQ15lzJdM5OqfQf0dLnJQ==", "updater": "rhel-vex", "name": "CVE-2023-0802", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted32bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0802 https://bugzilla.redhat.com/show_bug.cgi?id=2170178 https://www.cve.org/CVERecord?id=CVE-2023-0802 https://nvd.nist.gov/vuln/detail/CVE-2023-0802 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0802.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "CD0KTiCn+kQ9+lGQdzy4Lw==": { "id": "CD0KTiCn+kQ9+lGQdzy4Lw==", "updater": "rhel-vex", "name": "CVE-2024-32002", "description": "A vulnerability was found in Git. This vulnerability allows the malicious manipulation of repositories containing submodules, exploiting a bug that enables the writing of files into the .git/ directory instead of the submodule's intended worktree. This manipulation facilitates the execution of arbitrary code during the cloning process, bypassing user inspection and control.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2280421 https://www.cve.org/CVERecord?id=CVE-2024-32002 https://nvd.nist.gov/vuln/detail/CVE-2024-32002 https://github.com/git/git/security/advisories/GHSA-8h77-4q3w-gfgv https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32002.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "CDo6xcGHS8cRMMAj5ptO4w==": { "id": "CDo6xcGHS8cRMMAj5ptO4w==", "updater": "rhel-vex", "name": "CVE-2026-22801", "description": "A flaw was found in libpng, a reference library for PNG (Portable Network Graphics) raster image files. An integer truncation vulnerability exists in the png_write_image_16bit and png_write_image_8bit simplified write API functions. A local attacker could exploit this flaw by providing a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes, leading to a heap buffer over-read. This can result in information disclosure or a denial of service (DoS) to the system.", "issued": "2026-01-12T22:57:58Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22801 https://bugzilla.redhat.com/show_bug.cgi?id=2428824 https://www.cve.org/CVERecord?id=CVE-2026-22801 https://nvd.nist.gov/vuln/detail/CVE-2026-22801 https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22801.json https://access.redhat.com/errata/RHSA-2026:3405", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libpng", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:1.6.37-12.el9_7.2", "arch_op": "pattern match" }, "CFRtSPlXDJlgi28bdADXZg==": { "id": "CFRtSPlXDJlgi28bdADXZg==", "updater": "osv/go", "name": "GO-2024-3105", "description": "Stack exhaustion in all Parse functions in go/parser", "issued": "2024-09-06T19:15:23Z", "links": "https://go.dev/cl/611238 https://go.dev/issue/69138 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.22.7" }, "CGXPj+Vc0sEcrUqgBw+BIQ==": { "id": "CGXPj+Vc0sEcrUqgBw+BIQ==", "updater": "rhel-vex", "name": "CVE-2026-21710", "description": "A flaw was found in Node.js. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request that includes a header named `__proto__`. When a Node.js application processes this request and attempts to access distinct headers, it encounters an unhandled error, leading to an application crash. This can result in a Denial of Service (DoS), making the affected service unavailable to users.", "issued": "2026-03-30T19:07:28Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21710 https://bugzilla.redhat.com/show_bug.cgi?id=2453151 https://www.cve.org/CVERecord?id=CVE-2026-21710 https://nvd.nist.gov/vuln/detail/CVE-2026-21710 https://nodejs.org/en/blog/vulnerability/march-2026-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21710.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "CH/8kg0DShdiNjzv6+DZnA==": { "id": "CH/8kg0DShdiNjzv6+DZnA==", "updater": "rhel-vex", "name": "CVE-2021-35938", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-build-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "CMGu0bZesU9cyPAc2vK34g==": { "id": "CMGu0bZesU9cyPAc2vK34g==", "updater": "rhel-vex", "name": "CVE-2019-12900", "description": "A data integrity error was found in the bzip2 (User-space package) functionality when decompressing. This issue occurs when a user decompresses a particular kind of .bz2 files. A local user could get unexpected results (or corrupted data) as result of decompressing these files.", "issued": "2024-11-15T10:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=2332075 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json https://access.redhat.com/errata/RHSA-2025:0925", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "bzip2-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.0.8-10.el9_5", "arch_op": "pattern match" }, "CPaw49wKw01O8KSP+trXbw==": { "id": "CPaw49wKw01O8KSP+trXbw==", "updater": "rhel-vex", "name": "CVE-2025-11081", "description": "An out of bounds read flaw has been discovered in GNU bin utilities. This issue affects the function dump_dwarf_section of the file binutils/objdump.c. Performing manipulation results in out-of-bounds read. The attack is only possible with local access.", "issued": "2025-09-27T22:02:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11081 https://bugzilla.redhat.com/show_bug.cgi?id=2399944 https://www.cve.org/CVERecord?id=CVE-2025-11081 https://nvd.nist.gov/vuln/detail/CVE-2025-11081 https://github.com/user-attachments/files/20623354/hdf5_crash_3.txt https://sourceware.org/bugzilla/show_bug.cgi?id=33406 https://sourceware.org/bugzilla/show_bug.cgi?id=33406#c2 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f87a66db645caf8cc0e6fc87b0c28c78a38af59b https://vuldb.com/?ctiid.326122 https://vuldb.com/?id.326122 https://vuldb.com/?submit.661275 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11081.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "CQNzMQJa1wEomWRr1m5WUQ==": { "id": "CQNzMQJa1wEomWRr1m5WUQ==", "updater": "rhel-vex", "name": "CVE-2026-34982", "description": "A flaw was found in Vim. A modeline is used to set specific editor options directly from a text file. However, the `complete`, `guitabtooltip`, `printheader` options and the `mapset` function lack proper security checks, allowing an attacker to bypass restrictions and cause arbitrary OS command execution.", "issued": "2026-04-06T15:16:48Z", "links": "https://access.redhat.com/security/cve/CVE-2026-34982 https://bugzilla.redhat.com/show_bug.cgi?id=2455400 https://www.cve.org/CVERecord?id=CVE-2026-34982 https://nvd.nist.gov/vuln/detail/CVE-2026-34982 http://www.openwall.com/lists/oss-security/2026/04/01/1 https://github.com/vim/vim/commit/75661a66a1db1e1f3f1245c615 https://github.com/vim/vim/releases/tag/v9.2.0276 https://github.com/vim/vim/security/advisories/GHSA-8h6p-m6gr-mpw9 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34982.json https://access.redhat.com/errata/RHSA-2026:11510", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-23.el9_7.3", "arch_op": "pattern match" }, "CQPV/OxtJ+DwYc6C4gniNQ==": { "id": "CQPV/OxtJ+DwYc6C4gniNQ==", "updater": "rhel-vex", "name": "CVE-2022-47008", "description": "A memory leak was found in binutils in the make_tempdir and make_tempname functions. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "issued": "2022-06-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-47008 https://bugzilla.redhat.com/show_bug.cgi?id=2233984 https://www.cve.org/CVERecord?id=CVE-2022-47008 https://nvd.nist.gov/vuln/detail/CVE-2022-47008 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47008.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "CQXGvG5qF0LSGK3lgLUXJg==": { "id": "CQXGvG5qF0LSGK3lgLUXJg==", "updater": "rhel-vex", "name": "CVE-2024-2511", "description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv1.3 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "issued": "2024-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "CQY3y5mGXL6FhNg/bhr8Rw==": { "id": "CQY3y5mGXL6FhNg/bhr8Rw==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Errno", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.30-481.el9", "arch_op": "pattern match" }, "CSv4lPWUxMcEgRRI/WkPaA==": { "id": "CSv4lPWUxMcEgRRI/WkPaA==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "CUQJjAsDbX9xkyOrUzo/mg==": { "id": "CUQJjAsDbX9xkyOrUzo/mg==", "updater": "rhel-vex", "name": "CVE-2026-4424", "description": "A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction.", "issued": "2026-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4424 https://bugzilla.redhat.com/show_bug.cgi?id=2449006 https://www.cve.org/CVERecord?id=CVE-2026-4424 https://nvd.nist.gov/vuln/detail/CVE-2026-4424 https://github.com/libarchive/libarchive/pull/2898 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4424.json https://access.redhat.com/errata/RHSA-2026:8510", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "High", "package": { "id": "", "name": "bsdtar", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-9.el9_7", "arch_op": "pattern match" }, "CV6bnIgwQPKblPGXrSplMA==": { "id": "CV6bnIgwQPKblPGXrSplMA==", "updater": "rhel-vex", "name": "CVE-2026-6993", "description": "A flaw was found in go-kratos kratos. A remote attacker could exploit a vulnerability in the HTTP server's `NewServer` function, specifically within the `http.DefaultServeMux Fallback Handler`. This manipulation creates an unintended intermediary, which can lead to the disclosure of sensitive information.", "issued": "2026-04-25T18:30:16Z", "links": "https://access.redhat.com/security/cve/CVE-2026-6993 https://bugzilla.redhat.com/show_bug.cgi?id=2461841 https://www.cve.org/CVERecord?id=CVE-2026-6993 https://nvd.nist.gov/vuln/detail/CVE-2026-6993 https://github.com/Yanhu007/kratos/commit/0284a5bcf92b5a7ee015300ce3051baf7ae4718d https://github.com/go-kratos/kratos/ https://github.com/go-kratos/kratos/issues/3810 https://github.com/go-kratos/kratos/pull/3814 https://vuldb.com/submit/797099 https://vuldb.com/vuln/359545 https://vuldb.com/vuln/359545/cti https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6993.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "CVEVcsUTo53Dm1KwYASf/w==": { "id": "CVEVcsUTo53Dm1KwYASf/w==", "updater": "rhel-vex", "name": "CVE-2026-32289", "description": "A flaw was found in the `html/template` package. This vulnerability arises from improper tracking of context and brace depth within JavaScript (JS) template literals. A remote attacker could exploit these issues to cause content to be incorrectly or improperly escaped, leading to Cross-Site Scripting (XSS) vulnerabilities. This could allow an attacker to inject malicious scripts into web pages viewed by other users.", "issued": "2026-04-08T01:06:56Z", "links": "https://access.redhat.com/security/cve/CVE-2026-32289 https://bugzilla.redhat.com/show_bug.cgi?id=2456334 https://www.cve.org/CVERecord?id=CVE-2026-32289 https://nvd.nist.gov/vuln/detail/CVE-2026-32289 https://go.dev/cl/763762 https://go.dev/issue/78331 https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU https://pkg.go.dev/vuln/GO-2026-4865 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32289.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "CVNFdSU8eHIr3mZk7+SX/Q==": { "id": "CVNFdSU8eHIr3mZk7+SX/Q==", "updater": "rhel-vex", "name": "CVE-2023-24539", "description": "A flaw was found in golang where angle brackets (\u003c\u003e) were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in the CSS context unexpectedly closing, allowing for the injection of unexpected HMTL if executed with untrusted input.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24539 https://bugzilla.redhat.com/show_bug.cgi?id=2196026 https://www.cve.org/CVERecord?id=CVE-2023-24539 https://nvd.nist.gov/vuln/detail/CVE-2023-24539 https://github.com/golang/go/issues/59720 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24539.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "CW81Lp11K0nBc+3dYegY/g==": { "id": "CW81Lp11K0nBc+3dYegY/g==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "CXlZx/1BY/yqrUCuQlON2w==": { "id": "CXlZx/1BY/yqrUCuQlON2w==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "CYbzKTdqzfhVDluEF23Dxg==": { "id": "CYbzKTdqzfhVDluEF23Dxg==", "updater": "rhel-vex", "name": "CVE-2025-24928", "description": "A flaw was found in libxml2. This vulnerability allows a stack-based buffer overflow via DTD validation of an untrusted document or untrusted DTD.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-24928 https://bugzilla.redhat.com/show_bug.cgi?id=2346421 https://www.cve.org/CVERecord?id=CVE-2025-24928 https://nvd.nist.gov/vuln/detail/CVE-2025-24928 https://gitlab.gnome.org/GNOME/libxml2/-/issues/847 https://issues.oss-fuzz.com/issues/392687022 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-24928.json https://access.redhat.com/errata/RHSA-2025:2679", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.2", "arch_op": "pattern match" }, "CYkHBvLQQf6RYY/2Qkr5gw==": { "id": "CYkHBvLQQf6RYY/2Qkr5gw==", "updater": "rhel-vex", "name": "CVE-2024-2511", "description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv1.3 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "issued": "2024-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "CaVsGPkqzxcrIauiEFdPpw==": { "id": "CaVsGPkqzxcrIauiEFdPpw==", "updater": "rhel-vex", "name": "CVE-2021-35937", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-sign-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "CacO7saUr+KLTbynVQRYzg==": { "id": "CacO7saUr+KLTbynVQRYzg==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "cpp", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "Cbqd4MLPHY6FcToWh7U3IA==": { "id": "Cbqd4MLPHY6FcToWh7U3IA==", "updater": "rhel-vex", "name": "CVE-2022-35252", "description": "A vulnerability found in curl. This security flaw happens when curl is used to retrieve and parse cookies from an HTTP(S) server, where it accepts cookies using control codes (byte values below 32), and also when cookies that contain such control codes are later sent back to an HTTP(S) server, possibly causing the server to return a 400 response. This issue effectively allows a \"sister site\" to deny service to siblings and cause a denial of service attack.", "issued": "2022-08-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-35252 https://bugzilla.redhat.com/show_bug.cgi?id=2120718 https://www.cve.org/CVERecord?id=CVE-2022-35252 https://nvd.nist.gov/vuln/detail/CVE-2022-35252 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-35252.json https://access.redhat.com/errata/RHSA-2023:2478", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9", "arch_op": "pattern match" }, "CfhyOTUZXzyZ1gBqX8Jz5Q==": { "id": "CfhyOTUZXzyZ1gBqX8Jz5Q==", "updater": "rhel-vex", "name": "CVE-2026-27137", "description": "A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.", "issued": "2026-03-06T21:28:13Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27137 https://bugzilla.redhat.com/show_bug.cgi?id=2445345 https://www.cve.org/CVERecord?id=CVE-2026-27137 https://nvd.nist.gov/vuln/detail/CVE-2026-27137 https://go.dev/cl/752182 https://go.dev/issue/77952 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://pkg.go.dev/vuln/GO-2026-4599 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27137.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "CoMZiX0VsWNhKSQo1NCYkg==": { "id": "CoMZiX0VsWNhKSQo1NCYkg==", "updater": "rhel-vex", "name": "CVE-2025-1244", "description": "A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirect.", "issued": "2025-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1244 https://bugzilla.redhat.com/show_bug.cgi?id=2345150 https://www.cve.org/CVERecord?id=CVE-2025-1244 https://nvd.nist.gov/vuln/detail/CVE-2025-1244 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1244.json https://access.redhat.com/errata/RHSA-2025:1915", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-11.el9_5.1", "arch_op": "pattern match" }, "Cr4I2Hcgcf8xO3Bc2/KIfA==": { "id": "Cr4I2Hcgcf8xO3Bc2/KIfA==", "updater": "osv/go", "name": "GO-2023-1840", "description": "Unsafe behavior in setuid/setgid binaries in runtime", "issued": "2023-06-08T20:16:06Z", "links": "https://go.dev/issue/60272 https://go.dev/cl/501223 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.10" }, "CrxvMdhOPgYpnOjfUKfH3Q==": { "id": "CrxvMdhOPgYpnOjfUKfH3Q==", "updater": "rhel-vex", "name": "CVE-2024-7006", "description": "A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash, eventually leading to a denial of service.", "issued": "2024-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7006 https://bugzilla.redhat.com/show_bug.cgi?id=2302996 https://www.cve.org/CVERecord?id=CVE-2024-7006 https://nvd.nist.gov/vuln/detail/CVE-2024-7006 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7006.json https://access.redhat.com/errata/RHSA-2024:8914", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9_4.1", "arch_op": "pattern match" }, "CuWE9qOLaSI+JhOsCiY03Q==": { "id": "CuWE9qOLaSI+JhOsCiY03Q==", "updater": "rhel-vex", "name": "CVE-2023-24540", "description": "A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set \"\\t\\n\\f\\r\\u0020\\u2028\\u2029\" in JavaScript contexts that also contain actions may not be properly sanitized during execution.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24540 https://bugzilla.redhat.com/show_bug.cgi?id=2196027 https://www.cve.org/CVERecord?id=CVE-2023-24540 https://nvd.nist.gov/vuln/detail/CVE-2023-24540 https://go.dev/issue/59721 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24540.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "Cxqp3OmZ1TuIow2bpolrUA==": { "id": "Cxqp3OmZ1TuIow2bpolrUA==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "D17rv5OxhiqZrK+otc1Xcg==": { "id": "D17rv5OxhiqZrK+otc1Xcg==", "updater": "rhel-vex", "name": "CVE-2026-35386", "description": "A flaw was found in OpenSSH. This vulnerability allows a remote attacker to achieve arbitrary command execution by injecting shell metacharacters into a username provided on the command line. Exploitation requires an untrusted username and a non-default configuration of the '%' character in `ssh_config`.", "issued": "2026-04-02T16:44:27Z", "links": "https://access.redhat.com/security/cve/CVE-2026-35386 https://bugzilla.redhat.com/show_bug.cgi?id=2454506 https://www.cve.org/CVERecord?id=CVE-2026-35386 https://nvd.nist.gov/vuln/detail/CVE-2026-35386 https://marc.info/?l=openssh-unix-dev\u0026m=177513443901484\u0026w=2 https://www.openssh.org/releasenotes.html#10.3p1 https://www.openwall.com/lists/oss-security/2026/04/02/3 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-35386.json https://access.redhat.com/errata/RHSA-2026:13381", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-49.el9_7", "arch_op": "pattern match" }, "D1jz5P28B8rwvnVaChXHiw==": { "id": "D1jz5P28B8rwvnVaChXHiw==", "updater": "rhel-vex", "name": "CVE-2023-39333", "description": "Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39333 https://bugzilla.redhat.com/show_bug.cgi?id=2244418 https://www.cve.org/CVERecord?id=CVE-2023-39333 https://nvd.nist.gov/vuln/detail/CVE-2023-39333 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39333.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "D2CamKwAHk5K+VusEH9d7Q==": { "id": "D2CamKwAHk5K+VusEH9d7Q==", "updater": "rhel-vex", "name": "CVE-2026-32281", "description": "A flaw was found in Go's `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.", "issued": "2026-04-08T01:06:58Z", "links": "https://access.redhat.com/security/cve/CVE-2026-32281 https://bugzilla.redhat.com/show_bug.cgi?id=2456333 https://www.cve.org/CVERecord?id=CVE-2026-32281 https://nvd.nist.gov/vuln/detail/CVE-2026-32281 https://go.dev/cl/758061 https://go.dev/issue/78281 https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU https://pkg.go.dev/vuln/GO-2026-4946 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32281.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "D5TjVz7ghGYgdoVa5+N8bw==": { "id": "D5TjVz7ghGYgdoVa5+N8bw==", "updater": "rhel-vex", "name": "CVE-2024-12088", "description": "A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory.", "issued": "2025-01-14T15:06:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12088 https://bugzilla.redhat.com/show_bug.cgi?id=2330676 https://www.cve.org/CVERecord?id=CVE-2024-12088 https://nvd.nist.gov/vuln/detail/CVE-2024-12088 https://kb.cert.org/vuls/id/952657 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12088.json https://access.redhat.com/errata/RHSA-2025:7050", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "rsync", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.2.5-3.el9", "arch_op": "pattern match" }, "D7U85Qc3CYAscEzhSfT76A==": { "id": "D7U85Qc3CYAscEzhSfT76A==", "updater": "rhel-vex", "name": "CVE-2025-15467", "description": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.", "issued": "2026-01-27T14:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15467 https://bugzilla.redhat.com/show_bug.cgi?id=2430376 https://www.cve.org/CVERecord?id=CVE-2025-15467 https://nvd.nist.gov/vuln/detail/CVE-2025-15467 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15467.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "DAwq8wwWp0GN/p0AvtHE9Q==": { "id": "DAwq8wwWp0GN/p0AvtHE9Q==", "updater": "rhel-vex", "name": "CVE-2023-46809", "description": "A flaw was found in Node.js. The privateDecrypt() API of the crypto library may allow a covert timing side-channel during PKCS#1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decrypt captured RSA ciphertexts or forge signatures, especially in scenarios involving API endpoints processing JSON Web Encryption messages.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46809 https://bugzilla.redhat.com/show_bug.cgi?id=2264569 https://www.cve.org/CVERecord?id=CVE-2023-46809 https://nvd.nist.gov/vuln/detail/CVE-2023-46809 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46809.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "DCflC/lDsmgt9IFXJM3PyA==": { "id": "DCflC/lDsmgt9IFXJM3PyA==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "DDPdyyhkyoDS2Vq0O3We0w==": { "id": "DDPdyyhkyoDS2Vq0O3We0w==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "DDxCHnX+kCqcRQj9b90/cg==": { "id": "DDxCHnX+kCqcRQj9b90/cg==", "updater": "rhel-vex", "name": "CVE-2023-4156", "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "issued": "2023-06-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4156.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gawk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "DE3GDsNl2faTwlhxzYBbYw==": { "id": "DE3GDsNl2faTwlhxzYBbYw==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "DFOoWHynQeFD6fZDvPyKMg==": { "id": "DFOoWHynQeFD6fZDvPyKMg==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "DG5z7r6LqnKlVNwHAxeXgA==": { "id": "DG5z7r6LqnKlVNwHAxeXgA==", "updater": "rhel-vex", "name": "CVE-2025-4674", "description": "A flaw was found in cmd/go. The `go` command can execute arbitrary commands when processing untrusted version control system (VCS) repositories containing malicious configuration. This issue occurs because the command interprets VCS metadata, potentially leading to unintended command execution. This vulnerability allows a malicious actor to trigger this by providing a repository with a crafted VCS configuration, resulting in arbitrary code execution within the context of the `go` process.", "issued": "2025-07-29T21:19:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4674 https://bugzilla.redhat.com/show_bug.cgi?id=2384329 https://www.cve.org/CVERecord?id=CVE-2025-4674 https://nvd.nist.gov/vuln/detail/CVE-2025-4674 https://go.dev/cl/686515 https://go.dev/issue/74380 https://groups.google.com/g/golang-announce/c/gTNJnDXmn34 https://pkg.go.dev/vuln/GO-2025-3828 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4674.json https://access.redhat.com/errata/RHSA-2025:13935", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.6-1.el9_6", "arch_op": "pattern match" }, "DGdHlHvCVlJgbLPDhdwSoA==": { "id": "DGdHlHvCVlJgbLPDhdwSoA==", "updater": "rhel-vex", "name": "CVE-2025-32989", "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", "issued": "2025-07-10T07:54:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32989 https://bugzilla.redhat.com/show_bug.cgi?id=2359621 https://www.cve.org/CVERecord?id=CVE-2025-32989 https://nvd.nist.gov/vuln/detail/CVE-2025-32989 https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32989.json https://access.redhat.com/errata/RHSA-2025:16116", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-6.el9_6.2", "arch_op": "pattern match" }, "DI5ofU0JT+/wsYx2AeXNiA==": { "id": "DI5ofU0JT+/wsYx2AeXNiA==", "updater": "rhel-vex", "name": "CVE-2022-41724", "description": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41724 https://bugzilla.redhat.com/show_bug.cgi?id=2178492 https://www.cve.org/CVERecord?id=CVE-2022-41724 https://nvd.nist.gov/vuln/detail/CVE-2022-41724 https://go.dev/cl/468125 https://go.dev/issue/58001 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E https://pkg.go.dev/vuln/GO-2023-1570 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41724.json https://access.redhat.com/errata/RHBA-2023:2181", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.6-2.el9_2", "arch_op": "pattern match" }, "DI7HeHo8A/itZHGTOHOQIg==": { "id": "DI7HeHo8A/itZHGTOHOQIg==", "updater": "rhel-vex", "name": "CVE-2025-22866", "description": "A flaw was found in the Golang crypto/internal/nistec package. Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Considering how this function is used, this leakage is likely insufficient to recover the private key when P-256 is used in any well-known protocols.", "issued": "2025-02-06T16:54:10Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22866 https://bugzilla.redhat.com/show_bug.cgi?id=2344219 https://www.cve.org/CVERecord?id=CVE-2025-22866 https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://pkg.go.dev/vuln/GO-2025-3447 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22866.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "DIXgPb+QqAbL75dH7f2Zww==": { "id": "DIXgPb+QqAbL75dH7f2Zww==", "updater": "rhel-vex", "name": "CVE-2024-4741", "description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "issued": "2024-05-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "DK1x7B/vzgaKlXynN3g1KA==": { "id": "DK1x7B/vzgaKlXynN3g1KA==", "updater": "rhel-vex", "name": "CVE-2024-52006", "description": "A flaw was found in Git. Git defines a line-based protocol that is used to exchange information between Git and Git credential helpers. Some ecosystems, most notably .NET and node.js, interpret single Carriage Return characters as newlines, which render the protections against CVE-2020-5260 incomplete for credential helpers, which has the potential to expose stored credentials to malicious URLs.", "issued": "2025-01-14T18:39:52Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52006 https://bugzilla.redhat.com/show_bug.cgi?id=2337956 https://www.cve.org/CVERecord?id=CVE-2024-52006 https://nvd.nist.gov/vuln/detail/CVE-2024-52006 https://github.com/git-ecosystem/git-credential-manager/security/advisories/GHSA-86c2-4x57-wc8g https://github.com/git/git/commit/b01b9b81d36759cdcd07305e78765199e1bc2060 https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q https://github.com/git/git/security/advisories/GHSA-r5ph-xg7q-xfrp https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52006.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "DKQ/Jfye0O77T1m4bCFM9A==": { "id": "DKQ/Jfye0O77T1m4bCFM9A==", "updater": "rhel-vex", "name": "CVE-2023-52425", "description": "A flaw was found in Expat (libexpat). When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service.", "issued": "2024-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-52425 https://bugzilla.redhat.com/show_bug.cgi?id=2262877 https://www.cve.org/CVERecord?id=CVE-2023-52425 https://nvd.nist.gov/vuln/detail/CVE-2023-52425 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52425.json https://access.redhat.com/errata/RHSA-2024:1530", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-1.el9_3.1", "arch_op": "pattern match" }, "DNd0sdbW83acQbIl3FDaPw==": { "id": "DNd0sdbW83acQbIl3FDaPw==", "updater": "rhel-vex", "name": "CVE-2023-0054", "description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "issued": "2023-01-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0054.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "DPcSz1MBKzyaMMMhJWVyEA==": { "id": "DPcSz1MBKzyaMMMhJWVyEA==", "updater": "rhel-vex", "name": "CVE-2023-30774", "description": "A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values.", "issued": "2023-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30774 https://bugzilla.redhat.com/show_bug.cgi?id=2187139 https://www.cve.org/CVERecord?id=CVE-2023-30774 https://nvd.nist.gov/vuln/detail/CVE-2023-30774 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30774.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "DQIgoLb/8+6+HRbr8B6wHw==": { "id": "DQIgoLb/8+6+HRbr8B6wHw==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "DSmpC9N7HZQbvi76icwCgw==": { "id": "DSmpC9N7HZQbvi76icwCgw==", "updater": "rhel-vex", "name": "CVE-2025-22873", "description": "A path traversal vulnerability has been identified in the Go os package affecting the Root abstraction, where improper handling of trailing path separators could allow access to the parent directory of a configured root directory. By supplying a filename ending in \"../\", an attacker may be able to open the immediate parent directory of the intended Root. Although this escape does not allow traversal to higher-level ancestors or direct access to files within the parent directory, it may expose directory metadata or unintended filesystem structure if the application passes untrusted path input to Root.Open.", "issued": "2026-02-04T23:05:24Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22873 https://bugzilla.redhat.com/show_bug.cgi?id=2436992 https://www.cve.org/CVERecord?id=CVE-2025-22873 https://nvd.nist.gov/vuln/detail/CVE-2025-22873 http://www.openwall.com/lists/oss-security/2025/05/06/2 https://go.dev/cl/670036 https://go.dev/issue/73555 https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ https://pkg.go.dev/vuln/GO-2026-4403 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22873.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "DTApvRZh1HJD5XbbpU3ahw==": { "id": "DTApvRZh1HJD5XbbpU3ahw==", "updater": "rhel-vex", "name": "CVE-2026-1757", "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "issued": "2026-02-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1757 https://bugzilla.redhat.com/show_bug.cgi?id=2435940 https://www.cve.org/CVERecord?id=CVE-2026-1757 https://nvd.nist.gov/vuln/detail/CVE-2026-1757 https://gitlab.gnome.org/GNOME/libxml2/-/issues/1009 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1757.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "DUP5ugYJi+iUbcfFxoSiig==": { "id": "DUP5ugYJi+iUbcfFxoSiig==", "updater": "rhel-vex", "name": "CVE-2026-27903", "description": "A flaw was found in minimatch, a utility for converting glob expressions into JavaScript regular expressions. A remote attacker can exploit this vulnerability by providing a specially crafted glob pattern containing multiple non-adjacent `**` (GLOBSTAR) segments. This can lead to unbounded recursive backtracking in the `matchOne()` function, causing a Denial of Service (DoS) by stalling the Node.js event loop for an extended period.", "issued": "2026-02-26T01:06:32Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27903 https://bugzilla.redhat.com/show_bug.cgi?id=2442919 https://www.cve.org/CVERecord?id=CVE-2026-27903 https://nvd.nist.gov/vuln/detail/CVE-2026-27903 https://github.com/isaacs/minimatch/security/advisories/GHSA-7r86-cg39-jmmj https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27903.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "DWR1BhA44yRQDLUOFXdOpw==": { "id": "DWR1BhA44yRQDLUOFXdOpw==", "updater": "rhel-vex", "name": "CVE-2026-21711", "description": "A flaw was found in Node.js. The Node.js Permission Model, designed to restrict network access, incorrectly omits permission checks for Unix Domain Socket (UDS) server operations. This allows local code, even when explicitly denied network access, to create and expose inter-process communication (IPC) endpoints. As a result, unauthorized communication can occur between processes on the same host, bypassing the intended network security restrictions.", "issued": "2026-03-30T19:07:28Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21711 https://bugzilla.redhat.com/show_bug.cgi?id=2453158 https://www.cve.org/CVERecord?id=CVE-2026-21711 https://nvd.nist.gov/vuln/detail/CVE-2026-21711 https://nodejs.org/en/blog/vulnerability/march-2026-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21711.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "DWl94vpEWRXsnNv1XWboVA==": { "id": "DWl94vpEWRXsnNv1XWboVA==", "updater": "rhel-vex", "name": "CVE-2024-6345", "description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "issued": "2024-07-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "python3-setuptools-wheel", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:53.0.0-12.el9_4.1", "arch_op": "pattern match" }, "DXoWfwXPN9ZCvCU/obObKQ==": { "id": "DXoWfwXPN9ZCvCU/obObKQ==", "updater": "rhel-vex", "name": "CVE-2026-4878", "description": "A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.", "issued": "2026-04-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4878 https://bugzilla.redhat.com/show_bug.cgi?id=2451615 https://www.cve.org/CVERecord?id=CVE-2026-4878 https://nvd.nist.gov/vuln/detail/CVE-2026-4878 https://bugzilla.redhat.com/show_bug.cgi?id=2447554 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4878.json https://access.redhat.com/errata/RHSA-2026:12441", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libcap", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.48-10.el9_7.1", "arch_op": "pattern match" }, "DZWopkvTJiWmVsAADTNOUw==": { "id": "DZWopkvTJiWmVsAADTNOUw==", "updater": "rhel-vex", "name": "CVE-2025-4435", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows unauthorized file extraction via crafted tar archives when TarFile.errorlevel=0, bypassing expected filtering mechanisms.", "issued": "2025-06-03T12:59:06Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4435 https://bugzilla.redhat.com/show_bug.cgi?id=2370010 https://www.cve.org/CVERecord?id=CVE-2025-4435 https://nvd.nist.gov/vuln/detail/CVE-2025-4435 https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4435.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "Daj39cn0p5rpBblQYRpPNw==": { "id": "Daj39cn0p5rpBblQYRpPNw==", "updater": "rhel-vex", "name": "CVE-2023-29469", "description": "A flaw was found in libxml2. This issue occurs when hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce inconsistent results, which may lead to various logic or memory errors, including double free errors.", "issued": "2023-04-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29469 https://bugzilla.redhat.com/show_bug.cgi?id=2185984 https://www.cve.org/CVERecord?id=CVE-2023-29469 https://nvd.nist.gov/vuln/detail/CVE-2023-29469 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29469.json https://access.redhat.com/errata/RHSA-2023:4349", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-3.el9_2.1", "arch_op": "pattern match" }, "DhF8bifcikVpxEkzi7eo9A==": { "id": "DhF8bifcikVpxEkzi7eo9A==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:20936", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-9.el9_7", "arch_op": "pattern match" }, "DhiTSAV5nEGdAk1xkbjRsw==": { "id": "DhiTSAV5nEGdAk1xkbjRsw==", "updater": "osv/go", "name": "GO-2023-1569", "description": "Excessive resource consumption in mime/multipart", "issued": "2023-02-21T20:44:30Z", "links": "https://go.dev/issue/58006 https://go.dev/cl/468124 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.6" }, "DjTY6HUnX+COP0+KJxD8lg==": { "id": "DjTY6HUnX+COP0+KJxD8lg==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1438", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-4.el9_3", "arch_op": "pattern match" }, "DjpSix06K6wkPOmaLpbGWg==": { "id": "DjpSix06K6wkPOmaLpbGWg==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "DjqCxCryg8LYvAZ67mAiSQ==": { "id": "DjqCxCryg8LYvAZ67mAiSQ==", "updater": "rhel-vex", "name": "CVE-2026-29111", "description": "A flaw was found in systemd, a system and service manager. An unprivileged user can exploit this vulnerability by making an Inter-Process Communication (IPC) API call with spurious data. In older versions (v249 and earlier), this can lead to stack overwriting with attacker-controlled content, potentially enabling arbitrary code execution or privilege escalation. In newer versions (v250 and later), the flaw causes systemd to assert and freeze, resulting in a Denial of Service (DoS).", "issued": "2026-03-23T21:03:56Z", "links": "https://access.redhat.com/security/cve/CVE-2026-29111 https://bugzilla.redhat.com/show_bug.cgi?id=2450505 https://www.cve.org/CVERecord?id=CVE-2026-29111 https://nvd.nist.gov/vuln/detail/CVE-2026-29111 https://github.com/systemd/systemd/commit/1d22f706bd04f45f8422e17fbde3f56ece17758a https://github.com/systemd/systemd/commit/20021e7686426052e3a7505425d7e12085feb2a6 https://github.com/systemd/systemd/commit/21167006574d6b83813c7596759b474f56562412 https://github.com/systemd/systemd/commit/3cee294fe8cf4fa0eff933ab21416d099942cabd https://github.com/systemd/systemd/commit/42aee39107fbdd7db1ccd402a2151822b2805e9f https://github.com/systemd/systemd/commit/54588d2dedff54bfb6036670820650e4ea74628f https://github.com/systemd/systemd/commit/7ac3220213690e8a8d6d2a6e81e43bd1dce01d69 https://github.com/systemd/systemd/commit/80acea4ef80a4bb78560ed970c34952299b890d6 https://github.com/systemd/systemd/commit/b5fd14693057e5f2c9b4a49603be64ec3608ff6c https://github.com/systemd/systemd/commit/efa6ba2ab625aaa160ac435a09e6482fc63bdbe8 https://github.com/systemd/systemd/security/advisories/GHSA-gx6q-6f99-m764 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-29111.json https://access.redhat.com/errata/RHSA-2026:13677", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd-pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:252-55.el9_7.9", "arch_op": "pattern match" }, "Dlv776lHnCBm01HWpf1zZQ==": { "id": "Dlv776lHnCBm01HWpf1zZQ==", "updater": "rhel-vex", "name": "CVE-2023-31147", "description": "A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom() are unavailable, c-ares will use rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand(), so it will generate predictable output.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31147 https://bugzilla.redhat.com/show_bug.cgi?id=2209501 https://www.cve.org/CVERecord?id=CVE-2023-31147 https://nvd.nist.gov/vuln/detail/CVE-2023-31147 https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31147.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "DlzGGXSItv6fZobEGaNWCA==": { "id": "DlzGGXSItv6fZobEGaNWCA==", "updater": "rhel-vex", "name": "CVE-2024-1394", "description": "A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey​ and ctx​. That function uses named return parameters to free pkey​ and ctx​ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the \"return nil, nil, fail(...)\" pattern, meaning that pkey​ and ctx​ will be nil inside the deferred function that should free them.", "issued": "2024-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-1394 https://bugzilla.redhat.com/show_bug.cgi?id=2262921 https://www.cve.org/CVERecord?id=CVE-2024-1394 https://nvd.nist.gov/vuln/detail/CVE-2024-1394 https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136 https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6 https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f https://pkg.go.dev/vuln/GO-2024-2660 https://vuln.go.dev/ID/GO-2024-2660.json https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1394.json https://access.redhat.com/errata/RHSA-2024:1462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-2.el9_3", "arch_op": "pattern match" }, "DmDFGmfYPZVBn95oG8E43w==": { "id": "DmDFGmfYPZVBn95oG8E43w==", "updater": "rhel-vex", "name": "CVE-2025-55130", "description": "A flaw in Node.js’s Permissions model allows attackers to bypass `--allow-fs-read` and `--allow-fs-write` restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files. This breaks the expected isolation guarantees and enables arbitrary file read/write.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-55130 https://bugzilla.redhat.com/show_bug.cgi?id=2431352 https://www.cve.org/CVERecord?id=CVE-2025-55130 https://nvd.nist.gov/vuln/detail/CVE-2025-55130 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-55130.json https://access.redhat.com/errata/RHSA-2026:2783", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.20.0-1.module+el9.7.0+23895+0637d423", "arch_op": "pattern match" }, "Dp0x43cNy9IQTCa5Vb7Uyw==": { "id": "Dp0x43cNy9IQTCa5Vb7Uyw==", "updater": "rhel-vex", "name": "CVE-2023-29402", "description": "A flaw was found in golang. The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program that uses cgo. This can occur when running an untrusted module that contains directories with newline characters in their names. Modules that are retrieved using the go command, for example, via \"go get\", are not affected. Modules retrieved using GOPATH-mode, for example, GO111MODULE=off may be affected.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29402 https://bugzilla.redhat.com/show_bug.cgi?id=2217562 https://www.cve.org/CVERecord?id=CVE-2023-29402 https://nvd.nist.gov/vuln/detail/CVE-2023-29402 https://go.dev/cl/501226 https://go.dev/issue/60167 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1839 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29402.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "DqajPgSmNnfF5+bVSuLXZQ==": { "id": "DqajPgSmNnfF5+bVSuLXZQ==", "updater": "rhel-vex", "name": "CVE-2023-34969", "description": "An assertion failure vulnerability was found in D-Bus. This issue occurs when a privileged monitoring connection (dbus-monitor, busctl monitor, gdbus monitor, or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to \u003cdeny\u003e rules or outgoing message quota. If a privileged user with control over the dbus-daemon is monitoring the message bus traffic using the Monitoring clients like the dbus-monitor or busctl monitor interfaces, then an unprivileged local user with the ability to connect to the same dbus-daemon could send specially crafted request, causing a dbus-daemon to crash, resulting in a denial of service under some circumstances.", "issued": "2023-06-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-34969 https://bugzilla.redhat.com/show_bug.cgi?id=2213166 https://www.cve.org/CVERecord?id=CVE-2023-34969 https://nvd.nist.gov/vuln/detail/CVE-2023-34969 https://gitlab.freedesktop.org/dbus/dbus/-/issues/457 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-34969.json https://access.redhat.com/errata/RHSA-2023:4569", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "dbus-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:1.12.20-7.el9_2.1", "arch_op": "pattern match" }, "DrIVK8+yvV91OzF2CS9o5A==": { "id": "DrIVK8+yvV91OzF2CS9o5A==", "updater": "rhel-vex", "name": "CVE-2025-4598", "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "issued": "2025-05-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4598 https://bugzilla.redhat.com/show_bug.cgi?id=2369242 https://www.cve.org/CVERecord?id=CVE-2025-4598 https://nvd.nist.gov/vuln/detail/CVE-2025-4598 https://www.openwall.com/lists/oss-security/2025/05/29/3 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4598.json https://access.redhat.com/errata/RHSA-2025:22660", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:252-55.el9_7.7", "arch_op": "pattern match" }, "DrIpfcclD2b0iXSNtu+I6Q==": { "id": "DrIpfcclD2b0iXSNtu+I6Q==", "updater": "rhel-vex", "name": "CVE-2023-39325", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39325 https://bugzilla.redhat.com/show_bug.cgi?id=2243296 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-39325 https://nvd.nist.gov/vuln/detail/CVE-2023-39325 https://access.redhat.com/security/cve/CVE-2023-44487 https://go.dev/issue/63417 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39325.json https://access.redhat.com/errata/RHSA-2023:5738", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.13-1.el9_2", "arch_op": "pattern match" }, "DrL6S4TbqHyLJh/Go9vALA==": { "id": "DrL6S4TbqHyLJh/Go9vALA==", "updater": "rhel-vex", "name": "CVE-2023-28321", "description": "A flaw was found in the Curl package. An incorrect International Domain Name (IDN) wildcard match may lead to improper certificate validation.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28321 https://bugzilla.redhat.com/show_bug.cgi?id=2196786 https://www.cve.org/CVERecord?id=CVE-2023-28321 https://nvd.nist.gov/vuln/detail/CVE-2023-28321 https://curl.se/docs/CVE-2023-28321.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28321.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "Ds5dBDqvRggZONNskvuAwg==": { "id": "Ds5dBDqvRggZONNskvuAwg==", "updater": "rhel-vex", "name": "CVE-2026-6019", "description": "A flaw was found in Python's `http.cookies` module. The `Morsel.js_output()` function, responsible for generating JavaScript output for cookies, does not properly neutralize the `\u003c/script\u003e` HTML sequence. This oversight could allow a remote attacker to inject malicious script into a web page, potentially leading to Cross-Site Scripting (XSS) attacks. Such an attack could result in information disclosure or arbitrary code execution within the user's browser.", "issued": "2026-04-22T19:28:08Z", "links": "https://access.redhat.com/security/cve/CVE-2026-6019 https://bugzilla.redhat.com/show_bug.cgi?id=2460869 https://www.cve.org/CVERecord?id=CVE-2026-6019 https://nvd.nist.gov/vuln/detail/CVE-2026-6019 https://github.com/python/cpython/commit/76b3923d688c0efc580658476c5f525ec8735104 https://github.com/python/cpython/issues/90309 https://github.com/python/cpython/pull/148848 https://mail.python.org/archives/list/security-announce@python.org/thread/IVNWGV2BBNC3RHQAFS22UP4DY56SAXX3/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6019.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3.9", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "DtCtyEFA0WRhx44S/aRChA==": { "id": "DtCtyEFA0WRhx44S/aRChA==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "DtYmtBkxVMK6KVHn4U+2Yw==": { "id": "DtYmtBkxVMK6KVHn4U+2Yw==", "updater": "rhel-vex", "name": "CVE-2024-52533", "description": "A flaw was found in the Glib library. A buffer overflow condition can be triggered in certain conditions due to an off-by-one error in SOCKS4_CONN_MSG_LEN. This issue may lead to an application crash or other undefined behavior.", "issued": "2024-11-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52533 https://bugzilla.redhat.com/show_bug.cgi?id=2325340 https://www.cve.org/CVERecord?id=CVE-2024-52533 https://nvd.nist.gov/vuln/detail/CVE-2024-52533 https://gitlab.gnome.org/GNOME/glib/-/issues/3461 https://gitlab.gnome.org/GNOME/glib/-/releases/2.82.1 https://gitlab.gnome.org/Teams/Releng/security/-/wikis/home https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52533.json https://access.redhat.com/errata/RHSA-2025:11140", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-16.el9_6.2", "arch_op": "pattern match" }, "DtkRUkQTzcJrj8ZsC36kqQ==": { "id": "DtkRUkQTzcJrj8ZsC36kqQ==", "updater": "rhel-vex", "name": "CVE-2025-50181", "description": "A flaw was found in urllib3. The `PoolManager` class allows redirects to be disabled by configuring retries in a specific manner, effectively bypassing intended HTTP redirection behavior. A network attacker can leverage this configuration to manipulate request flows and disrupt service. This bypass occurs through improper handling of retry parameters during PoolManager instantiation. This issue can reult in a denial of service or unintended data exposure due to altered request destinations.", "issued": "2025-06-19T01:08:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-50181 https://bugzilla.redhat.com/show_bug.cgi?id=2373799 https://www.cve.org/CVERecord?id=CVE-2025-50181 https://nvd.nist.gov/vuln/detail/CVE-2025-50181 https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857 https://github.com/urllib3/urllib3/security/advisories/GHSA-pq67-6m6q-mj2v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-50181.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "DwDznogCJiIx7SjddRcbCQ==": { "id": "DwDznogCJiIx7SjddRcbCQ==", "updater": "rhel-vex", "name": "CVE-2025-49794", "description": "A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the \u003csch:name path=\"...\"/\u003e schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.", "issued": "2025-06-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-49794 https://bugzilla.redhat.com/show_bug.cgi?id=2372373 https://www.cve.org/CVERecord?id=CVE-2025-49794 https://nvd.nist.gov/vuln/detail/CVE-2025-49794 https://gitlab.gnome.org/GNOME/libxml2/-/issues/931 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-49794.json https://access.redhat.com/errata/RHSA-2025:10699", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-10.el9_6", "arch_op": "pattern match" }, "DyteGYzEcNMaIwU0U8gq/w==": { "id": "DyteGYzEcNMaIwU0U8gq/w==", "updater": "rhel-vex", "name": "CVE-2025-23166", "description": "A flaw was found in Node.js, specifically in the C++ method SignTraits::DeriveBits(). This vulnerability can allow a remote attacker to crash the Node.js runtime via untrusted input, triggering an exception in a background thread.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23166 https://bugzilla.redhat.com/show_bug.cgi?id=2367163 https://www.cve.org/CVERecord?id=CVE-2025-23166 https://nvd.nist.gov/vuln/detail/CVE-2025-23166 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23166.json https://access.redhat.com/errata/RHSA-2025:8468", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.19.2-1.module+el9.6.0+23146+be9976bd", "arch_op": "pattern match" }, "DzB2GvXN7uyOKTXPPshLvg==": { "id": "DzB2GvXN7uyOKTXPPshLvg==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "DzmttTV7e68kFVXC8f9lew==": { "id": "DzmttTV7e68kFVXC8f9lew==", "updater": "rhel-vex", "name": "CVE-2026-26996", "description": "A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.", "issued": "2026-02-20T03:05:21Z", "links": "https://access.redhat.com/security/cve/CVE-2026-26996 https://bugzilla.redhat.com/show_bug.cgi?id=2441268 https://www.cve.org/CVERecord?id=CVE-2026-26996 https://nvd.nist.gov/vuln/detail/CVE-2026-26996 https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5 https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-26996.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "E6F4Bsc58fK+0x+N9LY6gA==": { "id": "E6F4Bsc58fK+0x+N9LY6gA==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5765", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-3.el9_2", "arch_op": "pattern match" }, "E90jB6HCh1KjzQXtmHMUUg==": { "id": "E90jB6HCh1KjzQXtmHMUUg==", "updater": "rhel-vex", "name": "CVE-2025-27613", "description": "A vulnerability has been identified in the gitk application that could lead to unauthorized file modification or data loss.\n\nThis flaw manifests in two primary scenarios:\n- Untrusted Repository Cloning: When a user is tricked into cloning an untrusted Git repository and then uses gitk to visualize it without any additional parameters, any writable file on the user's system can be arbitrarily created or truncated. Exploitation via this method also requires the Support per-file encoding option to be explicitly enabled in Gitk's preferences, which is not the default setting.\n- 'Show origin of this line' Command: The vulnerability can also be triggered if a user employs the Show origin of this line command within gitk's main window while viewing a malicious repository. This method does not depend on the Support per-file encoding option being enabled.\n\nThe primary risk is unauthorized file system modification, which could lead to data integrity issues, data loss, or potentially open avenues for further system compromise.", "issued": "2025-07-08T13:01:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27613 https://bugzilla.redhat.com/show_bug.cgi?id=2379124 https://www.cve.org/CVERecord?id=CVE-2025-27613 https://nvd.nist.gov/vuln/detail/CVE-2025-27613 https://github.com/j6t/gitk/security/advisories/GHSA-f3cw-xrj3-wr2v https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/ https://www.openwall.com/lists/oss-security/2025/07/08/4 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27613.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "EB6fg0YbdpF3FjycPEVN/Q==": { "id": "EB6fg0YbdpF3FjycPEVN/Q==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "EBopL1hbi9GBQGXZUVNCAA==": { "id": "EBopL1hbi9GBQGXZUVNCAA==", "updater": "rhel-vex", "name": "CVE-2023-31147", "description": "A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom() are unavailable, c-ares will use rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand(), so it will generate predictable output.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31147 https://bugzilla.redhat.com/show_bug.cgi?id=2209501 https://www.cve.org/CVERecord?id=CVE-2023-31147 https://nvd.nist.gov/vuln/detail/CVE-2023-31147 https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31147.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "ECzeIHiPGDDmiEUQjBzFxg==": { "id": "ECzeIHiPGDDmiEUQjBzFxg==", "updater": "rhel-vex", "name": "CVE-2023-30589", "description": "A vulnerability has been identified in the Node.js, where llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30589 https://bugzilla.redhat.com/show_bug.cgi?id=2219841 https://www.cve.org/CVERecord?id=CVE-2023-30589 https://nvd.nist.gov/vuln/detail/CVE-2023-30589 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30589.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "EE23Ay78OLUGxmoM3vXPbA==": { "id": "EE23Ay78OLUGxmoM3vXPbA==", "updater": "rhel-vex", "name": "CVE-2024-0567", "description": "A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.", "issued": "2024-01-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0567 https://bugzilla.redhat.com/show_bug.cgi?id=2258544 https://www.cve.org/CVERecord?id=CVE-2024-0567 https://nvd.nist.gov/vuln/detail/CVE-2024-0567 https://gitlab.com/gnutls/gnutls/-/issues/1521 https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0567.json https://access.redhat.com/errata/RHSA-2024:0533", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-23.el9_3.3", "arch_op": "pattern match" }, "EEMnwT7ARQJ+dbVETnKljw==": { "id": "EEMnwT7ARQJ+dbVETnKljw==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Getopt-Std", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.12-481.1.el9_6", "arch_op": "pattern match" }, "EEsEsfQRh24NPMdhg4HPHw==": { "id": "EEsEsfQRh24NPMdhg4HPHw==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "EFXoHkta9v8NXWXURLTCBw==": { "id": "EFXoHkta9v8NXWXURLTCBw==", "updater": "rhel-vex", "name": "CVE-2026-2297", "description": "A flaw was found in CPython. This vulnerability allows a local user with low privileges to bypass security auditing mechanisms. The issue occurs because the SourcelessFileLoader component, responsible for handling older Python compiled files (.pyc), does not properly trigger system audit events. This oversight could enable malicious activities to go undetected, compromising the integrity of the system.", "issued": "2026-03-04T22:10:43Z", "links": "https://access.redhat.com/security/cve/CVE-2026-2297 https://bugzilla.redhat.com/show_bug.cgi?id=2444691 https://www.cve.org/CVERecord?id=CVE-2026-2297 https://nvd.nist.gov/vuln/detail/CVE-2026-2297 https://github.com/python/cpython/commit/482d6f8bdba9da3725d272e8bb4a2d25fb6a603e https://github.com/python/cpython/commit/a51b1b512de1d56b3714b65628a2eae2b07e535e https://github.com/python/cpython/commit/e58e9802b9bec5cdbf48fc9bf1da5f4fda482e86 https://github.com/python/cpython/issues/145506 https://github.com/python/cpython/pull/145507 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2297.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "python3.9", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EFfUhTiwNATI8s7BT2T3xA==": { "id": "EFfUhTiwNATI8s7BT2T3xA==", "updater": "rhel-vex", "name": "CVE-2021-3115", "description": "A flaw was found in golang: cmd/go, in which Go can execute arbitrary commands at build time when cgo is in use on Windows OS. On Linux/Unix, only users who have \".\" listed explicitly in their PATH variable are affected. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-01-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3115 https://bugzilla.redhat.com/show_bug.cgi?id=1918761 https://www.cve.org/CVERecord?id=CVE-2021-3115 https://nvd.nist.gov/vuln/detail/CVE-2021-3115 https://groups.google.com/g/golang-announce/c/mperVMGa98w https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3115.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EGDBCdh3xodxfhx6SFGa1w==": { "id": "EGDBCdh3xodxfhx6SFGa1w==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "EGiW9TUcKA6dU0wY//GJ7w==": { "id": "EGiW9TUcKA6dU0wY//GJ7w==", "updater": "rhel-vex", "name": "CVE-2025-68160", "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-68160 https://bugzilla.redhat.com/show_bug.cgi?id=2430380 https://www.cve.org/CVERecord?id=CVE-2025-68160 https://nvd.nist.gov/vuln/detail/CVE-2025-68160 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68160.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "EHdSTtZdfwUmOpf3vIeLWQ==": { "id": "EHdSTtZdfwUmOpf3vIeLWQ==", "updater": "rhel-vex", "name": "CVE-2023-23916", "description": "A flaw was found in the Curl package. A malicious server can insert an unlimited number of compression steps. This decompression chain could result in out-of-memory errors.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23916 https://bugzilla.redhat.com/show_bug.cgi?id=2167815 https://www.cve.org/CVERecord?id=CVE-2023-23916 https://nvd.nist.gov/vuln/detail/CVE-2023-23916 https://curl.se/docs/CVE-2023-23916.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23916.json https://access.redhat.com/errata/RHSA-2023:1701", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-19.el9_1.2", "arch_op": "pattern match" }, "EHm3zJn0ztZtx1t/Qo6ngA==": { "id": "EHm3zJn0ztZtx1t/Qo6ngA==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:11802", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.16.0-2.module+el9.6.0+23339+d3c8acfa", "arch_op": "pattern match" }, "ENoYJ+9TEzYG+jTQB5meaw==": { "id": "ENoYJ+9TEzYG+jTQB5meaw==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "ERpg5QsiyVdbxyySZngvaA==": { "id": "ERpg5QsiyVdbxyySZngvaA==", "updater": "rhel-vex", "name": "CVE-2024-24785", "description": "A flaw was found in Go's html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into templates.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24785 https://bugzilla.redhat.com/show_bug.cgi?id=2268022 https://www.cve.org/CVERecord?id=CVE-2024-24785 https://nvd.nist.gov/vuln/detail/CVE-2024-24785 https://go.dev/cl/564196 https://go.dev/issue/65697 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://vuln.go.dev/ID/GO-2024-2610.json https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24785.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "ETHiyyNutSsXU1p7nfcRIA==": { "id": "ETHiyyNutSsXU1p7nfcRIA==", "updater": "rhel-vex", "name": "CVE-2025-49796", "description": "A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.", "issued": "2025-06-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-49796 https://bugzilla.redhat.com/show_bug.cgi?id=2372385 https://www.cve.org/CVERecord?id=CVE-2025-49796 https://nvd.nist.gov/vuln/detail/CVE-2025-49796 https://gitlab.gnome.org/GNOME/libxml2/-/issues/933 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-49796.json https://access.redhat.com/errata/RHSA-2025:10699", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-10.el9_6", "arch_op": "pattern match" }, "ETcQXJZrA6IUPRr4MXFUIw==": { "id": "ETcQXJZrA6IUPRr4MXFUIw==", "updater": "rhel-vex", "name": "CVE-2023-6228", "description": "An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash.", "issued": "2023-09-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6228 https://bugzilla.redhat.com/show_bug.cgi?id=2240995 https://www.cve.org/CVERecord?id=CVE-2023-6228 https://nvd.nist.gov/vuln/detail/CVE-2023-6228 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6228.json https://access.redhat.com/errata/RHSA-2024:2289", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9", "arch_op": "pattern match" }, "ETjF+btf4DIblmTTbHaZSA==": { "id": "ETjF+btf4DIblmTTbHaZSA==", "updater": "rhel-vex", "name": "CVE-2023-28322", "description": "A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28322 https://bugzilla.redhat.com/show_bug.cgi?id=2196793 https://www.cve.org/CVERecord?id=CVE-2023-28322 https://nvd.nist.gov/vuln/detail/CVE-2023-28322 https://curl.se/docs/CVE-2023-28322.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28322.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "EUzfiOQu+qZDEDuD1AbDtA==": { "id": "EUzfiOQu+qZDEDuD1AbDtA==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "EVXEAewBnzdtEIOYHBpZfA==": { "id": "EVXEAewBnzdtEIOYHBpZfA==", "updater": "rhel-vex", "name": "CVE-2025-8176", "description": "A flaw was found in libtiff. The `get_histogram` function in `file/tiffmedian.c` exhibits a use-after-free condition when processing a specially crafted file, allowing a local attacker to trigger memory corruption. This manipulation results in a use-after-free vulnerability, and can lead to a denial of service.", "issued": "2025-07-26T03:32:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8176 https://bugzilla.redhat.com/show_bug.cgi?id=2383598 https://www.cve.org/CVERecord?id=CVE-2025-8176 https://nvd.nist.gov/vuln/detail/CVE-2025-8176 http://www.libtiff.org/ https://gitlab.com/libtiff/libtiff/-/commit/fe10872e53efba9cc36c66ac4ab3b41a839d5172 https://gitlab.com/libtiff/libtiff/-/issues/707 https://gitlab.com/libtiff/libtiff/-/merge_requests/727 https://vuldb.com/?ctiid.317590 https://vuldb.com/?id.317590 https://vuldb.com/?submit.621796 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8176.json https://access.redhat.com/errata/RHSA-2025:19113", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-13.el9_6.2", "arch_op": "pattern match" }, "EX/jsJKUxl+Y92LbkHwIVg==": { "id": "EX/jsJKUxl+Y92LbkHwIVg==", "updater": "osv/go", "name": "GO-2023-2186", "description": "Incorrect detection of reserved device names on Windows in path/filepath", "issued": "2023-11-08T22:42:19Z", "links": "https://go.dev/issue/63713 https://go.dev/cl/540277 https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.20.11" }, "EXLHkqcreyuJdfrNBsxdNw==": { "id": "EXLHkqcreyuJdfrNBsxdNw==", "updater": "rhel-vex", "name": "CVE-2026-1525", "description": "A flaw was found in undici, a Node.js HTTP/1.1 client. A remote attacker could exploit this vulnerability by sending HTTP/1.1 requests that include duplicate Content-Length headers with different casing (e.g., \"Content-Length\" and \"content-length\"). This can lead to HTTP Request Smuggling, a technique where an attacker sends an ambiguous request that is interpreted differently by a proxy and a backend server. Successful exploitation could result in unauthorized access, cache poisoning, or credential hijacking. It may also cause a Denial of Service (DoS) if strict HTTP parsers reject the malformed requests.", "issued": "2026-03-12T19:56:55Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1525 https://bugzilla.redhat.com/show_bug.cgi?id=2447144 https://www.cve.org/CVERecord?id=CVE-2026-1525 https://nvd.nist.gov/vuln/detail/CVE-2026-1525 https://cna.openjsf.org/security-advisories.html https://cwe.mitre.org/data/definitions/444.html https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm https://hackerone.com/reports/3556037 https://www.rfc-editor.org/rfc/rfc9110.html#section-8.6 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1525.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "EXWaDNivW550gBh9Dm6gCQ==": { "id": "EXWaDNivW550gBh9Dm6gCQ==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "EXi8j2JWeu5xYuWml6Ellg==": { "id": "EXi8j2JWeu5xYuWml6Ellg==", "updater": "rhel-vex", "name": "CVE-2023-31124", "description": "A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31124 https://bugzilla.redhat.com/show_bug.cgi?id=2209494 https://www.cve.org/CVERecord?id=CVE-2023-31124 https://nvd.nist.gov/vuln/detail/CVE-2023-31124 https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31124.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "EYkM0DDu8tbFKzGysEiO0Q==": { "id": "EYkM0DDu8tbFKzGysEiO0Q==", "updater": "rhel-vex", "name": "CVE-2023-27538", "description": "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27538 https://bugzilla.redhat.com/show_bug.cgi?id=2179103 https://www.cve.org/CVERecord?id=CVE-2023-27538 https://nvd.nist.gov/vuln/detail/CVE-2023-27538 https://curl.se/docs/CVE-2023-27538.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27538.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "EZo12eG9Obl1kmhRKBmcvA==": { "id": "EZo12eG9Obl1kmhRKBmcvA==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "EahYBNc6RsapXfHOvUMG/A==": { "id": "EahYBNc6RsapXfHOvUMG/A==", "updater": "osv/go", "name": "GO-2025-4008", "description": "ALPN negotiation error contains attacker controlled information in crypto/tls", "issued": "2025-10-29T21:49:53Z", "links": "https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.8" }, "Ec/FYvTTz4riEqnQe1G+Fw==": { "id": "Ec/FYvTTz4riEqnQe1G+Fw==", "updater": "rhel-vex", "name": "CVE-2025-22871", "description": "A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed (LF) instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to send hidden or unauthorized requests.", "issued": "2025-04-08T20:04:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/show_bug.cgi?id=2358493 https://www.cve.org/CVERecord?id=CVE-2025-22871 https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://pkg.go.dev/vuln/GO-2025-3563 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22871.json https://access.redhat.com/errata/RHSA-2025:8476", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.9-1.el9_6", "arch_op": "pattern match" }, "Ee2apAGC0PFcPNtPjyeqbg==": { "id": "Ee2apAGC0PFcPNtPjyeqbg==", "updater": "rhel-vex", "name": "CVE-2025-23166", "description": "A flaw was found in Node.js, specifically in the C++ method SignTraits::DeriveBits(). This vulnerability can allow a remote attacker to crash the Node.js runtime via untrusted input, triggering an exception in a background thread.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23166 https://bugzilla.redhat.com/show_bug.cgi?id=2367163 https://www.cve.org/CVERecord?id=CVE-2025-23166 https://nvd.nist.gov/vuln/detail/CVE-2025-23166 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23166.json https://access.redhat.com/errata/RHSA-2025:8467", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.16.0-1.module+el9.6.0+23151+b1496e9d", "arch_op": "pattern match" }, "EfJCfNem+1eUwnsxx2dNOg==": { "id": "EfJCfNem+1eUwnsxx2dNOg==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "Eh3WlvVSpgyvj1kaA5So7g==": { "id": "Eh3WlvVSpgyvj1kaA5So7g==", "updater": "rhel-vex", "name": "CVE-2025-13601", "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "issued": "2025-11-24T13:00:15Z", "links": "https://access.redhat.com/security/cve/CVE-2025-13601 https://bugzilla.redhat.com/show_bug.cgi?id=2416741 https://www.cve.org/CVERecord?id=CVE-2025-13601 https://nvd.nist.gov/vuln/detail/CVE-2025-13601 https://gitlab.gnome.org/GNOME/glib/-/issues/3827 https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-13601.json https://access.redhat.com/errata/RHSA-2026:0936", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-18.el9_7.1", "arch_op": "pattern match" }, "EhGXJy3ul8A4j+8SbzYCkw==": { "id": "EhGXJy3ul8A4j+8SbzYCkw==", "updater": "rhel-vex", "name": "CVE-2025-6021", "description": "A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.", "issued": "2025-06-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6021 https://bugzilla.redhat.com/show_bug.cgi?id=2372406 https://www.cve.org/CVERecord?id=CVE-2025-6021 https://nvd.nist.gov/vuln/detail/CVE-2025-6021 https://gitlab.gnome.org/GNOME/libxml2/-/issues/926 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6021.json https://access.redhat.com/errata/RHSA-2025:10699", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-10.el9_6", "arch_op": "pattern match" }, "EhVqWSecC9djAkoW+k/+hQ==": { "id": "EhVqWSecC9djAkoW+k/+hQ==", "updater": "rhel-vex", "name": "CVE-2023-2975", "description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "issued": "2023-07-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "EhcxS6FJz0RDq0+uuwuiEA==": { "id": "EhcxS6FJz0RDq0+uuwuiEA==", "updater": "rhel-vex", "name": "CVE-2024-24784", "description": "A flaw was found in Go's net/mail standard library package. The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions made by programs using different parsers.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24784 https://bugzilla.redhat.com/show_bug.cgi?id=2268021 https://www.cve.org/CVERecord?id=CVE-2024-24784 https://nvd.nist.gov/vuln/detail/CVE-2024-24784 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24784.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "EhgsZTFIUAr2YMmtGzoFMQ==": { "id": "EhgsZTFIUAr2YMmtGzoFMQ==", "updater": "rhel-vex", "name": "CVE-2024-34158", "description": "A flaw was found in the go/build/constraint package of the Golang standard library. Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34158 https://bugzilla.redhat.com/show_bug.cgi?id=2310529 https://www.cve.org/CVERecord?id=CVE-2024-34158 https://nvd.nist.gov/vuln/detail/CVE-2024-34158 https://go.dev/cl/611240 https://go.dev/issue/69141 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3107 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34158.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "ElE6r7xQZAfd5MScs95BXQ==": { "id": "ElE6r7xQZAfd5MScs95BXQ==", "updater": "rhel-vex", "name": "CVE-2025-3198", "description": "A flaw was found in GNU Binutils. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally.", "issued": "2025-04-04T01:31:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3198 https://bugzilla.redhat.com/show_bug.cgi?id=2357358 https://www.cve.org/CVERecord?id=CVE-2025-3198 https://nvd.nist.gov/vuln/detail/CVE-2025-3198 https://sourceware.org/bugzilla/show_bug.cgi?id=32716 https://sourceware.org/bugzilla/show_bug.cgi?id=32716#c0 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ba6ad3a18cb26b79e0e3b84c39f707535bbc344d https://vuldb.com/?ctiid.303151 https://vuldb.com/?id.303151 https://vuldb.com/?submit.545773 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3198.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EpmDyksRTsldGi5rxDcMlA==": { "id": "EpmDyksRTsldGi5rxDcMlA==", "updater": "rhel-vex", "name": "CVE-2022-3598", "description": "An out-of-bounds write flaw was found in the extractContigSamplesShifted24bits function in tools/tiffcrop.c in the libtiff package. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could cause a denial of service condition.", "issued": "2022-06-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3598 https://bugzilla.redhat.com/show_bug.cgi?id=2142738 https://www.cve.org/CVERecord?id=CVE-2022-3598 https://nvd.nist.gov/vuln/detail/CVE-2022-3598 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3598.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "Eptc9iAtWcHP72eK8tBCkA==": { "id": "Eptc9iAtWcHP72eK8tBCkA==", "updater": "rhel-vex", "name": "CVE-2025-23083", "description": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.", "issued": "2025-01-22T01:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23083 https://bugzilla.redhat.com/show_bug.cgi?id=2339392 https://www.cve.org/CVERecord?id=CVE-2025-23083 https://nvd.nist.gov/vuln/detail/CVE-2025-23083 https://nodejs.org/en/blog/vulnerability/january-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23083.json https://access.redhat.com/errata/RHSA-2025:1443", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.18.2-1.module+el9.5.0+22758+4ad2c198", "arch_op": "pattern match" }, "Es53GFQ6IFbSLBefLkbOEQ==": { "id": "Es53GFQ6IFbSLBefLkbOEQ==", "updater": "rhel-vex", "name": "CVE-2025-61728", "description": "A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.", "issued": "2026-01-28T19:30:31Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61728 https://bugzilla.redhat.com/show_bug.cgi?id=2434431 https://www.cve.org/CVERecord?id=CVE-2025-61728 https://nvd.nist.gov/vuln/detail/CVE-2025-61728 https://go.dev/cl/736713 https://go.dev/issue/77102 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://pkg.go.dev/vuln/GO-2026-4342 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61728.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Et5t375uu538q7zsCZ9I3w==": { "id": "Et5t375uu538q7zsCZ9I3w==", "updater": "rhel-vex", "name": "CVE-2025-6020", "description": "A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.", "issued": "2025-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6020 https://bugzilla.redhat.com/show_bug.cgi?id=2372512 https://www.cve.org/CVERecord?id=CVE-2025-6020 https://nvd.nist.gov/vuln/detail/CVE-2025-6020 https://github.com/linux-pam/linux-pam/security/advisories/GHSA-f9p8-gjr4-j9gx https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6020.json https://access.redhat.com/errata/RHSA-2025:15099", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-26.el9_6", "arch_op": "pattern match" }, "EwaSk27OsoNLQFoZ6FCsfw==": { "id": "EwaSk27OsoNLQFoZ6FCsfw==", "updater": "rhel-vex", "name": "CVE-2025-68121", "description": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.", "issued": "2026-02-05T17:48:44Z", "links": "https://access.redhat.com/security/cve/CVE-2025-68121 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://www.cve.org/CVERecord?id=CVE-2025-68121 https://nvd.nist.gov/vuln/detail/CVE-2025-68121 https://go.dev/cl/737700 https://go.dev/issue/77217 https://groups.google.com/g/golang-announce/c/K09ubi9FQFk https://pkg.go.dev/vuln/GO-2026-4337 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68121.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Ewdn+P1XzA/h+WRvejvm/Q==": { "id": "Ewdn+P1XzA/h+WRvejvm/Q==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "Ez8lHT2uV9Tf9vJC/T4WXg==": { "id": "Ez8lHT2uV9Tf9vJC/T4WXg==", "updater": "rhel-vex", "name": "CVE-2026-4426", "description": "A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field (`pz_log2_bs`) read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to incorrect memory allocation and potential application crashes, resulting in a denial-of-service (DoS) condition.", "issued": "2026-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4426 https://bugzilla.redhat.com/show_bug.cgi?id=2449010 https://www.cve.org/CVERecord?id=CVE-2026-4426 https://nvd.nist.gov/vuln/detail/CVE-2026-4426 https://github.com/libarchive/libarchive/pull/2897 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4426.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EzveB8rJWscHHRZtJKOdRA==": { "id": "EzveB8rJWscHHRZtJKOdRA==", "updater": "rhel-vex", "name": "CVE-2024-12718", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows modification of file metadata, such as timestamps or permissions, outside the intended extraction directory via maliciously crafted tar archives using the filter=\"data\" or filter=\"tar\" extraction filters.", "issued": "2025-06-03T12:59:10Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12718 https://bugzilla.redhat.com/show_bug.cgi?id=2370013 https://www.cve.org/CVERecord?id=CVE-2024-12718 https://nvd.nist.gov/vuln/detail/CVE-2024-12718 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/127987 https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12718.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "F/boCR7kXAGa4+GAELD7Tg==": { "id": "F/boCR7kXAGa4+GAELD7Tg==", "updater": "rhel-vex", "name": "CVE-2025-11413", "description": "A flaw was found in binutils. Processing a specially crafted object file with the ld linker can trigger an out-of-bounds write in the bfd_putl64 function in the bfd/libbfd.c file due to an improper check, causing a crash and resulting in a denial of service.", "issued": "2025-10-07T22:02:12Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11413 https://bugzilla.redhat.com/show_bug.cgi?id=2402423 https://www.cve.org/CVERecord?id=CVE-2025-11413 https://nvd.nist.gov/vuln/detail/CVE-2025-11413 https://sourceware.org/bugzilla/show_bug.cgi?id=33456 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=72efdf166aa0ed72ecc69fc2349af6591a7a19c0 https://vuldb.com/?id.327349 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11413.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "F0PQEZy2PTlCGjp9J75Btw==": { "id": "F0PQEZy2PTlCGjp9J75Btw==", "updater": "rhel-vex", "name": "CVE-2023-32559", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding() can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding('spawn_sync') to run arbitrary code outside of the limits defined in a policy.json file.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32559 https://bugzilla.redhat.com/show_bug.cgi?id=2230956 https://www.cve.org/CVERecord?id=CVE-2023-32559 https://nvd.nist.gov/vuln/detail/CVE-2023-32559 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-processbinding-mediumcve-2023-32559 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32559.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.17.1-1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "F1KNP85q9V8sONVWKuOzrw==": { "id": "F1KNP85q9V8sONVWKuOzrw==", "updater": "osv/go", "name": "GO-2023-2041", "description": "Improper handling of HTML-like comments in script contexts in html/template", "issued": "2023-09-07T16:11:17Z", "links": "https://go.dev/issue/62196 https://go.dev/cl/526156 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.20.8" }, "F2QVfam7Idr3v4Y7g3wf/Q==": { "id": "F2QVfam7Idr3v4Y7g3wf/Q==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "F4WBuBnk4OQIl1a5Q4CVPg==": { "id": "F4WBuBnk4OQIl1a5Q4CVPg==", "updater": "rhel-vex", "name": "CVE-2025-6170", "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "issued": "2025-06-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6170 https://bugzilla.redhat.com/show_bug.cgi?id=2372952 https://www.cve.org/CVERecord?id=CVE-2025-6170 https://nvd.nist.gov/vuln/detail/CVE-2025-6170 https://gitlab.gnome.org/GNOME/libxml2/-/issues/941 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6170.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "F4g8Bboy9/sMyy+EusFlpA==": { "id": "F4g8Bboy9/sMyy+EusFlpA==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "F54ap+bUe0qceQi67ZX30w==": { "id": "F54ap+bUe0qceQi67ZX30w==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "F6i42vx+GvZ/9LpnToKHcw==": { "id": "F6i42vx+GvZ/9LpnToKHcw==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "FAES1XlWFCETbKQytoq57Q==": { "id": "FAES1XlWFCETbKQytoq57Q==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-base", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.27-481.el9", "arch_op": "pattern match" }, "FAgeMhGaGcH9QOhQHw5rhQ==": { "id": "FAgeMhGaGcH9QOhQHw5rhQ==", "updater": "rhel-vex", "name": "CVE-2024-13978", "description": "A flaw was found in libtiff. The `t2p_read_tiff_init` function in the fax2ps component incorrectly handles TIFF files, leading to a null pointer dereference. A local attacker can trigger this condition by providing a specially crafted TIFF file. This can result in an application level denial of service.", "issued": "2025-08-01T21:32:07Z", "links": "https://access.redhat.com/security/cve/CVE-2024-13978 https://bugzilla.redhat.com/show_bug.cgi?id=2386059 https://www.cve.org/CVERecord?id=CVE-2024-13978 https://nvd.nist.gov/vuln/detail/CVE-2024-13978 http://www.libtiff.org/ https://gitlab.com/libtiff/libtiff/-/commit/2ebfffb0e8836bfb1cd7d85c059cd285c59761a4 https://gitlab.com/libtiff/libtiff/-/issues/649 https://gitlab.com/libtiff/libtiff/-/merge_requests/667 https://vuldb.com/?ctiid.318355 https://vuldb.com/?id.318355 https://vuldb.com/?submit.624562 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-13978.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "FAoi5hf12Vg9h7NFehHyBg==": { "id": "FAoi5hf12Vg9h7NFehHyBg==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Fcntl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.13-481.1.el9_6", "arch_op": "pattern match" }, "FCO2B+o+asJ7qjlQcg/SPw==": { "id": "FCO2B+o+asJ7qjlQcg/SPw==", "updater": "rhel-vex", "name": "CVE-2025-11494", "description": "An out of bounds read flaw has been discovered in the GNU Binutils package. The impacted function is _bfd_x86_elf_late_size_sections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally.", "issued": "2025-10-08T19:32:07Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11494 https://bugzilla.redhat.com/show_bug.cgi?id=2402559 https://www.cve.org/CVERecord?id=CVE-2025-11494 https://nvd.nist.gov/vuln/detail/CVE-2025-11494 https://sourceware.org/bugzilla/attachment.cgi?id=16389 https://sourceware.org/bugzilla/show_bug.cgi?id=33499 https://sourceware.org/bugzilla/show_bug.cgi?id=33499#c2 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a https://vuldb.com/?ctiid.327619 https://vuldb.com/?id.327619 https://vuldb.com/?submit.668281 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11494.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "FInGJTEa3gToUzpaoDNNQw==": { "id": "FInGJTEa3gToUzpaoDNNQw==", "updater": "rhel-vex", "name": "CVE-2026-35388", "description": "A flaw was found in OpenSSH. This vulnerability allows for a low integrity impact due to the omission of connection multiplexing confirmation for proxy-mode multiplexing sessions. A local user, under specific and complex conditions requiring user interaction, could potentially establish a multiplexed session without explicit confirmation, leading to unintended data handling.", "issued": "2026-04-02T16:57:31Z", "links": "https://access.redhat.com/security/cve/CVE-2026-35388 https://bugzilla.redhat.com/show_bug.cgi?id=2454500 https://www.cve.org/CVERecord?id=CVE-2026-35388 https://nvd.nist.gov/vuln/detail/CVE-2026-35388 https://marc.info/?l=openssh-unix-dev\u0026m=177513443901484\u0026w=2 https://www.openssh.org/releasenotes.html#10.3p1 https://www.openwall.com/lists/oss-security/2026/04/02/3 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-35388.json https://access.redhat.com/errata/RHSA-2026:13381", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-49.el9_7", "arch_op": "pattern match" }, "FKu6EFoCfpksmq+M7pL02Q==": { "id": "FKu6EFoCfpksmq+M7pL02Q==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libstdc++", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "FLpBF1y0CvCfFuXOmlaRZw==": { "id": "FLpBF1y0CvCfFuXOmlaRZw==", "updater": "rhel-vex", "name": "CVE-2025-9714", "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "issued": "2025-09-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9714 https://bugzilla.redhat.com/show_bug.cgi?id=2392605 https://www.cve.org/CVERecord?id=CVE-2025-9714 https://nvd.nist.gov/vuln/detail/CVE-2025-9714 https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21 https://gitlab.gnome.org/GNOME/libxslt/-/issues/148 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9714.json https://access.redhat.com/errata/RHSA-2025:22376", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-14.el9_7", "arch_op": "pattern match" }, "FM2lHn17qlO5uIZtM+Ehmg==": { "id": "FM2lHn17qlO5uIZtM+Ehmg==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-B", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.80-481.el9", "arch_op": "pattern match" }, "FMxCd9UpiJciq+gDQcTY5g==": { "id": "FMxCd9UpiJciq+gDQcTY5g==", "updater": "rhel-vex", "name": "CVE-2026-21637", "description": "A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when `pskCallback` or `ALPNCallback` are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths (tlsClientError and error), causing either immediate process termination or silent file descriptor leaks that eventually lead to denial of service. Because these callbacks process attacker-controlled input during the TLS handshake, a remote client can repeatedly trigger the issue. This vulnerability affects TLS servers using PSK or ALPN callbacks across Node.js versions where these callbacks throw without being safely wrapped.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21637 https://bugzilla.redhat.com/show_bug.cgi?id=2431340 https://www.cve.org/CVERecord?id=CVE-2026-21637 https://nvd.nist.gov/vuln/detail/CVE-2026-21637 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21637.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "FMzc9QFitxthf16XR1P0QA==": { "id": "FMzc9QFitxthf16XR1P0QA==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1438", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.2.4.el9_3", "arch_op": "pattern match" }, "FOhuL+ZLaAMigc1crKc/uA==": { "id": "FOhuL+ZLaAMigc1crKc/uA==", "updater": "rhel-vex", "name": "CVE-2025-27363", "description": "A flaw was found in FreeType. In affected versions, an out-of-bounds write condition may be triggered when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value, causing it to wrap around and allocate a heap buffer that is too small. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This issue could result in arbitrary code execution or other undefined behavior.", "issued": "2025-03-11T13:28:31Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27363 https://bugzilla.redhat.com/show_bug.cgi?id=2351357 https://www.cve.org/CVERecord?id=CVE-2025-27363 https://nvd.nist.gov/vuln/detail/CVE-2025-27363 https://www.facebook.com/security/advisories/cve-2025-27363 https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27363.json https://access.redhat.com/errata/RHSA-2025:3407", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "freetype-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.10.4-10.el9_5", "arch_op": "pattern match" }, "FPJOQAbsBSaId8RmD/1j8g==": { "id": "FPJOQAbsBSaId8RmD/1j8g==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1503", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.19.1-1.module+el9.3.0+21388+22892fb9", "arch_op": "pattern match" }, "FQwXyPZ+oHyxQZ9RBQXbpw==": { "id": "FQwXyPZ+oHyxQZ9RBQXbpw==", "updater": "rhel-vex", "name": "CVE-2025-13034", "description": "A flaw was found in curl. When configured to use public key pinning with QUIC connections and GnuTLS, and with standard certificate verification explicitly disabled, curl could bypass the intended public key check. This oversight allows a malicious server to impersonate a legitimate one, potentially leading to unauthorized access or information disclosure due to a failure in verifying the server's identity.", "issued": "2026-01-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-13034 https://bugzilla.redhat.com/show_bug.cgi?id=2426406 https://www.cve.org/CVERecord?id=CVE-2025-13034 https://nvd.nist.gov/vuln/detail/CVE-2025-13034 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-13034.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "FTPBk9LaoSZGiQO5kXSorA==": { "id": "FTPBk9LaoSZGiQO5kXSorA==", "updater": "rhel-vex", "name": "CVE-2026-1528", "description": "A flaw was found in undici. A remote attacker could exploit this vulnerability by sending a specially crafted WebSocket frame with an extremely large 64-bit length. This causes undici's ByteParser to overflow its internal calculations, leading to an invalid state and a fatal TypeError. The primary consequence is a Denial of Service (DoS), which terminates the process.", "issued": "2026-03-12T20:21:57Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1528 https://bugzilla.redhat.com/show_bug.cgi?id=2447145 https://www.cve.org/CVERecord?id=CVE-2026-1528 https://nvd.nist.gov/vuln/detail/CVE-2026-1528 https://cna.openjsf.org/security-advisories.html https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj https://hackerone.com/reports/3537648 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1528.json https://access.redhat.com/errata/RHSA-2026:7302", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.22.2-1.module+el9.7.0+24157+8ddb2461", "arch_op": "pattern match" }, "FTUrLe1XMNYvUzaxMdsWeQ==": { "id": "FTUrLe1XMNYvUzaxMdsWeQ==", "updater": "rhel-vex", "name": "CVE-2025-4373", "description": "A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.", "issued": "2025-05-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4373 https://bugzilla.redhat.com/show_bug.cgi?id=2364265 https://www.cve.org/CVERecord?id=CVE-2025-4373 https://nvd.nist.gov/vuln/detail/CVE-2025-4373 https://gitlab.gnome.org/GNOME/glib/-/issues/3677 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4373.json https://access.redhat.com/errata/RHSA-2025:11140", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-16.el9_6.2", "arch_op": "pattern match" }, "FUR7T9AnekkZ5hPUz2WP6Q==": { "id": "FUR7T9AnekkZ5hPUz2WP6Q==", "updater": "rhel-vex", "name": "CVE-2025-4517", "description": "A flaw was found in the CPython tarfile module. This vulnerability allows arbitrary filesystem writes outside the extraction directory via extracting untrusted tar archives using the TarFile.extractall() or TarFile.extract() methods with the extraction filter parameter set to \"data\" or \"tar\".", "issued": "2025-06-03T12:58:50Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4517 https://bugzilla.redhat.com/show_bug.cgi?id=2370016 https://www.cve.org/CVERecord?id=CVE-2025-4517 https://nvd.nist.gov/vuln/detail/CVE-2025-4517 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4517.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "FUeASYCa2REKwmC0CFlz2g==": { "id": "FUeASYCa2REKwmC0CFlz2g==", "updater": "rhel-vex", "name": "CVE-2023-2975", "description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "issued": "2023-07-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "FV18DPtJsW6qZZIHDbkGJA==": { "id": "FV18DPtJsW6qZZIHDbkGJA==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "FWn8i7eSvTTcwwX8x1YMmg==": { "id": "FWn8i7eSvTTcwwX8x1YMmg==", "updater": "osv/go", "name": "GO-2026-4870", "description": "Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls", "issued": "2026-04-07T22:53:49Z", "links": "https://go.dev/cl/763767 https://go.dev/issue/78334 https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.25.9" }, "FcmkgsiNKCrDAJ6OFK/Y8g==": { "id": "FcmkgsiNKCrDAJ6OFK/Y8g==", "updater": "osv/go", "name": "GO-2023-2102", "description": "HTTP/2 rapid reset can cause excessive work in net/http", "issued": "2023-10-11T16:49:53Z", "links": "https://go.dev/issue/63417 https://go.dev/cl/534215 https://go.dev/cl/534235 https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.20.10" }, "FdtzK6tyT53moDNlzBGPBQ==": { "id": "FdtzK6tyT53moDNlzBGPBQ==", "updater": "rhel-vex", "name": "CVE-2023-29499", "description": "A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29499 https://bugzilla.redhat.com/show_bug.cgi?id=2211828 https://www.cve.org/CVERecord?id=CVE-2023-29499 https://nvd.nist.gov/vuln/detail/CVE-2023-29499 https://gitlab.gnome.org/GNOME/glib/-/issues/2794 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29499.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "FecDYUjbiWlU3PuXl5vs5w==": { "id": "FecDYUjbiWlU3PuXl5vs5w==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gcc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "Fg8qijPO2mYzPczZJG7NiQ==": { "id": "Fg8qijPO2mYzPczZJG7NiQ==", "updater": "rhel-vex", "name": "CVE-2023-32006", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32006 https://bugzilla.redhat.com/show_bug.cgi?id=2230955 https://www.cve.org/CVERecord?id=CVE-2023-32006 https://nvd.nist.gov/vuln/detail/CVE-2023-32006 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-impersonate-other-modules-in-using-moduleconstructorcreaterequire-mediumcve-2023-32006 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32006.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "FgTFx5g45j7WzA+bfAHPzQ==": { "id": "FgTFx5g45j7WzA+bfAHPzQ==", "updater": "rhel-vex", "name": "CVE-2024-8088", "description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "issued": "2024-08-22T19:15:09Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:9371", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.19-8.el9", "arch_op": "pattern match" }, "Fi7GXCkkqJvYQw6Co8Nk7A==": { "id": "Fi7GXCkkqJvYQw6Co8Nk7A==", "updater": "rhel-vex", "name": "CVE-2023-34969", "description": "An assertion failure vulnerability was found in D-Bus. This issue occurs when a privileged monitoring connection (dbus-monitor, busctl monitor, gdbus monitor, or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to \u003cdeny\u003e rules or outgoing message quota. If a privileged user with control over the dbus-daemon is monitoring the message bus traffic using the Monitoring clients like the dbus-monitor or busctl monitor interfaces, then an unprivileged local user with the ability to connect to the same dbus-daemon could send specially crafted request, causing a dbus-daemon to crash, resulting in a denial of service under some circumstances.", "issued": "2023-06-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-34969 https://bugzilla.redhat.com/show_bug.cgi?id=2213166 https://www.cve.org/CVERecord?id=CVE-2023-34969 https://nvd.nist.gov/vuln/detail/CVE-2023-34969 https://gitlab.freedesktop.org/dbus/dbus/-/issues/457 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-34969.json https://access.redhat.com/errata/RHSA-2023:4569", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "dbus", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:1.12.20-7.el9_2.1", "arch_op": "pattern match" }, "FjB9AnugxBHu7Kwf86C67w==": { "id": "FjB9AnugxBHu7Kwf86C67w==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-IPC-Open3", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21-481.1.el9_6", "arch_op": "pattern match" }, "FjluGqmW83eEOEvyKIkrSA==": { "id": "FjluGqmW83eEOEvyKIkrSA==", "updater": "osv/go", "name": "GO-2025-4012", "description": "Lack of limit when parsing cookies can cause memory exhaustion in net/http", "issued": "2025-10-29T21:50:05Z", "links": "https://go.dev/issue/75672 https://go.dev/cl/709855 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.8" }, "FkUafBj1ekysZyPIbZi5fg==": { "id": "FkUafBj1ekysZyPIbZi5fg==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-NDBM_File", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.15-481.el9", "arch_op": "pattern match" }, "FkxoK2aSVfPglVllnxzplw==": { "id": "FkxoK2aSVfPglVllnxzplw==", "updater": "rhel-vex", "name": "CVE-2024-4603", "description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.  In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "issued": "2024-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "FlgtpglQEkjGT66EnFUHMg==": { "id": "FlgtpglQEkjGT66EnFUHMg==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "FnsKxnhjNS+E4Y6hrazjUQ==": { "id": "FnsKxnhjNS+E4Y6hrazjUQ==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "FpA1FaTnKUwdPkl0KHAbaw==": { "id": "FpA1FaTnKUwdPkl0KHAbaw==", "updater": "rhel-vex", "name": "CVE-2025-11412", "description": "A flaw was found in binutils. Processing a specially crafted object file with the ld linker can trigger an out-of-bounds read in the bfd_elf_gc_record_vtentry function in the bfd/elflink.c file due to a missing sanity check, causing a crash and resulting in a denial of service.", "issued": "2025-10-07T22:02:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11412 https://bugzilla.redhat.com/show_bug.cgi?id=2402425 https://www.cve.org/CVERecord?id=CVE-2025-11412 https://nvd.nist.gov/vuln/detail/CVE-2025-11412 https://sourceware.org/bugzilla/show_bug.cgi?id=33452 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=047435dd988a3975d40c6626a8f739a0b2e154bc https://vuldb.com/?id.327348 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11412.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "FroZeKbNhNx69+bj8o0OqQ==": { "id": "FroZeKbNhNx69+bj8o0OqQ==", "updater": "rhel-vex", "name": "CVE-2025-11082", "description": "A head based buffer overflow flaw has been discovered in GNU bin utilities. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution.", "issued": "2025-09-27T22:32:09Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11082 https://bugzilla.redhat.com/show_bug.cgi?id=2399943 https://www.cve.org/CVERecord?id=CVE-2025-11082 https://nvd.nist.gov/vuln/detail/CVE-2025-11082 https://sourceware.org/bugzilla/attachment.cgi?id=16358 https://sourceware.org/bugzilla/show_bug.cgi?id=33464 https://sourceware.org/bugzilla/show_bug.cgi?id=33464#c2 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ea1a0737c7692737a644af0486b71e4a392cbca8 https://vuldb.com/?ctiid.326123 https://vuldb.com/?id.326123 https://vuldb.com/?submit.661276 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11082.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "FsYbwBEvKH6FW81JU3KSvw==": { "id": "FsYbwBEvKH6FW81JU3KSvw==", "updater": "rhel-vex", "name": "CVE-2022-4904", "description": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.", "issued": "2022-12-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4904 https://bugzilla.redhat.com/show_bug.cgi?id=2168631 https://www.cve.org/CVERecord?id=CVE-2022-4904 https://nvd.nist.gov/vuln/detail/CVE-2022-4904 https://github.com/c-ares/c-ares/issues/496 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4904.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "Ft+9wGiX7gFQHYNS5do1oA==": { "id": "Ft+9wGiX7gFQHYNS5do1oA==", "updater": "rhel-vex", "name": "CVE-2024-12088", "description": "A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory.", "issued": "2025-01-14T15:06:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12088 https://bugzilla.redhat.com/show_bug.cgi?id=2330676 https://www.cve.org/CVERecord?id=CVE-2024-12088 https://nvd.nist.gov/vuln/detail/CVE-2024-12088 https://kb.cert.org/vuls/id/952657 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12088.json https://access.redhat.com/errata/RHSA-2025:7050", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "rsync", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.2.5-3.el9", "arch_op": "pattern match" }, "FtF7hWwlQYu4clVsrpBd0Q==": { "id": "FtF7hWwlQYu4clVsrpBd0Q==", "updater": "rhel-vex", "name": "CVE-2023-29400", "description": "A flaw was found in golang. Templates containing actions in unquoted HTML attributes, for example, \"attr={{.}}\") executed with empty input, could result in output that has unexpected results when parsed due to HTML normalization rules. This issue may allow the injection of arbitrary attributes into tags.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29400 https://bugzilla.redhat.com/show_bug.cgi?id=2196029 https://www.cve.org/CVERecord?id=CVE-2023-29400 https://nvd.nist.gov/vuln/detail/CVE-2023-29400 https://go.dev/issue/59722 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29400.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "Fw+ArhlgBhD30C7D93vYhg==": { "id": "Fw+ArhlgBhD30C7D93vYhg==", "updater": "rhel-vex", "name": "CVE-2025-6069", "description": "A denial-of-service (DoS) vulnerability has been discovered in Python's html.parser.HTMLParser class. When processing specially malformed HTML input, the parsing runtime can become quadratic with respect to the input size. This significantly increased processing time can lead to excessive resource consumption, ultimately causing a denial-of-service condition in applications that rely on this parser.", "issued": "2025-06-17T13:39:46Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6069 https://bugzilla.redhat.com/show_bug.cgi?id=2373234 https://www.cve.org/CVERecord?id=CVE-2025-6069 https://nvd.nist.gov/vuln/detail/CVE-2025-6069 https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949 https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41 https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b https://github.com/python/cpython/issues/135462 https://github.com/python/cpython/pull/135464 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6069.json https://access.redhat.com/errata/RHSA-2025:23342", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.25-2.el9_7", "arch_op": "pattern match" }, "FwvyPIBVlE1fAIgwJ1H6Sw==": { "id": "FwvyPIBVlE1fAIgwJ1H6Sw==", "updater": "rhel-vex", "name": "CVE-2023-0466", "description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "FyNQxVBbour86huhtgTOzA==": { "id": "FyNQxVBbour86huhtgTOzA==", "updater": "rhel-vex", "name": "CVE-2023-2603", "description": "A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.", "issued": "2023-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2603 https://bugzilla.redhat.com/show_bug.cgi?id=2209113 https://www.cve.org/CVERecord?id=CVE-2023-2603 https://nvd.nist.gov/vuln/detail/CVE-2023-2603 https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2603.json https://access.redhat.com/errata/RHSA-2023:5071", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libcap", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.48-9.el9_2", "arch_op": "pattern match" }, "Fys7cTDgnkqkKy/A1tAWPQ==": { "id": "Fys7cTDgnkqkKy/A1tAWPQ==", "updater": "rhel-vex", "name": "CVE-2023-29403", "description": "On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state or assuming the status of standard I/O file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29403 https://bugzilla.redhat.com/show_bug.cgi?id=2216965 https://www.cve.org/CVERecord?id=CVE-2023-29403 https://nvd.nist.gov/vuln/detail/CVE-2023-29403 https://go.dev/cl/501223 https://go.dev/issue/60272 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1840 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29403.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "FzTxCzGYtLmJVoQ1syBiUQ==": { "id": "FzTxCzGYtLmJVoQ1syBiUQ==", "updater": "rhel-vex", "name": "CVE-2026-4111", "description": "A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.", "issued": "2026-03-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4111 https://bugzilla.redhat.com/show_bug.cgi?id=2446453 https://www.cve.org/CVERecord?id=CVE-2026-4111 https://nvd.nist.gov/vuln/detail/CVE-2026-4111 https://github.com/libarchive/libarchive/pull/2877 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4111.json https://access.redhat.com/errata/RHSA-2026:5080", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "bsdtar", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-7.el9_7", "arch_op": "pattern match" }, "G/EKAYKB/V29JLdsy1wFCA==": { "id": "G/EKAYKB/V29JLdsy1wFCA==", "updater": "rhel-vex", "name": "CVE-2023-31486", "description": "A vulnerability was found in Tiny, where a Perl core module and standalone CPAN package, does not verify TLS certificates by default. Users need to explicitly enable certificate verification with the verify_SSL=\u003e1 flag to ensure secure HTTPS connections. This oversight can potentially expose applications to man-in-the-middle (MITM) attacks, where an attacker might intercept and manipulate data transmitted between the client and server.", "issued": "2023-04-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31486 https://bugzilla.redhat.com/show_bug.cgi?id=2228392 https://www.cve.org/CVERecord?id=CVE-2023-31486 https://nvd.nist.gov/vuln/detail/CVE-2023-31486 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31486.json https://access.redhat.com/errata/RHSA-2023:6542", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-HTTP-Tiny", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch|src", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:0.076-461.el9", "arch_op": "pattern match" }, "G/dmoDOpwh0GrsMovfySVw==": { "id": "G/dmoDOpwh0GrsMovfySVw==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "G1ju8KSMzz6zOg31bF5lRw==": { "id": "G1ju8KSMzz6zOg31bF5lRw==", "updater": "rhel-vex", "name": "CVE-2024-24783", "description": "A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24783 https://bugzilla.redhat.com/show_bug.cgi?id=2268019 https://www.cve.org/CVERecord?id=CVE-2024-24783 https://nvd.nist.gov/vuln/detail/CVE-2024-24783 http://www.openwall.com/lists/oss-security/2024/03/08/4 https://github.com/advisories/GHSA-3q2c-pvp5-3cqp https://go.dev/cl/569339 https://go.dev/issue/65390 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://pkg.go.dev/vuln/GO-2024-2598 https://security.netapp.com/advisory/ntap-20240329-0005 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24783.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "G33a+jVnMZNg6liymp9Lyg==": { "id": "G33a+jVnMZNg6liymp9Lyg==", "updater": "rhel-vex", "name": "CVE-2025-58183", "description": "A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.", "issued": "2025-10-29T22:10:14Z", "links": "https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://www.cve.org/CVERecord?id=CVE-2025-58183 https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4014 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-58183.json https://access.redhat.com/errata/RHSA-2025:21815", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "delve", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.25.2-1.el9_7", "arch_op": "pattern match" }, "G4J4D/HzBef3xun2GfNS3g==": { "id": "G4J4D/HzBef3xun2GfNS3g==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:11992", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-8.el9_6", "arch_op": "pattern match" }, "G77a8vVkDX/8Yt/v29MOhA==": { "id": "G77a8vVkDX/8Yt/v29MOhA==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "G7l0N6DSTPJhrn3beR4QLg==": { "id": "G7l0N6DSTPJhrn3beR4QLg==", "updater": "rhel-vex", "name": "CVE-2025-69648", "description": "A flaw was found in binutils. Processing a specially crafted ELF binary file containing malformed DWARF .debug_rnglists data with the readelf program can trigger an infinite loop and result in a denial of service.", "issued": "2026-03-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69648 https://bugzilla.redhat.com/show_bug.cgi?id=2445774 https://www.cve.org/CVERecord?id=CVE-2025-69648 https://nvd.nist.gov/vuln/detail/CVE-2025-69648 https://sourceware.org/bugzilla/show_bug.cgi?id=33641 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=598704a00cbac5e85c2bedd363357b5bf6fcee33 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69648.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GAn7gWUe2pFr7PbwechqxA==": { "id": "GAn7gWUe2pFr7PbwechqxA==", "updater": "rhel-vex", "name": "CVE-2025-30258", "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "issued": "2025-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-30258 https://bugzilla.redhat.com/show_bug.cgi?id=2353427 https://www.cve.org/CVERecord?id=CVE-2025-30258 https://nvd.nist.gov/vuln/detail/CVE-2025-30258 https://dev.gnupg.org/T7527 https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158 https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-30258.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GDAkupnsjiTl71rwzH5RJg==": { "id": "GDAkupnsjiTl71rwzH5RJg==", "updater": "rhel-vex", "name": "CVE-2024-21538", "description": "A Regular Expression Denial of Service (ReDoS) vulnerability was found in the cross-spawn package for Node.js. Due to improper input sanitization, an attacker can increase CPU usage and crash the program with a large, specially crafted string.", "issued": "2024-11-08T05:00:04Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21538 https://bugzilla.redhat.com/show_bug.cgi?id=2324550 https://www.cve.org/CVERecord?id=CVE-2024-21538 https://nvd.nist.gov/vuln/detail/CVE-2024-21538 https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f https://github.com/moxystudio/node-cross-spawn/pull/160 https://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21538.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GEDO3j20WMwIj0JMNMq5Iw==": { "id": "GEDO3j20WMwIj0JMNMq5Iw==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "GJ6//hGiIsio2zBFuudd/Q==": { "id": "GJ6//hGiIsio2zBFuudd/Q==", "updater": "rhel-vex", "name": "CVE-2024-21890", "description": "A flaw was found in the Node.js Permission Model, where it is not clarified in the documentation that wildcards should only be used as the last character of a file path. For example: --allow-fs-read=/home/node/.ssh/*.pub will ignore pub and give access to everything after .ssh/.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21890 https://bugzilla.redhat.com/show_bug.cgi?id=2265722 https://www.cve.org/CVERecord?id=CVE-2024-21890 https://nvd.nist.gov/vuln/detail/CVE-2024-21890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21890.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "GJy8g/4zoy4CPDvWLZr9kQ==": { "id": "GJy8g/4zoy4CPDvWLZr9kQ==", "updater": "rhel-vex", "name": "CVE-2025-25724", "description": "A flaw was found in the libarchive package. Affected versions of libarchive do not check a strftime return value, which can lead to a denial of service or unspecified other impacts via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.", "issued": "2025-03-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-25724 https://bugzilla.redhat.com/show_bug.cgi?id=2349221 https://www.cve.org/CVERecord?id=CVE-2025-25724 https://nvd.nist.gov/vuln/detail/CVE-2025-25724 https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92 https://github.com/Ekkosun/pocs/blob/main/bsdtarbug https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-25724.json https://access.redhat.com/errata/RHSA-2025:9431", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "bsdtar", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-5.el9_6", "arch_op": "pattern match" }, "GKtgrnguQJIeMtP51nnNZQ==": { "id": "GKtgrnguQJIeMtP51nnNZQ==", "updater": "rhel-vex", "name": "CVE-2024-24788", "description": "A flaw was found in the net package of the Go stdlib. When a malformed DNS message is received as a response to a query, the Lookup functions within the net package can get stuck in an infinite loop. This issue can lead to resource exhaustion and denial of service (DoS) conditions.", "issued": "2024-05-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24788 https://bugzilla.redhat.com/show_bug.cgi?id=2279814 https://www.cve.org/CVERecord?id=CVE-2024-24788 https://nvd.nist.gov/vuln/detail/CVE-2024-24788 https://pkg.go.dev/vuln/GO-2024-2824 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24788.json https://access.redhat.com/errata/RHBA-2024:3840", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.10-1.el9_4", "arch_op": "pattern match" }, "GMnASWjZHihDlhJdlv57Iw==": { "id": "GMnASWjZHihDlhJdlv57Iw==", "updater": "rhel-vex", "name": "CVE-2025-64505", "description": "A heap buffer over-read vulnerability exists in libpng's png_do_quantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palette_lookup array bounds are not validated against externally-supplied image data, allowing an attacker to craft a PNG file with out-of-range palette indices that trigger out-of-bounds memory access.", "issued": "2025-11-24T23:38:40Z", "links": "https://access.redhat.com/security/cve/CVE-2025-64505 https://bugzilla.redhat.com/show_bug.cgi?id=2416905 https://www.cve.org/CVERecord?id=CVE-2025-64505 https://nvd.nist.gov/vuln/detail/CVE-2025-64505 https://github.com/pnggroup/libpng/commit/6a528eb5fd0dd7f6de1c39d30de0e41473431c37 https://github.com/pnggroup/libpng/pull/748 https://github.com/pnggroup/libpng/security/advisories/GHSA-4952-h5wq-4m42 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-64505.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libpng", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GPyfUVX9W8Bmxm38kovI0g==": { "id": "GPyfUVX9W8Bmxm38kovI0g==", "updater": "rhel-vex", "name": "CVE-2026-21715", "description": "A flaw was found in Node.js. The Node.js Permission Model, intended to restrict filesystem access, does not properly enforce read permission checks for the `fs.realpathSync.native()` function. This vulnerability allows code operating under `--permission` with restricted `--allow-fs-read` flags to bypass security controls. Consequently, an attacker can use `fs.realpathSync.native()` to determine file existence, resolve symbolic link targets, and enumerate filesystem paths outside of permitted directories, leading to information disclosure.", "issued": "2026-03-30T19:07:28Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21715 https://bugzilla.redhat.com/show_bug.cgi?id=2453152 https://www.cve.org/CVERecord?id=CVE-2026-21715 https://nvd.nist.gov/vuln/detail/CVE-2026-21715 https://nodejs.org/en/blog/vulnerability/march-2026-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21715.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "GR80zW702W+xho6dTSNlyw==": { "id": "GR80zW702W+xho6dTSNlyw==", "updater": "rhel-vex", "name": "CVE-2024-24806", "description": "A server-side request forgery (SSRF) flaw was found in the libuv package due to how the `hostname_ascii` variable is handled in `uv_getaddrinfo` and `uv__idna_toascii`. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result, attackers may be able to access internal APIs or for websites that allow users to have `username.example.com` pages. Internal services that crawl or cache these user pages can be exposed to SSRF attacks if a malicious user chooses a long vulnerable username. This issue could allow an attacker to craft payloads that resolve to unintended IP addresses, bypassing developer checks.", "issued": "2024-02-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24806 https://bugzilla.redhat.com/show_bug.cgi?id=2263292 https://www.cve.org/CVERecord?id=CVE-2024-24806 https://nvd.nist.gov/vuln/detail/CVE-2024-24806 https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6 https://www.chainguard.dev/unchained/unpacking-libuvs-cve-2024-24806-software-dark-matter-will-go-under-the-radar-not-in-chainguard-images-tho https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24806.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GVOb0whjVXBMMGVZhZjH0g==": { "id": "GVOb0whjVXBMMGVZhZjH0g==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "GVXQ1XPPQkuhZ4SIFGoF+w==": { "id": "GVXQ1XPPQkuhZ4SIFGoF+w==", "updater": "rhel-vex", "name": "CVE-2024-22017", "description": "A flaw was found in Node.js, where the setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid(). This issue allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid().", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22017 https://bugzilla.redhat.com/show_bug.cgi?id=2265727 https://www.cve.org/CVERecord?id=CVE-2024-22017 https://nvd.nist.gov/vuln/detail/CVE-2024-22017 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22017.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "GVpKc+ySNcDAOMrSpk+5bQ==": { "id": "GVpKc+ySNcDAOMrSpk+5bQ==", "updater": "rhel-vex", "name": "CVE-2025-61729", "description": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.", "issued": "2025-12-02T18:54:10Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61729 https://bugzilla.redhat.com/show_bug.cgi?id=2418462 https://www.cve.org/CVERecord?id=CVE-2025-61729 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://pkg.go.dev/vuln/GO-2025-4155 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61729.json https://access.redhat.com/errata/RHSA-2026:0923", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.25.5-2.el9_7", "arch_op": "pattern match" }, "GW37uYQxwwgJBIDtA/dT2g==": { "id": "GW37uYQxwwgJBIDtA/dT2g==", "updater": "rhel-vex", "name": "CVE-2025-1795", "description": "A flaw was found in Python. When a separating comma ends up on a folded line during an address list folding of email headers, the comma is unintentionally unicode encoded. The expected behavior is that the separating comma remains unencoded. This can result in the address header being misinterpreted by some mail servers.", "issued": "2025-02-28T18:59:31Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1795 https://bugzilla.redhat.com/show_bug.cgi?id=2349061 https://www.cve.org/CVERecord?id=CVE-2025-1795 https://nvd.nist.gov/vuln/detail/CVE-2025-1795 https://github.com/python/cpython/commit/09fab93c3d857496c0bd162797fab816c311ee48 https://github.com/python/cpython/commit/70754d21c288535e86070ca7a6e90dcb670b8593 https://github.com/python/cpython/commit/9148b77e0af91cdacaa7fe3dfac09635c3fe9a74 https://github.com/python/cpython/issues/100884 https://github.com/python/cpython/pull/100885 https://github.com/python/cpython/pull/119099 https://mail.python.org/archives/list/security-announce@python.org/thread/MB62IZMEC3UM6SGHP5LET5JX2Y7H4ZUR/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1795.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "python3.9", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GWKQvGJTKzyU9GiQECoFhg==": { "id": "GWKQvGJTKzyU9GiQECoFhg==", "updater": "rhel-vex", "name": "CVE-2025-69420", "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69420 https://bugzilla.redhat.com/show_bug.cgi?id=2430388 https://www.cve.org/CVERecord?id=CVE-2025-69420 https://nvd.nist.gov/vuln/detail/CVE-2025-69420 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69420.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "GXMpRf2go/wGEbwpp9BPPQ==": { "id": "GXMpRf2go/wGEbwpp9BPPQ==", "updater": "rhel-vex", "name": "CVE-2023-1175", "description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "issued": "2023-03-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1175.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GXObP88ZOLkWQuVeVgHh/g==": { "id": "GXObP88ZOLkWQuVeVgHh/g==", "updater": "rhel-vex", "name": "CVE-2021-35939", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-sign-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "Ga3lVfExNl500JGwW345sQ==": { "id": "Ga3lVfExNl500JGwW345sQ==", "updater": "osv/go", "name": "GO-2025-3956", "description": "Unexpected paths returned from LookPath in os/exec", "issued": "2025-09-18T18:21:44Z", "links": "https://go.dev/cl/691775 https://go.dev/issue/74466 https://groups.google.com/g/golang-announce/c/x5MKroML2yM", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.23.12" }, "GaZVgTbcdJiJMvdUeofqTA==": { "id": "GaZVgTbcdJiJMvdUeofqTA==", "updater": "rhel-vex", "name": "CVE-2024-34397", "description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "issued": "2024-05-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json https://access.redhat.com/errata/RHSA-2024:6464", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-14.el9_4.1", "arch_op": "pattern match" }, "GbZa+XIQtfFHtHWs5gm0wg==": { "id": "GbZa+XIQtfFHtHWs5gm0wg==", "updater": "rhel-vex", "name": "CVE-2023-27043", "description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "issued": "2023-04-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27043 https://bugzilla.redhat.com/show_bug.cgi?id=2196183 https://www.cve.org/CVERecord?id=CVE-2023-27043 https://nvd.nist.gov/vuln/detail/CVE-2023-27043 https://access.redhat.com/articles/7051467 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27043.json https://access.redhat.com/errata/RHSA-2024:0466", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-1.el9_3.1", "arch_op": "pattern match" }, "GeI10LHPuNgyyt295MOmIQ==": { "id": "GeI10LHPuNgyyt295MOmIQ==", "updater": "rhel-vex", "name": "CVE-2024-3596", "description": "A vulnerability in the RADIUS (Remote Authentication Dial-In User Service) protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof UDP-based RADIUS response packets. This can result in unauthorized access by modifying an Access-Reject response to an Access-Accept response, thereby compromising the authentication process.", "issued": "2024-07-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-3596 https://bugzilla.redhat.com/show_bug.cgi?id=2263240 https://www.cve.org/CVERecord?id=CVE-2024-3596 https://nvd.nist.gov/vuln/detail/CVE-2024-3596 https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/ https://datatracker.ietf.org/doc/html/rfc2865 https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf https://w1.fi/security/2024-1/hostapd-and-radius-protocol-forgery-attacks.txt https://www.blastradius.fail/ https://www.kb.cert.org/vuls/id/456537 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3596.json https://access.redhat.com/errata/RHSA-2024:9474", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-4.el9_5", "arch_op": "pattern match" }, "Geg0mw2hzdsfDbJ9adcmWg==": { "id": "Geg0mw2hzdsfDbJ9adcmWg==", "updater": "rhel-vex", "name": "CVE-2023-0804", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted24bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0804 https://bugzilla.redhat.com/show_bug.cgi?id=2170192 https://www.cve.org/CVERecord?id=CVE-2023-0804 https://nvd.nist.gov/vuln/detail/CVE-2023-0804 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0804.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "GfPY5zBbHJQI4ZGaDcJj2A==": { "id": "GfPY5zBbHJQI4ZGaDcJj2A==", "updater": "rhel-vex", "name": "CVE-2022-3278", "description": "A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "issued": "2022-09-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3278 https://bugzilla.redhat.com/show_bug.cgi?id=2129831 https://www.cve.org/CVERecord?id=CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3278.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GjK0gO1QmNQJ/ZsCakqCdA==": { "id": "GjK0gO1QmNQJ/ZsCakqCdA==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "Gn9qNy1ITVhOKz+nUviaSg==": { "id": "Gn9qNy1ITVhOKz+nUviaSg==", "updater": "rhel-vex", "name": "CVE-2025-4517", "description": "A flaw was found in the CPython tarfile module. This vulnerability allows arbitrary filesystem writes outside the extraction directory via extracting untrusted tar archives using the TarFile.extractall() or TarFile.extract() methods with the extraction filter parameter set to \"data\" or \"tar\".", "issued": "2025-06-03T12:58:50Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4517 https://bugzilla.redhat.com/show_bug.cgi?id=2370016 https://www.cve.org/CVERecord?id=CVE-2025-4517 https://nvd.nist.gov/vuln/detail/CVE-2025-4517 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4517.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "GnBCRP9H+R6do428z3nOkQ==": { "id": "GnBCRP9H+R6do428z3nOkQ==", "updater": "rhel-vex", "name": "CVE-2021-4173", "description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "issued": "2021-12-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-4173 https://bugzilla.redhat.com/show_bug.cgi?id=2035930 https://www.cve.org/CVERecord?id=CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-4173.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GnJD0wUWuwBPc7SVZsuSoQ==": { "id": "GnJD0wUWuwBPc7SVZsuSoQ==", "updater": "rhel-vex", "name": "CVE-2026-21714", "description": "A flaw was found in Node.js. A remote attacker can exploit this vulnerability in Node.js HTTP/2 servers by sending specially crafted WINDOW_UPDATE frames on stream 0 (connection-level). These frames can cause the flow control window to exceed its maximum value, leading to a memory leak as Http2Session objects are not properly cleaned up. This can result in resource exhaustion and a Denial of Service (DoS) condition for the server.", "issued": "2026-03-30T19:07:28Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21714 https://bugzilla.redhat.com/show_bug.cgi?id=2453161 https://www.cve.org/CVERecord?id=CVE-2026-21714 https://nvd.nist.gov/vuln/detail/CVE-2026-21714 https://nodejs.org/en/blog/vulnerability/march-2026-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21714.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "GoHsuuxRgbGb3lm852rQmg==": { "id": "GoHsuuxRgbGb3lm852rQmg==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "GolUr/klMsQNQ9QFMdcAmw==": { "id": "GolUr/klMsQNQ9QFMdcAmw==", "updater": "rhel-vex", "name": "CVE-2023-0799", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to a use-after-free problem in the extractContigSamplesShifted32bits function in tools/tiffcrop.c, resulting in a Denial of Service.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0799 https://bugzilla.redhat.com/show_bug.cgi?id=2170162 https://www.cve.org/CVERecord?id=CVE-2023-0799 https://nvd.nist.gov/vuln/detail/CVE-2023-0799 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0799.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "GpJjElMhBMa2ZIh0g/0hAQ==": { "id": "GpJjElMhBMa2ZIh0g/0hAQ==", "updater": "rhel-vex", "name": "CVE-2023-27538", "description": "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27538 https://bugzilla.redhat.com/show_bug.cgi?id=2179103 https://www.cve.org/CVERecord?id=CVE-2023-27538 https://nvd.nist.gov/vuln/detail/CVE-2023-27538 https://curl.se/docs/CVE-2023-27538.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27538.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "Gs2+AgmYyHSIFlXrCWZVZQ==": { "id": "Gs2+AgmYyHSIFlXrCWZVZQ==", "updater": "rhel-vex", "name": "CVE-2026-4519", "description": "A flaw was found in Python. The `webbrowser.open()` API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options, which could lead to unexpected behavior, information disclosure, or potentially arbitrary code execution, impacting the integrity of the system.", "issued": "2026-03-20T15:08:32Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4519 https://bugzilla.redhat.com/show_bug.cgi?id=2449649 https://www.cve.org/CVERecord?id=CVE-2026-4519 https://nvd.nist.gov/vuln/detail/CVE-2026-4519 https://github.com/python/cpython/issues/143930 https://github.com/python/cpython/pull/143931 https://mail.python.org/archives/list/security-announce@python.org/thread/AY5NDSS433JK56Q7Q5IS7B37QFZVVOUS/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4519.json https://access.redhat.com/errata/RHSA-2026:6766", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.25-3.el9_7.2", "arch_op": "pattern match" }, "GtECMHzRoeZKh1TLvpCt+A==": { "id": "GtECMHzRoeZKh1TLvpCt+A==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-IPC-Open3", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21-481.el9", "arch_op": "pattern match" }, "GuM8+Ku1VtBzfPk3/FCgzw==": { "id": "GuM8+Ku1VtBzfPk3/FCgzw==", "updater": "rhel-vex", "name": "CVE-2022-1056", "description": "Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-1056 https://bugzilla.redhat.com/show_bug.cgi?id=2233599 https://www.cve.org/CVERecord?id=CVE-2022-1056 https://nvd.nist.gov/vuln/detail/CVE-2022-1056 https://security.gentoo.org/glsa/202210-10 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-1056.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GwJvkFMzYrKrZEvvNMbc6A==": { "id": "GwJvkFMzYrKrZEvvNMbc6A==", "updater": "rhel-vex", "name": "CVE-2024-24791", "description": "A flaw was found in Go. The net/http module mishandles specific server responses from HTTP/1.1 client requests. This issue may render a connection invalid and cause a denial of service.", "issued": "2024-07-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24791 https://bugzilla.redhat.com/show_bug.cgi?id=2295310 https://www.cve.org/CVERecord?id=CVE-2024-24791 https://nvd.nist.gov/vuln/detail/CVE-2024-24791 https://go.dev/cl/591255 https://go.dev/issue/67555 https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24791.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "GwdBWjTMLLj14UbkCrmh/A==": { "id": "GwdBWjTMLLj14UbkCrmh/A==", "updater": "rhel-vex", "name": "CVE-2022-40090", "description": "A flaw was found in the libtiff library. This issue allows an attacker who can submit a specially crafted file to an application linked with libtiff to cause an infinite loop, resulting in a denial of service.", "issued": "2022-08-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-40090 https://bugzilla.redhat.com/show_bug.cgi?id=2234970 https://www.cve.org/CVERecord?id=CVE-2022-40090 https://nvd.nist.gov/vuln/detail/CVE-2022-40090 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-40090.json https://access.redhat.com/errata/RHSA-2024:2289", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9", "arch_op": "pattern match" }, "GzRz/FwkFLGO3g4HmoZPSA==": { "id": "GzRz/FwkFLGO3g4HmoZPSA==", "updater": "rhel-vex", "name": "CVE-2025-66199", "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-66199 https://bugzilla.redhat.com/show_bug.cgi?id=2430379 https://www.cve.org/CVERecord?id=CVE-2025-66199 https://nvd.nist.gov/vuln/detail/CVE-2025-66199 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-66199.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "Gzt3Aov08YmfW0b/CN7tHw==": { "id": "Gzt3Aov08YmfW0b/CN7tHw==", "updater": "rhel-vex", "name": "CVE-2022-41862", "description": "A flaw was found In PostgreSQL. A modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions, a server can cause a libpq client to over-read and report an error message containing uninitialized bytes.", "issued": "2023-02-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41862 https://bugzilla.redhat.com/show_bug.cgi?id=2165722 https://www.cve.org/CVERecord?id=CVE-2022-41862 https://nvd.nist.gov/vuln/detail/CVE-2022-41862 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41862.json https://access.redhat.com/errata/RHSA-2023:6429", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libpq", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:13.11-1.el9", "arch_op": "pattern match" }, "H+x0VPepDcitQiESaSwIwQ==": { "id": "H+x0VPepDcitQiESaSwIwQ==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "H003kvHQyN0gsWRXOrXzxA==": { "id": "H003kvHQyN0gsWRXOrXzxA==", "updater": "rhel-vex", "name": "CVE-2023-2603", "description": "A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.", "issued": "2023-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2603 https://bugzilla.redhat.com/show_bug.cgi?id=2209113 https://www.cve.org/CVERecord?id=CVE-2023-2603 https://nvd.nist.gov/vuln/detail/CVE-2023-2603 https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2603.json https://access.redhat.com/errata/RHSA-2023:5071", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libcap", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.48-9.el9_2", "arch_op": "pattern match" }, "H04yzALMJAjmclexKFeS2w==": { "id": "H04yzALMJAjmclexKFeS2w==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "H09E3JrUNhQlgS4Jd5yiVw==": { "id": "H09E3JrUNhQlgS4Jd5yiVw==", "updater": "rhel-vex", "name": "CVE-2026-25547", "description": "A flaw was found in the brace-expansion component. This denial of service (DoS) vulnerability allows a remote attacker to provide specially crafted input containing repeated numeric brace ranges. This input causes the library to attempt an unbounded expansion, consuming excessive CPU and memory resources. This can lead to a system crash, impacting the availability of the service.", "issued": "2026-02-04T21:51:17Z", "links": "https://access.redhat.com/security/cve/CVE-2026-25547 https://bugzilla.redhat.com/show_bug.cgi?id=2436942 https://www.cve.org/CVERecord?id=CVE-2026-25547 https://nvd.nist.gov/vuln/detail/CVE-2026-25547 https://github.com/isaacs/brace-expansion/security/advisories/GHSA-7h2j-956f-4vf2 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25547.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "H1wshPoazj8pmzsnWAztZA==": { "id": "H1wshPoazj8pmzsnWAztZA==", "updater": "rhel-vex", "name": "CVE-2026-6276", "description": "A flaw was found in libcurl. This vulnerability allows for information disclosure when a custom `Host:` header is used in an initial HTTP request, and a subsequent request reuses the same connection without specifying a new `Host:` header. This can lead to libcurl incorrectly sending cookies intended for the first host to the second host, resulting in a cookie leak. This issue is categorized as an Origin Validation Error (CWE-346). Exploitation typically requires specific debugging configurations.", "issued": "2026-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-6276 https://bugzilla.redhat.com/show_bug.cgi?id=2461203 https://www.cve.org/CVERecord?id=CVE-2026-6276 https://nvd.nist.gov/vuln/detail/CVE-2026-6276 https://curl.se/docs/CVE-2026-6276.html https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6276.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "H1xPFeyk3sWGXc+DXLkdaQ==": { "id": "H1xPFeyk3sWGXc+DXLkdaQ==", "updater": "rhel-vex", "name": "CVE-2026-1526", "description": "A flaw was found in undici. A remote attacker can exploit this vulnerability by sending a specially crafted compressed frame, known as a \"decompression bomb,\" during permessage-deflate decompression. The undici WebSocket client does not properly limit the size of decompressed data, leading to unbounded memory consumption. This can cause the Node.js process to exhaust available memory, resulting in a denial of service (DoS) where the process crashes or becomes unresponsive.", "issued": "2026-03-12T20:08:05Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1526 https://bugzilla.redhat.com/show_bug.cgi?id=2447142 https://www.cve.org/CVERecord?id=CVE-2026-1526 https://nvd.nist.gov/vuln/detail/CVE-2026-1526 https://cna.openjsf.org/security-advisories.html https://datatracker.ietf.org/doc/html/rfc7692 https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q https://hackerone.com/reports/3481206 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1526.json https://access.redhat.com/errata/RHSA-2026:7302", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.22.2-1.module+el9.7.0+24157+8ddb2461", "arch_op": "pattern match" }, "H4boG/V+MB7stA7jG8O6Tw==": { "id": "H4boG/V+MB7stA7jG8O6Tw==", "updater": "rhel-vex", "name": "CVE-2023-7104", "description": "A vulnerability has been identified in SQLite3. This issue affects the sessionReadRecord function of the ext/session/sqlite3session.c function in the make alltest Handler component. Manipulation may cause a heap-based buffer overflow to occur.", "issued": "2023-12-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7104 https://bugzilla.redhat.com/show_bug.cgi?id=2256194 https://www.cve.org/CVERecord?id=CVE-2023-7104 https://nvd.nist.gov/vuln/detail/CVE-2023-7104 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7104.json https://access.redhat.com/errata/RHSA-2024:0465", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "sqlite", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-7.el9_3", "arch_op": "pattern match" }, "H5vm/YCKZciOb4TXZmGZlg==": { "id": "H5vm/YCKZciOb4TXZmGZlg==", "updater": "rhel-vex", "name": "CVE-2024-22018", "description": "A flaw was found in the Node.js package. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve stats from files they do not have explicit read access to.", "issued": "2024-07-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22018 https://bugzilla.redhat.com/show_bug.cgi?id=2296990 https://www.cve.org/CVERecord?id=CVE-2024-22018 https://nvd.nist.gov/vuln/detail/CVE-2024-22018 https://hackerone.com/reports/2145862 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22018.json https://access.redhat.com/errata/RHSA-2024:5815", "severity": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.16.0-1.module+el9.4.0+22197+9e60f127", "arch_op": "pattern match" }, "H7H9wMobv6DOqzUUAdOqGA==": { "id": "H7H9wMobv6DOqzUUAdOqGA==", "updater": "rhel-vex", "name": "CVE-2024-21890", "description": "A flaw was found in the Node.js Permission Model, where it is not clarified in the documentation that wildcards should only be used as the last character of a file path. For example: --allow-fs-read=/home/node/.ssh/*.pub will ignore pub and give access to everything after .ssh/.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21890 https://bugzilla.redhat.com/show_bug.cgi?id=2265722 https://www.cve.org/CVERecord?id=CVE-2024-21890 https://nvd.nist.gov/vuln/detail/CVE-2024-21890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21890.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "H8XwHNDIkW12mW+y74dsdQ==": { "id": "H8XwHNDIkW12mW+y74dsdQ==", "updater": "rhel-vex", "name": "CVE-2024-32004", "description": "A vulnerability was found in Git. This vulnerability can be exploited by an unauthenticated attacker who places a specialized repository on the target's local system. If the victim clones this repository, the attacker can execute arbitrary code.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32004 https://bugzilla.redhat.com/show_bug.cgi?id=2280428 https://www.cve.org/CVERecord?id=CVE-2024-32004 https://nvd.nist.gov/vuln/detail/CVE-2024-32004 https://github.com/git/git/security/advisories/GHSA-xfc6-vwr8-r389 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32004.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "HBDLPf0FBMppxrTwW+gqlA==": { "id": "HBDLPf0FBMppxrTwW+gqlA==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5765", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-3.el9_2", "arch_op": "pattern match" }, "HFchxDnUHv0YgEfYisGA6A==": { "id": "HFchxDnUHv0YgEfYisGA6A==", "updater": "rhel-vex", "name": "CVE-2023-31130", "description": "A vulnerability was found in c-ares. This issue occurs in the ares_inet_net_pton() function, which is vulnerable to a buffer underflow for certain ipv6 addresses. \"0::00:00:00/2\" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which would require an administrator to configure such an address via ares_set_sortlist().", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31130 https://bugzilla.redhat.com/show_bug.cgi?id=2209497 https://www.cve.org/CVERecord?id=CVE-2023-31130 https://nvd.nist.gov/vuln/detail/CVE-2023-31130 https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31130.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "HHBOKYlzeD2Busv7btyBAA==": { "id": "HHBOKYlzeD2Busv7btyBAA==", "updater": "rhel-vex", "name": "CVE-2023-48232", "description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "issued": "2023-11-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48232.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HHpOVRDbzmY2UhydU+uwcg==": { "id": "HHpOVRDbzmY2UhydU+uwcg==", "updater": "rhel-vex", "name": "CVE-2023-6237", "description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "issued": "2024-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "HJRWtVFOp4GhofsLDJveWg==": { "id": "HJRWtVFOp4GhofsLDJveWg==", "updater": "rhel-vex", "name": "CVE-2026-1528", "description": "A flaw was found in undici. A remote attacker could exploit this vulnerability by sending a specially crafted WebSocket frame with an extremely large 64-bit length. This causes undici's ByteParser to overflow its internal calculations, leading to an invalid state and a fatal TypeError. The primary consequence is a Denial of Service (DoS), which terminates the process.", "issued": "2026-03-12T20:21:57Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1528 https://bugzilla.redhat.com/show_bug.cgi?id=2447145 https://www.cve.org/CVERecord?id=CVE-2026-1528 https://nvd.nist.gov/vuln/detail/CVE-2026-1528 https://cna.openjsf.org/security-advisories.html https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj https://hackerone.com/reports/3537648 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1528.json https://access.redhat.com/errata/RHSA-2026:7302", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.22.2-1.module+el9.7.0+24157+8ddb2461", "arch_op": "pattern match" }, "HJf9PCZx5YjpyYLqECiTKg==": { "id": "HJf9PCZx5YjpyYLqECiTKg==", "updater": "rhel-vex", "name": "CVE-2024-12797", "description": "A flaw was found in OpenSSL's RFC7250 Raw Public Key (RPK) authentication. This vulnerability allows man-in-the-middle (MITM) attacks via failure to abort TLS/DTLS handshakes when the server's RPK does not match the expected key despite the SSL_VERIFY_PEER verification mode being set.", "issued": "2025-02-11T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12797 https://bugzilla.redhat.com/show_bug.cgi?id=2342757 https://www.cve.org/CVERecord?id=CVE-2024-12797 https://nvd.nist.gov/vuln/detail/CVE-2024-12797 https://openssl-library.org/news/secadv/20250211.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12797.json https://access.redhat.com/errata/RHSA-2025:1330", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5.1", "arch_op": "pattern match" }, "HMF5qYGPMt4Fb5i6RtdwRA==": { "id": "HMF5qYGPMt4Fb5i6RtdwRA==", "updater": "rhel-vex", "name": "CVE-2019-12900", "description": "A data integrity error was found in the bzip2 (User-space package) functionality when decompressing. This issue occurs when a user decompresses a particular kind of .bz2 files. A local user could get unexpected results (or corrupted data) as result of decompressing these files.", "issued": "2024-11-15T10:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=2332075 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json https://access.redhat.com/errata/RHSA-2025:0925", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "bzip2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.0.8-10.el9_5", "arch_op": "pattern match" }, "HMytRAMTGJlQRfqVbIzzVg==": { "id": "HMytRAMTGJlQRfqVbIzzVg==", "updater": "osv/go", "name": "GO-2022-0525", "description": "Improper sanitization of Transfer-Encoding headers in net/http", "issued": "2022-07-25T17:34:18Z", "links": "https://go.dev/cl/409874 https://go.googlesource.com/go/+/e5017a93fcde94f09836200bca55324af037ee5f https://go.dev/issue/53188 https://go.dev/cl/410714 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.4" }, "HNWibMRA8AF0jyyBYQthdA==": { "id": "HNWibMRA8AF0jyyBYQthdA==", "updater": "rhel-vex", "name": "CVE-2024-50349", "description": "A flaw was found in Git. This vulnerability occurs when Git requests credentials via a terminal prompt, for example, without the use of a credential helper. During this process, Git displays the host name for which the credentials are needed, but any URL-encoded parts are decoded and displayed directly. This can allow an attacker to manipulate URLs by including ANSI escape sequences, which can be interpreted by the terminal to mislead users by tricking them into entering passwords that are redirected to malicious attacker-controlled sites.", "issued": "2025-01-14T18:43:42Z", "links": "https://access.redhat.com/security/cve/CVE-2024-50349 https://bugzilla.redhat.com/show_bug.cgi?id=2337824 https://www.cve.org/CVERecord?id=CVE-2024-50349 https://nvd.nist.gov/vuln/detail/CVE-2024-50349 https://github.com/git/git/commit/7725b8100ffbbff2750ee4d61a0fcc1f53a086e8 https://github.com/git/git/commit/c903985bf7e772e2d08275c1a95c8a55ab011577 https://github.com/git/git/security/advisories/GHSA-hmg8-h7qf-7cxr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50349.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "HOYwG5Rw5KtCLqSTp9IaXQ==": { "id": "HOYwG5Rw5KtCLqSTp9IaXQ==", "updater": "rhel-vex", "name": "CVE-2023-4752", "description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "issued": "2023-09-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4752.json https://access.redhat.com/errata/RHSA-2025:7440", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-22.el9_6", "arch_op": "pattern match" }, "HRagOYGIDOKfFoQakG4CEA==": { "id": "HRagOYGIDOKfFoQakG4CEA==", "updater": "rhel-vex", "name": "CVE-2025-6021", "description": "A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.", "issued": "2025-06-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6021 https://bugzilla.redhat.com/show_bug.cgi?id=2372406 https://www.cve.org/CVERecord?id=CVE-2025-6021 https://nvd.nist.gov/vuln/detail/CVE-2025-6021 https://gitlab.gnome.org/GNOME/libxml2/-/issues/926 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6021.json https://access.redhat.com/errata/RHSA-2025:10699", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-10.el9_6", "arch_op": "pattern match" }, "HS96brYtpBiaYpW7OxT5Wg==": { "id": "HS96brYtpBiaYpW7OxT5Wg==", "updater": "rhel-vex", "name": "CVE-2023-27533", "description": "A vulnerability in input validation exists in curl \u003c8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27533 https://bugzilla.redhat.com/show_bug.cgi?id=2179062 https://www.cve.org/CVERecord?id=CVE-2023-27533 https://nvd.nist.gov/vuln/detail/CVE-2023-27533 https://curl.se/docs/CVE-2023-27533.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27533.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "HSaKorahiaNwGqqE2DJSaw==": { "id": "HSaKorahiaNwGqqE2DJSaw==", "updater": "rhel-vex", "name": "CVE-2022-3235", "description": "A use after free vulnerability has been found in the vim package of the linux kernals such that Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.", "issued": "2022-09-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3235.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HT2SNCYX7dkF36jwcJ6tBg==": { "id": "HT2SNCYX7dkF36jwcJ6tBg==", "updater": "rhel-vex", "name": "CVE-2025-23166", "description": "A flaw was found in Node.js, specifically in the C++ method SignTraits::DeriveBits(). This vulnerability can allow a remote attacker to crash the Node.js runtime via untrusted input, triggering an exception in a background thread.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23166 https://bugzilla.redhat.com/show_bug.cgi?id=2367163 https://www.cve.org/CVERecord?id=CVE-2025-23166 https://nvd.nist.gov/vuln/detail/CVE-2025-23166 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23166.json https://access.redhat.com/errata/RHSA-2025:8467", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.16.0-1.module+el9.6.0+23151+b1496e9d", "arch_op": "pattern match" }, "HT4k6+0VwtXXrNi4IFV2ug==": { "id": "HT4k6+0VwtXXrNi4IFV2ug==", "updater": "rhel-vex", "name": "CVE-2023-7008", "description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "issued": "2022-12-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd-rpm-macros", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:252-32.el9_4", "arch_op": "pattern match" }, "HUhIlH+/4z8COoDr8jeAaQ==": { "id": "HUhIlH+/4z8COoDr8jeAaQ==", "updater": "rhel-vex", "name": "CVE-2025-55131", "description": "A memory exposure flaw has been discovered in Node.js. A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the `vm` module with the timeout option. Under specific timing conditions, buffers allocated with `Buffer.alloc` and other `TypedArray` instances like `Uint8Array` may contain leftover data from previous operations, allowing in-process secrets like tokens or passwords to leak or causing data corruption.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-55131 https://bugzilla.redhat.com/show_bug.cgi?id=2431350 https://www.cve.org/CVERecord?id=CVE-2025-55131 https://nvd.nist.gov/vuln/detail/CVE-2025-55131 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-55131.json https://access.redhat.com/errata/RHSA-2026:2783", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.20.0-1.module+el9.7.0+23895+0637d423", "arch_op": "pattern match" }, "HW1HxtJFrKBktMKHARGGeQ==": { "id": "HW1HxtJFrKBktMKHARGGeQ==", "updater": "rhel-vex", "name": "CVE-2023-39321", "description": "A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39321 https://bugzilla.redhat.com/show_bug.cgi?id=2237777 https://www.cve.org/CVERecord?id=CVE-2023-39321 https://nvd.nist.gov/vuln/detail/CVE-2023-39321 https://go.dev/cl/523039 https://go.dev/issue/62266 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2044.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39321.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "HeemEcWe2JVMYkjGWbuiFA==": { "id": "HeemEcWe2JVMYkjGWbuiFA==", "updater": "rhel-vex", "name": "CVE-2024-24788", "description": "A flaw was found in the net package of the Go stdlib. When a malformed DNS message is received as a response to a query, the Lookup functions within the net package can get stuck in an infinite loop. This issue can lead to resource exhaustion and denial of service (DoS) conditions.", "issued": "2024-05-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24788 https://bugzilla.redhat.com/show_bug.cgi?id=2279814 https://www.cve.org/CVERecord?id=CVE-2024-24788 https://nvd.nist.gov/vuln/detail/CVE-2024-24788 https://pkg.go.dev/vuln/GO-2024-2824 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24788.json https://access.redhat.com/errata/RHBA-2024:3840", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.10-1.el9_4", "arch_op": "pattern match" }, "HemNnBPTgSHasXNahNqsQg==": { "id": "HemNnBPTgSHasXNahNqsQg==", "updater": "rhel-vex", "name": "CVE-2025-47906", "description": "A path handling flaw has been discovered in the os/exec go package. If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", "issued": "2025-09-18T18:41:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47906 https://bugzilla.redhat.com/show_bug.cgi?id=2396546 https://www.cve.org/CVERecord?id=CVE-2025-47906 https://nvd.nist.gov/vuln/detail/CVE-2025-47906 https://go.dev/cl/691775 https://go.dev/issue/74466 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://pkg.go.dev/vuln/GO-2025-3956 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47906.json https://access.redhat.com/errata/RHSA-2025:13935", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.6-1.el9_6", "arch_op": "pattern match" }, "HfjDJmml2JYJ9YjdaPe+zQ==": { "id": "HfjDJmml2JYJ9YjdaPe+zQ==", "updater": "rhel-vex", "name": "CVE-2024-2398", "description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "issued": "2024-03-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-29.el9_4.1", "arch_op": "pattern match" }, "HiF486OoQCfE4Hwc8DTxrQ==": { "id": "HiF486OoQCfE4Hwc8DTxrQ==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "HjJnWaqrr4SaFPjzu8hVkg==": { "id": "HjJnWaqrr4SaFPjzu8hVkg==", "updater": "rhel-vex", "name": "CVE-2022-46663", "description": "A vulnerability was found in less. This flaw allows crafted data to result in \"less -R\" not filtering ANSI escape sequences sent to the terminal.", "issued": "2023-02-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-46663 https://bugzilla.redhat.com/show_bug.cgi?id=2169621 https://www.cve.org/CVERecord?id=CVE-2022-46663 https://nvd.nist.gov/vuln/detail/CVE-2022-46663 https://www.openwall.com/lists/oss-security/2023/02/07/7 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-46663.json https://access.redhat.com/errata/RHSA-2023:3725", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "less", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:590-2.el9_2", "arch_op": "pattern match" }, "Hk/EnuFgs+4rtDh2D0OPZg==": { "id": "Hk/EnuFgs+4rtDh2D0OPZg==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1438", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-4.el9_3", "arch_op": "pattern match" }, "Hk8k4qPIhaJI1mipqA9iiw==": { "id": "Hk8k4qPIhaJI1mipqA9iiw==", "updater": "rhel-vex", "name": "CVE-2026-41080", "description": "A flaw was found in libexpat. A remote attacker could exploit this vulnerability by providing a specially crafted XML document that leverages insufficient entropy in the hash function. This can lead to hash flooding, a type of Denial of Service (DoS) attack, where the system becomes unresponsive or crashes due to excessive resource consumption.", "issued": "2026-04-16T16:52:01Z", "links": "https://access.redhat.com/security/cve/CVE-2026-41080 https://bugzilla.redhat.com/show_bug.cgi?id=2458967 https://www.cve.org/CVERecord?id=CVE-2026-41080 https://nvd.nist.gov/vuln/detail/CVE-2026-41080 https://github.com/libexpat/libexpat/issues/47 https://github.com/libexpat/libexpat/pull/1183 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-41080.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HlOu0EmTxHkjzmJeJEuJmw==": { "id": "HlOu0EmTxHkjzmJeJEuJmw==", "updater": "rhel-vex", "name": "CVE-2023-4735", "description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "issued": "2023-09-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4735.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HlmfsCkhcIqBoptvS1F7pQ==": { "id": "HlmfsCkhcIqBoptvS1F7pQ==", "updater": "rhel-vex", "name": "CVE-2023-31124", "description": "A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31124 https://bugzilla.redhat.com/show_bug.cgi?id=2209494 https://www.cve.org/CVERecord?id=CVE-2023-31124 https://nvd.nist.gov/vuln/detail/CVE-2023-31124 https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31124.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "HmZXdUV/ycFcRK+m71pC+w==": { "id": "HmZXdUV/ycFcRK+m71pC+w==", "updater": "rhel-vex", "name": "CVE-2024-11168", "description": "A flaw was found in Python. The `urllib.parse.urlsplit()` and `urlparse()` functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture compliant. This behavior was not conformant to RFC 3986 and was potentially vulnerable to server-side request forgery (SSRF) if a URL is processed by more than one URL parser.", "issued": "2024-11-12T21:22:23Z", "links": "https://access.redhat.com/security/cve/CVE-2024-11168 https://bugzilla.redhat.com/show_bug.cgi?id=2325776 https://www.cve.org/CVERecord?id=CVE-2024-11168 https://nvd.nist.gov/vuln/detail/CVE-2024-11168 https://github.com/python/cpython/commit/29f348e232e82938ba2165843c448c2b291504c5 https://github.com/python/cpython/commit/b2171a2fd41416cf68afd67460578631d755a550 https://github.com/python/cpython/issues/103848 https://github.com/python/cpython/pull/103849 https://mail.python.org/archives/list/security-announce@python.org/thread/XPWB6XVZ5G5KGEI63M4AWLIEUF5BPH4T/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-11168.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "HnNhAdInEg3yPEHYo7Hl+Q==": { "id": "HnNhAdInEg3yPEHYo7Hl+Q==", "updater": "rhel-vex", "name": "CVE-2024-0567", "description": "A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.", "issued": "2024-01-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0567 https://bugzilla.redhat.com/show_bug.cgi?id=2258544 https://www.cve.org/CVERecord?id=CVE-2024-0567 https://nvd.nist.gov/vuln/detail/CVE-2024-0567 https://gitlab.com/gnutls/gnutls/-/issues/1521 https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0567.json https://access.redhat.com/errata/RHSA-2024:0533", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-23.el9_3.3", "arch_op": "pattern match" }, "HqbYURF/7TaXoQPMqtdsIA==": { "id": "HqbYURF/7TaXoQPMqtdsIA==", "updater": "rhel-vex", "name": "CVE-2023-0464", "description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "HrQTGWot7zXPyYbisnzShg==": { "id": "HrQTGWot7zXPyYbisnzShg==", "updater": "rhel-vex", "name": "CVE-2024-6409", "description": "A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server.", "issued": "2024-07-08T17:45:07Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6409 https://bugzilla.redhat.com/show_bug.cgi?id=2295085 https://www.cve.org/CVERecord?id=CVE-2024-6409 https://nvd.nist.gov/vuln/detail/CVE-2024-6409 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6409.json https://access.redhat.com/errata/RHSA-2024:4457", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-38.el9_4.4", "arch_op": "pattern match" }, "Ht/FCT7E55SLIJNr/AHy9A==": { "id": "Ht/FCT7E55SLIJNr/AHy9A==", "updater": "rhel-vex", "name": "CVE-2023-23919", "description": "A cryptographic vulnerability exists in Node.js \u003c19.2.0, \u003c18.14.1, \u003c16.19.1, \u003c14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23919 https://bugzilla.redhat.com/show_bug.cgi?id=2172170 https://www.cve.org/CVERecord?id=CVE-2023-23919 https://nvd.nist.gov/vuln/detail/CVE-2023-23919 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23919.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "HtyjDn7BTHlrC40bO1Itjw==": { "id": "HtyjDn7BTHlrC40bO1Itjw==", "updater": "rhel-vex", "name": "CVE-2026-33812", "description": "A flaw was found in golang.org/x/image. A remote attacker could exploit this vulnerability by providing a specially crafted font file. Parsing this malicious file can lead to excessive memory allocation, which may result in a Denial of Service (DoS) for the affected system.", "issued": "2026-04-21T19:21:28Z", "links": "https://access.redhat.com/security/cve/CVE-2026-33812 https://bugzilla.redhat.com/show_bug.cgi?id=2460227 https://www.cve.org/CVERecord?id=CVE-2026-33812 https://nvd.nist.gov/vuln/detail/CVE-2026-33812 https://go.dev/cl/761180 https://go.dev/issue/78382 https://pkg.go.dev/vuln/GO-2026-4962 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33812.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Hv5r2lArsZsqnS0cLJ2sfw==": { "id": "Hv5r2lArsZsqnS0cLJ2sfw==", "updater": "rhel-vex", "name": "CVE-2025-61731", "description": "A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the '#cgo pkg-config:' directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a '--log-file' argument to the pkg-config command. This vulnerability can lead to arbitrary file write.", "issued": "2026-01-28T19:30:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61731 https://bugzilla.redhat.com/show_bug.cgi?id=2434433 https://www.cve.org/CVERecord?id=CVE-2025-61731 https://nvd.nist.gov/vuln/detail/CVE-2025-61731 https://go.dev/cl/736711 https://go.dev/issue/77100 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://pkg.go.dev/vuln/GO-2026-4339 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61731.json https://access.redhat.com/errata/RHSA-2026:5942", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.25.8-1.el9_7", "arch_op": "pattern match" }, "HveCNT+j0lknlUOFTaqgtg==": { "id": "HveCNT+j0lknlUOFTaqgtg==", "updater": "rhel-vex", "name": "CVE-2026-22693", "description": "A null pointer dereference vector has been discovered in the harfbuzz package. A null pointer dereference vulnerability exists in the SubtableUnicodesCache::create function located in src/hb-ot-cmap-table.hh:1672-1673. The function fails to check if hb_malloc returns NULL before using placement new to construct an object at the returned pointer address. When hb_malloc fails to allocate memory (which can occur in low-memory conditions or when using custom allocators that simulate allocation failures), it returns NULL. The code then attempts to call the constructor on this null pointer using placement new syntax, resulting in undefined behavior and a Segmentation Fault.", "issued": "2026-01-10T05:53:21Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22693 https://bugzilla.redhat.com/show_bug.cgi?id=2428439 https://www.cve.org/CVERecord?id=CVE-2026-22693 https://nvd.nist.gov/vuln/detail/CVE-2026-22693 https://github.com/harfbuzz/harfbuzz/commit/1265ff8d990284f04d8768f35b0e20ae5f60daae https://github.com/harfbuzz/harfbuzz/security/advisories/GHSA-xvjr-f2r9-c7ww https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22693.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "harfbuzz", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HxI42iSjURjRki+uV6q/9w==": { "id": "HxI42iSjURjRki+uV6q/9w==", "updater": "rhel-vex", "name": "CVE-2024-0232", "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "issued": "2023-10-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0232.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HxiMqPnG14UzA9oHqqI6Ng==": { "id": "HxiMqPnG14UzA9oHqqI6Ng==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "I1n6/nf1BmKoqYe/GXCV3A==": { "id": "I1n6/nf1BmKoqYe/GXCV3A==", "updater": "rhel-vex", "name": "CVE-2024-5535", "description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "I2RIq/DddjMUlHYGWhmsEQ==": { "id": "I2RIq/DddjMUlHYGWhmsEQ==", "updater": "rhel-vex", "name": "CVE-2025-32990", "description": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.", "issued": "2025-07-09T07:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32990 https://bugzilla.redhat.com/show_bug.cgi?id=2359620 https://www.cve.org/CVERecord?id=CVE-2025-32990 https://nvd.nist.gov/vuln/detail/CVE-2025-32990 https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32990.json https://access.redhat.com/errata/RHSA-2025:16116", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-6.el9_6.2", "arch_op": "pattern match" }, "I2w7mAdeccRvDV/HeaBOoA==": { "id": "I2w7mAdeccRvDV/HeaBOoA==", "updater": "rhel-vex", "name": "CVE-2022-29187", "description": "A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This issue allows the owner of the repository to cause arbitrary commands to be executed by other users who access the repository.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-29187 https://bugzilla.redhat.com/show_bug.cgi?id=2107439 https://www.cve.org/CVERecord?id=CVE-2022-29187 https://nvd.nist.gov/vuln/detail/CVE-2022-29187 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-29187.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "I3+uP7bb+nPtzRYHH2UUgw==": { "id": "I3+uP7bb+nPtzRYHH2UUgw==", "updater": "rhel-vex", "name": "CVE-2021-3826", "description": "A vulnerability was found in Libiberty. A heap and stack buffer overflow found in the dlang_lname function in d-demangle.c leads to a denial of service.", "issued": "2021-09-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3826 https://bugzilla.redhat.com/show_bug.cgi?id=2122627 https://www.cve.org/CVERecord?id=CVE-2021-3826 https://nvd.nist.gov/vuln/detail/CVE-2021-3826 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3826.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "I362Vwh1x92yigOP2ZDpKA==": { "id": "I362Vwh1x92yigOP2ZDpKA==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "I3Zso12Z+9mUcVEvUKWJ8w==": { "id": "I3Zso12Z+9mUcVEvUKWJ8w==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "cpp", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "I3vwwgMxzxWo15otCOgvAw==": { "id": "I3vwwgMxzxWo15otCOgvAw==", "updater": "rhel-vex", "name": "CVE-2021-3928", "description": "A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-10-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3928 https://bugzilla.redhat.com/show_bug.cgi?id=2021292 https://www.cve.org/CVERecord?id=CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3928.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "I44fXMfux3yPYaBHaNxgsg==": { "id": "I44fXMfux3yPYaBHaNxgsg==", "updater": "rhel-vex", "name": "CVE-2023-27536", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, the GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27536 https://bugzilla.redhat.com/show_bug.cgi?id=2179092 https://www.cve.org/CVERecord?id=CVE-2023-27536 https://nvd.nist.gov/vuln/detail/CVE-2023-27536 https://curl.se/docs/CVE-2023-27536.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27536.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "I4HPpXHWYdmlm5nIZYX2Zw==": { "id": "I4HPpXHWYdmlm5nIZYX2Zw==", "updater": "rhel-vex", "name": "CVE-2024-45336", "description": "A flaw was found in the net/http package of the Golang standard library. The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to `a.com/` containing an Authorization header redirected to `b.com/` will not send that header to `b.com`. However, the sensitive headers would be restored if the client received a subsequent same-domain redirect. For example, a chain of redirects from `a.com/`, to `b.com/1`, and finally to `b.com/2` would incorrectly send the Authorization header to `b.com/2`.", "issued": "2025-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/show_bug.cgi?id=2341751 https://www.cve.org/CVERecord?id=CVE-2024-45336 https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://github.com/golang/go/issues/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45336.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "delve", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.1-2.el9_5", "arch_op": "pattern match" }, "I53ZVLR4IycE9d0CU5r5nA==": { "id": "I53ZVLR4IycE9d0CU5r5nA==", "updater": "rhel-vex", "name": "CVE-2025-15468", "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15468 https://bugzilla.redhat.com/show_bug.cgi?id=2430377 https://www.cve.org/CVERecord?id=CVE-2025-15468 https://nvd.nist.gov/vuln/detail/CVE-2025-15468 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15468.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "I5CKvoKqBhFd1vY7fxFKtQ==": { "id": "I5CKvoKqBhFd1vY7fxFKtQ==", "updater": "rhel-vex", "name": "CVE-2023-30775", "description": "A vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c.", "issued": "2023-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30775 https://bugzilla.redhat.com/show_bug.cgi?id=2187141 https://www.cve.org/CVERecord?id=CVE-2023-30775 https://nvd.nist.gov/vuln/detail/CVE-2023-30775 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30775.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "I9Xc2JiRiPWfOFS5AHY1Ww==": { "id": "I9Xc2JiRiPWfOFS5AHY1Ww==", "updater": "rhel-vex", "name": "CVE-2023-7008", "description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "issued": "2022-12-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:252-32.el9_4", "arch_op": "pattern match" }, "IDAwc/hZzIcM4IBkaUT9YA==": { "id": "IDAwc/hZzIcM4IBkaUT9YA==", "updater": "osv/go", "name": "GO-2025-3563", "description": "Request smuggling due to acceptance of invalid chunked data in net/http", "issued": "2025-04-08T19:46:23Z", "links": "https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.23.8" }, "IDDFCE+x3YM7koS2SvW5fA==": { "id": "IDDFCE+x3YM7koS2SvW5fA==", "updater": "rhel-vex", "name": "CVE-2023-3446", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "IENtFrOwfEqYX/lp+0u2Gw==": { "id": "IENtFrOwfEqYX/lp+0u2Gw==", "updater": "rhel-vex", "name": "CVE-2025-48385", "description": "A bundled uri handling flaw was found in Git. When cloning a repository, Git knows to optionally fetch a bundle advertised by the remote server, which allows the server side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection.", "issued": "2025-07-08T18:23:44Z", "links": "https://access.redhat.com/security/cve/CVE-2025-48385 https://bugzilla.redhat.com/show_bug.cgi?id=2378808 https://www.cve.org/CVERecord?id=CVE-2025-48385 https://nvd.nist.gov/vuln/detail/CVE-2025-48385 https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-48385.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "IERk9xwccKWSGr20Hb5U6g==": { "id": "IERk9xwccKWSGr20Hb5U6g==", "updater": "rhel-vex", "name": "CVE-2023-24539", "description": "A flaw was found in golang where angle brackets (\u003c\u003e) were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in the CSS context unexpectedly closing, allowing for the injection of unexpected HMTL if executed with untrusted input.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24539 https://bugzilla.redhat.com/show_bug.cgi?id=2196026 https://www.cve.org/CVERecord?id=CVE-2023-24539 https://nvd.nist.gov/vuln/detail/CVE-2023-24539 https://github.com/golang/go/issues/59720 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24539.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "IEgg0w4Stl0SPUBA3ppc4w==": { "id": "IEgg0w4Stl0SPUBA3ppc4w==", "updater": "rhel-vex", "name": "CVE-2025-61984", "description": "A flaw was found in OpenSSH where control characters in usernames were not properly validated when sourced from untrusted inputs like the command line or configuration expansion. If a ProxyCommand is used, these control characters could modify command behavior, potentially leading to code execution.", "issued": "2025-10-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61984 https://bugzilla.redhat.com/show_bug.cgi?id=2401960 https://www.cve.org/CVERecord?id=CVE-2025-61984 https://nvd.nist.gov/vuln/detail/CVE-2025-61984 https://marc.info/?l=openssh-unix-dev\u0026m=175974522032149\u0026w=2 https://www.openssh.com/releasenotes.html#10.1p1 https://www.openwall.com/lists/oss-security/2025/10/06/1 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61984.json https://access.redhat.com/errata/RHSA-2025:23480", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-47.el9_7", "arch_op": "pattern match" }, "IFJrKlOefqh8BMNkCUNhqA==": { "id": "IFJrKlOefqh8BMNkCUNhqA==", "updater": "rhel-vex", "name": "CVE-2025-55131", "description": "A memory exposure flaw has been discovered in Node.js. A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the `vm` module with the timeout option. Under specific timing conditions, buffers allocated with `Buffer.alloc` and other `TypedArray` instances like `Uint8Array` may contain leftover data from previous operations, allowing in-process secrets like tokens or passwords to leak or causing data corruption.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-55131 https://bugzilla.redhat.com/show_bug.cgi?id=2431350 https://www.cve.org/CVERecord?id=CVE-2025-55131 https://nvd.nist.gov/vuln/detail/CVE-2025-55131 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-55131.json https://access.redhat.com/errata/RHSA-2026:2781", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.13.0-1.module+el9.7.0+23894+c8377628", "arch_op": "pattern match" }, "IFUwSX5dX69QHRHfvOeQDg==": { "id": "IFUwSX5dX69QHRHfvOeQDg==", "updater": "rhel-vex", "name": "CVE-2026-6429", "description": "A flaw was found in libcurl. When configured to use a .netrc file for credentials and follow HTTP redirects, libcurl can inadvertently send the password from the initial connection to the redirected host. This sensitive information disclosure occurs when both the original and redirect URLs use clear text HTTP, are performed over the same HTTP proxy, and the same connection is reused. This vulnerability, categorized as an Exposure of Sensitive Information to an Unauthorized Actor (CWE-200), could allow an attacker to obtain user credentials.", "issued": "2026-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-6429 https://bugzilla.redhat.com/show_bug.cgi?id=2461205 https://www.cve.org/CVERecord?id=CVE-2026-6429 https://nvd.nist.gov/vuln/detail/CVE-2026-6429 https://curl.se/docs/CVE-2026-6429.html https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6429.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "IGjKj/4HsFqLB1NtljhGnQ==": { "id": "IGjKj/4HsFqLB1NtljhGnQ==", "updater": "rhel-vex", "name": "CVE-2026-21711", "description": "A flaw was found in Node.js. The Node.js Permission Model, designed to restrict network access, incorrectly omits permission checks for Unix Domain Socket (UDS) server operations. This allows local code, even when explicitly denied network access, to create and expose inter-process communication (IPC) endpoints. As a result, unauthorized communication can occur between processes on the same host, bypassing the intended network security restrictions.", "issued": "2026-03-30T19:07:28Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21711 https://bugzilla.redhat.com/show_bug.cgi?id=2453158 https://www.cve.org/CVERecord?id=CVE-2026-21711 https://nvd.nist.gov/vuln/detail/CVE-2026-21711 https://nodejs.org/en/blog/vulnerability/march-2026-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21711.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "IGsR1pj6qXRBH+0hYVXsew==": { "id": "IGsR1pj6qXRBH+0hYVXsew==", "updater": "rhel-vex", "name": "CVE-2023-27536", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, the GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27536 https://bugzilla.redhat.com/show_bug.cgi?id=2179092 https://www.cve.org/CVERecord?id=CVE-2023-27536 https://nvd.nist.gov/vuln/detail/CVE-2023-27536 https://curl.se/docs/CVE-2023-27536.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27536.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "IH0yoiWyuDmG+HH8h9dKLw==": { "id": "IH0yoiWyuDmG+HH8h9dKLw==", "updater": "rhel-vex", "name": "CVE-2023-27536", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, the GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27536 https://bugzilla.redhat.com/show_bug.cgi?id=2179092 https://www.cve.org/CVERecord?id=CVE-2023-27536 https://nvd.nist.gov/vuln/detail/CVE-2023-27536 https://curl.se/docs/CVE-2023-27536.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27536.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "IIfJmT1yzMqBOVKMy3nlyQ==": { "id": "IIfJmT1yzMqBOVKMy3nlyQ==", "updater": "rhel-vex", "name": "CVE-2025-4674", "description": "A flaw was found in cmd/go. The `go` command can execute arbitrary commands when processing untrusted version control system (VCS) repositories containing malicious configuration. This issue occurs because the command interprets VCS metadata, potentially leading to unintended command execution. This vulnerability allows a malicious actor to trigger this by providing a repository with a crafted VCS configuration, resulting in arbitrary code execution within the context of the `go` process.", "issued": "2025-07-29T21:19:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4674 https://bugzilla.redhat.com/show_bug.cgi?id=2384329 https://www.cve.org/CVERecord?id=CVE-2025-4674 https://nvd.nist.gov/vuln/detail/CVE-2025-4674 https://go.dev/cl/686515 https://go.dev/issue/74380 https://groups.google.com/g/golang-announce/c/gTNJnDXmn34 https://pkg.go.dev/vuln/GO-2025-3828 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4674.json https://access.redhat.com/errata/RHSA-2025:13935", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.6-1.el9_6", "arch_op": "pattern match" }, "IJSMEZBpGJDyClVadkCLsA==": { "id": "IJSMEZBpGJDyClVadkCLsA==", "updater": "rhel-vex", "name": "CVE-2025-11083", "description": "A head based buffer overflow flaw has been discovered in GNU bin utilities. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally.", "issued": "2025-09-27T23:02:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11083 https://bugzilla.redhat.com/show_bug.cgi?id=2399948 https://www.cve.org/CVERecord?id=CVE-2025-11083 https://nvd.nist.gov/vuln/detail/CVE-2025-11083 https://sourceware.org/bugzilla/attachment.cgi?id=16353 https://sourceware.org/bugzilla/show_bug.cgi?id=33457 https://sourceware.org/bugzilla/show_bug.cgi?id=33457#c1 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=9ca499644a21ceb3f946d1c179c38a83be084490 https://vuldb.com/?ctiid.326124 https://vuldb.com/?id.326124 https://vuldb.com/?submit.661277 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11083.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "IL9yoqEJiA7P9oRxQrj7SQ==": { "id": "IL9yoqEJiA7P9oRxQrj7SQ==", "updater": "rhel-vex", "name": "CVE-2023-32002", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of Module._load() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2230948 https://www.cve.org/CVERecord?id=CVE-2023-32002 https://nvd.nist.gov/vuln/detail/CVE-2023-32002 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-module_load-highcve-2023-32002 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32002.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.17.1-1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "IRgMJoQA4x1xizY2hEw96w==": { "id": "IRgMJoQA4x1xizY2hEw96w==", "updater": "rhel-vex", "name": "CVE-2023-32559", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding() can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding('spawn_sync') to run arbitrary code outside of the limits defined in a policy.json file.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32559 https://bugzilla.redhat.com/show_bug.cgi?id=2230956 https://www.cve.org/CVERecord?id=CVE-2023-32559 https://nvd.nist.gov/vuln/detail/CVE-2023-32559 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-processbinding-mediumcve-2023-32559 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32559.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "ISgjA2mi+Q9vbdNEhDKXOA==": { "id": "ISgjA2mi+Q9vbdNEhDKXOA==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1446", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.6-1.module+el9.5.0+22773+9a359385", "arch_op": "pattern match" }, "ITIiuf1dzb05+JHj8h65fg==": { "id": "ITIiuf1dzb05+JHj8h65fg==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "ITpj/wESnpXzi/8j4E382w==": { "id": "ITpj/wESnpXzi/8j4E382w==", "updater": "rhel-vex", "name": "CVE-2025-64720", "description": "A buffer overflow flaw has been discovered in libpng. An out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component ≤ alpha × 257 required by the simplified PNG API.", "issued": "2025-11-24T23:45:38Z", "links": "https://access.redhat.com/security/cve/CVE-2025-64720 https://bugzilla.redhat.com/show_bug.cgi?id=2416904 https://www.cve.org/CVERecord?id=CVE-2025-64720 https://nvd.nist.gov/vuln/detail/CVE-2025-64720 https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643 https://github.com/pnggroup/libpng/issues/686 https://github.com/pnggroup/libpng/pull/751 https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-64720.json https://access.redhat.com/errata/RHSA-2026:0238", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libpng-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:1.6.37-12.el9_7.1", "arch_op": "pattern match" }, "IUI8ka2AYA1twZAQi4gL5Q==": { "id": "IUI8ka2AYA1twZAQi4gL5Q==", "updater": "rhel-vex", "name": "CVE-2023-29409", "description": "A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.", "issued": "2023-08-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29409 https://bugzilla.redhat.com/show_bug.cgi?id=2228743 https://www.cve.org/CVERecord?id=CVE-2023-29409 https://nvd.nist.gov/vuln/detail/CVE-2023-29409 https://go.dev/cl/515257 https://go.dev/issue/61460 https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ https://pkg.go.dev/vuln/GO-2023-1987 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29409.json https://access.redhat.com/errata/RHSA-2023:5738", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.13-1.el9_2", "arch_op": "pattern match" }, "IV554NtP1F9KO4IyBit26g==": { "id": "IV554NtP1F9KO4IyBit26g==", "updater": "rhel-vex", "name": "CVE-2021-35065", "description": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "issued": "2022-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35065 https://bugzilla.redhat.com/show_bug.cgi?id=2156324 https://www.cve.org/CVERecord?id=CVE-2021-35065 https://nvd.nist.gov/vuln/detail/CVE-2021-35065 https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35065.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "IWplUWF011EXddGnkU5Png==": { "id": "IWplUWF011EXddGnkU5Png==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-overloading", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:0.02-481.1.el9_6", "arch_op": "pattern match" }, "IaNq7BGSUI5KW7kcB5RXdQ==": { "id": "IaNq7BGSUI5KW7kcB5RXdQ==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "IbhdAqkTe4EMzAhoNvBoZw==": { "id": "IbhdAqkTe4EMzAhoNvBoZw==", "updater": "rhel-vex", "name": "CVE-2023-29491", "description": "A vulnerability was found in ncurses and occurs when used by a setuid application. This flaw allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "issued": "2023-04-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29491 https://bugzilla.redhat.com/show_bug.cgi?id=2191704 https://www.cve.org/CVERecord?id=CVE-2023-29491 https://nvd.nist.gov/vuln/detail/CVE-2023-29491 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29491.json https://access.redhat.com/errata/RHSA-2023:6698", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "ncurses-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9", "arch_op": "pattern match" }, "Ie7rkr8oApZOM9PK2gFB6A==": { "id": "Ie7rkr8oApZOM9PK2gFB6A==", "updater": "rhel-vex", "name": "CVE-2026-2673", "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "issued": "2026-03-13T13:23:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-2673 https://bugzilla.redhat.com/show_bug.cgi?id=2447327 https://www.cve.org/CVERecord?id=CVE-2026-2673 https://nvd.nist.gov/vuln/detail/CVE-2026-2673 https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34 https://openssl-library.org/news/secadv/20260313.txt https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2673.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "IeTK1HBLKpS1+gfVSPrpvg==": { "id": "IeTK1HBLKpS1+gfVSPrpvg==", "updater": "rhel-vex", "name": "CVE-2022-47007", "description": "A memory leak was found in function stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "issued": "2022-06-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "IfJyKZ52fwKruf/mbOKmYg==": { "id": "IfJyKZ52fwKruf/mbOKmYg==", "updater": "rhel-vex", "name": "CVE-2024-57360", "description": "A flaw was found in the nm utility of binutils. A local user who specifies the `--without-symbol-versions` option on a specially crafted ELF file can trigger a segmentation fault condition. This may lead to an application crash or other undefined behavior.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-57360 https://bugzilla.redhat.com/show_bug.cgi?id=2339263 https://www.cve.org/CVERecord?id=CVE-2024-57360 https://nvd.nist.gov/vuln/detail/CVE-2024-57360 https://sourceware.org/bugzilla/show_bug.cgi?id=32467 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-57360.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "IfZDrkeHpfXHfjHzETuKbw==": { "id": "IfZDrkeHpfXHfjHzETuKbw==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "Ih4ScPgmvAttJN/czzciaQ==": { "id": "Ih4ScPgmvAttJN/czzciaQ==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "Ihq7mkhGM9sf/8QM05o7gw==": { "id": "Ihq7mkhGM9sf/8QM05o7gw==", "updater": "rhel-vex", "name": "CVE-2023-6277", "description": "An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.", "issued": "2023-11-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6277 https://bugzilla.redhat.com/show_bug.cgi?id=2251311 https://www.cve.org/CVERecord?id=CVE-2023-6277 https://nvd.nist.gov/vuln/detail/CVE-2023-6277 https://gitlab.com/libtiff/libtiff/-/issues/614 https://gitlab.com/libtiff/libtiff/-/merge_requests/545 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6277.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "IkLJJWoz7DjiEwkwHd9+Bw==": { "id": "IkLJJWoz7DjiEwkwHd9+Bw==", "updater": "osv/go", "name": "GO-2024-2610", "description": "Errors returned from JSON marshaling may break template escaping in html/template", "issued": "2024-03-05T22:15:40Z", "links": "https://go.dev/issue/65697 https://go.dev/cl/564196 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.21.8" }, "IoeuDKI/vu/XCDGoDKzX3g==": { "id": "IoeuDKI/vu/XCDGoDKzX3g==", "updater": "rhel-vex", "name": "CVE-2024-1394", "description": "A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey​ and ctx​. That function uses named return parameters to free pkey​ and ctx​ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the \"return nil, nil, fail(...)\" pattern, meaning that pkey​ and ctx​ will be nil inside the deferred function that should free them.", "issued": "2024-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-1394 https://bugzilla.redhat.com/show_bug.cgi?id=2262921 https://www.cve.org/CVERecord?id=CVE-2024-1394 https://nvd.nist.gov/vuln/detail/CVE-2024-1394 https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136 https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6 https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f https://pkg.go.dev/vuln/GO-2024-2660 https://vuln.go.dev/ID/GO-2024-2660.json https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1394.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "IqAfwTRGJO3I/HkfDNLMoQ==": { "id": "IqAfwTRGJO3I/HkfDNLMoQ==", "updater": "rhel-vex", "name": "CVE-2023-31124", "description": "A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31124 https://bugzilla.redhat.com/show_bug.cgi?id=2209494 https://www.cve.org/CVERecord?id=CVE-2023-31124 https://nvd.nist.gov/vuln/detail/CVE-2023-31124 https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31124.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "IrRjtVOpf04EO7iAKFAznQ==": { "id": "IrRjtVOpf04EO7iAKFAznQ==", "updater": "rhel-vex", "name": "CVE-2026-0915", "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "issued": "2026-01-15T22:08:41Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0915 https://bugzilla.redhat.com/show_bug.cgi?id=2430201 https://www.cve.org/CVERecord?id=CVE-2026-0915 https://nvd.nist.gov/vuln/detail/CVE-2026-0915 https://sourceware.org/bugzilla/show_bug.cgi?id=33802 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0915.json https://access.redhat.com/errata/RHSA-2026:2786", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-231.el9_7.10", "arch_op": "pattern match" }, "Ira5htRPGofy9veGMRD7Vg==": { "id": "Ira5htRPGofy9veGMRD7Vg==", "updater": "rhel-vex", "name": "CVE-2023-23919", "description": "A cryptographic vulnerability exists in Node.js \u003c19.2.0, \u003c18.14.1, \u003c16.19.1, \u003c14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23919 https://bugzilla.redhat.com/show_bug.cgi?id=2172170 https://www.cve.org/CVERecord?id=CVE-2023-23919 https://nvd.nist.gov/vuln/detail/CVE-2023-23919 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23919.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "IsqBfnAxrh9UbW8oQaSR7w==": { "id": "IsqBfnAxrh9UbW8oQaSR7w==", "updater": "rhel-vex", "name": "CVE-2024-9287", "description": "A vulnerability has been found in the Python `venv` module and CLI. Path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts, for example, \"source venv/bin/activate\". This flaw allows attacker-controlled virtual environments to run commands when the virtual environment is activated.", "issued": "2024-10-22T16:34:39Z", "links": "https://access.redhat.com/security/cve/CVE-2024-9287 https://bugzilla.redhat.com/show_bug.cgi?id=2321440 https://www.cve.org/CVERecord?id=CVE-2024-9287 https://nvd.nist.gov/vuln/detail/CVE-2024-9287 https://github.com/python/cpython/issues/124651 https://github.com/python/cpython/pull/124712 https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9287.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "ItuvzyMGym4CNyVuxWwH3w==": { "id": "ItuvzyMGym4CNyVuxWwH3w==", "updater": "rhel-vex", "name": "CVE-2023-27536", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, the GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27536 https://bugzilla.redhat.com/show_bug.cgi?id=2179092 https://www.cve.org/CVERecord?id=CVE-2023-27536 https://nvd.nist.gov/vuln/detail/CVE-2023-27536 https://curl.se/docs/CVE-2023-27536.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27536.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "IvL651FnAzrxSYOiOuXMlw==": { "id": "IvL651FnAzrxSYOiOuXMlw==", "updater": "rhel-vex", "name": "CVE-2022-47010", "description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "issued": "2022-06-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Iy2V+5RC7ENxxmnS9KdBOw==": { "id": "Iy2V+5RC7ENxxmnS9KdBOw==", "updater": "rhel-vex", "name": "CVE-2026-0915", "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "issued": "2026-01-15T22:08:41Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0915 https://bugzilla.redhat.com/show_bug.cgi?id=2430201 https://www.cve.org/CVERecord?id=CVE-2026-0915 https://nvd.nist.gov/vuln/detail/CVE-2026-0915 https://sourceware.org/bugzilla/show_bug.cgi?id=33802 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0915.json https://access.redhat.com/errata/RHSA-2026:2786", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-231.el9_7.10", "arch_op": "pattern match" }, "IzDqrZ8Ru35rI4iCSSk/pw==": { "id": "IzDqrZ8Ru35rI4iCSSk/pw==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "J+a2wc6cR5fLyNj39ghgVg==": { "id": "J+a2wc6cR5fLyNj39ghgVg==", "updater": "rhel-vex", "name": "CVE-2024-6119", "description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "issued": "2024-09-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-28.el9_4", "arch_op": "pattern match" }, "J/vqYu1qTz7dsS8oVaCTTw==": { "id": "J/vqYu1qTz7dsS8oVaCTTw==", "updater": "rhel-vex", "name": "CVE-2023-34969", "description": "An assertion failure vulnerability was found in D-Bus. This issue occurs when a privileged monitoring connection (dbus-monitor, busctl monitor, gdbus monitor, or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to \u003cdeny\u003e rules or outgoing message quota. If a privileged user with control over the dbus-daemon is monitoring the message bus traffic using the Monitoring clients like the dbus-monitor or busctl monitor interfaces, then an unprivileged local user with the ability to connect to the same dbus-daemon could send specially crafted request, causing a dbus-daemon to crash, resulting in a denial of service under some circumstances.", "issued": "2023-06-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-34969 https://bugzilla.redhat.com/show_bug.cgi?id=2213166 https://www.cve.org/CVERecord?id=CVE-2023-34969 https://nvd.nist.gov/vuln/detail/CVE-2023-34969 https://gitlab.freedesktop.org/dbus/dbus/-/issues/457 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-34969.json https://access.redhat.com/errata/RHSA-2023:4569", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "dbus-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:1.12.20-7.el9_2.1", "arch_op": "pattern match" }, "J1MkSCEBivWCQoYUEvHXOw==": { "id": "J1MkSCEBivWCQoYUEvHXOw==", "updater": "rhel-vex", "name": "CVE-2025-32415", "description": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.", "issued": "2025-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32415 https://bugzilla.redhat.com/show_bug.cgi?id=2360768 https://www.cve.org/CVERecord?id=CVE-2025-32415 https://nvd.nist.gov/vuln/detail/CVE-2025-32415 https://gitlab.gnome.org/GNOME/libxml2/-/issues/890 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32415.json https://access.redhat.com/errata/RHSA-2025:13428", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-12.el9_6", "arch_op": "pattern match" }, "J1SK5zSFZI94azX3jybBbw==": { "id": "J1SK5zSFZI94azX3jybBbw==", "updater": "rhel-vex", "name": "CVE-2023-27534", "description": "A path traversal vulnerability exists in curl \u003c8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27534.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "J1cvee8xy6oZDEdA21dqEg==": { "id": "J1cvee8xy6oZDEdA21dqEg==", "updater": "rhel-vex", "name": "CVE-2023-46809", "description": "A flaw was found in Node.js. The privateDecrypt() API of the crypto library may allow a covert timing side-channel during PKCS#1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decrypt captured RSA ciphertexts or forge signatures, especially in scenarios involving API endpoints processing JSON Web Encryption messages.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46809 https://bugzilla.redhat.com/show_bug.cgi?id=2264569 https://www.cve.org/CVERecord?id=CVE-2023-46809 https://nvd.nist.gov/vuln/detail/CVE-2023-46809 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46809.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "J3RGaCFhZHnCvtta/VAJIw==": { "id": "J3RGaCFhZHnCvtta/VAJIw==", "updater": "rhel-vex", "name": "CVE-2024-50602", "description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "issued": "2024-10-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json https://access.redhat.com/errata/RHSA-2024:9541", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-3.el9_5.1", "arch_op": "pattern match" }, "J4ecrOEw69avIhhOznG+2w==": { "id": "J4ecrOEw69avIhhOznG+2w==", "updater": "rhel-vex", "name": "CVE-2024-22365", "description": "A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with ~/tmp mounted as a polyinstantiated dir can place a FIFO there, and a subsequent attempt to login as this user with `pam_namespace` configured will cause the `openat()` in `protect_dir()` to block the attempt, causing a local denial of service.", "issued": "2024-01-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22365 https://bugzilla.redhat.com/show_bug.cgi?id=2257722 https://www.cve.org/CVERecord?id=CVE-2024-22365 https://nvd.nist.gov/vuln/detail/CVE-2024-22365 https://www.openwall.com/lists/oss-security/2024/01/18/3 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22365.json https://access.redhat.com/errata/RHSA-2024:2438", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-19.el9", "arch_op": "pattern match" }, "J5i8I5ZRQGDUXQI4WkC0FQ==": { "id": "J5i8I5ZRQGDUXQI4WkC0FQ==", "updater": "rhel-vex", "name": "CVE-2023-28321", "description": "A flaw was found in the Curl package. An incorrect International Domain Name (IDN) wildcard match may lead to improper certificate validation.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28321 https://bugzilla.redhat.com/show_bug.cgi?id=2196786 https://www.cve.org/CVERecord?id=CVE-2023-28321 https://nvd.nist.gov/vuln/detail/CVE-2023-28321 https://curl.se/docs/CVE-2023-28321.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28321.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "J6GavUf0zh8+C0zHHTDYfw==": { "id": "J6GavUf0zh8+C0zHHTDYfw==", "updater": "rhel-vex", "name": "CVE-2023-40217", "description": "Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are authenticated only by a TLS certificate. No breach of confidentiality is possible.", "issued": "2023-08-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-40217 https://bugzilla.redhat.com/show_bug.cgi?id=2235789 https://www.cve.org/CVERecord?id=CVE-2023-40217 https://nvd.nist.gov/vuln/detail/CVE-2023-40217 https://github.com/python/cpython/issues/108310 https://github.com/python/cpython/pull/108315 https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-40217.json https://access.redhat.com/errata/RHSA-2023:5462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.16-1.el9_2.2", "arch_op": "pattern match" }, "J6JEqF6+PkBwS7J9B0Lefw==": { "id": "J6JEqF6+PkBwS7J9B0Lefw==", "updater": "rhel-vex", "name": "CVE-2026-21712", "description": "A flaw was found in Node.js. This vulnerability allows an attacker to cause a Denial of Service (DoS) by providing a malformed Internationalized Domain Name (IDN) to the `url.format()` function. When processed, this malformed input triggers an internal error, causing the Node.js application to crash. This can disrupt services and make them unavailable.", "issued": "2026-03-30T15:13:59Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21712 https://bugzilla.redhat.com/show_bug.cgi?id=2453037 https://www.cve.org/CVERecord?id=CVE-2026-21712 https://nvd.nist.gov/vuln/detail/CVE-2026-21712 https://hackerone.com/reports/3546390 https://nodejs.org/en/blog/vulnerability/march-2026-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21712.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "J9wD9ZF9kAJd1nu03TllBQ==": { "id": "J9wD9ZF9kAJd1nu03TllBQ==", "updater": "osv/go", "name": "GO-2024-2600", "description": "Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http", "issued": "2024-03-05T22:15:02Z", "links": "https://go.dev/issue/65065 https://go.dev/cl/569340 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.21.8" }, "JAlZO0sgdy1FBW5F7Zj+Pg==": { "id": "JAlZO0sgdy1FBW5F7Zj+Pg==", "updater": "rhel-vex", "name": "CVE-2026-35388", "description": "A flaw was found in OpenSSH. This vulnerability allows for a low integrity impact due to the omission of connection multiplexing confirmation for proxy-mode multiplexing sessions. A local user, under specific and complex conditions requiring user interaction, could potentially establish a multiplexed session without explicit confirmation, leading to unintended data handling.", "issued": "2026-04-02T16:57:31Z", "links": "https://access.redhat.com/security/cve/CVE-2026-35388 https://bugzilla.redhat.com/show_bug.cgi?id=2454500 https://www.cve.org/CVERecord?id=CVE-2026-35388 https://nvd.nist.gov/vuln/detail/CVE-2026-35388 https://marc.info/?l=openssh-unix-dev\u0026m=177513443901484\u0026w=2 https://www.openssh.org/releasenotes.html#10.3p1 https://www.openwall.com/lists/oss-security/2026/04/02/3 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-35388.json https://access.redhat.com/errata/RHSA-2026:13381", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-49.el9_7", "arch_op": "pattern match" }, "JAo3AhiUcpCO3tqtc2i6uQ==": { "id": "JAo3AhiUcpCO3tqtc2i6uQ==", "updater": "rhel-vex", "name": "CVE-2026-21712", "description": "A flaw was found in Node.js. This vulnerability allows an attacker to cause a Denial of Service (DoS) by providing a malformed Internationalized Domain Name (IDN) to the `url.format()` function. When processed, this malformed input triggers an internal error, causing the Node.js application to crash. This can disrupt services and make them unavailable.", "issued": "2026-03-30T15:13:59Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21712 https://bugzilla.redhat.com/show_bug.cgi?id=2453037 https://www.cve.org/CVERecord?id=CVE-2026-21712 https://nvd.nist.gov/vuln/detail/CVE-2026-21712 https://hackerone.com/reports/3546390 https://nodejs.org/en/blog/vulnerability/march-2026-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21712.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "JBIWl7TA4AzjcNVfFPjHaw==": { "id": "JBIWl7TA4AzjcNVfFPjHaw==", "updater": "rhel-vex", "name": "CVE-2023-43785", "description": "A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43785 https://bugzilla.redhat.com/show_bug.cgi?id=2242252 https://www.cve.org/CVERecord?id=CVE-2023-43785 https://nvd.nist.gov/vuln/detail/CVE-2023-43785 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43785.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "JD0llI0bGUOG/VBz+9LeVQ==": { "id": "JD0llI0bGUOG/VBz+9LeVQ==", "updater": "rhel-vex", "name": "CVE-2023-48235", "description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "issued": "2023-11-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48235.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "JDKdFwYwkAoUNrTYp3XIYA==": { "id": "JDKdFwYwkAoUNrTYp3XIYA==", "updater": "rhel-vex", "name": "CVE-2025-59375", "description": "A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.", "issued": "2025-09-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-59375 https://bugzilla.redhat.com/show_bug.cgi?id=2395108 https://www.cve.org/CVERecord?id=CVE-2025-59375 https://nvd.nist.gov/vuln/detail/CVE-2025-59375 https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375 https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-59375.json https://access.redhat.com/errata/RHSA-2025:22175", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "High", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-5.el9_7.1", "arch_op": "pattern match" }, "JK4fCJz1Ja5lmfE/vF5PcQ==": { "id": "JK4fCJz1Ja5lmfE/vF5PcQ==", "updater": "rhel-vex", "name": "CVE-2025-66199", "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-66199 https://bugzilla.redhat.com/show_bug.cgi?id=2430379 https://www.cve.org/CVERecord?id=CVE-2025-66199 https://nvd.nist.gov/vuln/detail/CVE-2025-66199 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-66199.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "JLZyRakMGnyMKNtD6nnqpQ==": { "id": "JLZyRakMGnyMKNtD6nnqpQ==", "updater": "rhel-vex", "name": "CVE-2023-23916", "description": "A flaw was found in the Curl package. A malicious server can insert an unlimited number of compression steps. This decompression chain could result in out-of-memory errors.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23916 https://bugzilla.redhat.com/show_bug.cgi?id=2167815 https://www.cve.org/CVERecord?id=CVE-2023-23916 https://nvd.nist.gov/vuln/detail/CVE-2023-23916 https://curl.se/docs/CVE-2023-23916.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23916.json https://access.redhat.com/errata/RHSA-2023:1701", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-19.el9_1.2", "arch_op": "pattern match" }, "JLdsQ9mzV76+v5Ttq5j2hA==": { "id": "JLdsQ9mzV76+v5Ttq5j2hA==", "updater": "rhel-vex", "name": "CVE-2024-4032", "description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.3", "arch_op": "pattern match" }, "JMm3XklIA2t/hFi6HmAXVg==": { "id": "JMm3XklIA2t/hFi6HmAXVg==", "updater": "rhel-vex", "name": "CVE-2026-2581", "description": "A flaw was found in Undici. When the `interceptors.deduplicate()` feature is enabled, response data for deduplicated requests can accumulate in memory. A remote attacker, by sending large or chunked responses and concurrent identical requests from an untrusted endpoint, can exploit this uncontrolled resource consumption. This leads to high memory usage and potential Out-Of-Memory (OOM) process termination, resulting in a Denial of Service (DoS) for the application.", "issued": "2026-03-12T20:13:19Z", "links": "https://access.redhat.com/security/cve/CVE-2026-2581 https://bugzilla.redhat.com/show_bug.cgi?id=2447140 https://www.cve.org/CVERecord?id=CVE-2026-2581 https://nvd.nist.gov/vuln/detail/CVE-2026-2581 https://cna.openjsf.org/security-advisories.html https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h https://hackerone.com/reports/3513473 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2581.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "JMtxzN1jgVs2Gwo2QsOKnQ==": { "id": "JMtxzN1jgVs2Gwo2QsOKnQ==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5738", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.13-1.el9_2", "arch_op": "pattern match" }, "JMuZ2WXBBx9rW6/jTPLu0A==": { "id": "JMuZ2WXBBx9rW6/jTPLu0A==", "updater": "rhel-vex", "name": "CVE-2023-22490", "description": "A vulnerability was found in Git. Using a specially-crafted repository, Git can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source $GIT_DIR/objects directory contains symbolic links (CVE-2022-39253), the objects directory may still be a symbolic link.", "issued": "2023-02-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-22490 https://bugzilla.redhat.com/show_bug.cgi?id=2168160 https://www.cve.org/CVERecord?id=CVE-2023-22490 https://nvd.nist.gov/vuln/detail/CVE-2023-22490 https://github.blog/2023-02-14-git-security-vulnerabilities-announced-3/ https://github.com/git/git/security/advisories/GHSA-gw92-x3fm-3g3q https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-22490.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "JQe3P/odATa/OKbzn309dw==": { "id": "JQe3P/odATa/OKbzn309dw==", "updater": "rhel-vex", "name": "CVE-2024-8088", "description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "issued": "2024-08-22T19:15:09Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:9371", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.19-8.el9", "arch_op": "pattern match" }, "JS6LnmY1PZfE5YxJsCWPPQ==": { "id": "JS6LnmY1PZfE5YxJsCWPPQ==", "updater": "rhel-vex", "name": "CVE-2023-32067", "description": "A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32067 https://bugzilla.redhat.com/show_bug.cgi?id=2209502 https://www.cve.org/CVERecord?id=CVE-2023-32067 https://nvd.nist.gov/vuln/detail/CVE-2023-32067 https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32067.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "JS9NNql9cJTDkzzfXyJzDQ==": { "id": "JS9NNql9cJTDkzzfXyJzDQ==", "updater": "rhel-vex", "name": "CVE-2023-1255", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the AES-XTS cipher decryption implementation for the 64-bit ARM platform contains an issue that could cause it to read past the input buffer, leading to a crash.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1255 https://bugzilla.redhat.com/show_bug.cgi?id=2188461 https://www.cve.org/CVERecord?id=CVE-2023-1255 https://nvd.nist.gov/vuln/detail/CVE-2023-1255 https://www.openssl.org/news/secadv/20230420.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1255.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "JSxIEGIOCwboUDoJZgS9fA==": { "id": "JSxIEGIOCwboUDoJZgS9fA==", "updater": "rhel-vex", "name": "CVE-2023-37920", "description": "A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector.", "issued": "2023-07-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-37920 https://bugzilla.redhat.com/show_bug.cgi?id=2226586 https://www.cve.org/CVERecord?id=CVE-2023-37920 https://nvd.nist.gov/vuln/detail/CVE-2023-37920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-37920.json https://access.redhat.com/errata/RHBA-2024:5691", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "ca-certificates", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch|src", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2024.2.69_v8.0.303-91.4.el9_4", "arch_op": "pattern match" }, "JTwzSHX5xKxgTtyprecVew==": { "id": "JTwzSHX5xKxgTtyprecVew==", "updater": "rhel-vex", "name": "CVE-2024-32002", "description": "A vulnerability was found in Git. This vulnerability allows the malicious manipulation of repositories containing submodules, exploiting a bug that enables the writing of files into the .git/ directory instead of the submodule's intended worktree. This manipulation facilitates the execution of arbitrary code during the cloning process, bypassing user inspection and control.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2280421 https://www.cve.org/CVERecord?id=CVE-2024-32002 https://nvd.nist.gov/vuln/detail/CVE-2024-32002 https://github.com/git/git/security/advisories/GHSA-8h77-4q3w-gfgv https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32002.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "JVp8gcuEEeRLeKprUvrBUg==": { "id": "JVp8gcuEEeRLeKprUvrBUg==", "updater": "rhel-vex", "name": "CVE-2023-0466", "description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "JVuTqfPwohmj6ucokgM2sQ==": { "id": "JVuTqfPwohmj6ucokgM2sQ==", "updater": "rhel-vex", "name": "CVE-2021-27290", "description": "A flaw was found in ssri package. A malicious string provided by an attacker may lead to Regular Expression Denial of Service (ReDoS). This issue only affects consumers\r\nusing the strict option. The highest threat from this vulnerability is to availability.", "issued": "2021-03-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-27290 https://bugzilla.redhat.com/show_bug.cgi?id=1941471 https://www.cve.org/CVERecord?id=CVE-2021-27290 https://nvd.nist.gov/vuln/detail/CVE-2021-27290 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-27290.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "JWrwO52d5SNbcmJ2KpFaJQ==": { "id": "JWrwO52d5SNbcmJ2KpFaJQ==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "JXQAkdur2asBQ4qeq789Ew==": { "id": "JXQAkdur2asBQ4qeq789Ew==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "JZIEpU7UdEXuAMj6emkt5A==": { "id": "JZIEpU7UdEXuAMj6emkt5A==", "updater": "rhel-vex", "name": "CVE-2023-24807", "description": "Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24807 https://bugzilla.redhat.com/show_bug.cgi?id=2172204 https://www.cve.org/CVERecord?id=CVE-2023-24807 https://nvd.nist.gov/vuln/detail/CVE-2023-24807 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24807.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "JZVeRC2oy93Tv6vLZpVqJQ==": { "id": "JZVeRC2oy93Tv6vLZpVqJQ==", "updater": "rhel-vex", "name": "CVE-2025-27613", "description": "A vulnerability has been identified in the gitk application that could lead to unauthorized file modification or data loss.\n\nThis flaw manifests in two primary scenarios:\n- Untrusted Repository Cloning: When a user is tricked into cloning an untrusted Git repository and then uses gitk to visualize it without any additional parameters, any writable file on the user's system can be arbitrarily created or truncated. Exploitation via this method also requires the Support per-file encoding option to be explicitly enabled in Gitk's preferences, which is not the default setting.\n- 'Show origin of this line' Command: The vulnerability can also be triggered if a user employs the Show origin of this line command within gitk's main window while viewing a malicious repository. This method does not depend on the Support per-file encoding option being enabled.\n\nThe primary risk is unauthorized file system modification, which could lead to data integrity issues, data loss, or potentially open avenues for further system compromise.", "issued": "2025-07-08T13:01:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27613 https://bugzilla.redhat.com/show_bug.cgi?id=2379124 https://www.cve.org/CVERecord?id=CVE-2025-27613 https://nvd.nist.gov/vuln/detail/CVE-2025-27613 https://github.com/j6t/gitk/security/advisories/GHSA-f3cw-xrj3-wr2v https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/ https://www.openwall.com/lists/oss-security/2025/07/08/4 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27613.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "JZouihQMnG3T6XSUXqYbkA==": { "id": "JZouihQMnG3T6XSUXqYbkA==", "updater": "rhel-vex", "name": "CVE-2023-38552", "description": "When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to node's policy implementation, thus effectively disabling the integrity check.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38552 https://bugzilla.redhat.com/show_bug.cgi?id=2244415 https://www.cve.org/CVERecord?id=CVE-2023-38552 https://nvd.nist.gov/vuln/detail/CVE-2023-38552 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38552.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "Je7Pxg/aoxf95KynM7XUig==": { "id": "Je7Pxg/aoxf95KynM7XUig==", "updater": "rhel-vex", "name": "CVE-2025-55130", "description": "A flaw in Node.js’s Permissions model allows attackers to bypass `--allow-fs-read` and `--allow-fs-write` restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files. This breaks the expected isolation guarantees and enables arbitrary file read/write.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-55130 https://bugzilla.redhat.com/show_bug.cgi?id=2431352 https://www.cve.org/CVERecord?id=CVE-2025-55130 https://nvd.nist.gov/vuln/detail/CVE-2025-55130 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-55130.json https://access.redhat.com/errata/RHSA-2026:2783", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.20.0-1.module+el9.7.0+23895+0637d423", "arch_op": "pattern match" }, "JeQmbhDl7hbl+0rcJiCpWw==": { "id": "JeQmbhDl7hbl+0rcJiCpWw==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://nodejs.org/pt/blog/vulnerability/january-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.13.1-1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "JegoLVJD+r1CNqau++1Vlw==": { "id": "JegoLVJD+r1CNqau++1Vlw==", "updater": "rhel-vex", "name": "CVE-2021-35937", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-build-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "Jek37tQeVdKEwtu+6a9/CA==": { "id": "Jek37tQeVdKEwtu+6a9/CA==", "updater": "rhel-vex", "name": "CVE-2024-53920", "description": "A flaw was found in Emacs. Viewing or editing an untrusted Emacs Lisp source code file can cause arbitrary code execution due to unsafe macro expansion when a user has configured elisp-completion-at-point for code completion or has enabled automatic error checking, such as Flymake or Flycheck.", "issued": "2024-11-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-53920 https://bugzilla.redhat.com/show_bug.cgi?id=2329161 https://www.cve.org/CVERecord?id=CVE-2024-53920 https://nvd.nist.gov/vuln/detail/CVE-2024-53920 https://eshelyaron.com/posts/2024-11-27-emacs-aritrary-code-execution-and-how-to-avoid-it.html https://yhetil.org/emacs/CAFXAjY5f4YfHAtZur1RAqH34UbYU56_t6t2Er0YEh1Sb7-W=hg%40mail.gmail.com/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-53920.json https://access.redhat.com/errata/RHSA-2025:4787", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-11.el9_5.2", "arch_op": "pattern match" }, "JeqcZQqZ6re77qRb9vpAHQ==": { "id": "JeqcZQqZ6re77qRb9vpAHQ==", "updater": "rhel-vex", "name": "CVE-2023-39326", "description": "A flaw was found in the Golang net/http/internal package. This issue may allow a malicious user to send an HTTP request and cause the receiver to read more bytes from network than are in the body (up to 1GiB), causing the receiver to fail reading the response, possibly leading to a Denial of Service (DoS).", "issued": "2023-12-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39326 https://bugzilla.redhat.com/show_bug.cgi?id=2253330 https://www.cve.org/CVERecord?id=CVE-2023-39326 https://nvd.nist.gov/vuln/detail/CVE-2023-39326 https://pkg.go.dev/vuln/GO-2023-2382 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39326.json https://access.redhat.com/errata/RHSA-2024:1131", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-1.el9_3", "arch_op": "pattern match" }, "JfmoxvDj+qKmecssvuGVyA==": { "id": "JfmoxvDj+qKmecssvuGVyA==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "Ji6OY1u39nJByKzCNwfpIw==": { "id": "Ji6OY1u39nJByKzCNwfpIw==", "updater": "rhel-vex", "name": "CVE-2023-39333", "description": "Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39333 https://bugzilla.redhat.com/show_bug.cgi?id=2244418 https://www.cve.org/CVERecord?id=CVE-2023-39333 https://nvd.nist.gov/vuln/detail/CVE-2023-39333 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39333.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "JiPLnE3IM4/yPxZ8earXLg==": { "id": "JiPLnE3IM4/yPxZ8earXLg==", "updater": "rhel-vex", "name": "CVE-2024-6232", "description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "issued": "2024-09-03T13:15:05Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.6", "arch_op": "pattern match" }, "JmAt+4wqaQRWn+7jyy1oCQ==": { "id": "JmAt+4wqaQRWn+7jyy1oCQ==", "updater": "rhel-vex", "name": "CVE-2025-27363", "description": "A flaw was found in FreeType. In affected versions, an out-of-bounds write condition may be triggered when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value, causing it to wrap around and allocate a heap buffer that is too small. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This issue could result in arbitrary code execution or other undefined behavior.", "issued": "2025-03-11T13:28:31Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27363 https://bugzilla.redhat.com/show_bug.cgi?id=2351357 https://www.cve.org/CVERecord?id=CVE-2025-27363 https://nvd.nist.gov/vuln/detail/CVE-2025-27363 https://www.facebook.com/security/advisories/cve-2025-27363 https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27363.json https://access.redhat.com/errata/RHSA-2025:3407", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "freetype", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.10.4-10.el9_5", "arch_op": "pattern match" }, "JmKf//IQj2eMVJFTB1Feyw==": { "id": "JmKf//IQj2eMVJFTB1Feyw==", "updater": "rhel-vex", "name": "CVE-2023-48234", "description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "issued": "2023-11-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48234.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Jo0GiPh7MZcVuLsVDbp7qg==": { "id": "Jo0GiPh7MZcVuLsVDbp7qg==", "updater": "rhel-vex", "name": "CVE-2019-12900", "description": "A data integrity error was found in the bzip2 (User-space package) functionality when decompressing. This issue occurs when a user decompresses a particular kind of .bz2 files. A local user could get unexpected results (or corrupted data) as result of decompressing these files.", "issued": "2024-11-15T10:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=2332075 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json https://access.redhat.com/errata/RHSA-2025:0925", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "bzip2-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.0.8-10.el9_5", "arch_op": "pattern match" }, "Jq9s0m8iiaLnslijc1N/kw==": { "id": "Jq9s0m8iiaLnslijc1N/kw==", "updater": "rhel-vex", "name": "CVE-2023-27533", "description": "A vulnerability in input validation exists in curl \u003c8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27533 https://bugzilla.redhat.com/show_bug.cgi?id=2179062 https://www.cve.org/CVERecord?id=CVE-2023-27533 https://nvd.nist.gov/vuln/detail/CVE-2023-27533 https://curl.se/docs/CVE-2023-27533.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27533.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "JqWXvYyB4T300h7KRcWtFA==": { "id": "JqWXvYyB4T300h7KRcWtFA==", "updater": "rhel-vex", "name": "CVE-2025-13601", "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "issued": "2025-11-24T13:00:15Z", "links": "https://access.redhat.com/security/cve/CVE-2025-13601 https://bugzilla.redhat.com/show_bug.cgi?id=2416741 https://www.cve.org/CVERecord?id=CVE-2025-13601 https://nvd.nist.gov/vuln/detail/CVE-2025-13601 https://gitlab.gnome.org/GNOME/glib/-/issues/3827 https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-13601.json https://access.redhat.com/errata/RHSA-2026:0936", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-18.el9_7.1", "arch_op": "pattern match" }, "JrT9jqBaZlLgPCS0RLnpPQ==": { "id": "JrT9jqBaZlLgPCS0RLnpPQ==", "updater": "rhel-vex", "name": "CVE-2025-47907", "description": "A flaw was found in database/sql. Concurrent queries can produce unexpected results when a query is cancelled during a Scan method call on returned Rows, creating a race condition. This vulnerability allows an attacker who can initiate and cancel queries to trigger this condition, possibly leading to inconsistent data being returned to the application.", "issued": "2025-08-07T15:25:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47907 https://bugzilla.redhat.com/show_bug.cgi?id=2387083 https://www.cve.org/CVERecord?id=CVE-2025-47907 https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://pkg.go.dev/vuln/GO-2025-3849 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47907.json https://access.redhat.com/errata/RHSA-2025:13935", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.6-1.el9_6", "arch_op": "pattern match" }, "Jrkns8qeStFRPhcitcuZ4w==": { "id": "Jrkns8qeStFRPhcitcuZ4w==", "updater": "rhel-vex", "name": "CVE-2026-22796", "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22796 https://bugzilla.redhat.com/show_bug.cgi?id=2430390 https://www.cve.org/CVERecord?id=CVE-2026-22796 https://nvd.nist.gov/vuln/detail/CVE-2026-22796 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22796.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "JsF5ac8+OAOWxsV80iUiIw==": { "id": "JsF5ac8+OAOWxsV80iUiIw==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-AutoLoader", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:5.74-481.1.el9_6", "arch_op": "pattern match" }, "JtCpNcg8egZjbdozD9CAJQ==": { "id": "JtCpNcg8egZjbdozD9CAJQ==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "JtGggrfMckWn0xvfWBMJJQ==": { "id": "JtGggrfMckWn0xvfWBMJJQ==", "updater": "rhel-vex", "name": "CVE-2022-2210", "description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "issued": "2022-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2210.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "JvC/rVWSiuNeMXzeTDRZHQ==": { "id": "JvC/rVWSiuNeMXzeTDRZHQ==", "updater": "rhel-vex", "name": "CVE-2025-29087", "description": "A flaw was found in SQLite. This vulnerability allows an attacker to cause an integer overflow via the concat_ws function.", "issued": "2025-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-29087 https://bugzilla.redhat.com/show_bug.cgi?id=2358028 https://www.cve.org/CVERecord?id=CVE-2025-29087 https://nvd.nist.gov/vuln/detail/CVE-2025-29087 https://gist.github.com/ylwango613/a44a29f1ef074fa783e29f04a0afd62a https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-29087.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Jvht/v3kohSHL0Dt4OmS+g==": { "id": "Jvht/v3kohSHL0Dt4OmS+g==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://inbox.sourceware.org/libc-announce/3ac997b0-28a5-4129-af53-675efe4c2dec@redhat.com/T/#u https://sourceware.org/bugzilla/show_bug.cgi?id=32976 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "JwRn6LaXs4DLH+aotGHcIQ==": { "id": "JwRn6LaXs4DLH+aotGHcIQ==", "updater": "osv/go", "name": "GO-2022-0522", "description": "Stack exhaustion on crafted paths in path/filepath", "issued": "2022-07-20T17:02:29Z", "links": "https://go.dev/cl/417066 https://go.googlesource.com/go/+/ac68c6c683409f98250d34ad282b9e1b0c9095ef https://go.dev/issue/53416 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.4" }, "Jx8Savf4pVqPTLt8HsgoXA==": { "id": "Jx8Savf4pVqPTLt8HsgoXA==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-mro", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23-481.el9", "arch_op": "pattern match" }, "K/Jzpgc6xwHh47HFu+S8BQ==": { "id": "K/Jzpgc6xwHh47HFu+S8BQ==", "updater": "rhel-vex", "name": "CVE-2024-2511", "description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv1.3 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "issued": "2024-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "K0/KdAmlvzyf53kjXgfoRA==": { "id": "K0/KdAmlvzyf53kjXgfoRA==", "updater": "rhel-vex", "name": "CVE-2023-3316", "description": "A flaw was found in LibTiff. A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones.", "issued": "2023-06-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3316 https://bugzilla.redhat.com/show_bug.cgi?id=2216080 https://www.cve.org/CVERecord?id=CVE-2023-3316 https://nvd.nist.gov/vuln/detail/CVE-2023-3316 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3316.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "K12v1aAHn6bz+NiEB1W7GA==": { "id": "K12v1aAHn6bz+NiEB1W7GA==", "updater": "rhel-vex", "name": "CVE-2023-5363", "description": "A flaw was found in OpenSSL in how it processes key and initialization vector (IV) lengths. This issue can lead to potential truncation or overruns during the initialization of some symmetric ciphers. A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. Both truncations and overruns of the key and the IV will produce incorrect results and could, in some cases, trigger a memory exception.", "issued": "2023-10-24T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5363 https://bugzilla.redhat.com/show_bug.cgi?id=2243839 https://www.cve.org/CVERecord?id=CVE-2023-5363 https://nvd.nist.gov/vuln/detail/CVE-2023-5363 https://www.openssl.org/news/secadv/20231024.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5363.json https://access.redhat.com/errata/RHSA-2024:0310", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-25.el9_3", "arch_op": "pattern match" }, "K5fLrkou5COixf2q2qhQ5Q==": { "id": "K5fLrkou5COixf2q2qhQ5Q==", "updater": "rhel-vex", "name": "CVE-2024-4741", "description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "issued": "2024-05-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "K9Y5KUp7F1q2lsyaUxy23A==": { "id": "K9Y5KUp7F1q2lsyaUxy23A==", "updater": "rhel-vex", "name": "CVE-2026-21710", "description": "A flaw was found in Node.js. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request that includes a header named `__proto__`. When a Node.js application processes this request and attempts to access distinct headers, it encounters an unhandled error, leading to an application crash. This can result in a Denial of Service (DoS), making the affected service unavailable to users.", "issued": "2026-03-30T19:07:28Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21710 https://bugzilla.redhat.com/show_bug.cgi?id=2453151 https://www.cve.org/CVERecord?id=CVE-2026-21710 https://nvd.nist.gov/vuln/detail/CVE-2026-21710 https://nodejs.org/en/blog/vulnerability/march-2026-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21710.json https://access.redhat.com/errata/RHSA-2026:7896", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.20.2-1.module+el9.7.0+24193+41b7b572", "arch_op": "pattern match" }, "KB8w2g8b8sP5A8+iqhqw8A==": { "id": "KB8w2g8b8sP5A8+iqhqw8A==", "updater": "rhel-vex", "name": "CVE-2026-28418", "description": "A flaw was found in Vim. When processing a specially crafted Emacs-style tags file, a heap-based buffer overflow out-of-bounds read vulnerability allows an attacker to trick Vim into reading up to 7 bytes beyond its allocated memory boundary. This could lead to information disclosure or potentially affect the integrity of the application.", "issued": "2026-02-27T21:58:37Z", "links": "https://access.redhat.com/security/cve/CVE-2026-28418 https://bugzilla.redhat.com/show_bug.cgi?id=2443481 https://www.cve.org/CVERecord?id=CVE-2026-28418 https://nvd.nist.gov/vuln/detail/CVE-2026-28418 https://github.com/vim/vim/commit/f6a7f469a9c0d09e84cd6cb https://github.com/vim/vim/releases/tag/v9.2.0074 https://github.com/vim/vim/security/advisories/GHSA-h4mf-vg97-hj8j https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-28418.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "KBpYoBBh5AFRsvma/sImeA==": { "id": "KBpYoBBh5AFRsvma/sImeA==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5738", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.13-1.el9_2", "arch_op": "pattern match" }, "KC4H6WRPkYrWvXb9OC+odg==": { "id": "KC4H6WRPkYrWvXb9OC+odg==", "updater": "rhel-vex", "name": "CVE-2023-3164", "description": "A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file.", "issued": "2023-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3164 https://bugzilla.redhat.com/show_bug.cgi?id=2213531 https://www.cve.org/CVERecord?id=CVE-2023-3164 https://nvd.nist.gov/vuln/detail/CVE-2023-3164 https://gitlab.com/libtiff/libtiff/-/issues/542 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3164.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "KCYwWkMQ7jeCsX2dnrw/9w==": { "id": "KCYwWkMQ7jeCsX2dnrw/9w==", "updater": "rhel-vex", "name": "CVE-2025-55130", "description": "A flaw in Node.js’s Permissions model allows attackers to bypass `--allow-fs-read` and `--allow-fs-write` restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files. This breaks the expected isolation guarantees and enables arbitrary file read/write.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-55130 https://bugzilla.redhat.com/show_bug.cgi?id=2431352 https://www.cve.org/CVERecord?id=CVE-2025-55130 https://nvd.nist.gov/vuln/detail/CVE-2025-55130 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-55130.json https://access.redhat.com/errata/RHSA-2026:2781", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.13.0-1.module+el9.7.0+23894+c8377628", "arch_op": "pattern match" }, "KCgZ2MK707GRfjAO2Q3SOA==": { "id": "KCgZ2MK707GRfjAO2Q3SOA==", "updater": "rhel-vex", "name": "CVE-2025-68160", "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-68160 https://bugzilla.redhat.com/show_bug.cgi?id=2430380 https://www.cve.org/CVERecord?id=CVE-2025-68160 https://nvd.nist.gov/vuln/detail/CVE-2025-68160 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68160.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "KEWGfOVGYNjr6kNjpQx0qg==": { "id": "KEWGfOVGYNjr6kNjpQx0qg==", "updater": "rhel-vex", "name": "CVE-2025-25724", "description": "A flaw was found in the libarchive package. Affected versions of libarchive do not check a strftime return value, which can lead to a denial of service or unspecified other impacts via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.", "issued": "2025-03-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-25724 https://bugzilla.redhat.com/show_bug.cgi?id=2349221 https://www.cve.org/CVERecord?id=CVE-2025-25724 https://nvd.nist.gov/vuln/detail/CVE-2025-25724 https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92 https://github.com/Ekkosun/pocs/blob/main/bsdtarbug https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-25724.json https://access.redhat.com/errata/RHSA-2025:9431", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-5.el9_6", "arch_op": "pattern match" }, "KFwkHKkJGVyJAn2RsW13sw==": { "id": "KFwkHKkJGVyJAn2RsW13sw==", "updater": "rhel-vex", "name": "CVE-2025-66199", "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-66199 https://bugzilla.redhat.com/show_bug.cgi?id=2430379 https://www.cve.org/CVERecord?id=CVE-2025-66199 https://nvd.nist.gov/vuln/detail/CVE-2025-66199 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-66199.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "KHHIjt6Egtc7csaIbQ3mbw==": { "id": "KHHIjt6Egtc7csaIbQ3mbw==", "updater": "rhel-vex", "name": "CVE-2026-32778", "description": "A flaw was found in libexpat. This vulnerability allows an attacker to trigger a NULL pointer dereference in the `setContext` function. This occurs when the system attempts to retry an operation after an out-of-memory condition, which can lead to a Denial of Service (DoS) for the affected application.", "issued": "2026-03-16T07:02:34Z", "links": "https://access.redhat.com/security/cve/CVE-2026-32778 https://bugzilla.redhat.com/show_bug.cgi?id=2447885 https://www.cve.org/CVERecord?id=CVE-2026-32778 https://nvd.nist.gov/vuln/detail/CVE-2026-32778 https://github.com/libexpat/libexpat/pull/1159 https://github.com/libexpat/libexpat/pull/1163 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32778.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "KJGsgMArislsisVXSZHY4A==": { "id": "KJGsgMArislsisVXSZHY4A==", "updater": "rhel-vex", "name": "CVE-2024-32021", "description": "A vulnerability was found in Git. This flaw allows an unauthenticated attacker to place a repository on their target's local system that contains symlinks. During the cloning process, Git could be tricked into creating hardlinked arbitrary files into their repository's objects/ directory, impacting availability and integrity.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32021 https://bugzilla.redhat.com/show_bug.cgi?id=2280484 https://www.cve.org/CVERecord?id=CVE-2024-32021 https://nvd.nist.gov/vuln/detail/CVE-2024-32021 https://github.com/git/git/security/advisories/GHSA-mvxm-9j2h-qjx7 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32021.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "KM/iKSazFyPeIBezQXviSQ==": { "id": "KM/iKSazFyPeIBezQXviSQ==", "updater": "rhel-vex", "name": "CVE-2022-3517", "description": "A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.", "issued": "2022-02-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3517 https://bugzilla.redhat.com/show_bug.cgi?id=2134609 https://www.cve.org/CVERecord?id=CVE-2022-3517 https://nvd.nist.gov/vuln/detail/CVE-2022-3517 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3517.json https://access.redhat.com/errata/RHSA-2022:8832", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.12.1-1.module+el9.1.0.z+17326+318294bb", "arch_op": "pattern match" }, "KM3euWq+O2CS0VP936TjVg==": { "id": "KM3euWq+O2CS0VP936TjVg==", "updater": "osv/go", "name": "GO-2023-2382", "description": "Denial of service via chunk extensions in net/http", "issued": "2023-12-06T16:22:36Z", "links": "https://go.dev/issue/64433 https://go.dev/cl/547335 https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.20.12" }, "KMGV9rbVZ/vVUNSX6f+JqA==": { "id": "KMGV9rbVZ/vVUNSX6f+JqA==", "updater": "rhel-vex", "name": "CVE-2026-4111", "description": "A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.", "issued": "2026-03-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4111 https://bugzilla.redhat.com/show_bug.cgi?id=2446453 https://www.cve.org/CVERecord?id=CVE-2026-4111 https://nvd.nist.gov/vuln/detail/CVE-2026-4111 https://github.com/libarchive/libarchive/pull/2877 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4111.json https://access.redhat.com/errata/RHSA-2026:5080", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-7.el9_7", "arch_op": "pattern match" }, "KPOfrxBVcu8XVCAYPGVuZA==": { "id": "KPOfrxBVcu8XVCAYPGVuZA==", "updater": "rhel-vex", "name": "CVE-2025-15468", "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15468 https://bugzilla.redhat.com/show_bug.cgi?id=2430377 https://www.cve.org/CVERecord?id=CVE-2025-15468 https://nvd.nist.gov/vuln/detail/CVE-2025-15468 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15468.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "KQMykeLmRcNMu7v2ZhkQOg==": { "id": "KQMykeLmRcNMu7v2ZhkQOg==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://nodejs.org/pt/blog/vulnerability/january-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.13.1-1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "KQxTPw9E6zvhoYRhRJNsGA==": { "id": "KQxTPw9E6zvhoYRhRJNsGA==", "updater": "rhel-vex", "name": "CVE-2026-35386", "description": "A flaw was found in OpenSSH. This vulnerability allows a remote attacker to achieve arbitrary command execution by injecting shell metacharacters into a username provided on the command line. Exploitation requires an untrusted username and a non-default configuration of the '%' character in `ssh_config`.", "issued": "2026-04-02T16:44:27Z", "links": "https://access.redhat.com/security/cve/CVE-2026-35386 https://bugzilla.redhat.com/show_bug.cgi?id=2454506 https://www.cve.org/CVERecord?id=CVE-2026-35386 https://nvd.nist.gov/vuln/detail/CVE-2026-35386 https://marc.info/?l=openssh-unix-dev\u0026m=177513443901484\u0026w=2 https://www.openssh.org/releasenotes.html#10.3p1 https://www.openwall.com/lists/oss-security/2026/04/02/3 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-35386.json https://access.redhat.com/errata/RHSA-2026:13381", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-49.el9_7", "arch_op": "pattern match" }, "KTLyj41W+cHfjH/HBrA7BQ==": { "id": "KTLyj41W+cHfjH/HBrA7BQ==", "updater": "rhel-vex", "name": "CVE-2021-46822", "description": "A heap-based buffer overflow vulnerability was found in libjpeg-turbo in the get_word_rgb_row() function in rdppm.c. The flaw occurs when the PPM reader in libjpeg-turbo mishandles use of the tjLoadImage() function for loading a 16-bit binary PPM file into a grayscale uncompressed image buffer and then loading a 16-bit binary PGM file into an RGB uncompressed image buffer. This flaw allows a remote attacker to persuade a victim to open a specially-crafted file, causing the application to crash.", "issued": "2021-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-46822 https://bugzilla.redhat.com/show_bug.cgi?id=2100044 https://www.cve.org/CVERecord?id=CVE-2021-46822 https://nvd.nist.gov/vuln/detail/CVE-2021-46822 https://exchange.xforce.ibmcloud.com/vulnerabilities/221567 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-46822.json https://access.redhat.com/errata/RHSA-2023:1068", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libjpeg-turbo", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.0.90-6.el9_1", "arch_op": "pattern match" }, "KWqotAAFzFGFp1GIUjXi0g==": { "id": "KWqotAAFzFGFp1GIUjXi0g==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "KXAIwMyIqS4MKyyyosxjhw==": { "id": "KXAIwMyIqS4MKyyyosxjhw==", "updater": "rhel-vex", "name": "CVE-2025-48385", "description": "A bundled uri handling flaw was found in Git. When cloning a repository, Git knows to optionally fetch a bundle advertised by the remote server, which allows the server side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection.", "issued": "2025-07-08T18:23:44Z", "links": "https://access.redhat.com/security/cve/CVE-2025-48385 https://bugzilla.redhat.com/show_bug.cgi?id=2378808 https://www.cve.org/CVERecord?id=CVE-2025-48385 https://nvd.nist.gov/vuln/detail/CVE-2025-48385 https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-48385.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "KXzUsn7IGL3ZRMjBL3QOng==": { "id": "KXzUsn7IGL3ZRMjBL3QOng==", "updater": "rhel-vex", "name": "CVE-2023-27534", "description": "A path traversal vulnerability exists in curl \u003c8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27534.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "KYv6PwzjV6/5I33cZ9LUmQ==": { "id": "KYv6PwzjV6/5I33cZ9LUmQ==", "updater": "rhel-vex", "name": "CVE-2022-2817", "description": "A use-after-free vulnerability was found in Vim in the string_quote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "issued": "2022-08-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2817 https://bugzilla.redhat.com/show_bug.cgi?id=2119043 https://www.cve.org/CVERecord?id=CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2817.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Ka536JJULCqquJoBCXWh8w==": { "id": "Ka536JJULCqquJoBCXWh8w==", "updater": "rhel-vex", "name": "CVE-2026-1525", "description": "A flaw was found in undici, a Node.js HTTP/1.1 client. A remote attacker could exploit this vulnerability by sending HTTP/1.1 requests that include duplicate Content-Length headers with different casing (e.g., \"Content-Length\" and \"content-length\"). This can lead to HTTP Request Smuggling, a technique where an attacker sends an ambiguous request that is interpreted differently by a proxy and a backend server. Successful exploitation could result in unauthorized access, cache poisoning, or credential hijacking. It may also cause a Denial of Service (DoS) if strict HTTP parsers reject the malformed requests.", "issued": "2026-03-12T19:56:55Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1525 https://bugzilla.redhat.com/show_bug.cgi?id=2447144 https://www.cve.org/CVERecord?id=CVE-2026-1525 https://nvd.nist.gov/vuln/detail/CVE-2026-1525 https://cna.openjsf.org/security-advisories.html https://cwe.mitre.org/data/definitions/444.html https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm https://hackerone.com/reports/3556037 https://www.rfc-editor.org/rfc/rfc9110.html#section-8.6 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1525.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "Kcd+UQxBw37KfFkRbn1QXw==": { "id": "Kcd+UQxBw37KfFkRbn1QXw==", "updater": "rhel-vex", "name": "CVE-2024-21891", "description": "A flaw was found in Node.js. Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwritten with user-defined implementations, leading to a filesystem permission model bypass through a path traversal attack.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21891 https://bugzilla.redhat.com/show_bug.cgi?id=2265720 https://www.cve.org/CVERecord?id=CVE-2024-21891 https://nvd.nist.gov/vuln/detail/CVE-2024-21891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21891.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "KhBWOViCuCZdWqrkDlYvOA==": { "id": "KhBWOViCuCZdWqrkDlYvOA==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "KhtP1/ZJ9jcZ6Whijt7vkw==": { "id": "KhtP1/ZJ9jcZ6Whijt7vkw==", "updater": "osv/go", "name": "GO-2023-1571", "description": "Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net", "issued": "2023-02-16T22:31:36Z", "links": "https://go.dev/issue/57855 https://go.dev/cl/468135 https://go.dev/cl/468295 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.6" }, "KlFwXzVoVlebAInsnw41Qw==": { "id": "KlFwXzVoVlebAInsnw41Qw==", "updater": "osv/go", "name": "GO-2025-4010", "description": "Insufficient validation of bracketed IPv6 hostnames in net/url", "issued": "2025-10-29T21:49:58Z", "links": "https://go.dev/issue/75678 https://go.dev/cl/709857 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.8" }, "Km0Kj8/PT21DcOVckLYRyA==": { "id": "Km0Kj8/PT21DcOVckLYRyA==", "updater": "rhel-vex", "name": "CVE-2023-45290", "description": "A flaw was discovered in Go's net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45290 https://bugzilla.redhat.com/show_bug.cgi?id=2268017 https://www.cve.org/CVERecord?id=CVE-2023-45290 https://nvd.nist.gov/vuln/detail/CVE-2023-45290 http://www.openwall.com/lists/oss-security/2024/03/08/4 https://go.dev/cl/569341 https://go.dev/issue/65383 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://pkg.go.dev/vuln/GO-2024-2599 https://security.netapp.com/advisory/ntap-20240329-0004 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45290.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "Ko362Be/IvWvKgd5medxJw==": { "id": "Ko362Be/IvWvKgd5medxJw==", "updater": "rhel-vex", "name": "CVE-2026-27142", "description": "An input escaping flaw has been discovered in the golang html/template module. Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value \"refresh\". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow \"url=\" by setting htmlmetacontenturlescape=0.", "issued": "2026-03-06T21:28:14Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27142 https://bugzilla.redhat.com/show_bug.cgi?id=2445351 https://www.cve.org/CVERecord?id=CVE-2026-27142 https://nvd.nist.gov/vuln/detail/CVE-2026-27142 https://go.dev/cl/752081 https://go.dev/issue/77954 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://pkg.go.dev/vuln/GO-2026-4603 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27142.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Kp6vEAyTjVJyCperHJ2MsQ==": { "id": "Kp6vEAyTjVJyCperHJ2MsQ==", "updater": "rhel-vex", "name": "CVE-2023-29406", "description": "A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.", "issued": "2023-07-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29406 https://bugzilla.redhat.com/show_bug.cgi?id=2222167 https://www.cve.org/CVERecord?id=CVE-2023-29406 https://nvd.nist.gov/vuln/detail/CVE-2023-29406 https://groups.google.com/g/golang-announce/c/2q13H6LEEx0 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29406.json https://access.redhat.com/errata/RHSA-2023:5738", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.13-1.el9_2", "arch_op": "pattern match" }, "Kqi7XT4SGpqJzglrXFbYsQ==": { "id": "Kqi7XT4SGpqJzglrXFbYsQ==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gcc-c++", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "Kqq2xlybjD/tOLmQWu2xPw==": { "id": "Kqq2xlybjD/tOLmQWu2xPw==", "updater": "rhel-vex", "name": "CVE-2025-5918", "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5918 https://bugzilla.redhat.com/show_bug.cgi?id=2370877 https://www.cve.org/CVERecord?id=CVE-2025-5918 https://nvd.nist.gov/vuln/detail/CVE-2025-5918 https://github.com/libarchive/libarchive/pull/2584 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5918.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Kr2KcyJfYQ8J1RDorzTofQ==": { "id": "Kr2KcyJfYQ8J1RDorzTofQ==", "updater": "rhel-vex", "name": "CVE-2025-69651", "description": "A flaw was found in binutils. An attacker could exploit this vulnerability by providing a crafted Executable and Linkable Format (ELF) binary with malformed relocation or symbol data. Processing this malicious binary leads to an invalid pointer free, which triggers memory corruption checks and causes the program to terminate.", "issued": "2026-03-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69651 https://bugzilla.redhat.com/show_bug.cgi?id=2445299 https://www.cve.org/CVERecord?id=CVE-2025-69651 https://nvd.nist.gov/vuln/detail/CVE-2025-69651 https://sourceware.org/bugzilla/show_bug.cgi?id=33700 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ea4bc025abdba85a90e26e13f551c16a44bfa921 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69651.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "KsboTEAsiwsdLEKIDivkyA==": { "id": "KsboTEAsiwsdLEKIDivkyA==", "updater": "rhel-vex", "name": "CVE-2022-2175", "description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "issued": "2022-06-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2175.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Kt6vMl5nXH7V+FrvbEPv5A==": { "id": "Kt6vMl5nXH7V+FrvbEPv5A==", "updater": "rhel-vex", "name": "CVE-2025-6020", "description": "A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.", "issued": "2025-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6020 https://bugzilla.redhat.com/show_bug.cgi?id=2372512 https://www.cve.org/CVERecord?id=CVE-2025-6020 https://nvd.nist.gov/vuln/detail/CVE-2025-6020 https://github.com/linux-pam/linux-pam/security/advisories/GHSA-f9p8-gjr4-j9gx https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6020.json https://access.redhat.com/errata/RHSA-2025:15099", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-26.el9_6", "arch_op": "pattern match" }, "KtIlAO0V0/KiMbIbmHHMGw==": { "id": "KtIlAO0V0/KiMbIbmHHMGw==", "updater": "rhel-vex", "name": "CVE-2023-31147", "description": "A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom() are unavailable, c-ares will use rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand(), so it will generate predictable output.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31147 https://bugzilla.redhat.com/show_bug.cgi?id=2209501 https://www.cve.org/CVERecord?id=CVE-2023-31147 https://nvd.nist.gov/vuln/detail/CVE-2023-31147 https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31147.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "KwXuJ1mZuqgv14dKI+DdIw==": { "id": "KwXuJ1mZuqgv14dKI+DdIw==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "KxS2ZtWgZx0lQavGmel4Wg==": { "id": "KxS2ZtWgZx0lQavGmel4Wg==", "updater": "osv/go", "name": "GO-2025-4013", "description": "Panic when validating certificates with DSA public keys in crypto/x509", "issued": "2025-10-29T21:50:08Z", "links": "https://go.dev/cl/709853 https://go.dev/issue/75675 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.8" }, "L+KHKrPvSxZVeDMiWq92vw==": { "id": "L+KHKrPvSxZVeDMiWq92vw==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "L/8naYULbNo7VCB5WzvpDw==": { "id": "L/8naYULbNo7VCB5WzvpDw==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "L04cc8NCPjDZYnxYDnO5+A==": { "id": "L04cc8NCPjDZYnxYDnO5+A==", "updater": "rhel-vex", "name": "CVE-2023-40217", "description": "Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are authenticated only by a TLS certificate. No breach of confidentiality is possible.", "issued": "2023-08-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-40217 https://bugzilla.redhat.com/show_bug.cgi?id=2235789 https://www.cve.org/CVERecord?id=CVE-2023-40217 https://nvd.nist.gov/vuln/detail/CVE-2023-40217 https://github.com/python/cpython/issues/108310 https://github.com/python/cpython/pull/108315 https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-40217.json https://access.redhat.com/errata/RHSA-2023:5462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.16-1.el9_2.2", "arch_op": "pattern match" }, "L0CRHbX1682QNRh65eVCrA==": { "id": "L0CRHbX1682QNRh65eVCrA==", "updater": "rhel-vex", "name": "CVE-2026-27139", "description": "A path traversal flaw has been discovered in the golang `os` module. On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the filesystem without permitting reading or writing files outside the root.", "issued": "2026-03-06T21:28:14Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27139 https://bugzilla.redhat.com/show_bug.cgi?id=2445335 https://www.cve.org/CVERecord?id=CVE-2026-27139 https://nvd.nist.gov/vuln/detail/CVE-2026-27139 https://go.dev/cl/749480 https://go.dev/issue/77827 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://pkg.go.dev/vuln/GO-2026-4602 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27139.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "L0O+Qmwnpkk+Rg/VqN7QWA==": { "id": "L0O+Qmwnpkk+Rg/VqN7QWA==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "L1oZ+rWwTAdhKgF16l3EEA==": { "id": "L1oZ+rWwTAdhKgF16l3EEA==", "updater": "rhel-vex", "name": "CVE-2026-1527", "description": "A flaw was found in undici, a Node.js HTTP/1.1 client. This vulnerability allows a remote attacker to inject malicious data into HTTP headers or prematurely end HTTP requests by sending specially crafted input to the `upgrade` option of `client.request()`. This is possible because undici does not properly validate input for invalid header characters, which could lead to unauthorized information disclosure or bypassing of security controls.", "issued": "2026-03-12T20:17:18Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1527 https://bugzilla.redhat.com/show_bug.cgi?id=2447141 https://www.cve.org/CVERecord?id=CVE-2026-1527 https://nvd.nist.gov/vuln/detail/CVE-2026-1527 https://cna.openjsf.org/security-advisories.html https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq https://hackerone.com/reports/3487198 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1527.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "L2l/2cM7p8mbRx8/RerNPg==": { "id": "L2l/2cM7p8mbRx8/RerNPg==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "L3Sq7FQbQmRq1R8Dn0eFww==": { "id": "L3Sq7FQbQmRq1R8Dn0eFww==", "updater": "rhel-vex", "name": "CVE-2021-35939", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-build-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "L5u3G3ilU8/0RtMpJ7kdKQ==": { "id": "L5u3G3ilU8/0RtMpJ7kdKQ==", "updater": "rhel-vex", "name": "CVE-2023-31130", "description": "A vulnerability was found in c-ares. This issue occurs in the ares_inet_net_pton() function, which is vulnerable to a buffer underflow for certain ipv6 addresses. \"0::00:00:00/2\" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which would require an administrator to configure such an address via ares_set_sortlist().", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31130 https://bugzilla.redhat.com/show_bug.cgi?id=2209497 https://www.cve.org/CVERecord?id=CVE-2023-31130 https://nvd.nist.gov/vuln/detail/CVE-2023-31130 https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31130.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "L7bRdQbudZhoHiefk8z45A==": { "id": "L7bRdQbudZhoHiefk8z45A==", "updater": "rhel-vex", "name": "CVE-2020-17049", "description": "It was found that the Kerberos Key Distribution Center (KDC) delegation feature, Service for User (S4U), did not sufficiently protect the tickets it's providing from tempering. A malicious, authenticated service principal allowed to delegate could use this flaw to impersonate a non-forwardable user.", "issued": "2020-11-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-17049 https://bugzilla.redhat.com/show_bug.cgi?id=2025721 https://www.cve.org/CVERecord?id=CVE-2020-17049 https://nvd.nist.gov/vuln/detail/CVE-2020-17049 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17049 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-17049.json https://access.redhat.com/errata/RHSA-2023:2570", "severity": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.20.1-8.el9", "arch_op": "pattern match" }, "L8FIUEPJFSQ6xN1TgXR/Yg==": { "id": "L8FIUEPJFSQ6xN1TgXR/Yg==", "updater": "rhel-vex", "name": "CVE-2026-35385", "description": "A flaw was found in OpenSSH. When the `scp` command is used by a root user to download a file with the legacy protocol option (`-O`) and without preserving original file permissions (`-p`), the downloaded file can be installed with elevated privileges (setuid or setgid). This unexpected behavior could allow a malicious file to execute with higher permissions than intended, posing a security risk through potential privilege escalation.", "issued": "2026-04-02T16:30:59Z", "links": "https://access.redhat.com/security/cve/CVE-2026-35385 https://bugzilla.redhat.com/show_bug.cgi?id=2454469 https://www.cve.org/CVERecord?id=CVE-2026-35385 https://nvd.nist.gov/vuln/detail/CVE-2026-35385 https://marc.info/?l=openssh-unix-dev\u0026m=177513443901484\u0026w=2 https://www.openssh.org/releasenotes.html#10.3p1 https://www.openwall.com/lists/oss-security/2026/04/02/3 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-35385.json https://access.redhat.com/errata/RHSA-2026:13381", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-49.el9_7", "arch_op": "pattern match" }, "L9hbhq3wsZ5QkKEIo/fhYQ==": { "id": "L9hbhq3wsZ5QkKEIo/fhYQ==", "updater": "rhel-vex", "name": "CVE-2025-23165", "description": "A flaw was found in the ReadFileUtf8 internal binding of Node.js. This vulnerability can allow an attacker to cause an application denial of service via repeated file read operations that trigger an unrecoverable memory leak due to a corrupted pointer in the underlying file system binding.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23165 https://bugzilla.redhat.com/show_bug.cgi?id=2367162 https://www.cve.org/CVERecord?id=CVE-2025-23165 https://nvd.nist.gov/vuln/detail/CVE-2025-23165 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23165.json https://access.redhat.com/errata/RHSA-2025:8468", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.19.2-1.module+el9.6.0+23146+be9976bd", "arch_op": "pattern match" }, "LAdEFhGjw+B+5uRqObeXiQ==": { "id": "LAdEFhGjw+B+5uRqObeXiQ==", "updater": "rhel-vex", "name": "CVE-2023-6129", "description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "issued": "2024-01-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "LBK9PqJKfCEUpttQCyryqw==": { "id": "LBK9PqJKfCEUpttQCyryqw==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "LBzBPjCNeeSOWXyc2o2hnQ==": { "id": "LBzBPjCNeeSOWXyc2o2hnQ==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.13.1-1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "LDhDJjeJTHD14xx6vYgQUQ==": { "id": "LDhDJjeJTHD14xx6vYgQUQ==", "updater": "rhel-vex", "name": "CVE-2023-29499", "description": "A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29499 https://bugzilla.redhat.com/show_bug.cgi?id=2211828 https://www.cve.org/CVERecord?id=CVE-2023-29499 https://nvd.nist.gov/vuln/detail/CVE-2023-29499 https://gitlab.gnome.org/GNOME/glib/-/issues/2794 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29499.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "LElGnvRnV9StufJdr+3D9g==": { "id": "LElGnvRnV9StufJdr+3D9g==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:11992", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-8.el9_6", "arch_op": "pattern match" }, "LFiejdPb02ZvCk9/k6M2OA==": { "id": "LFiejdPb02ZvCk9/k6M2OA==", "updater": "rhel-vex", "name": "CVE-2023-31124", "description": "A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31124 https://bugzilla.redhat.com/show_bug.cgi?id=2209494 https://www.cve.org/CVERecord?id=CVE-2023-31124 https://nvd.nist.gov/vuln/detail/CVE-2023-31124 https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31124.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "LJERbH00ig5nWiqOMKw/Xg==": { "id": "LJERbH00ig5nWiqOMKw/Xg==", "updater": "rhel-vex", "name": "CVE-2025-66863", "description": "A flaw was found in BinUtils. Attackers can exploit this vulnerability by providing a specially crafted Portable Executable (PE) file. This can lead to a denial of service, making the affected application unavailable.", "issued": "2025-12-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-66863 https://bugzilla.redhat.com/show_bug.cgi?id=2425824 https://www.cve.org/CVERecord?id=CVE-2025-66863 https://nvd.nist.gov/vuln/detail/CVE-2025-66863 https://github.com/caozhzh/CRGF-Vul/blob/main/cxxfilt/crash2.md https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-66863.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "LKHvKuMU+ZaZN+c9jQoc8A==": { "id": "LKHvKuMU+ZaZN+c9jQoc8A==", "updater": "rhel-vex", "name": "CVE-2024-1394", "description": "A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey​ and ctx​. That function uses named return parameters to free pkey​ and ctx​ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the \"return nil, nil, fail(...)\" pattern, meaning that pkey​ and ctx​ will be nil inside the deferred function that should free them.", "issued": "2024-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-1394 https://bugzilla.redhat.com/show_bug.cgi?id=2262921 https://www.cve.org/CVERecord?id=CVE-2024-1394 https://nvd.nist.gov/vuln/detail/CVE-2024-1394 https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136 https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6 https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f https://pkg.go.dev/vuln/GO-2024-2660 https://vuln.go.dev/ID/GO-2024-2660.json https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1394.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "LKchwuMyQH4TU0LwtP5Jcg==": { "id": "LKchwuMyQH4TU0LwtP5Jcg==", "updater": "rhel-vex", "name": "CVE-2026-35385", "description": "A flaw was found in OpenSSH. When the `scp` command is used by a root user to download a file with the legacy protocol option (`-O`) and without preserving original file permissions (`-p`), the downloaded file can be installed with elevated privileges (setuid or setgid). This unexpected behavior could allow a malicious file to execute with higher permissions than intended, posing a security risk through potential privilege escalation.", "issued": "2026-04-02T16:30:59Z", "links": "https://access.redhat.com/security/cve/CVE-2026-35385 https://bugzilla.redhat.com/show_bug.cgi?id=2454469 https://www.cve.org/CVERecord?id=CVE-2026-35385 https://nvd.nist.gov/vuln/detail/CVE-2026-35385 https://marc.info/?l=openssh-unix-dev\u0026m=177513443901484\u0026w=2 https://www.openssh.org/releasenotes.html#10.3p1 https://www.openwall.com/lists/oss-security/2026/04/02/3 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-35385.json https://access.redhat.com/errata/RHSA-2026:13381", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-49.el9_7", "arch_op": "pattern match" }, "LLwLKTruTLedHaSTZAzh/g==": { "id": "LLwLKTruTLedHaSTZAzh/g==", "updater": "rhel-vex", "name": "CVE-2026-0865", "description": "Missing newline filtering has been discovered in Python. User-controlled header names and values containing newlines can allow injecting HTTP headers.", "issued": "2026-01-20T21:26:15Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0865 https://bugzilla.redhat.com/show_bug.cgi?id=2431367 https://www.cve.org/CVERecord?id=CVE-2026-0865 https://nvd.nist.gov/vuln/detail/CVE-2026-0865 https://github.com/python/cpython/issues/143916 https://github.com/python/cpython/pull/143917 https://mail.python.org/archives/list/security-announce@python.org/thread/BJ6QPHNSHJTS3A7CFV6IBMCAP2DWRVNT/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0865.json https://access.redhat.com/errata/RHSA-2026:4168", "severity": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.25-3.el9_7.1", "arch_op": "pattern match" }, "LMcwA00QGnxriAXkZQIhHw==": { "id": "LMcwA00QGnxriAXkZQIhHw==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "LMrJ8zW3vxlqJrvFMbbCGA==": { "id": "LMrJ8zW3vxlqJrvFMbbCGA==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-File-Compare", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.100.600-481.el9", "arch_op": "pattern match" }, "LTObsRKzbMcDf7ZCch9lsA==": { "id": "LTObsRKzbMcDf7ZCch9lsA==", "updater": "rhel-vex", "name": "CVE-2026-32282", "description": "A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.", "issued": "2026-04-08T01:06:55Z", "links": "https://access.redhat.com/security/cve/CVE-2026-32282 https://bugzilla.redhat.com/show_bug.cgi?id=2456336 https://www.cve.org/CVERecord?id=CVE-2026-32282 https://nvd.nist.gov/vuln/detail/CVE-2026-32282 https://go.dev/cl/763761 https://go.dev/issue/78293 https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU https://pkg.go.dev/vuln/GO-2026-4864 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32282.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "LTbAvxPwXv/MF/Dqg/sWFw==": { "id": "LTbAvxPwXv/MF/Dqg/sWFw==", "updater": "rhel-vex", "name": "CVE-2025-6021", "description": "A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.", "issued": "2025-06-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6021 https://bugzilla.redhat.com/show_bug.cgi?id=2372406 https://www.cve.org/CVERecord?id=CVE-2025-6021 https://nvd.nist.gov/vuln/detail/CVE-2025-6021 https://gitlab.gnome.org/GNOME/libxml2/-/issues/926 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6021.json https://access.redhat.com/errata/RHSA-2025:10699", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-10.el9_6", "arch_op": "pattern match" }, "LULa++Og4kM4JJrQxnZj0w==": { "id": "LULa++Og4kM4JJrQxnZj0w==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-subs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.03-481.1.el9_6", "arch_op": "pattern match" }, "LUlesLbzv1yf48cLqYDxTg==": { "id": "LUlesLbzv1yf48cLqYDxTg==", "updater": "rhel-vex", "name": "CVE-2023-30581", "description": "A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require() can bypass the policy mechanism and require modules outside of the policy.json definition.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30581 https://bugzilla.redhat.com/show_bug.cgi?id=2219824 https://www.cve.org/CVERecord?id=CVE-2023-30581 https://nvd.nist.gov/vuln/detail/CVE-2023-30581 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30581.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.1.1.el9_2", "arch_op": "pattern match" }, "LVK2sPVncIeKs9ALN+mPDg==": { "id": "LVK2sPVncIeKs9ALN+mPDg==", "updater": "rhel-vex", "name": "CVE-2025-59465", "description": "A denial of service flaw has been discovered in NodeJS. A malformed `HTTP/2 HEADERS` frame with oversized, invalid `HPACK` data can cause Node.js to crash by triggering an unhandled `TLSSocket` error `ECONNRESET`. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not attach explicit error handlers to secure sockets", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-59465 https://bugzilla.redhat.com/show_bug.cgi?id=2431349 https://www.cve.org/CVERecord?id=CVE-2025-59465 https://nvd.nist.gov/vuln/detail/CVE-2025-59465 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-59465.json https://access.redhat.com/errata/RHSA-2026:2781", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.13.0-1.module+el9.7.0+23894+c8377628", "arch_op": "pattern match" }, "LVwzv4Idra62FxSa6vFC9Q==": { "id": "LVwzv4Idra62FxSa6vFC9Q==", "updater": "rhel-vex", "name": "CVE-2026-21714", "description": "A flaw was found in Node.js. A remote attacker can exploit this vulnerability in Node.js HTTP/2 servers by sending specially crafted WINDOW_UPDATE frames on stream 0 (connection-level). These frames can cause the flow control window to exceed its maximum value, leading to a memory leak as Http2Session objects are not properly cleaned up. This can result in resource exhaustion and a Denial of Service (DoS) condition for the server.", "issued": "2026-03-30T19:07:28Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21714 https://bugzilla.redhat.com/show_bug.cgi?id=2453161 https://www.cve.org/CVERecord?id=CVE-2026-21714 https://nvd.nist.gov/vuln/detail/CVE-2026-21714 https://nodejs.org/en/blog/vulnerability/march-2026-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21714.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "LXj+7NB7elh/3U/gcE77cw==": { "id": "LXj+7NB7elh/3U/gcE77cw==", "updater": "rhel-vex", "name": "CVE-2022-3570", "description": "A heap-based buffer overflow flaw was found in Libtiff's tiffcrop utility. This issue occurs during the conversion of a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes an out-of-bound access resulting an application crash, eventually leading to a denial of service.", "issued": "2022-02-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3570 https://bugzilla.redhat.com/show_bug.cgi?id=2142734 https://www.cve.org/CVERecord?id=CVE-2022-3570 https://nvd.nist.gov/vuln/detail/CVE-2022-3570 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3570.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "Lc5MrJdT06D8uHMkpa1+Og==": { "id": "Lc5MrJdT06D8uHMkpa1+Og==", "updater": "rhel-vex", "name": "CVE-2025-66861", "description": "A flaw was found in binutils. Processing a specially crafted PE file with cxxfilt can trigger an out-of-bounds read in the d_unqualified_name function in the cp-demangle.c file, causing a crash and resulting in a denial of service.", "issued": "2025-12-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-66861 https://bugzilla.redhat.com/show_bug.cgi?id=2425823 https://www.cve.org/CVERecord?id=CVE-2025-66861 https://nvd.nist.gov/vuln/detail/CVE-2025-66861 https://github.com/caozhzh/CRGF-Vul/blob/main/cxxfilt/crash1.md https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-66861.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Lc7NiV76Y8Ubl6+6Vgd+sw==": { "id": "Lc7NiV76Y8Ubl6+6Vgd+sw==", "updater": "rhel-vex", "name": "CVE-2023-0464", "description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "LcEYljn+QTWUC36NwQCf7w==": { "id": "LcEYljn+QTWUC36NwQCf7w==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "Lcg+9plLPEAo58BHKBlIGw==": { "id": "Lcg+9plLPEAo58BHKBlIGw==", "updater": "rhel-vex", "name": "CVE-2023-43787", "description": "A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43787 https://bugzilla.redhat.com/show_bug.cgi?id=2242254 https://www.cve.org/CVERecord?id=CVE-2023-43787 https://nvd.nist.gov/vuln/detail/CVE-2023-43787 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43787.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "LczpEojKeJQxs4tAiPNubw==": { "id": "LczpEojKeJQxs4tAiPNubw==", "updater": "rhel-vex", "name": "CVE-2023-29402", "description": "A flaw was found in golang. The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program that uses cgo. This can occur when running an untrusted module that contains directories with newline characters in their names. Modules that are retrieved using the go command, for example, via \"go get\", are not affected. Modules retrieved using GOPATH-mode, for example, GO111MODULE=off may be affected.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29402 https://bugzilla.redhat.com/show_bug.cgi?id=2217562 https://www.cve.org/CVERecord?id=CVE-2023-29402 https://nvd.nist.gov/vuln/detail/CVE-2023-29402 https://go.dev/cl/501226 https://go.dev/issue/60167 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1839 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29402.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "LdefrT414pk0XLw3PJpgwQ==": { "id": "LdefrT414pk0XLw3PJpgwQ==", "updater": "rhel-vex", "name": "CVE-2026-21710", "description": "A flaw was found in Node.js. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request that includes a header named `__proto__`. When a Node.js application processes this request and attempts to access distinct headers, it encounters an unhandled error, leading to an application crash. This can result in a Denial of Service (DoS), making the affected service unavailable to users.", "issued": "2026-03-30T19:07:28Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21710 https://bugzilla.redhat.com/show_bug.cgi?id=2453151 https://www.cve.org/CVERecord?id=CVE-2026-21710 https://nvd.nist.gov/vuln/detail/CVE-2026-21710 https://nodejs.org/en/blog/vulnerability/march-2026-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21710.json https://access.redhat.com/errata/RHSA-2026:7896", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.20.2-1.module+el9.7.0+24193+41b7b572", "arch_op": "pattern match" }, "Ldf0SBs4F44XtkmDr6o4kQ==": { "id": "Ldf0SBs4F44XtkmDr6o4kQ==", "updater": "rhel-vex", "name": "CVE-2024-12243", "description": "A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.", "issued": "2025-02-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12243 https://bugzilla.redhat.com/show_bug.cgi?id=2344615 https://www.cve.org/CVERecord?id=CVE-2024-12243 https://nvd.nist.gov/vuln/detail/CVE-2024-12243 https://gitlab.com/gnutls/gnutls/-/issues/1553 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12243.json https://access.redhat.com/errata/RHSA-2025:7076", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-6.el9", "arch_op": "pattern match" }, "LeWRqc+lggRL8KnG53e6CA==": { "id": "LeWRqc+lggRL8KnG53e6CA==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:20936", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-9.el9_7", "arch_op": "pattern match" }, "Lex02lwAwiaMkFn9DV9FuA==": { "id": "Lex02lwAwiaMkFn9DV9FuA==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "Lhc4n2a9ma6eRDB/RCRmLQ==": { "id": "Lhc4n2a9ma6eRDB/RCRmLQ==", "updater": "rhel-vex", "name": "CVE-2025-9086", "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", "issued": "2025-09-12T05:10:03Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9086 https://bugzilla.redhat.com/show_bug.cgi?id=2394750 https://www.cve.org/CVERecord?id=CVE-2025-9086 https://nvd.nist.gov/vuln/detail/CVE-2025-9086 https://curl.se/docs/CVE-2025-9086.html https://curl.se/docs/CVE-2025-9086.json https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6 https://hackerone.com/reports/3294999 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9086.json https://access.redhat.com/errata/RHSA-2026:1350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-35.el9_7.3", "arch_op": "pattern match" }, "LiT2UIJJCX7RQxuKZd5BaQ==": { "id": "LiT2UIJJCX7RQxuKZd5BaQ==", "updater": "rhel-vex", "name": "CVE-2023-43804", "description": "A flaw was found in urllib3, a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, which is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43804 https://bugzilla.redhat.com/show_bug.cgi?id=2242493 https://www.cve.org/CVERecord?id=CVE-2023-43804 https://nvd.nist.gov/vuln/detail/CVE-2023-43804 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43804.json https://access.redhat.com/errata/RHSA-2024:0464", "severity": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-urllib3", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.26.5-3.el9_3.1", "arch_op": "pattern match" }, "LkG+n79mbPHrPl1sC2ee1w==": { "id": "LkG+n79mbPHrPl1sC2ee1w==", "updater": "rhel-vex", "name": "CVE-2024-28863", "description": "A flaw was found in ISAACS's node-tar, where it is vulnerable to a denial of service, caused by the lack of folder count validation. The vulnerability exists due to the application not properly controlling the consumption of internal resources while parsing a tar file. By sending a specially crafted request, a remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28863 https://bugzilla.redhat.com/show_bug.cgi?id=2293200 https://www.cve.org/CVERecord?id=CVE-2024-28863 https://nvd.nist.gov/vuln/detail/CVE-2024-28863 https://github.com/isaacs/node-tar/security/advisories/GHSA-f5x3-32g6-xq36 https://security.netapp.com/advisory/ntap-20240524-0005/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28863.json https://access.redhat.com/errata/RHSA-2024:6147", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.4-1.module+el9.4.0+22195+c221878e", "arch_op": "pattern match" }, "LkJjju2s50oKpBRyBT8s0A==": { "id": "LkJjju2s50oKpBRyBT8s0A==", "updater": "rhel-vex", "name": "CVE-2024-41965", "description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "issued": "2024-08-01T22:21:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "LlIx9R1y9EWEYmMjr1l1rw==": { "id": "LlIx9R1y9EWEYmMjr1l1rw==", "updater": "rhel-vex", "name": "CVE-2023-25193", "description": "A vulnerability was found HarfBuzz. This flaw allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "issued": "2023-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25193 https://bugzilla.redhat.com/show_bug.cgi?id=2167254 https://www.cve.org/CVERecord?id=CVE-2023-25193 https://nvd.nist.gov/vuln/detail/CVE-2023-25193 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25193.json https://access.redhat.com/errata/RHSA-2024:2410", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "harfbuzz", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.7.4-10.el9", "arch_op": "pattern match" }, "LmpJ6GJi47QcNT9dtXcmiA==": { "id": "LmpJ6GJi47QcNT9dtXcmiA==", "updater": "rhel-vex", "name": "CVE-2025-47906", "description": "A path handling flaw has been discovered in the os/exec go package. If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", "issued": "2025-09-18T18:41:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47906 https://bugzilla.redhat.com/show_bug.cgi?id=2396546 https://www.cve.org/CVERecord?id=CVE-2025-47906 https://nvd.nist.gov/vuln/detail/CVE-2025-47906 https://go.dev/cl/691775 https://go.dev/issue/74466 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://pkg.go.dev/vuln/GO-2025-3956 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47906.json https://access.redhat.com/errata/RHSA-2025:13935", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.6-1.el9_6", "arch_op": "pattern match" }, "Lr5d+BjmGHyC+AWnFQJRTA==": { "id": "Lr5d+BjmGHyC+AWnFQJRTA==", "updater": "rhel-vex", "name": "CVE-2025-8291", "description": "A zip file handling flaw has been discovered in the python standard library `zipfile` module. The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory (EOCD) Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create ZIP archives that are handled differently by the 'zipfile' module compared to other ZIP implementations.", "issued": "2025-10-07T18:10:05Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8291 https://bugzilla.redhat.com/show_bug.cgi?id=2402342 https://www.cve.org/CVERecord?id=CVE-2025-8291 https://nvd.nist.gov/vuln/detail/CVE-2025-8291 https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267 https://github.com/python/cpython/commit/333d4a6f4967d3ace91492a39ededbcf3faa76a6 https://github.com/python/cpython/issues/139700 https://github.com/python/cpython/pull/139702 https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8291.json https://access.redhat.com/errata/RHSA-2025:23342", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.25-2.el9_7", "arch_op": "pattern match" }, "Lsd0oY+cRz3Y5y3+G6CYMA==": { "id": "Lsd0oY+cRz3Y5y3+G6CYMA==", "updater": "rhel-vex", "name": "CVE-2024-24789", "description": "A flaw was found in Golang. The ZIP implementation of the Go language archive/zip library behaves differently than the rest of the ZIP file format implementations. When handling ZIP files with a corrupted central directory record, the library skips over the invalid record and processes the next valid one. This flaw allows a malicious user to access hidden information or files inside maliciously crafted ZIP files.", "issued": "2024-06-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24789 https://bugzilla.redhat.com/show_bug.cgi?id=2292668 https://www.cve.org/CVERecord?id=CVE-2024-24789 https://nvd.nist.gov/vuln/detail/CVE-2024-24789 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24789.json https://access.redhat.com/errata/RHSA-2024:4212", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.11-1.el9_4", "arch_op": "pattern match" }, "LuirMfnv2JkWFEU8MUuKUQ==": { "id": "LuirMfnv2JkWFEU8MUuKUQ==", "updater": "rhel-vex", "name": "CVE-2025-13151", "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", "issued": "2026-01-07T21:14:05Z", "links": "https://access.redhat.com/security/cve/CVE-2025-13151 https://bugzilla.redhat.com/show_bug.cgi?id=2427698 https://www.cve.org/CVERecord?id=CVE-2025-13151 https://nvd.nist.gov/vuln/detail/CVE-2025-13151 https://gitlab.com/gnutls/libtasn1 https://gitlab.com/gnutls/libtasn1/-/merge_requests/121 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-13151.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libtasn1", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Lv181AfOrKwIP+rlrdVs2A==": { "id": "Lv181AfOrKwIP+rlrdVs2A==", "updater": "rhel-vex", "name": "CVE-2026-21716", "description": "A flaw was found in Node.js. An incomplete security fix allows code operating under restricted file system write permissions to bypass these limitations. This vulnerability enables the modification of file permissions and ownership on already-open files, even when explicit write access is denied. Such a bypass could lead to unauthorized changes to system files.", "issued": "2026-03-30T19:07:28Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21716 https://bugzilla.redhat.com/show_bug.cgi?id=2453157 https://www.cve.org/CVERecord?id=CVE-2026-21716 https://nvd.nist.gov/vuln/detail/CVE-2026-21716 https://nodejs.org/en/blog/vulnerability/march-2026-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21716.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "LvLSBTmw++OZNe7y3SPjew==": { "id": "LvLSBTmw++OZNe7y3SPjew==", "updater": "rhel-vex", "name": "CVE-2026-22695", "description": "A flaw was found in libpng, a reference library for processing PNG (Portable Network Graphics) image files. A local attacker could exploit a heap buffer over-read vulnerability in the `png_image_finish_read` function by tricking a user into processing a specially crafted interlaced 16-bit PNG file with an 8-bit output format and non-minimal row stride. This could lead to a denial of service (DoS) and potentially information disclosure.", "issued": "2026-01-12T22:55:40Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22695 https://bugzilla.redhat.com/show_bug.cgi?id=2428825 https://www.cve.org/CVERecord?id=CVE-2026-22695 https://nvd.nist.gov/vuln/detail/CVE-2026-22695 https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea https://github.com/pnggroup/libpng/commit/e4f7ad4ea2 https://github.com/pnggroup/libpng/issues/778 https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22695.json https://access.redhat.com/errata/RHSA-2026:3405", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libpng", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:1.6.37-12.el9_7.2", "arch_op": "pattern match" }, "Lw4KgrwWujzRmDjtibR3+Q==": { "id": "Lw4KgrwWujzRmDjtibR3+Q==", "updater": "rhel-vex", "name": "CVE-2023-40217", "description": "Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are authenticated only by a TLS certificate. No breach of confidentiality is possible.", "issued": "2023-08-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-40217 https://bugzilla.redhat.com/show_bug.cgi?id=2235789 https://www.cve.org/CVERecord?id=CVE-2023-40217 https://nvd.nist.gov/vuln/detail/CVE-2023-40217 https://github.com/python/cpython/issues/108310 https://github.com/python/cpython/pull/108315 https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-40217.json https://access.redhat.com/errata/RHSA-2023:5462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.16-1.el9_2.2", "arch_op": "pattern match" }, "LxYgcRll4fEnbCHHZWt4BA==": { "id": "LxYgcRll4fEnbCHHZWt4BA==", "updater": "rhel-vex", "name": "CVE-2026-5121", "description": "A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for arbitrary code execution on the affected system.", "issued": "2026-03-30T07:44:15Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5121 https://bugzilla.redhat.com/show_bug.cgi?id=2452945 https://www.cve.org/CVERecord?id=CVE-2026-5121 https://nvd.nist.gov/vuln/detail/CVE-2026-5121 https://github.com/advisories/GHSA-2vwv-vqpv-v8vc https://github.com/libarchive/libarchive/pull/2934 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5121.json https://access.redhat.com/errata/RHSA-2026:8510", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-9.el9_7", "arch_op": "pattern match" }, "LyEH4RIrJnMwmS9bxL322w==": { "id": "LyEH4RIrJnMwmS9bxL322w==", "updater": "rhel-vex", "name": "CVE-2025-4673", "description": "A flaw was found in net/http. Handling Proxy-Authorization and Proxy-Authenticate headers during cross-origin redirects allows these headers to be inadvertently forwarded, potentially exposing sensitive authentication credentials. This flaw allows a network-based attacker to manipulate redirect responses, unintentionally exposing authentication details to unauthorized parties.", "issued": "2025-06-11T16:42:53Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4673 https://bugzilla.redhat.com/show_bug.cgi?id=2373305 https://www.cve.org/CVERecord?id=CVE-2025-4673 https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://pkg.go.dev/vuln/GO-2025-3751 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4673.json https://access.redhat.com/errata/RHSA-2025:10676", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.4-1.el9_6", "arch_op": "pattern match" }, "LyQcB6aDtcDf3FmzBVHSKQ==": { "id": "LyQcB6aDtcDf3FmzBVHSKQ==", "updater": "rhel-vex", "name": "CVE-2025-1150", "description": "A flaw was found in the ld linker utility of GNU Binutils. A specially-crafted payload may be able to trigger a memory leak, which can lead to an application crash or other undefined behavior.", "issued": "2025-02-10T16:31:07Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1150 https://bugzilla.redhat.com/show_bug.cgi?id=2344681 https://www.cve.org/CVERecord?id=CVE-2025-1150 https://nvd.nist.gov/vuln/detail/CVE-2025-1150 https://sourceware.org/bugzilla/attachment.cgi?id=15887 https://sourceware.org/bugzilla/show_bug.cgi?id=32576 https://vuldb.com/?ctiid.295054 https://vuldb.com/?id.295054 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1150.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "M0WxNlBrWr1WR0ACcsFS3w==": { "id": "M0WxNlBrWr1WR0ACcsFS3w==", "updater": "rhel-vex", "name": "CVE-2023-32681", "description": "A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuild_proxies is used to recompute and reattach the Proxy-Authorization header to requests when redirected. This behavior only affects proxied requests when credentials are supplied in the URL user information component (for example, https://username:password@proxy:8080).", "issued": "2023-05-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32681 https://bugzilla.redhat.com/show_bug.cgi?id=2209469 https://www.cve.org/CVERecord?id=CVE-2023-32681 https://nvd.nist.gov/vuln/detail/CVE-2023-32681 https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32681.json https://access.redhat.com/errata/RHSA-2023:4350", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-requests", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.25.1-7.el9_2", "arch_op": "pattern match" }, "M1Z06nydk707qbRpFiKmaA==": { "id": "M1Z06nydk707qbRpFiKmaA==", "updater": "rhel-vex", "name": "CVE-2023-27535", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, several FTP settings were left out from the configuration match checks, making them match too easily. The problematic settings are `CURLOPT_FTP_ACCOUNT`, `CURLOPT_FTP_ALTERNATIVE_TO_USER`, `CURLOPT_FTP_SSL_CCC` and `CURLOPT_USE_SSL` level.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27535 https://bugzilla.redhat.com/show_bug.cgi?id=2179073 https://www.cve.org/CVERecord?id=CVE-2023-27535 https://nvd.nist.gov/vuln/detail/CVE-2023-27535 https://curl.se/docs/CVE-2023-27535.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27535.json https://access.redhat.com/errata/RHSA-2023:2650", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.1", "arch_op": "pattern match" }, "M293c+QguJ/aaYP3cMwfyQ==": { "id": "M293c+QguJ/aaYP3cMwfyQ==", "updater": "rhel-vex", "name": "CVE-2026-28388", "description": "A flaw was found in OpenSSL. When processing a malformed delta Certificate Revocation List (CRL) that lacks a required CRL Number extension, a NULL pointer dereference can occur. This vulnerability can be exploited by a remote attacker who provides a specially crafted delta CRL to an application that has delta CRL processing enabled, leading to a Denial of Service (DoS) for the application.", "issued": "2026-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-28388 https://bugzilla.redhat.com/show_bug.cgi?id=2451097 https://www.cve.org/CVERecord?id=CVE-2026-28388 https://nvd.nist.gov/vuln/detail/CVE-2026-28388 https://openssl-library.org/news/secadv/20260407.txt https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-28388.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "M3xoPIiF+fvDRyYkizrMWQ==": { "id": "M3xoPIiF+fvDRyYkizrMWQ==", "updater": "rhel-vex", "name": "CVE-2023-1255", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the AES-XTS cipher decryption implementation for the 64-bit ARM platform contains an issue that could cause it to read past the input buffer, leading to a crash.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1255 https://bugzilla.redhat.com/show_bug.cgi?id=2188461 https://www.cve.org/CVERecord?id=CVE-2023-1255 https://nvd.nist.gov/vuln/detail/CVE-2023-1255 https://www.openssl.org/news/secadv/20230420.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1255.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "M4/opsM/3qe/3m0zjGkItQ==": { "id": "M4/opsM/3qe/3m0zjGkItQ==", "updater": "rhel-vex", "name": "CVE-2023-31124", "description": "A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31124 https://bugzilla.redhat.com/show_bug.cgi?id=2209494 https://www.cve.org/CVERecord?id=CVE-2023-31124 https://nvd.nist.gov/vuln/detail/CVE-2023-31124 https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31124.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.3-1.16.19.1.2.el9_2", "arch_op": "pattern match" }, "M5aJiMv2/MaWINKfor0BrQ==": { "id": "M5aJiMv2/MaWINKfor0BrQ==", "updater": "rhel-vex", "name": "CVE-2023-27535", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, several FTP settings were left out from the configuration match checks, making them match too easily. The problematic settings are `CURLOPT_FTP_ACCOUNT`, `CURLOPT_FTP_ALTERNATIVE_TO_USER`, `CURLOPT_FTP_SSL_CCC` and `CURLOPT_USE_SSL` level.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27535 https://bugzilla.redhat.com/show_bug.cgi?id=2179073 https://www.cve.org/CVERecord?id=CVE-2023-27535 https://nvd.nist.gov/vuln/detail/CVE-2023-27535 https://curl.se/docs/CVE-2023-27535.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27535.json https://access.redhat.com/errata/RHSA-2023:2650", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.1", "arch_op": "pattern match" }, "M9nh4Ryt6GwPUlLoItHqnA==": { "id": "M9nh4Ryt6GwPUlLoItHqnA==", "updater": "rhel-vex", "name": "CVE-2024-7592", "description": "A flaw was found in the `http.cookies` module in the Python package. When parsing cookies that contain backslashes, under certain circumstances, the module uses an algorithm with quadratic complexity, leading to excessive CPU consumption.", "issued": "2024-08-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "MEP8FBVAfPt6fwJRFfcI5w==": { "id": "MEP8FBVAfPt6fwJRFfcI5w==", "updater": "rhel-vex", "name": "CVE-2026-21717", "description": "A flaw was found in V8's string hashing mechanism within Node.js. A remote attacker can exploit this vulnerability by crafting requests containing integer-like strings. These specially crafted strings cause predictable hash collisions in V8's internal string table, particularly when processed by functions like JSON.parse() on attacker-controlled input. This can significantly degrade the performance of the Node.js process, leading to a Denial of Service (DoS) condition.", "issued": "2026-03-30T19:07:28Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21717 https://bugzilla.redhat.com/show_bug.cgi?id=2453162 https://www.cve.org/CVERecord?id=CVE-2026-21717 https://nvd.nist.gov/vuln/detail/CVE-2026-21717 https://nodejs.org/en/blog/vulnerability/march-2026-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21717.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "MGoFQMcsriBEPanvv9LYcQ==": { "id": "MGoFQMcsriBEPanvv9LYcQ==", "updater": "rhel-vex", "name": "CVE-2025-27613", "description": "A vulnerability has been identified in the gitk application that could lead to unauthorized file modification or data loss.\n\nThis flaw manifests in two primary scenarios:\n- Untrusted Repository Cloning: When a user is tricked into cloning an untrusted Git repository and then uses gitk to visualize it without any additional parameters, any writable file on the user's system can be arbitrarily created or truncated. Exploitation via this method also requires the Support per-file encoding option to be explicitly enabled in Gitk's preferences, which is not the default setting.\n- 'Show origin of this line' Command: The vulnerability can also be triggered if a user employs the Show origin of this line command within gitk's main window while viewing a malicious repository. This method does not depend on the Support per-file encoding option being enabled.\n\nThe primary risk is unauthorized file system modification, which could lead to data integrity issues, data loss, or potentially open avenues for further system compromise.", "issued": "2025-07-08T13:01:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27613 https://bugzilla.redhat.com/show_bug.cgi?id=2379124 https://www.cve.org/CVERecord?id=CVE-2025-27613 https://nvd.nist.gov/vuln/detail/CVE-2025-27613 https://github.com/j6t/gitk/security/advisories/GHSA-f3cw-xrj3-wr2v https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/ https://www.openwall.com/lists/oss-security/2025/07/08/4 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27613.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "MIaYLvbJRWXm7UR3+CJ1PA==": { "id": "MIaYLvbJRWXm7UR3+CJ1PA==", "updater": "rhel-vex", "name": "CVE-2025-66864", "description": "A flaw was found in binutils. Processing a specially crafted PE file with cxxfilt can trigger a NULL pointer dereference in the d_print_comp_inner function in the cp-demangle.c file, causing a crash and resulting in a denial of service.", "issued": "2025-12-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-66864 https://bugzilla.redhat.com/show_bug.cgi?id=2425827 https://www.cve.org/CVERecord?id=CVE-2025-66864 https://nvd.nist.gov/vuln/detail/CVE-2025-66864 https://github.com/caozhzh/CRGF-Vul/blob/main/cxxfilt/crash5.md https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-66864.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "MIr3rO85X7uqJgFm0U3O8Q==": { "id": "MIr3rO85X7uqJgFm0U3O8Q==", "updater": "rhel-vex", "name": "CVE-2026-21637", "description": "A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when `pskCallback` or `ALPNCallback` are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths (tlsClientError and error), causing either immediate process termination or silent file descriptor leaks that eventually lead to denial of service. Because these callbacks process attacker-controlled input during the TLS handshake, a remote client can repeatedly trigger the issue. This vulnerability affects TLS servers using PSK or ALPN callbacks across Node.js versions where these callbacks throw without being safely wrapped.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21637 https://bugzilla.redhat.com/show_bug.cgi?id=2431340 https://www.cve.org/CVERecord?id=CVE-2026-21637 https://nvd.nist.gov/vuln/detail/CVE-2026-21637 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21637.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "MJtIM09Jw6pIepBEcf4LwQ==": { "id": "MJtIM09Jw6pIepBEcf4LwQ==", "updater": "rhel-vex", "name": "CVE-2022-25881", "description": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.", "issued": "2023-01-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25881 https://bugzilla.redhat.com/show_bug.cgi?id=2165824 https://www.cve.org/CVERecord?id=CVE-2022-25881 https://nvd.nist.gov/vuln/detail/CVE-2022-25881 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25881.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "MLyBE3p9/9+LMOMl2JBi6w==": { "id": "MLyBE3p9/9+LMOMl2JBi6w==", "updater": "rhel-vex", "name": "CVE-2022-2343", "description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "issued": "2022-07-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2343.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "MMLwOzBcCET4jaa3dPuTwQ==": { "id": "MMLwOzBcCET4jaa3dPuTwQ==", "updater": "rhel-vex", "name": "CVE-2022-38533", "description": "A vulnerability was found in the strip utility of binutils. An attacker able to convince a victim to process a specially crafted COFF file by the strip utility can lead to a heap-based buffer overflow, causing the utility to crash.", "issued": "2022-08-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-38533 https://bugzilla.redhat.com/show_bug.cgi?id=2124569 https://www.cve.org/CVERecord?id=CVE-2022-38533 https://nvd.nist.gov/vuln/detail/CVE-2022-38533 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-38533.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "MOUExK9O9qzIs9ukHaS2ew==": { "id": "MOUExK9O9qzIs9ukHaS2ew==", "updater": "rhel-vex", "name": "CVE-2023-48795", "description": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.", "issued": "2023-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48795 https://bugzilla.redhat.com/show_bug.cgi?id=2254210 https://www.cve.org/CVERecord?id=CVE-2023-48795 https://nvd.nist.gov/vuln/detail/CVE-2023-48795 https://access.redhat.com/solutions/7071748 https://terrapin-attack.com/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48795.json https://access.redhat.com/errata/RHSA-2024:1130", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-34.el9_3.3", "arch_op": "pattern match" }, "MS7UYZB0gpv9XnBQo9QJdA==": { "id": "MS7UYZB0gpv9XnBQo9QJdA==", "updater": "rhel-vex", "name": "CVE-2026-4647", "description": "A flaw was found in the GNU Binutils BFD library, a widely used component for handling binary files such as object files and executables. The issue occurs when processing specially crafted XCOFF object files, where a relocation type value is not properly validated before being used. This can cause the program to read memory outside of intended bounds. As a result, affected tools may crash or expose unintended memory contents, leading to denial-of-service or limited information disclosure risks.", "issued": "2026-03-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4647 https://bugzilla.redhat.com/show_bug.cgi?id=2450302 https://www.cve.org/CVERecord?id=CVE-2026-4647 https://nvd.nist.gov/vuln/detail/CVE-2026-4647 https://sourceware.org/bugzilla/show_bug.cgi?id=33919 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4647.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "MT27FBW6q+x91HBvTyGVKQ==": { "id": "MT27FBW6q+x91HBvTyGVKQ==", "updater": "rhel-vex", "name": "CVE-2026-4046", "description": "A flaw was found in glibc, the GNU C Library. A remote attacker could exploit this vulnerability by providing specially crafted inputs using the IBM1390 or IBM1399 character sets to the `iconv()` function. This could lead to an assertion failure, causing the application to crash and resulting in a Denial of Service (DoS).", "issued": "2026-03-30T17:16:11Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4046 https://bugzilla.redhat.com/show_bug.cgi?id=2453117 https://www.cve.org/CVERecord?id=CVE-2026-4046 https://nvd.nist.gov/vuln/detail/CVE-2026-4046 https://packages.fedoraproject.org/pkgs/glibc/glibc-gconv-extra/ https://sourceware.org/bugzilla/show_bug.cgi?id=33980 https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0007;hb=HEAD https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4046.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "MVGmB/UrNlB0PqdbI1X5iA==": { "id": "MVGmB/UrNlB0PqdbI1X5iA==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "MYhgpNDg22nk0/HCSwm/gw==": { "id": "MYhgpNDg22nk0/HCSwm/gw==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "McBbvTJIAPyP1aOW8M+hzw==": { "id": "McBbvTJIAPyP1aOW8M+hzw==", "updater": "rhel-vex", "name": "CVE-2023-32006", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32006 https://bugzilla.redhat.com/show_bug.cgi?id=2230955 https://www.cve.org/CVERecord?id=CVE-2023-32006 https://nvd.nist.gov/vuln/detail/CVE-2023-32006 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-impersonate-other-modules-in-using-moduleconstructorcreaterequire-mediumcve-2023-32006 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32006.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.2.1.el9_2", "arch_op": "pattern match" }, "McWWD4LMk3xYwv1KCFcOEQ==": { "id": "McWWD4LMk3xYwv1KCFcOEQ==", "updater": "rhel-vex", "name": "CVE-2025-69421", "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69421 https://bugzilla.redhat.com/show_bug.cgi?id=2430387 https://www.cve.org/CVERecord?id=CVE-2025-69421 https://nvd.nist.gov/vuln/detail/CVE-2025-69421 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69421.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "MdEybCUhVKCoyI/dXRvNlA==": { "id": "MdEybCUhVKCoyI/dXRvNlA==", "updater": "rhel-vex", "name": "CVE-2025-14104", "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14104 https://bugzilla.redhat.com/show_bug.cgi?id=2419369 https://www.cve.org/CVERecord?id=CVE-2025-14104 https://nvd.nist.gov/vuln/detail/CVE-2025-14104 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14104.json https://access.redhat.com/errata/RHSA-2026:1913", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libfdisk", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.37.4-21.el9_7", "arch_op": "pattern match" }, "Mds6YkAImABVZfFVPdan5w==": { "id": "Mds6YkAImABVZfFVPdan5w==", "updater": "osv/go", "name": "GO-2022-0493", "description": "Incorrect privilege reporting in syscall and golang.org/x/sys/unix", "issued": "2022-07-15T23:30:12Z", "links": "https://go.dev/cl/399539 https://go.dev/issue/52313 https://go.dev/cl/400074 https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.2" }, "Mgu68G03r/7Tj/zMomkJZw==": { "id": "Mgu68G03r/7Tj/zMomkJZw==", "updater": "rhel-vex", "name": "CVE-2023-7104", "description": "A vulnerability has been identified in SQLite3. This issue affects the sessionReadRecord function of the ext/session/sqlite3session.c function in the make alltest Handler component. Manipulation may cause a heap-based buffer overflow to occur.", "issued": "2023-12-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7104 https://bugzilla.redhat.com/show_bug.cgi?id=2256194 https://www.cve.org/CVERecord?id=CVE-2023-7104 https://nvd.nist.gov/vuln/detail/CVE-2023-7104 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7104.json https://access.redhat.com/errata/RHSA-2024:0465", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "sqlite-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-7.el9_3", "arch_op": "pattern match" }, "Mhh/p16eoRFTSGC5EJRZEw==": { "id": "Mhh/p16eoRFTSGC5EJRZEw==", "updater": "rhel-vex", "name": "CVE-2023-45288", "description": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45288 https://bugzilla.redhat.com/show_bug.cgi?id=2268273 https://www.cve.org/CVERecord?id=CVE-2023-45288 https://nvd.nist.gov/vuln/detail/CVE-2023-45288 https://nowotarski.info/http2-continuation-flood/ https://pkg.go.dev/vuln/GO-2024-2687 https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45288.json https://access.redhat.com/errata/RHSA-2024:1963", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-4.el9_3", "arch_op": "pattern match" }, "MjFiN4irFT7ilUN8ogYBww==": { "id": "MjFiN4irFT7ilUN8ogYBww==", "updater": "rhel-vex", "name": "CVE-2025-65018", "description": "A buffer overflow flaw has been discovered in libpng. There is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds.", "issued": "2025-11-24T23:50:18Z", "links": "https://access.redhat.com/security/cve/CVE-2025-65018 https://bugzilla.redhat.com/show_bug.cgi?id=2416907 https://www.cve.org/CVERecord?id=CVE-2025-65018 https://nvd.nist.gov/vuln/detail/CVE-2025-65018 https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea https://github.com/pnggroup/libpng/issues/755 https://github.com/pnggroup/libpng/pull/757 https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-65018.json https://access.redhat.com/errata/RHSA-2026:0238", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libpng", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:1.6.37-12.el9_7.1", "arch_op": "pattern match" }, "MmfAubFbaM6MUJCO86BuPA==": { "id": "MmfAubFbaM6MUJCO86BuPA==", "updater": "rhel-vex", "name": "CVE-2025-69421", "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69421 https://bugzilla.redhat.com/show_bug.cgi?id=2430387 https://www.cve.org/CVERecord?id=CVE-2025-69421 https://nvd.nist.gov/vuln/detail/CVE-2025-69421 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69421.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "Mo4ARlLui4P8nHgMUyYhSw==": { "id": "Mo4ARlLui4P8nHgMUyYhSw==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "MqCQLlgAJiW3Q42ssHKybw==": { "id": "MqCQLlgAJiW3Q42ssHKybw==", "updater": "rhel-vex", "name": "CVE-2025-8291", "description": "A zip file handling flaw has been discovered in the python standard library `zipfile` module. The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory (EOCD) Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create ZIP archives that are handled differently by the 'zipfile' module compared to other ZIP implementations.", "issued": "2025-10-07T18:10:05Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8291 https://bugzilla.redhat.com/show_bug.cgi?id=2402342 https://www.cve.org/CVERecord?id=CVE-2025-8291 https://nvd.nist.gov/vuln/detail/CVE-2025-8291 https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267 https://github.com/python/cpython/commit/333d4a6f4967d3ace91492a39ededbcf3faa76a6 https://github.com/python/cpython/issues/139700 https://github.com/python/cpython/pull/139702 https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8291.json https://access.redhat.com/errata/RHSA-2025:23342", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.25-2.el9_7", "arch_op": "pattern match" }, "MrRavbeiISRcJtBRJ3ZRsA==": { "id": "MrRavbeiISRcJtBRJ3ZRsA==", "updater": "rhel-vex", "name": "CVE-2021-35065", "description": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "issued": "2022-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35065 https://bugzilla.redhat.com/show_bug.cgi?id=2156324 https://www.cve.org/CVERecord?id=CVE-2021-35065 https://nvd.nist.gov/vuln/detail/CVE-2021-35065 https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35065.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "MrpKafmPiKoIdSrqC/r3Sg==": { "id": "MrpKafmPiKoIdSrqC/r3Sg==", "updater": "rhel-vex", "name": "CVE-2024-0397", "description": "A vulnerability was found in Python. A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time that certificates are loaded into the SSLContext, such as during the TLS handshake with a configured certificate directory.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0397 https://bugzilla.redhat.com/show_bug.cgi?id=2301891 https://www.cve.org/CVERecord?id=CVE-2024-0397 https://nvd.nist.gov/vuln/detail/CVE-2024-0397 https://mail.python.org/archives/list/security-announce@python.org/thread/BMAK5BCGKYWNJOACVUSLUF6SFGBIM4VP/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0397.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "Mrux1XY1LZVvkWuUp2MCHQ==": { "id": "Mrux1XY1LZVvkWuUp2MCHQ==", "updater": "rhel-vex", "name": "CVE-2024-12087", "description": "A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client.", "issued": "2025-01-14T15:06:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12087 https://bugzilla.redhat.com/show_bug.cgi?id=2330672 https://www.cve.org/CVERecord?id=CVE-2024-12087 https://nvd.nist.gov/vuln/detail/CVE-2024-12087 https://kb.cert.org/vuls/id/952657 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12087.json https://access.redhat.com/errata/RHSA-2025:7050", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "rsync", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.2.5-3.el9", "arch_op": "pattern match" }, "MtExg9vrmkuo/+/XELnvpA==": { "id": "MtExg9vrmkuo/+/XELnvpA==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "MtOwgWyogkVoNGuQavHN8g==": { "id": "MtOwgWyogkVoNGuQavHN8g==", "updater": "rhel-vex", "name": "CVE-2026-22801", "description": "A flaw was found in libpng, a reference library for PNG (Portable Network Graphics) raster image files. An integer truncation vulnerability exists in the png_write_image_16bit and png_write_image_8bit simplified write API functions. A local attacker could exploit this flaw by providing a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes, leading to a heap buffer over-read. This can result in information disclosure or a denial of service (DoS) to the system.", "issued": "2026-01-12T22:57:58Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22801 https://bugzilla.redhat.com/show_bug.cgi?id=2428824 https://www.cve.org/CVERecord?id=CVE-2026-22801 https://nvd.nist.gov/vuln/detail/CVE-2026-22801 https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22801.json https://access.redhat.com/errata/RHSA-2026:3405", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libpng-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:1.6.37-12.el9_7.2", "arch_op": "pattern match" }, "Mukn5ixgUb/zb+mcMFd16Q==": { "id": "Mukn5ixgUb/zb+mcMFd16Q==", "updater": "rhel-vex", "name": "CVE-2023-3899", "description": "A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.", "issued": "2023-08-22T14:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3899 https://bugzilla.redhat.com/show_bug.cgi?id=2225407 https://www.cve.org/CVERecord?id=CVE-2023-3899 https://nvd.nist.gov/vuln/detail/CVE-2023-3899 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3899.json https://access.redhat.com/errata/RHSA-2023:4708", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libdnf-plugin-subscription-manager", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.29.33.1-2.el9_2", "arch_op": "pattern match" }, "Mv4iyriHqxAR4oNVnJlPbw==": { "id": "Mv4iyriHqxAR4oNVnJlPbw==", "updater": "rhel-vex", "name": "CVE-2026-1526", "description": "A flaw was found in undici. A remote attacker can exploit this vulnerability by sending a specially crafted compressed frame, known as a \"decompression bomb,\" during permessage-deflate decompression. The undici WebSocket client does not properly limit the size of decompressed data, leading to unbounded memory consumption. This can cause the Node.js process to exhaust available memory, resulting in a denial of service (DoS) where the process crashes or becomes unresponsive.", "issued": "2026-03-12T20:08:05Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1526 https://bugzilla.redhat.com/show_bug.cgi?id=2447142 https://www.cve.org/CVERecord?id=CVE-2026-1526 https://nvd.nist.gov/vuln/detail/CVE-2026-1526 https://cna.openjsf.org/security-advisories.html https://datatracker.ietf.org/doc/html/rfc7692 https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q https://hackerone.com/reports/3481206 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1526.json https://access.redhat.com/errata/RHSA-2026:7302", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.22.2-1.module+el9.7.0+24157+8ddb2461", "arch_op": "pattern match" }, "Mv7iQu0SgLhcoLH3nS/HZw==": { "id": "Mv7iQu0SgLhcoLH3nS/HZw==", "updater": "rhel-vex", "name": "CVE-2022-39253", "description": "Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source's `$GIT_DIR/objects` directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via `--no-hardlinks`). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim's machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the `--recurse-submodules` option. Git does not create symbolic links in the `$GIT_DIR/objects` directory. The problem has been patched in the versions published on 2022-10-18, and backported to v2.30.x. Potential workarounds: Avoid cloning untrusted repositories using the `--local` optimization when on a shared machine, either by passing the `--no-local` option to `git clone` or cloning from a URL that uses the `file://` scheme. Alternatively, avoid cloning repositories from untrusted sources with `--recurse-submodules` or run `git config --global protocol.file.allow user`.", "issued": "2022-10-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-39253 https://bugzilla.redhat.com/show_bug.cgi?id=2137422 https://www.cve.org/CVERecord?id=CVE-2022-39253 https://nvd.nist.gov/vuln/detail/CVE-2022-39253 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-39253.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "MvPzfqdptyOBxzxR1iCL3g==": { "id": "MvPzfqdptyOBxzxR1iCL3g==", "updater": "rhel-vex", "name": "CVE-2024-7592", "description": "A flaw was found in the `http.cookies` module in the Python package. When parsing cookies that contain backslashes, under certain circumstances, the module uses an algorithm with quadratic complexity, leading to excessive CPU consumption.", "issued": "2024-08-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "MwRbFLckfwf7ZXLrr6KBUQ==": { "id": "MwRbFLckfwf7ZXLrr6KBUQ==", "updater": "rhel-vex", "name": "CVE-2024-26458", "description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "issued": "2024-02-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-26458.json https://access.redhat.com/errata/RHSA-2024:9331", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-3.el9", "arch_op": "pattern match" }, "Mx7K+5VJ9q5MSCq5wzzrvA==": { "id": "Mx7K+5VJ9q5MSCq5wzzrvA==", "updater": "rhel-vex", "name": "CVE-2023-30581", "description": "A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require() can bypass the policy mechanism and require modules outside of the policy.json definition.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30581 https://bugzilla.redhat.com/show_bug.cgi?id=2219824 https://www.cve.org/CVERecord?id=CVE-2023-30581 https://nvd.nist.gov/vuln/detail/CVE-2023-30581 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30581.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "N0YFziBj+5bn5JQnjfumWQ==": { "id": "N0YFziBj+5bn5JQnjfumWQ==", "updater": "rhel-vex", "name": "CVE-2026-2229", "description": "A flaw was found in the undici WebSocket client. A remote malicious server can exploit this vulnerability by sending a WebSocket frame with an invalid `server_max_window_bits` parameter within the permessage-deflate extension. This improper validation causes the client's Node.js process to terminate, leading to a denial-of-service (DoS) condition for the client.", "issued": "2026-03-12T20:27:05Z", "links": "https://access.redhat.com/security/cve/CVE-2026-2229 https://bugzilla.redhat.com/show_bug.cgi?id=2447143 https://www.cve.org/CVERecord?id=CVE-2026-2229 https://nvd.nist.gov/vuln/detail/CVE-2026-2229 https://cna.openjsf.org/security-advisories.html https://datatracker.ietf.org/doc/html/rfc7692 https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8 https://hackerone.com/reports/3487486 https://nodejs.org/api/zlib.html#class-zlibinflateraw https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2229.json https://access.redhat.com/errata/RHSA-2026:7302", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.22.2-1.module+el9.7.0+24157+8ddb2461", "arch_op": "pattern match" }, "N4tVXpSdUCCcisq1+6WN4w==": { "id": "N4tVXpSdUCCcisq1+6WN4w==", "updater": "rhel-vex", "name": "CVE-2024-8176", "description": "A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.", "issued": "2025-03-13T13:51:54Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8176 https://bugzilla.redhat.com/show_bug.cgi?id=2310137 https://www.cve.org/CVERecord?id=CVE-2024-8176 https://nvd.nist.gov/vuln/detail/CVE-2024-8176 https://github.com/libexpat/libexpat/issues/893 https://github.com/libexpat/libexpat/pull/973 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8176.json https://access.redhat.com/errata/RHSA-2025:3531", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-3.el9_5.3", "arch_op": "pattern match" }, "N6/VXIOitxRZPgnZMgm+4A==": { "id": "N6/VXIOitxRZPgnZMgm+4A==", "updater": "rhel-vex", "name": "CVE-2024-9287", "description": "A vulnerability has been found in the Python `venv` module and CLI. Path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts, for example, \"source venv/bin/activate\". This flaw allows attacker-controlled virtual environments to run commands when the virtual environment is activated.", "issued": "2024-10-22T16:34:39Z", "links": "https://access.redhat.com/security/cve/CVE-2024-9287 https://bugzilla.redhat.com/show_bug.cgi?id=2321440 https://www.cve.org/CVERecord?id=CVE-2024-9287 https://nvd.nist.gov/vuln/detail/CVE-2024-9287 https://github.com/python/cpython/issues/124651 https://github.com/python/cpython/pull/124712 https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9287.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "N6xCmSIsupN7OsJaYpsl6Q==": { "id": "N6xCmSIsupN7OsJaYpsl6Q==", "updater": "rhel-vex", "name": "CVE-2023-40745", "description": "LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.", "issued": "2023-07-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-40745 https://bugzilla.redhat.com/show_bug.cgi?id=2235265 https://www.cve.org/CVERecord?id=CVE-2023-40745 https://nvd.nist.gov/vuln/detail/CVE-2023-40745 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-40745.json https://access.redhat.com/errata/RHSA-2024:2289", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9", "arch_op": "pattern match" }, "N6yyVyHeduwThpSSvA2dVQ==": { "id": "N6yyVyHeduwThpSSvA2dVQ==", "updater": "rhel-vex", "name": "CVE-2024-24785", "description": "A flaw was found in Go's html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into templates.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24785 https://bugzilla.redhat.com/show_bug.cgi?id=2268022 https://www.cve.org/CVERecord?id=CVE-2024-24785 https://nvd.nist.gov/vuln/detail/CVE-2024-24785 https://go.dev/cl/564196 https://go.dev/issue/65697 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://vuln.go.dev/ID/GO-2024-2610.json https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24785.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "N7PASlSPc3vUrDZEkY1NrA==": { "id": "N7PASlSPc3vUrDZEkY1NrA==", "updater": "rhel-vex", "name": "CVE-2025-61985", "description": "A flaw was found in OpenSSH where the SSH client accepted \\0 (null) characters in ssh:// URIs. When a ProxyCommand is configured, these characters could alter how the command is parsed, potentially leading to code execution depending on how the proxy is set up.", "issued": "2025-10-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61985 https://bugzilla.redhat.com/show_bug.cgi?id=2401962 https://www.cve.org/CVERecord?id=CVE-2025-61985 https://nvd.nist.gov/vuln/detail/CVE-2025-61985 https://marc.info/?l=openssh-unix-dev\u0026m=175974522032149\u0026w=2 https://www.openssh.com/releasenotes.html#10.1p1 https://www.openwall.com/lists/oss-security/2025/10/06/1 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61985.json https://access.redhat.com/errata/RHSA-2025:23480", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-47.el9_7", "arch_op": "pattern match" }, "N7aJA9Ztt3v7MF1iEQ71dg==": { "id": "N7aJA9Ztt3v7MF1iEQ71dg==", "updater": "rhel-vex", "name": "CVE-2026-33810", "description": "A flaw was found in the `crypto/x509` package within Go (golang). When verifying a certificate chain, excluded DNS (Domain Name System) constraints are not correctly applied to wildcard DNS Subject Alternative Names (SANs) if the case of the SAN differs from the constraint. This oversight could allow an attacker to bypass certificate validation, potentially leading to the acceptance of a malicious certificate that should have been rejected. This issue specifically impacts the validation of trusted certificate chains.", "issued": "2026-04-08T01:06:56Z", "links": "https://access.redhat.com/security/cve/CVE-2026-33810 https://bugzilla.redhat.com/show_bug.cgi?id=2456335 https://www.cve.org/CVERecord?id=CVE-2026-33810 https://nvd.nist.gov/vuln/detail/CVE-2026-33810 https://go.dev/cl/763763 https://go.dev/issue/78332 https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU https://pkg.go.dev/vuln/GO-2026-4866 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33810.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "N7otM4CJgwQwy0Mz0UA3Vw==": { "id": "N7otM4CJgwQwy0Mz0UA3Vw==", "updater": "rhel-vex", "name": "CVE-2025-9086", "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", "issued": "2025-09-12T05:10:03Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9086 https://bugzilla.redhat.com/show_bug.cgi?id=2394750 https://www.cve.org/CVERecord?id=CVE-2025-9086 https://nvd.nist.gov/vuln/detail/CVE-2025-9086 https://curl.se/docs/CVE-2025-9086.html https://curl.se/docs/CVE-2025-9086.json https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6 https://hackerone.com/reports/3294999 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9086.json https://access.redhat.com/errata/RHSA-2026:1350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-35.el9_7.3", "arch_op": "pattern match" }, "N8aXqWnqmq7yO6fhu3+9cg==": { "id": "N8aXqWnqmq7yO6fhu3+9cg==", "updater": "rhel-vex", "name": "CVE-2025-69419", "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69419 https://bugzilla.redhat.com/show_bug.cgi?id=2430386 https://www.cve.org/CVERecord?id=CVE-2025-69419 https://nvd.nist.gov/vuln/detail/CVE-2025-69419 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69419.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "NAN7p79skZ+eBA0xQMnnqw==": { "id": "NAN7p79skZ+eBA0xQMnnqw==", "updater": "rhel-vex", "name": "CVE-2023-0804", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted24bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0804 https://bugzilla.redhat.com/show_bug.cgi?id=2170192 https://www.cve.org/CVERecord?id=CVE-2023-0804 https://nvd.nist.gov/vuln/detail/CVE-2023-0804 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0804.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "NCiKXZEXo4Jw5tEf8LgPhA==": { "id": "NCiKXZEXo4Jw5tEf8LgPhA==", "updater": "rhel-vex", "name": "CVE-2025-66865", "description": "A flaw was found in binutils. Processing a specially crafted PE file with cxxfilt can trigger a stack overflow in the d_print_comp_inner function in the cp-demangle.c file, causing a crash and resulting in a denial of service.", "issued": "2025-12-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-66865 https://bugzilla.redhat.com/show_bug.cgi?id=2425822 https://www.cve.org/CVERecord?id=CVE-2025-66865 https://nvd.nist.gov/vuln/detail/CVE-2025-66865 https://github.com/caozhzh/CRGF-Vul/blob/main/cxxfilt/crash4.md https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-66865.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ND8tA1FahvMc/ZIGpyoj3g==": { "id": "ND8tA1FahvMc/ZIGpyoj3g==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "NDTeUbmjAj/XEHx68pTD9A==": { "id": "NDTeUbmjAj/XEHx68pTD9A==", "updater": "rhel-vex", "name": "CVE-2023-0795", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractContigSamplesShifted16bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0795 https://bugzilla.redhat.com/show_bug.cgi?id=2170119 https://www.cve.org/CVERecord?id=CVE-2023-0795 https://nvd.nist.gov/vuln/detail/CVE-2023-0795 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0795.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "NDhUfh7yf3tRc0CV3znIIg==": { "id": "NDhUfh7yf3tRc0CV3znIIg==", "updater": "rhel-vex", "name": "CVE-2026-4519", "description": "A flaw was found in Python. The `webbrowser.open()` API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options, which could lead to unexpected behavior, information disclosure, or potentially arbitrary code execution, impacting the integrity of the system.", "issued": "2026-03-20T15:08:32Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4519 https://bugzilla.redhat.com/show_bug.cgi?id=2449649 https://www.cve.org/CVERecord?id=CVE-2026-4519 https://nvd.nist.gov/vuln/detail/CVE-2026-4519 https://github.com/python/cpython/issues/143930 https://github.com/python/cpython/pull/143931 https://mail.python.org/archives/list/security-announce@python.org/thread/AY5NDSS433JK56Q7Q5IS7B37QFZVVOUS/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4519.json https://access.redhat.com/errata/RHSA-2026:6766", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.25-3.el9_7.2", "arch_op": "pattern match" }, "NFJR7P8KL9HNF/dsA5opTw==": { "id": "NFJR7P8KL9HNF/dsA5opTw==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "NGHtfO55iqBhbAmqujAqHA==": { "id": "NGHtfO55iqBhbAmqujAqHA==", "updater": "rhel-vex", "name": "CVE-2023-23918", "description": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23918 https://bugzilla.redhat.com/show_bug.cgi?id=2171935 https://www.cve.org/CVERecord?id=CVE-2023-23918 https://nvd.nist.gov/vuln/detail/CVE-2023-23918 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23918.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "NHJdq5G883S5W8foR85U2A==": { "id": "NHJdq5G883S5W8foR85U2A==", "updater": "rhel-vex", "name": "CVE-2025-61726", "description": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.", "issued": "2026-01-28T19:30:31Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61726 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://www.cve.org/CVERecord?id=CVE-2025-61726 https://nvd.nist.gov/vuln/detail/CVE-2025-61726 https://go.dev/cl/736712 https://go.dev/issue/77101 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://pkg.go.dev/vuln/GO-2026-4341 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61726.json https://access.redhat.com/errata/RHSA-2026:3668", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "go-srpm-macros", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.6.0-13.el9_7", "arch_op": "pattern match" }, "NJQIxCJu/MH10b3rWNiBVw==": { "id": "NJQIxCJu/MH10b3rWNiBVw==", "updater": "rhel-vex", "name": "CVE-2025-27614", "description": "There's a vulnerability in gitk where an user can be tricked to run malicious scripts supplied by the attacker when running gitk filename command. When successfully exploited this vulnerability may result in arbitrary code execution.", "issued": "2025-07-08T13:01:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27614 https://bugzilla.redhat.com/show_bug.cgi?id=2379125 https://www.cve.org/CVERecord?id=CVE-2025-27614 https://nvd.nist.gov/vuln/detail/CVE-2025-27614 https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/ https://www.openwall.com/lists/oss-security/2025/07/08/4 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27614.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "NJhwMDbt0IMvlSLLB4cUVA==": { "id": "NJhwMDbt0IMvlSLLB4cUVA==", "updater": "rhel-vex", "name": "CVE-2023-27535", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, several FTP settings were left out from the configuration match checks, making them match too easily. The problematic settings are `CURLOPT_FTP_ACCOUNT`, `CURLOPT_FTP_ALTERNATIVE_TO_USER`, `CURLOPT_FTP_SSL_CCC` and `CURLOPT_USE_SSL` level.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27535 https://bugzilla.redhat.com/show_bug.cgi?id=2179073 https://www.cve.org/CVERecord?id=CVE-2023-27535 https://nvd.nist.gov/vuln/detail/CVE-2023-27535 https://curl.se/docs/CVE-2023-27535.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27535.json https://access.redhat.com/errata/RHSA-2023:2650", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.1", "arch_op": "pattern match" }, "NMbdymzW3TQXZ7vpBZQsTA==": { "id": "NMbdymzW3TQXZ7vpBZQsTA==", "updater": "rhel-vex", "name": "CVE-2025-59466", "description": "A stack overflow flaw has been discovered in Node.js error handling where \"Maximum call stack size exceeded\" errors become uncatchable when `async_hooks.createHook()` is enabled. Instead of reaching `process.on('uncaughtException')`, the process terminates, making the crash unrecoverable. Applications that rely on `AsyncLocalStorage` (v22, v20) or `async_hooks.createHook()` (v24, v22, v20) become vulnerable to denial-of-service crashes triggered by deep recursion under specific conditions.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-59466 https://bugzilla.redhat.com/show_bug.cgi?id=2431343 https://www.cve.org/CVERecord?id=CVE-2025-59466 https://nvd.nist.gov/vuln/detail/CVE-2025-59466 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-59466.json https://access.redhat.com/errata/RHSA-2026:2781", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.13.0-1.module+el9.7.0+23894+c8377628", "arch_op": "pattern match" }, "NNyvMdW5UTPp1jGH161XDQ==": { "id": "NNyvMdW5UTPp1jGH161XDQ==", "updater": "rhel-vex", "name": "CVE-2022-43552", "description": "A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols, curl can use a heap-allocated struct after it has been freed and shut down the code path in its transfer.", "issued": "2022-12-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-43552 https://bugzilla.redhat.com/show_bug.cgi?id=2152652 https://www.cve.org/CVERecord?id=CVE-2022-43552 https://nvd.nist.gov/vuln/detail/CVE-2022-43552 https://curl.se/docs/CVE-2022-43552.html https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-43552.json https://access.redhat.com/errata/RHSA-2023:2478", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9", "arch_op": "pattern match" }, "NObEgWpn6tAdrn33X3GoKw==": { "id": "NObEgWpn6tAdrn33X3GoKw==", "updater": "rhel-vex", "name": "CVE-2022-32148", "description": "A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-32148 https://bugzilla.redhat.com/show_bug.cgi?id=2107383 https://www.cve.org/CVERecord?id=CVE-2022-32148 https://nvd.nist.gov/vuln/detail/CVE-2022-32148 https://go.dev/issue/53423 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-32148.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "NPJh6PwkJYtfpkFMxFCfIA==": { "id": "NPJh6PwkJYtfpkFMxFCfIA==", "updater": "rhel-vex", "name": "CVE-2023-31124", "description": "A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31124 https://bugzilla.redhat.com/show_bug.cgi?id=2209494 https://www.cve.org/CVERecord?id=CVE-2023-31124 https://nvd.nist.gov/vuln/detail/CVE-2023-31124 https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31124.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "NQ+dtAZLrUPoMA29mi1Odg==": { "id": "NQ+dtAZLrUPoMA29mi1Odg==", "updater": "rhel-vex", "name": "CVE-2024-6119", "description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "issued": "2024-09-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-28.el9_4", "arch_op": "pattern match" }, "NUj8ykIgUTA27ShVMCBysA==": { "id": "NUj8ykIgUTA27ShVMCBysA==", "updater": "rhel-vex", "name": "CVE-2024-37370", "description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-37370 https://bugzilla.redhat.com/show_bug.cgi?id=2294677 https://www.cve.org/CVERecord?id=CVE-2024-37370 https://nvd.nist.gov/vuln/detail/CVE-2024-37370 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37370.json https://access.redhat.com/errata/RHSA-2024:6166", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-2.el9_4", "arch_op": "pattern match" }, "NVw9L7wf5CkACfCMTn/ArA==": { "id": "NVw9L7wf5CkACfCMTn/ArA==", "updater": "rhel-vex", "name": "CVE-2023-34969", "description": "An assertion failure vulnerability was found in D-Bus. This issue occurs when a privileged monitoring connection (dbus-monitor, busctl monitor, gdbus monitor, or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to \u003cdeny\u003e rules or outgoing message quota. If a privileged user with control over the dbus-daemon is monitoring the message bus traffic using the Monitoring clients like the dbus-monitor or busctl monitor interfaces, then an unprivileged local user with the ability to connect to the same dbus-daemon could send specially crafted request, causing a dbus-daemon to crash, resulting in a denial of service under some circumstances.", "issued": "2023-06-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-34969 https://bugzilla.redhat.com/show_bug.cgi?id=2213166 https://www.cve.org/CVERecord?id=CVE-2023-34969 https://nvd.nist.gov/vuln/detail/CVE-2023-34969 https://gitlab.freedesktop.org/dbus/dbus/-/issues/457 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-34969.json https://access.redhat.com/errata/RHSA-2023:4569", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "dbus-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:1.12.20-7.el9_2.1", "arch_op": "pattern match" }, "NW78+g0sKpejEre7I2lCOA==": { "id": "NW78+g0sKpejEre7I2lCOA==", "updater": "rhel-vex", "name": "CVE-2023-3817", "description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "NWqPMtB06drZmdGhOgqvEA==": { "id": "NWqPMtB06drZmdGhOgqvEA==", "updater": "rhel-vex", "name": "CVE-2025-22870", "description": "A flaw was found in proxy host matching. This vulnerability allows improper bypassing of proxy settings via manipulating an IPv6 zone ID, causing unintended matches against the NO_PROXY environment variable.", "issued": "2025-03-12T18:27:59Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22870 https://bugzilla.redhat.com/show_bug.cgi?id=2351766 https://www.cve.org/CVERecord?id=CVE-2025-22870 https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://go.dev/cl/654697 https://go.dev/issue/71984 https://pkg.go.dev/vuln/GO-2025-3503 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22870.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "NWzlm1dQzX7pu+Y8xKgSEw==": { "id": "NWzlm1dQzX7pu+Y8xKgSEw==", "updater": "rhel-vex", "name": "CVE-2025-66864", "description": "A flaw was found in binutils. Processing a specially crafted PE file with cxxfilt can trigger a NULL pointer dereference in the d_print_comp_inner function in the cp-demangle.c file, causing a crash and resulting in a denial of service.", "issued": "2025-12-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-66864 https://bugzilla.redhat.com/show_bug.cgi?id=2425827 https://www.cve.org/CVERecord?id=CVE-2025-66864 https://nvd.nist.gov/vuln/detail/CVE-2025-66864 https://github.com/caozhzh/CRGF-Vul/blob/main/cxxfilt/crash5.md https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-66864.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "NXkuwjwxMseOUUaLQCgnuQ==": { "id": "NXkuwjwxMseOUUaLQCgnuQ==", "updater": "rhel-vex", "name": "CVE-2024-21892", "description": "A flaw was found in Node.js. On Linux, Node.js ignores certain environment variables if an unprivileged user has set them while the process is running with elevated privileges, except for CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when other capabilities have been set. This flaw allows unprivileged users to inject code that inherits the process's elevated privileges.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21892 https://bugzilla.redhat.com/show_bug.cgi?id=2264582 https://www.cve.org/CVERecord?id=CVE-2024-21892 https://nvd.nist.gov/vuln/detail/CVE-2024-21892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21892.json https://access.redhat.com/errata/RHSA-2024:1503", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9", "arch_op": "pattern match" }, "NdlKBrj70+HY4gSgv+wTmA==": { "id": "NdlKBrj70+HY4gSgv+wTmA==", "updater": "rhel-vex", "name": "CVE-2024-2398", "description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "issued": "2024-03-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-29.el9_4.1", "arch_op": "pattern match" }, "NdytkbUiOF+2t+S7vqzKaA==": { "id": "NdytkbUiOF+2t+S7vqzKaA==", "updater": "rhel-vex", "name": "CVE-2026-2229", "description": "A flaw was found in the undici WebSocket client. A remote malicious server can exploit this vulnerability by sending a WebSocket frame with an invalid `server_max_window_bits` parameter within the permessage-deflate extension. This improper validation causes the client's Node.js process to terminate, leading to a denial-of-service (DoS) condition for the client.", "issued": "2026-03-12T20:27:05Z", "links": "https://access.redhat.com/security/cve/CVE-2026-2229 https://bugzilla.redhat.com/show_bug.cgi?id=2447143 https://www.cve.org/CVERecord?id=CVE-2026-2229 https://nvd.nist.gov/vuln/detail/CVE-2026-2229 https://cna.openjsf.org/security-advisories.html https://datatracker.ietf.org/doc/html/rfc7692 https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8 https://hackerone.com/reports/3487486 https://nodejs.org/api/zlib.html#class-zlibinflateraw https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2229.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "NeZAaBfGrzLvaMKrJL7WlA==": { "id": "NeZAaBfGrzLvaMKrJL7WlA==", "updater": "rhel-vex", "name": "CVE-2024-45306", "description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "issued": "2024-09-02T18:15:36Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "NeoXfJYSR9hqSpA4BJOyWQ==": { "id": "NeoXfJYSR9hqSpA4BJOyWQ==", "updater": "rhel-vex", "name": "CVE-2023-24540", "description": "A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set \"\\t\\n\\f\\r\\u0020\\u2028\\u2029\" in JavaScript contexts that also contain actions may not be properly sanitized during execution.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24540 https://bugzilla.redhat.com/show_bug.cgi?id=2196027 https://www.cve.org/CVERecord?id=CVE-2023-24540 https://nvd.nist.gov/vuln/detail/CVE-2023-24540 https://go.dev/issue/59721 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24540.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "NfM08djkMgc3ukqHI37OMg==": { "id": "NfM08djkMgc3ukqHI37OMg==", "updater": "rhel-vex", "name": "CVE-2023-24536", "description": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an issue during multipart form parsing. By sending a specially crafted input, a remote attacker can consume large amounts of CPU and memory, resulting in a denial of service.", "issued": "2023-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24536 https://bugzilla.redhat.com/show_bug.cgi?id=2184482 https://www.cve.org/CVERecord?id=CVE-2023-24536 https://nvd.nist.gov/vuln/detail/CVE-2023-24536 https://go.dev/issue/59153 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24536.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "NfOajNNzWnotxhFpYD5Nfg==": { "id": "NfOajNNzWnotxhFpYD5Nfg==", "updater": "rhel-vex", "name": "CVE-2023-45143", "description": "A flaw was found in the Undici node package due to the occurrence of Cross-origin requests, possibly leading to a cookie header leakage. By default, cookie headers are forbidden request headers, and they must be enabled. This flaw allows a malicious user to access this leaked cookie if they have control of the redirection.", "issued": "2023-10-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45143 https://bugzilla.redhat.com/show_bug.cgi?id=2244104 https://www.cve.org/CVERecord?id=CVE-2023-45143 https://nvd.nist.gov/vuln/detail/CVE-2023-45143 https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45143.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "NkAsviHzXhNrys9cILlYeQ==": { "id": "NkAsviHzXhNrys9cILlYeQ==", "updater": "osv/go", "name": "GO-2023-2185", "description": "Insecure parsing of Windows paths with a \\??\\ prefix in path/filepath", "issued": "2023-11-08T22:42:14Z", "links": "https://go.dev/issue/63713 https://go.dev/cl/540277 https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY https://go.dev/issue/64028 https://go.dev/cl/541175 https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.20.11" }, "Nl5OfrnQ/SPbLIWCvdxEHw==": { "id": "Nl5OfrnQ/SPbLIWCvdxEHw==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "NoEVAwQMgkCr1UvAm6iQBQ==": { "id": "NoEVAwQMgkCr1UvAm6iQBQ==", "updater": "rhel-vex", "name": "CVE-2024-25062", "description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "issued": "2024-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_4", "arch_op": "pattern match" }, "NpKL2jmktUTvYJUFA1mjww==": { "id": "NpKL2jmktUTvYJUFA1mjww==", "updater": "rhel-vex", "name": "CVE-2023-39321", "description": "A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39321 https://bugzilla.redhat.com/show_bug.cgi?id=2237777 https://www.cve.org/CVERecord?id=CVE-2023-39321 https://nvd.nist.gov/vuln/detail/CVE-2023-39321 https://go.dev/cl/523039 https://go.dev/issue/62266 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2044.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39321.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "Npa1TFSpFpskBtk163Khxw==": { "id": "Npa1TFSpFpskBtk163Khxw==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:11992", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-8.el9_6", "arch_op": "pattern match" }, "NplyvjxiuekBB/5QKoOJbw==": { "id": "NplyvjxiuekBB/5QKoOJbw==", "updater": "rhel-vex", "name": "CVE-2023-23920", "description": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23920 https://bugzilla.redhat.com/show_bug.cgi?id=2172217 https://www.cve.org/CVERecord?id=CVE-2023-23920 https://nvd.nist.gov/vuln/detail/CVE-2023-23920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23920.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "NrNei+pIM0R36v4Js8XxAg==": { "id": "NrNei+pIM0R36v4Js8XxAg==", "updater": "rhel-vex", "name": "CVE-2026-35387", "description": "A flaw was found in OpenSSH. This vulnerability allows the system to use unintended Elliptic Curve Digital Signature Algorithm (ECDSA) algorithms. This occurs because the configuration for accepted public key algorithms is misinterpreted, leading to the use of weaker cryptographic methods than intended. This could potentially allow an attacker to compromise the confidentiality of data.", "issued": "2026-04-02T16:52:53Z", "links": "https://access.redhat.com/security/cve/CVE-2026-35387 https://bugzilla.redhat.com/show_bug.cgi?id=2454494 https://www.cve.org/CVERecord?id=CVE-2026-35387 https://nvd.nist.gov/vuln/detail/CVE-2026-35387 https://marc.info/?l=openssh-unix-dev\u0026m=177513443901484\u0026w=2 https://www.openssh.org/releasenotes.html#10.3p1 https://www.openwall.com/lists/oss-security/2026/04/02/3 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-35387.json https://access.redhat.com/errata/RHSA-2026:13381", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-49.el9_7", "arch_op": "pattern match" }, "NrTzMmbWyM5UeSvnQVNLOg==": { "id": "NrTzMmbWyM5UeSvnQVNLOg==", "updater": "rhel-vex", "name": "CVE-2026-0988", "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "issued": "2026-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0988 https://bugzilla.redhat.com/show_bug.cgi?id=2429886 https://www.cve.org/CVERecord?id=CVE-2026-0988 https://nvd.nist.gov/vuln/detail/CVE-2026-0988 https://gitlab.gnome.org/GNOME/glib/-/issues/3851 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0988.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Nsd5wG+dBhUvVktxuz/adg==": { "id": "Nsd5wG+dBhUvVktxuz/adg==", "updater": "rhel-vex", "name": "CVE-2023-31130", "description": "A vulnerability was found in c-ares. This issue occurs in the ares_inet_net_pton() function, which is vulnerable to a buffer underflow for certain ipv6 addresses. \"0::00:00:00/2\" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which would require an administrator to configure such an address via ares_set_sortlist().", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31130 https://bugzilla.redhat.com/show_bug.cgi?id=2209497 https://www.cve.org/CVERecord?id=CVE-2023-31130 https://nvd.nist.gov/vuln/detail/CVE-2023-31130 https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31130.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "NtbylJEfQzKWA6OUFA9HFg==": { "id": "NtbylJEfQzKWA6OUFA9HFg==", "updater": "rhel-vex", "name": "CVE-2026-21710", "description": "A flaw was found in Node.js. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request that includes a header named `__proto__`. When a Node.js application processes this request and attempts to access distinct headers, it encounters an unhandled error, leading to an application crash. This can result in a Denial of Service (DoS), making the affected service unavailable to users.", "issued": "2026-03-30T19:07:28Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21710 https://bugzilla.redhat.com/show_bug.cgi?id=2453151 https://www.cve.org/CVERecord?id=CVE-2026-21710 https://nvd.nist.gov/vuln/detail/CVE-2026-21710 https://nodejs.org/en/blog/vulnerability/march-2026-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21710.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "NuCOPhrrauNCWs3jqnDA1A==": { "id": "NuCOPhrrauNCWs3jqnDA1A==", "updater": "rhel-vex", "name": "CVE-2025-69418", "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69418 https://bugzilla.redhat.com/show_bug.cgi?id=2430381 https://www.cve.org/CVERecord?id=CVE-2025-69418 https://nvd.nist.gov/vuln/detail/CVE-2025-69418 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69418.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "NuT3W1dL/YKETJsMHw1WfA==": { "id": "NuT3W1dL/YKETJsMHw1WfA==", "updater": "rhel-vex", "name": "CVE-2026-27135", "description": "A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service (DoS).", "issued": "2026-03-18T17:59:02Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27135 https://bugzilla.redhat.com/show_bug.cgi?id=2448754 https://www.cve.org/CVERecord?id=CVE-2026-27135 https://nvd.nist.gov/vuln/detail/CVE-2026-27135 https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27135.json https://access.redhat.com/errata/RHSA-2026:7896", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.20.2-1.module+el9.7.0+24193+41b7b572", "arch_op": "pattern match" }, "O+EMSAzsAMtyqCd2+UnsmQ==": { "id": "O+EMSAzsAMtyqCd2+UnsmQ==", "updater": "rhel-vex", "name": "CVE-2025-55132", "description": "A file access flaw has been discovered in NodeJS. A file's access and modification timestamps to be changed via `futimes()` even when the process has only read permissions. Unlike `utimes()`, `futimes()` does not apply the expected write-permission checks, which means file metadata can be modified in read-only directories. This behavior could be used to alter timestamps in ways that obscure activity, reducing the reliability of logs.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-55132 https://bugzilla.redhat.com/show_bug.cgi?id=2431338 https://www.cve.org/CVERecord?id=CVE-2025-55132 https://nvd.nist.gov/vuln/detail/CVE-2025-55132 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-55132.json https://access.redhat.com/errata/RHSA-2026:2782", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.22.0-1.module+el9.7.0+23896+b5802de9", "arch_op": "pattern match" }, "O+NG96g+kK1DtaJEFTfwuA==": { "id": "O+NG96g+kK1DtaJEFTfwuA==", "updater": "rhel-vex", "name": "CVE-2024-7592", "description": "A flaw was found in the `http.cookies` module in the Python package. When parsing cookies that contain backslashes, under certain circumstances, the module uses an algorithm with quadratic complexity, leading to excessive CPU consumption.", "issued": "2024-08-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "O+a4984RTSUBIVVJsZTw1A==": { "id": "O+a4984RTSUBIVVJsZTw1A==", "updater": "rhel-vex", "name": "CVE-2024-52006", "description": "A flaw was found in Git. Git defines a line-based protocol that is used to exchange information between Git and Git credential helpers. Some ecosystems, most notably .NET and node.js, interpret single Carriage Return characters as newlines, which render the protections against CVE-2020-5260 incomplete for credential helpers, which has the potential to expose stored credentials to malicious URLs.", "issued": "2025-01-14T18:39:52Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52006 https://bugzilla.redhat.com/show_bug.cgi?id=2337956 https://www.cve.org/CVERecord?id=CVE-2024-52006 https://nvd.nist.gov/vuln/detail/CVE-2024-52006 https://github.com/git-ecosystem/git-credential-manager/security/advisories/GHSA-86c2-4x57-wc8g https://github.com/git/git/commit/b01b9b81d36759cdcd07305e78765199e1bc2060 https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q https://github.com/git/git/security/advisories/GHSA-r5ph-xg7q-xfrp https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52006.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "O0QnjS+0zUH+vff5xaIpCw==": { "id": "O0QnjS+0zUH+vff5xaIpCw==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "O0ZHj1wCkn8EgvHd15dYqA==": { "id": "O0ZHj1wCkn8EgvHd15dYqA==", "updater": "rhel-vex", "name": "CVE-2023-0361", "description": "A timing side-channel vulnerability was found in RSA ClientKeyExchange messages in GnuTLS. This side-channel may be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.", "issued": "2023-02-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0361 https://bugzilla.redhat.com/show_bug.cgi?id=2162596 https://www.cve.org/CVERecord?id=CVE-2023-0361 https://nvd.nist.gov/vuln/detail/CVE-2023-0361 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0361.json https://access.redhat.com/errata/RHSA-2023:1141", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-18.el9_1", "arch_op": "pattern match" }, "O41Bejc6em2i0QjOrjliKQ==": { "id": "O41Bejc6em2i0QjOrjliKQ==", "updater": "rhel-vex", "name": "CVE-2023-0803", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted16bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0803 https://bugzilla.redhat.com/show_bug.cgi?id=2170187 https://www.cve.org/CVERecord?id=CVE-2023-0803 https://nvd.nist.gov/vuln/detail/CVE-2023-0803 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0803.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "O4VudlVyChnCKHP9qhS59g==": { "id": "O4VudlVyChnCKHP9qhS59g==", "updater": "rhel-vex", "name": "CVE-2023-30588", "description": "A vulnerability has been identified in the Node.js, where an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30588 https://bugzilla.redhat.com/show_bug.cgi?id=2219838 https://www.cve.org/CVERecord?id=CVE-2023-30588 https://nvd.nist.gov/vuln/detail/CVE-2023-30588 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30588.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.16.1-1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "O7l2OQQ3NRM4VNrd4YvEaA==": { "id": "O7l2OQQ3NRM4VNrd4YvEaA==", "updater": "rhel-vex", "name": "CVE-2023-24539", "description": "A flaw was found in golang where angle brackets (\u003c\u003e) were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in the CSS context unexpectedly closing, allowing for the injection of unexpected HMTL if executed with untrusted input.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24539 https://bugzilla.redhat.com/show_bug.cgi?id=2196026 https://www.cve.org/CVERecord?id=CVE-2023-24539 https://nvd.nist.gov/vuln/detail/CVE-2023-24539 https://github.com/golang/go/issues/59720 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24539.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "OB9n4NdBrq+3wlcM9+90Dg==": { "id": "OB9n4NdBrq+3wlcM9+90Dg==", "updater": "rhel-vex", "name": "CVE-2025-69420", "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69420 https://bugzilla.redhat.com/show_bug.cgi?id=2430388 https://www.cve.org/CVERecord?id=CVE-2025-69420 https://nvd.nist.gov/vuln/detail/CVE-2025-69420 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69420.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "OIcx4C9IsgtrAE0nDs9GdA==": { "id": "OIcx4C9IsgtrAE0nDs9GdA==", "updater": "rhel-vex", "name": "CVE-2024-32021", "description": "A vulnerability was found in Git. This flaw allows an unauthenticated attacker to place a repository on their target's local system that contains symlinks. During the cloning process, Git could be tricked into creating hardlinked arbitrary files into their repository's objects/ directory, impacting availability and integrity.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32021 https://bugzilla.redhat.com/show_bug.cgi?id=2280484 https://www.cve.org/CVERecord?id=CVE-2024-32021 https://nvd.nist.gov/vuln/detail/CVE-2024-32021 https://github.com/git/git/security/advisories/GHSA-mvxm-9j2h-qjx7 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32021.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "OIti7hlc3vRNRODodvPE4A==": { "id": "OIti7hlc3vRNRODodvPE4A==", "updater": "rhel-vex", "name": "CVE-2026-26996", "description": "A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.", "issued": "2026-02-20T03:05:21Z", "links": "https://access.redhat.com/security/cve/CVE-2026-26996 https://bugzilla.redhat.com/show_bug.cgi?id=2441268 https://www.cve.org/CVERecord?id=CVE-2026-26996 https://nvd.nist.gov/vuln/detail/CVE-2026-26996 https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5 https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-26996.json https://access.redhat.com/errata/RHSA-2026:7302", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.22.2-1.module+el9.7.0+24157+8ddb2461", "arch_op": "pattern match" }, "OJ5Ok6CMeJ8/3txCizz4cg==": { "id": "OJ5Ok6CMeJ8/3txCizz4cg==", "updater": "rhel-vex", "name": "CVE-2023-43787", "description": "A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43787 https://bugzilla.redhat.com/show_bug.cgi?id=2242254 https://www.cve.org/CVERecord?id=CVE-2023-43787 https://nvd.nist.gov/vuln/detail/CVE-2023-43787 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43787.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-xcb", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "OLjLMRdWldBjSuTKpYjduw==": { "id": "OLjLMRdWldBjSuTKpYjduw==", "updater": "rhel-vex", "name": "CVE-2025-66866", "description": "A flaw was found in BinUtils. An attacker can exploit a vulnerability in the `d_abi_tags` function within the `cp-demangle.c` file by providing a specially crafted Portable Executable (PE) file. This can lead to a Denial of Service (DoS), making the affected application unavailable to legitimate users.", "issued": "2025-12-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-66866 https://bugzilla.redhat.com/show_bug.cgi?id=2425830 https://www.cve.org/CVERecord?id=CVE-2025-66866 https://nvd.nist.gov/vuln/detail/CVE-2025-66866 https://github.com/caozhzh/CRGF-Vul/blob/main/cxxfilt/crash6.md https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-66866.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "OOCO13z2+atrfqEfCsJ3/w==": { "id": "OOCO13z2+atrfqEfCsJ3/w==", "updater": "rhel-vex", "name": "CVE-2023-30590", "description": "A vulnerability has been identified in the Node.js, where a generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30590 https://bugzilla.redhat.com/show_bug.cgi?id=2219842 https://www.cve.org/CVERecord?id=CVE-2023-30590 https://nvd.nist.gov/vuln/detail/CVE-2023-30590 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30590.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.16.1-1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "OSUAY4vX1mm91uqYY2QyKA==": { "id": "OSUAY4vX1mm91uqYY2QyKA==", "updater": "rhel-vex", "name": "CVE-2026-32289", "description": "A flaw was found in the `html/template` package. This vulnerability arises from improper tracking of context and brace depth within JavaScript (JS) template literals. A remote attacker could exploit these issues to cause content to be incorrectly or improperly escaped, leading to Cross-Site Scripting (XSS) vulnerabilities. This could allow an attacker to inject malicious scripts into web pages viewed by other users.", "issued": "2026-04-08T01:06:56Z", "links": "https://access.redhat.com/security/cve/CVE-2026-32289 https://bugzilla.redhat.com/show_bug.cgi?id=2456334 https://www.cve.org/CVERecord?id=CVE-2026-32289 https://nvd.nist.gov/vuln/detail/CVE-2026-32289 https://go.dev/cl/763762 https://go.dev/issue/78331 https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU https://pkg.go.dev/vuln/GO-2026-4865 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32289.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "OUOPFj6v5qm/F5KSXf7dVw==": { "id": "OUOPFj6v5qm/F5KSXf7dVw==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "OVekopeo2m1+vPR8dGU9Qw==": { "id": "OVekopeo2m1+vPR8dGU9Qw==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:11802", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.16.0-2.module+el9.6.0+23339+d3c8acfa", "arch_op": "pattern match" }, "OXr+UvfSDAQbLGP4xOBSMw==": { "id": "OXr+UvfSDAQbLGP4xOBSMw==", "updater": "rhel-vex", "name": "CVE-2023-1127", "description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "issued": "2023-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1127.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "OaLF1hM9BwMPMfYWn9kNEA==": { "id": "OaLF1hM9BwMPMfYWn9kNEA==", "updater": "rhel-vex", "name": "CVE-2026-3479", "description": "A flaw was found in Python's `pkgutil.get_data()` function, which is used to retrieve data from packages. This function did not properly validate the `resource` argument, allowing a local attacker to perform path traversal attacks. Path traversal enables an attacker to access files and directories stored outside the intended root directory, potentially leading to information disclosure or unintended file access.", "issued": "2026-03-18T18:13:42Z", "links": "https://access.redhat.com/security/cve/CVE-2026-3479 https://bugzilla.redhat.com/show_bug.cgi?id=2448746 https://www.cve.org/CVERecord?id=CVE-2026-3479 https://nvd.nist.gov/vuln/detail/CVE-2026-3479 https://github.com/python/cpython/issues/146121 https://github.com/python/cpython/pull/146122 https://mail.python.org/archives/list/security-announce@python.org/thread/WYLLVQOOCKGK73JM7Z7ZSNOJC4N7BAWY/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3479.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "python3.9", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Oaw7/z6QEDwwzKvMQmdriQ==": { "id": "Oaw7/z6QEDwwzKvMQmdriQ==", "updater": "rhel-vex", "name": "CVE-2022-48281", "description": "A vulnerability was found in libtiff. This vulnerability occurs due to an issue in processCropSelections in the tools/tiffcrop.c function in LibTIFF that has a heap-based buffer overflow (for example, \"WRITE of size 307203\") via a crafted TIFF image.", "issued": "2023-01-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-48281 https://bugzilla.redhat.com/show_bug.cgi?id=2163606 https://www.cve.org/CVERecord?id=CVE-2022-48281 https://nvd.nist.gov/vuln/detail/CVE-2022-48281 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-48281.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "Ob+LJ5zYHnbjt14Yf8W7UA==": { "id": "Ob+LJ5zYHnbjt14Yf8W7UA==", "updater": "rhel-vex", "name": "CVE-2022-3016", "description": "A heap use-after-free vulnerability was found in vim's get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-08-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3016 https://bugzilla.redhat.com/show_bug.cgi?id=2124208 https://www.cve.org/CVERecord?id=CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3016.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Ogq02fai+FFfBUlCUVZlhw==": { "id": "Ogq02fai+FFfBUlCUVZlhw==", "updater": "rhel-vex", "name": "CVE-2024-10963", "description": "A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.", "issued": "2024-11-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://github.com/linux-pam/linux-pam/issues/834 https://github.com/linux-pam/linux-pam/pull/835 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json https://access.redhat.com/errata/RHSA-2024:10244", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-22.el9_5", "arch_op": "pattern match" }, "OhQ6agVzWuY02NakmnlJmw==": { "id": "OhQ6agVzWuY02NakmnlJmw==", "updater": "rhel-vex", "name": "CVE-2022-39253", "description": "Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source's `$GIT_DIR/objects` directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via `--no-hardlinks`). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim's machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the `--recurse-submodules` option. Git does not create symbolic links in the `$GIT_DIR/objects` directory. The problem has been patched in the versions published on 2022-10-18, and backported to v2.30.x. Potential workarounds: Avoid cloning untrusted repositories using the `--local` optimization when on a shared machine, either by passing the `--no-local` option to `git clone` or cloning from a URL that uses the `file://` scheme. Alternatively, avoid cloning repositories from untrusted sources with `--recurse-submodules` or run `git config --global protocol.file.allow user`.", "issued": "2022-10-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-39253 https://bugzilla.redhat.com/show_bug.cgi?id=2137422 https://www.cve.org/CVERecord?id=CVE-2022-39253 https://nvd.nist.gov/vuln/detail/CVE-2022-39253 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-39253.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "Oi+2EF5+FNNGg+4WyowonQ==": { "id": "Oi+2EF5+FNNGg+4WyowonQ==", "updater": "rhel-vex", "name": "CVE-2025-23165", "description": "A flaw was found in the ReadFileUtf8 internal binding of Node.js. This vulnerability can allow an attacker to cause an application denial of service via repeated file read operations that trigger an unrecoverable memory leak due to a corrupted pointer in the underlying file system binding.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23165 https://bugzilla.redhat.com/show_bug.cgi?id=2367162 https://www.cve.org/CVERecord?id=CVE-2025-23165 https://nvd.nist.gov/vuln/detail/CVE-2025-23165 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23165.json https://access.redhat.com/errata/RHSA-2025:8468", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.19.2-1.module+el9.6.0+23146+be9976bd", "arch_op": "pattern match" }, "Ojd6gfhf5HOGBRFGRWmKOg==": { "id": "Ojd6gfhf5HOGBRFGRWmKOg==", "updater": "rhel-vex", "name": "CVE-2024-50349", "description": "A flaw was found in Git. This vulnerability occurs when Git requests credentials via a terminal prompt, for example, without the use of a credential helper. During this process, Git displays the host name for which the credentials are needed, but any URL-encoded parts are decoded and displayed directly. This can allow an attacker to manipulate URLs by including ANSI escape sequences, which can be interpreted by the terminal to mislead users by tricking them into entering passwords that are redirected to malicious attacker-controlled sites.", "issued": "2025-01-14T18:43:42Z", "links": "https://access.redhat.com/security/cve/CVE-2024-50349 https://bugzilla.redhat.com/show_bug.cgi?id=2337824 https://www.cve.org/CVERecord?id=CVE-2024-50349 https://nvd.nist.gov/vuln/detail/CVE-2024-50349 https://github.com/git/git/commit/7725b8100ffbbff2750ee4d61a0fcc1f53a086e8 https://github.com/git/git/commit/c903985bf7e772e2d08275c1a95c8a55ab011577 https://github.com/git/git/security/advisories/GHSA-hmg8-h7qf-7cxr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50349.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "OlhZuHzjnGJlFRoEEZLvZw==": { "id": "OlhZuHzjnGJlFRoEEZLvZw==", "updater": "rhel-vex", "name": "CVE-2022-1705", "description": "A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating \"chunked\" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-1705 https://bugzilla.redhat.com/show_bug.cgi?id=2107374 https://www.cve.org/CVERecord?id=CVE-2022-1705 https://nvd.nist.gov/vuln/detail/CVE-2022-1705 https://go.dev/issue/53188 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-1705.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "OlzUZywb212kcLte3jiS3g==": { "id": "OlzUZywb212kcLte3jiS3g==", "updater": "rhel-vex", "name": "CVE-2024-2236", "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "issued": "2024-03-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json https://access.redhat.com/errata/RHSA-2024:9404", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgcrypt", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.10.0-11.el9", "arch_op": "pattern match" }, "OoUkTYhn9kcAyWK8OpWEvg==": { "id": "OoUkTYhn9kcAyWK8OpWEvg==", "updater": "rhel-vex", "name": "CVE-2024-6232", "description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "issued": "2024-09-03T13:15:05Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.6", "arch_op": "pattern match" }, "OqWPbZZgGqlPCMzbmClfHA==": { "id": "OqWPbZZgGqlPCMzbmClfHA==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.2.8.el9_4", "arch_op": "pattern match" }, "Oqoxq5RsXkX9ZEI9ETDo/w==": { "id": "Oqoxq5RsXkX9ZEI9ETDo/w==", "updater": "rhel-vex", "name": "CVE-2026-21637", "description": "A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when `pskCallback` or `ALPNCallback` are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths (tlsClientError and error), causing either immediate process termination or silent file descriptor leaks that eventually lead to denial of service. Because these callbacks process attacker-controlled input during the TLS handshake, a remote client can repeatedly trigger the issue. This vulnerability affects TLS servers using PSK or ALPN callbacks across Node.js versions where these callbacks throw without being safely wrapped.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21637 https://bugzilla.redhat.com/show_bug.cgi?id=2431340 https://www.cve.org/CVERecord?id=CVE-2026-21637 https://nvd.nist.gov/vuln/detail/CVE-2026-21637 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21637.json https://access.redhat.com/errata/RHSA-2026:2782", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.22.0-1.module+el9.7.0+23896+b5802de9", "arch_op": "pattern match" }, "OtUtUn02ewCzaijseyEVUA==": { "id": "OtUtUn02ewCzaijseyEVUA==", "updater": "rhel-vex", "name": "CVE-2022-28805", "description": "A heap buffer-overflow vulnerability was found in Lua. The flaw occurs due to vulnerable code present in the lparser.c function of Lua that allows the execution of untrusted Lua code into a system, resulting in malicious activity.", "issued": "2022-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-28805 https://bugzilla.redhat.com/show_bug.cgi?id=2073884 https://www.cve.org/CVERecord?id=CVE-2022-28805 https://nvd.nist.gov/vuln/detail/CVE-2022-28805 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-28805.json https://access.redhat.com/errata/RHSA-2023:2582", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "lua-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:5.4.4-3.el9", "arch_op": "pattern match" }, "OuZBWnWNFHYdTgntdOB15Q==": { "id": "OuZBWnWNFHYdTgntdOB15Q==", "updater": "rhel-vex", "name": "CVE-2023-29406", "description": "A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.", "issued": "2023-07-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29406 https://bugzilla.redhat.com/show_bug.cgi?id=2222167 https://www.cve.org/CVERecord?id=CVE-2023-29406 https://nvd.nist.gov/vuln/detail/CVE-2023-29406 https://groups.google.com/g/golang-announce/c/2q13H6LEEx0 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29406.json https://access.redhat.com/errata/RHSA-2023:5738", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.13-1.el9_2", "arch_op": "pattern match" }, "OvvtykNCZtfooZWGyghXfg==": { "id": "OvvtykNCZtfooZWGyghXfg==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "Ovx/FK8kd+H6TytgRdsBFA==": { "id": "Ovx/FK8kd+H6TytgRdsBFA==", "updater": "rhel-vex", "name": "CVE-2024-8176", "description": "A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.", "issued": "2025-03-13T13:51:54Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8176 https://bugzilla.redhat.com/show_bug.cgi?id=2310137 https://www.cve.org/CVERecord?id=CVE-2024-8176 https://nvd.nist.gov/vuln/detail/CVE-2024-8176 https://github.com/libexpat/libexpat/issues/893 https://github.com/libexpat/libexpat/pull/973 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8176.json https://access.redhat.com/errata/RHSA-2025:7444", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-5.el9_6", "arch_op": "pattern match" }, "Ox1tNe9huq3q2onFJsX0QA==": { "id": "Ox1tNe9huq3q2onFJsX0QA==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "OxOc7/P4x7mjEZNhGnABDA==": { "id": "OxOc7/P4x7mjEZNhGnABDA==", "updater": "rhel-vex", "name": "CVE-2024-28835", "description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:2570", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-4.el9_4", "arch_op": "pattern match" }, "Oz/6eC07LwyvcoelwlI47w==": { "id": "Oz/6eC07LwyvcoelwlI47w==", "updater": "rhel-vex", "name": "CVE-2024-32002", "description": "A vulnerability was found in Git. This vulnerability allows the malicious manipulation of repositories containing submodules, exploiting a bug that enables the writing of files into the .git/ directory instead of the submodule's intended worktree. This manipulation facilitates the execution of arbitrary code during the cloning process, bypassing user inspection and control.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2280421 https://www.cve.org/CVERecord?id=CVE-2024-32002 https://nvd.nist.gov/vuln/detail/CVE-2024-32002 https://github.com/git/git/security/advisories/GHSA-8h77-4q3w-gfgv https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32002.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "P1K1eUbqwgam0P6f7iB/IA==": { "id": "P1K1eUbqwgam0P6f7iB/IA==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "P2LAyAbSFxWVwlNB9c/A2g==": { "id": "P2LAyAbSFxWVwlNB9c/A2g==", "updater": "rhel-vex", "name": "CVE-2023-7008", "description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "issued": "2022-12-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:252-32.el9_4", "arch_op": "pattern match" }, "P8ATyyToJgziJaUXIjyPvA==": { "id": "P8ATyyToJgziJaUXIjyPvA==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "P8DPJn528tUhUQhsixUumA==": { "id": "P8DPJn528tUhUQhsixUumA==", "updater": "rhel-vex", "name": "CVE-2025-69420", "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69420 https://bugzilla.redhat.com/show_bug.cgi?id=2430388 https://www.cve.org/CVERecord?id=CVE-2025-69420 https://nvd.nist.gov/vuln/detail/CVE-2025-69420 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69420.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "PAVfrfQyg9ezKUDPbI/Nmw==": { "id": "PAVfrfQyg9ezKUDPbI/Nmw==", "updater": "rhel-vex", "name": "CVE-2025-4674", "description": "A flaw was found in cmd/go. The `go` command can execute arbitrary commands when processing untrusted version control system (VCS) repositories containing malicious configuration. This issue occurs because the command interprets VCS metadata, potentially leading to unintended command execution. This vulnerability allows a malicious actor to trigger this by providing a repository with a crafted VCS configuration, resulting in arbitrary code execution within the context of the `go` process.", "issued": "2025-07-29T21:19:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4674 https://bugzilla.redhat.com/show_bug.cgi?id=2384329 https://www.cve.org/CVERecord?id=CVE-2025-4674 https://nvd.nist.gov/vuln/detail/CVE-2025-4674 https://go.dev/cl/686515 https://go.dev/issue/74380 https://groups.google.com/g/golang-announce/c/gTNJnDXmn34 https://pkg.go.dev/vuln/GO-2025-3828 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4674.json https://access.redhat.com/errata/RHSA-2025:13935", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.6-1.el9_6", "arch_op": "pattern match" }, "PB44uTo7NGwmA/fjSEQPBA==": { "id": "PB44uTo7NGwmA/fjSEQPBA==", "updater": "rhel-vex", "name": "CVE-2025-31498", "description": "A flaw was found in c-ares. This vulnerability allows a remote or local attacker to cause a use-after-free, potentially leading to application-level denial of service or other unexpected behavior via manipulation of DNS responses or network conditions during query processing.", "issued": "2025-04-08T13:53:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-31498 https://bugzilla.redhat.com/show_bug.cgi?id=2358271 https://www.cve.org/CVERecord?id=CVE-2025-31498 https://nvd.nist.gov/vuln/detail/CVE-2025-31498 https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1 https://github.com/c-ares/c-ares/pull/821 https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-31498.json https://access.redhat.com/errata/RHSA-2025:7426", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.19.1-1.module+el9.6.0+23053+4195b0b2", "arch_op": "pattern match" }, "PDZIjg6u6C4zc5d09d4Brw==": { "id": "PDZIjg6u6C4zc5d09d4Brw==", "updater": "rhel-vex", "name": "CVE-2026-2229", "description": "A flaw was found in the undici WebSocket client. A remote malicious server can exploit this vulnerability by sending a WebSocket frame with an invalid `server_max_window_bits` parameter within the permessage-deflate extension. This improper validation causes the client's Node.js process to terminate, leading to a denial-of-service (DoS) condition for the client.", "issued": "2026-03-12T20:27:05Z", "links": "https://access.redhat.com/security/cve/CVE-2026-2229 https://bugzilla.redhat.com/show_bug.cgi?id=2447143 https://www.cve.org/CVERecord?id=CVE-2026-2229 https://nvd.nist.gov/vuln/detail/CVE-2026-2229 https://cna.openjsf.org/security-advisories.html https://datatracker.ietf.org/doc/html/rfc7692 https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8 https://hackerone.com/reports/3487486 https://nodejs.org/api/zlib.html#class-zlibinflateraw https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2229.json https://access.redhat.com/errata/RHSA-2026:7302", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.22.2-1.module+el9.7.0+24157+8ddb2461", "arch_op": "pattern match" }, "PDkkYuYRnbObAyDWKDapig==": { "id": "PDkkYuYRnbObAyDWKDapig==", "updater": "rhel-vex", "name": "CVE-2024-28757", "description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "issued": "2024-03-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json https://access.redhat.com/errata/RHBA-2024:2518", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-2.el9_4", "arch_op": "pattern match" }, "PEaU9hApxjdZ1D4R2OUZpw==": { "id": "PEaU9hApxjdZ1D4R2OUZpw==", "updater": "rhel-vex", "name": "CVE-2024-21890", "description": "A flaw was found in the Node.js Permission Model, where it is not clarified in the documentation that wildcards should only be used as the last character of a file path. For example: --allow-fs-read=/home/node/.ssh/*.pub will ignore pub and give access to everything after .ssh/.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21890 https://bugzilla.redhat.com/show_bug.cgi?id=2265722 https://www.cve.org/CVERecord?id=CVE-2024-21890 https://nvd.nist.gov/vuln/detail/CVE-2024-21890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21890.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "PHRlWl/iCYco+xAVn6SmKQ==": { "id": "PHRlWl/iCYco+xAVn6SmKQ==", "updater": "rhel-vex", "name": "CVE-2024-8088", "description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "issued": "2024-08-22T19:15:09Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:6163", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.5", "arch_op": "pattern match" }, "PJ/Blkuxb9rGhjSw0f3NrA==": { "id": "PJ/Blkuxb9rGhjSw0f3NrA==", "updater": "rhel-vex", "name": "CVE-2023-39615", "description": "A flaw was found in Libxml2, where it contains a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a denial of service (DoS) by supplying a crafted XML file.", "issued": "2023-08-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39615 https://bugzilla.redhat.com/show_bug.cgi?id=2235864 https://www.cve.org/CVERecord?id=CVE-2023-39615 https://nvd.nist.gov/vuln/detail/CVE-2023-39615 https://gitlab.gnome.org/GNOME/libxml2/-/issues/535 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39615.json https://access.redhat.com/errata/RHSA-2023:7747", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-5.el9_3", "arch_op": "pattern match" }, "PLT6ItGnGibNqyU7ikhmRA==": { "id": "PLT6ItGnGibNqyU7ikhmRA==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "PMaPI3hRDt0vFaerryvY/g==": { "id": "PMaPI3hRDt0vFaerryvY/g==", "updater": "rhel-vex", "name": "CVE-2023-0361", "description": "A timing side-channel vulnerability was found in RSA ClientKeyExchange messages in GnuTLS. This side-channel may be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.", "issued": "2023-02-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0361 https://bugzilla.redhat.com/show_bug.cgi?id=2162596 https://www.cve.org/CVERecord?id=CVE-2023-0361 https://nvd.nist.gov/vuln/detail/CVE-2023-0361 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0361.json https://access.redhat.com/errata/RHSA-2023:1141", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-18.el9_1", "arch_op": "pattern match" }, "PNe7L04JfETT1S4nMUYcGA==": { "id": "PNe7L04JfETT1S4nMUYcGA==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://inbox.sourceware.org/libc-announce/3ac997b0-28a5-4129-af53-675efe4c2dec@redhat.com/T/#u https://sourceware.org/bugzilla/show_bug.cgi?id=32976 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "POO0JR6PIxa5cAikhYHhiQ==": { "id": "POO0JR6PIxa5cAikhYHhiQ==", "updater": "rhel-vex", "name": "CVE-2023-23936", "description": "A flaw was found in the fetch API in Node.js that did not prevent CRLF injection in the 'host' header. This issue could allow HTTP response splitting and HTTP header injection.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23936 https://bugzilla.redhat.com/show_bug.cgi?id=2172190 https://www.cve.org/CVERecord?id=CVE-2023-23936 https://nvd.nist.gov/vuln/detail/CVE-2023-23936 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23936.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "POSFLQ5mtdC9jMcn5UF8FA==": { "id": "POSFLQ5mtdC9jMcn5UF8FA==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.13.1-1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "POcCjok8El2qPlKNKRD9WQ==": { "id": "POcCjok8El2qPlKNKRD9WQ==", "updater": "rhel-vex", "name": "CVE-2024-12243", "description": "A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.", "issued": "2025-02-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12243 https://bugzilla.redhat.com/show_bug.cgi?id=2344615 https://www.cve.org/CVERecord?id=CVE-2024-12243 https://nvd.nist.gov/vuln/detail/CVE-2024-12243 https://gitlab.com/gnutls/gnutls/-/issues/1553 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12243.json https://access.redhat.com/errata/RHSA-2025:7076", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-6.el9", "arch_op": "pattern match" }, "PPWqABLxfDDxZRPH4wfL9g==": { "id": "PPWqABLxfDDxZRPH4wfL9g==", "updater": "rhel-vex", "name": "CVE-2025-27614", "description": "There's a vulnerability in gitk where an user can be tricked to run malicious scripts supplied by the attacker when running gitk filename command. When successfully exploited this vulnerability may result in arbitrary code execution.", "issued": "2025-07-08T13:01:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27614 https://bugzilla.redhat.com/show_bug.cgi?id=2379125 https://www.cve.org/CVERecord?id=CVE-2025-27614 https://nvd.nist.gov/vuln/detail/CVE-2025-27614 https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/ https://www.openwall.com/lists/oss-security/2025/07/08/4 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27614.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "PRErogcN/aXkh7DLlBPLlw==": { "id": "PRErogcN/aXkh7DLlBPLlw==", "updater": "rhel-vex", "name": "CVE-2022-25881", "description": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.", "issued": "2023-01-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25881 https://bugzilla.redhat.com/show_bug.cgi?id=2165824 https://www.cve.org/CVERecord?id=CVE-2022-25881 https://nvd.nist.gov/vuln/detail/CVE-2022-25881 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25881.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "PT2kHv2z8lzB78apv1Gy+A==": { "id": "PT2kHv2z8lzB78apv1Gy+A==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://inbox.sourceware.org/libc-announce/3ac997b0-28a5-4129-af53-675efe4c2dec@redhat.com/T/#u https://sourceware.org/bugzilla/show_bug.cgi?id=32976 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "PUCpgzV2LGcCb5yPJbawGw==": { "id": "PUCpgzV2LGcCb5yPJbawGw==", "updater": "rhel-vex", "name": "CVE-2025-68973", "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "issued": "2025-12-28T16:19:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-68973 https://bugzilla.redhat.com/show_bug.cgi?id=2425966 https://www.cve.org/CVERecord?id=CVE-2025-68973 https://nvd.nist.gov/vuln/detail/CVE-2025-68973 https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306 https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9 https://gpg.fail/memcpy https://news.ycombinator.com/item?id=46403200 https://www.openwall.com/lists/oss-security/2025/12/28/5 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68973.json https://access.redhat.com/errata/RHSA-2026:0719", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.3.3-5.el9_7", "arch_op": "pattern match" }, "PWWEgCX9dooaG7K56MMKDg==": { "id": "PWWEgCX9dooaG7K56MMKDg==", "updater": "rhel-vex", "name": "CVE-2025-55131", "description": "A memory exposure flaw has been discovered in Node.js. A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the `vm` module with the timeout option. Under specific timing conditions, buffers allocated with `Buffer.alloc` and other `TypedArray` instances like `Uint8Array` may contain leftover data from previous operations, allowing in-process secrets like tokens or passwords to leak or causing data corruption.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-55131 https://bugzilla.redhat.com/show_bug.cgi?id=2431350 https://www.cve.org/CVERecord?id=CVE-2025-55131 https://nvd.nist.gov/vuln/detail/CVE-2025-55131 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-55131.json https://access.redhat.com/errata/RHSA-2026:2781", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.13.0-1.module+el9.7.0+23894+c8377628", "arch_op": "pattern match" }, "PYQ8GtvInfQ411U5gwbErQ==": { "id": "PYQ8GtvInfQ411U5gwbErQ==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "Pd5fn59ga3nlH8XsDKvDWA==": { "id": "Pd5fn59ga3nlH8XsDKvDWA==", "updater": "rhel-vex", "name": "CVE-2024-36137", "description": "A flaw was found in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. The Node.js Permission Model does not operate on file descriptors. However, operations such as fs.fchown or fs.fchmod can use a \"read-only\" file descriptor to change the owner and permissions of a file.", "issued": "2024-07-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-36137 https://bugzilla.redhat.com/show_bug.cgi?id=2299281 https://www.cve.org/CVERecord?id=CVE-2024-36137 https://nvd.nist.gov/vuln/detail/CVE-2024-36137 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-36137.json https://access.redhat.com/errata/RHSA-2024:5815", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.16.0-1.module+el9.4.0+22197+9e60f127", "arch_op": "pattern match" }, "PdGhfwK5tePs8ngzFuopoA==": { "id": "PdGhfwK5tePs8ngzFuopoA==", "updater": "rhel-vex", "name": "CVE-2023-46218", "description": "A flaw was found in curl that verifies a given cookie domain against the Public Suffix List. This issue could allow a malicious HTTP server to set \"super cookies\" in curl that are passed back to more origins than what is otherwise allowed or possible.", "issued": "2023-12-06T07:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46218 https://bugzilla.redhat.com/show_bug.cgi?id=2252030 https://www.cve.org/CVERecord?id=CVE-2023-46218 https://nvd.nist.gov/vuln/detail/CVE-2023-46218 https://curl.se/docs/CVE-2023-46218.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46218.json https://access.redhat.com/errata/RHSA-2024:1129", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.3", "arch_op": "pattern match" }, "PdNX5RN9keIsqOloxy7mkg==": { "id": "PdNX5RN9keIsqOloxy7mkg==", "updater": "rhel-vex", "name": "CVE-2023-2650", "description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "issued": "2023-05-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2650.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "PdWXJaz3tjlEOUmbSqfsDQ==": { "id": "PdWXJaz3tjlEOUmbSqfsDQ==", "updater": "rhel-vex", "name": "CVE-2024-12797", "description": "A flaw was found in OpenSSL's RFC7250 Raw Public Key (RPK) authentication. This vulnerability allows man-in-the-middle (MITM) attacks via failure to abort TLS/DTLS handshakes when the server's RPK does not match the expected key despite the SSL_VERIFY_PEER verification mode being set.", "issued": "2025-02-11T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12797 https://bugzilla.redhat.com/show_bug.cgi?id=2342757 https://www.cve.org/CVERecord?id=CVE-2024-12797 https://nvd.nist.gov/vuln/detail/CVE-2024-12797 https://openssl-library.org/news/secadv/20250211.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12797.json https://access.redhat.com/errata/RHSA-2025:1330", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5.1", "arch_op": "pattern match" }, "Pdc4LabMMVIl3+kSdEepMw==": { "id": "Pdc4LabMMVIl3+kSdEepMw==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "PgPRtFXcN+6zuIY77w+muQ==": { "id": "PgPRtFXcN+6zuIY77w+muQ==", "updater": "rhel-vex", "name": "CVE-2024-4741", "description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "issued": "2024-05-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "PhzQEpAkCFfaNfVzGQzMgg==": { "id": "PhzQEpAkCFfaNfVzGQzMgg==", "updater": "rhel-vex", "name": "CVE-2024-10041", "description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "issued": "2024-10-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json https://access.redhat.com/errata/RHSA-2024:11250", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-21.el9_5", "arch_op": "pattern match" }, "Po+GLdyrucAyVatfOmZxGg==": { "id": "Po+GLdyrucAyVatfOmZxGg==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "Pp6wwZ+94c04WPY1/Wy+4A==": { "id": "Pp6wwZ+94c04WPY1/Wy+4A==", "updater": "rhel-vex", "name": "CVE-2025-61729", "description": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.", "issued": "2025-12-02T18:54:10Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61729 https://bugzilla.redhat.com/show_bug.cgi?id=2418462 https://www.cve.org/CVERecord?id=CVE-2025-61729 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://pkg.go.dev/vuln/GO-2025-4155 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61729.json https://access.redhat.com/errata/RHSA-2026:0923", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.25.5-2.el9_7", "arch_op": "pattern match" }, "PqOWZHQu7W9hh0UlnMkHAQ==": { "id": "PqOWZHQu7W9hh0UlnMkHAQ==", "updater": "rhel-vex", "name": "CVE-2025-69646", "description": "A flaw was found in binutils. A local attacker can exploit this vulnerability by supplying a malicious input file containing malformed DWARF debug_rnglists data. This can cause the objdump tool to enter an unbounded logging loop, leading to excessive CPU and I/O usage and preventing analysis completion. This issue results in a Denial of Service (DoS).", "issued": "2026-03-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69646 https://bugzilla.redhat.com/show_bug.cgi?id=2445264 https://www.cve.org/CVERecord?id=CVE-2025-69646 https://nvd.nist.gov/vuln/detail/CVE-2025-69646 https://sourceware.org/bugzilla/show_bug.cgi?id=33638 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=598704a00cbac5e85c2bedd363357b5bf6fcee33 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69646.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "PrCrIesi0sSvMQjPpvxecw==": { "id": "PrCrIesi0sSvMQjPpvxecw==", "updater": "rhel-vex", "name": "CVE-2025-14512", "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "issued": "2025-12-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14512 https://bugzilla.redhat.com/show_bug.cgi?id=2421339 https://www.cve.org/CVERecord?id=CVE-2025-14512 https://nvd.nist.gov/vuln/detail/CVE-2025-14512 https://gitlab.gnome.org/GNOME/glib/-/issues/3845 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14512.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "PvgbBaq86gnOp8hffKEHhQ==": { "id": "PvgbBaq86gnOp8hffKEHhQ==", "updater": "rhel-vex", "name": "CVE-2026-35385", "description": "A flaw was found in OpenSSH. When the `scp` command is used by a root user to download a file with the legacy protocol option (`-O`) and without preserving original file permissions (`-p`), the downloaded file can be installed with elevated privileges (setuid or setgid). This unexpected behavior could allow a malicious file to execute with higher permissions than intended, posing a security risk through potential privilege escalation.", "issued": "2026-04-02T16:30:59Z", "links": "https://access.redhat.com/security/cve/CVE-2026-35385 https://bugzilla.redhat.com/show_bug.cgi?id=2454469 https://www.cve.org/CVERecord?id=CVE-2026-35385 https://nvd.nist.gov/vuln/detail/CVE-2026-35385 https://marc.info/?l=openssh-unix-dev\u0026m=177513443901484\u0026w=2 https://www.openssh.org/releasenotes.html#10.3p1 https://www.openwall.com/lists/oss-security/2026/04/02/3 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-35385.json https://access.redhat.com/errata/RHSA-2026:13381", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-49.el9_7", "arch_op": "pattern match" }, "PwX0RLPO5W1w6VDjSgcV8A==": { "id": "PwX0RLPO5W1w6VDjSgcV8A==", "updater": "rhel-vex", "name": "CVE-2022-3626", "description": "An out-of-bounds write flaw was found in the _TIFFmemset function in libtiff/tif_unix.c in the libtiff package. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could cause a denial of service condition.", "issued": "2022-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3626 https://bugzilla.redhat.com/show_bug.cgi?id=2142741 https://www.cve.org/CVERecord?id=CVE-2022-3626 https://nvd.nist.gov/vuln/detail/CVE-2022-3626 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3626.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "Py++HyN8+aNZZa9dPe2rDQ==": { "id": "Py++HyN8+aNZZa9dPe2rDQ==", "updater": "rhel-vex", "name": "CVE-2025-69420", "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69420 https://bugzilla.redhat.com/show_bug.cgi?id=2430388 https://www.cve.org/CVERecord?id=CVE-2025-69420 https://nvd.nist.gov/vuln/detail/CVE-2025-69420 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69420.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "Pza9Y2xtH9MChVMkZwgw2A==": { "id": "Pza9Y2xtH9MChVMkZwgw2A==", "updater": "rhel-vex", "name": "CVE-2024-7264", "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "issued": "2024-07-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Q/06Mcx6TVo+ZKk4ymf7TA==": { "id": "Q/06Mcx6TVo+ZKk4ymf7TA==", "updater": "rhel-vex", "name": "CVE-2025-61732", "description": "A flaw was found in Go's 'cgo tool'. This vulnerability arises from a discrepancy in how Go and C/C++ comments are parsed, which allows for malicious code to be hidden within comments and then \"smuggled\" into the compiled `cgo` binary. An attacker could exploit this to embed and execute arbitrary code, potentially leading to significant system compromise.", "issued": "2026-02-05T03:42:26Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61732 https://bugzilla.redhat.com/show_bug.cgi?id=2437016 https://www.cve.org/CVERecord?id=CVE-2025-61732 https://nvd.nist.gov/vuln/detail/CVE-2025-61732 https://go.dev/cl/734220 https://go.dev/issue/76697 https://groups.google.com/g/golang-announce/c/K09ubi9FQFk https://pkg.go.dev/vuln/GO-2026-4433 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61732.json https://access.redhat.com/errata/RHSA-2026:2709", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.25.7-1.el9_7", "arch_op": "pattern match" }, "Q0D37bmhhLGtYILIAMgFXg==": { "id": "Q0D37bmhhLGtYILIAMgFXg==", "updater": "rhel-vex", "name": "CVE-2022-2207", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "issued": "2022-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2207.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Q1F3DVZZ3gpMNQT3yhbiSg==": { "id": "Q1F3DVZZ3gpMNQT3yhbiSg==", "updater": "rhel-vex", "name": "CVE-2025-10911", "description": "A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash.", "issued": "2025-08-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-10911 https://bugzilla.redhat.com/show_bug.cgi?id=2397838 https://www.cve.org/CVERecord?id=CVE-2025-10911 https://nvd.nist.gov/vuln/detail/CVE-2025-10911 https://gitlab.gnome.org/GNOME/libxslt/-/issues/144 https://gitlab.gnome.org/GNOME/libxslt/-/merge_requests/77 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-10911.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxslt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Q2+f0ITzWPp+YCesnwp1Ng==": { "id": "Q2+f0ITzWPp+YCesnwp1Ng==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "Q2EySKz2roj2mYOhGJQA3A==": { "id": "Q2EySKz2roj2mYOhGJQA3A==", "updater": "rhel-vex", "name": "CVE-2024-52005", "description": "A flaw was found in Git. When cloning, fetching, or pushing from a server, informational or error messages are transported from the remote Git process to the client via a sideband channel. These messages are prefixed with \"remote:\" and printed directly to the standard error output. Typically, this standard error output is connected to a terminal that understands ANSI escape sequences, which Git did not protect against. Most modern terminals support control sequences that can be used by a malicious actor to hide and misrepresent information or to mislead the user into executing untrusted scripts.", "issued": "2025-01-15T17:35:02Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52005 https://bugzilla.redhat.com/show_bug.cgi?id=2338289 https://www.cve.org/CVERecord?id=CVE-2024-52005 https://nvd.nist.gov/vuln/detail/CVE-2024-52005 https://github.com/git/git/security/advisories/GHSA-7jjc-gg6m-3329 https://lore.kernel.org/git/1M9FnZ-1taoNo1wwh-00ESSd@mail.gmx.net https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52005.json https://access.redhat.com/errata/RHSA-2025:7409", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.1-2.el9_6", "arch_op": "pattern match" }, "Q6o565VsHFcmyuOW6jCOGw==": { "id": "Q6o565VsHFcmyuOW6jCOGw==", "updater": "rhel-vex", "name": "CVE-2026-22795", "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22795 https://bugzilla.redhat.com/show_bug.cgi?id=2430389 https://www.cve.org/CVERecord?id=CVE-2026-22795 https://nvd.nist.gov/vuln/detail/CVE-2026-22795 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22795.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "Q9syyD8a/4l/mc50UAvBnQ==": { "id": "Q9syyD8a/4l/mc50UAvBnQ==", "updater": "rhel-vex", "name": "CVE-2024-7592", "description": "A flaw was found in the `http.cookies` module in the Python package. When parsing cookies that contain backslashes, under certain circumstances, the module uses an algorithm with quadratic complexity, leading to excessive CPU consumption.", "issued": "2024-08-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "QBD2bakyMRLlWNUWb7c8Ng==": { "id": "QBD2bakyMRLlWNUWb7c8Ng==", "updater": "rhel-vex", "name": "CVE-2023-29402", "description": "A flaw was found in golang. The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program that uses cgo. This can occur when running an untrusted module that contains directories with newline characters in their names. Modules that are retrieved using the go command, for example, via \"go get\", are not affected. Modules retrieved using GOPATH-mode, for example, GO111MODULE=off may be affected.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29402 https://bugzilla.redhat.com/show_bug.cgi?id=2217562 https://www.cve.org/CVERecord?id=CVE-2023-29402 https://nvd.nist.gov/vuln/detail/CVE-2023-29402 https://go.dev/cl/501226 https://go.dev/issue/60167 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1839 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29402.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "QBNxNqNCcUL/GHKqOh7Fyw==": { "id": "QBNxNqNCcUL/GHKqOh7Fyw==", "updater": "rhel-vex", "name": "CVE-2025-27363", "description": "A flaw was found in FreeType. In affected versions, an out-of-bounds write condition may be triggered when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value, causing it to wrap around and allocate a heap buffer that is too small. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This issue could result in arbitrary code execution or other undefined behavior.", "issued": "2025-03-11T13:28:31Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27363 https://bugzilla.redhat.com/show_bug.cgi?id=2351357 https://www.cve.org/CVERecord?id=CVE-2025-27363 https://nvd.nist.gov/vuln/detail/CVE-2025-27363 https://www.facebook.com/security/advisories/cve-2025-27363 https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27363.json https://access.redhat.com/errata/RHSA-2025:3407", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "freetype", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.10.4-10.el9_5", "arch_op": "pattern match" }, "QDYJ95dZNazClKtqoRJQeQ==": { "id": "QDYJ95dZNazClKtqoRJQeQ==", "updater": "rhel-vex", "name": "CVE-2025-22874", "description": "A flaw was found in Go's crypto/x509 package. This vulnerability allows improper certificate validation, bypassing policy constraints via using ExtKeyUsageAny in VerifyOptions.KeyUsages.", "issued": "2025-06-11T16:42:52Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22874 https://bugzilla.redhat.com/show_bug.cgi?id=2372320 https://www.cve.org/CVERecord?id=CVE-2025-22874 https://nvd.nist.gov/vuln/detail/CVE-2025-22874 https://go.dev/cl/670375 https://go.dev/issue/73612 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://pkg.go.dev/vuln/GO-2025-3749 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22874.json https://access.redhat.com/errata/RHSA-2025:10676", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.4-1.el9_6", "arch_op": "pattern match" }, "QHS4gwmQURKolJEnj/ZMHw==": { "id": "QHS4gwmQURKolJEnj/ZMHw==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "QL7KLbo+Ri9Q4aoq0+/c2w==": { "id": "QL7KLbo+Ri9Q4aoq0+/c2w==", "updater": "rhel-vex", "name": "CVE-2023-23920", "description": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23920 https://bugzilla.redhat.com/show_bug.cgi?id=2172217 https://www.cve.org/CVERecord?id=CVE-2023-23920 https://nvd.nist.gov/vuln/detail/CVE-2023-23920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23920.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "QMVQFQxQO9E+szLpK5nZ9w==": { "id": "QMVQFQxQO9E+szLpK5nZ9w==", "updater": "rhel-vex", "name": "CVE-2026-27143", "description": "A flaw was found in the cmd/compile package in the Go standard library. The compiler fails to correctly check for integer overflow or underflow in arithmetic operations involving loop induction variables. As a result, the compiler allows invalid memory indexing to occur at runtime, potentially leading to memory corruption.", "issued": "2026-04-08T01:06:57Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27143 https://bugzilla.redhat.com/show_bug.cgi?id=2456342 https://www.cve.org/CVERecord?id=CVE-2026-27143 https://nvd.nist.gov/vuln/detail/CVE-2026-27143 https://go.dev/cl/763765 https://go.dev/issue/78333 https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU https://pkg.go.dev/vuln/GO-2026-4868 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27143.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QNVm3dpa9lFJUb6FBjjc1g==": { "id": "QNVm3dpa9lFJUb6FBjjc1g==", "updater": "rhel-vex", "name": "CVE-2024-56171", "description": "A flaw was found in libxml2. This vulnerability allows a use-after-free via a crafted XML document validated against an XML schema with certain identity constraints or a crafted XML schema.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-56171 https://bugzilla.redhat.com/show_bug.cgi?id=2346416 https://www.cve.org/CVERecord?id=CVE-2024-56171 https://nvd.nist.gov/vuln/detail/CVE-2024-56171 https://gitlab.gnome.org/GNOME/libxml2/-/issues/828 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-56171.json https://access.redhat.com/errata/RHSA-2025:2679", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.2", "arch_op": "pattern match" }, "QNeXj0/uAU3vww6deBbkrw==": { "id": "QNeXj0/uAU3vww6deBbkrw==", "updater": "rhel-vex", "name": "CVE-2023-4641", "description": "A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.", "issued": "2023-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4641 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://www.cve.org/CVERecord?id=CVE-2023-4641 https://nvd.nist.gov/vuln/detail/CVE-2023-4641 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4641.json https://access.redhat.com/errata/RHSA-2023:6632", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "shadow-utils", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:4.9-8.el9", "arch_op": "pattern match" }, "QNrS4atSfp1tFVuWE/Cnqg==": { "id": "QNrS4atSfp1tFVuWE/Cnqg==", "updater": "rhel-vex", "name": "CVE-2026-4775", "description": "A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations, potentially causing a denial of service (application crash) or arbitrary code execution.", "issued": "2026-03-24T14:33:35Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4775 https://bugzilla.redhat.com/show_bug.cgi?id=2450768 https://www.cve.org/CVERecord?id=CVE-2026-4775 https://nvd.nist.gov/vuln/detail/CVE-2026-4775 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4775.json https://access.redhat.com/errata/RHSA-2026:12271", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-15.el9_7.3", "arch_op": "pattern match" }, "QPsg6Jr0bVMm0tr2j4YMwA==": { "id": "QPsg6Jr0bVMm0tr2j4YMwA==", "updater": "osv/go", "name": "GO-2026-4602", "description": "FileInfo can escape from a Root in os", "issued": "2026-03-06T21:03:42Z", "links": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://go.dev/issue/77827 https://go.dev/cl/749480", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.25.8" }, "QQ1upjXEDW7OiB4aR8O/8A==": { "id": "QQ1upjXEDW7OiB4aR8O/8A==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-overload", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.31-481.el9", "arch_op": "pattern match" }, "QSEpEyTM9A7rsX/qx644wQ==": { "id": "QSEpEyTM9A7rsX/qx644wQ==", "updater": "rhel-vex", "name": "CVE-2023-5363", "description": "A flaw was found in OpenSSL in how it processes key and initialization vector (IV) lengths. This issue can lead to potential truncation or overruns during the initialization of some symmetric ciphers. A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. Both truncations and overruns of the key and the IV will produce incorrect results and could, in some cases, trigger a memory exception.", "issued": "2023-10-24T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5363 https://bugzilla.redhat.com/show_bug.cgi?id=2243839 https://www.cve.org/CVERecord?id=CVE-2023-5363 https://nvd.nist.gov/vuln/detail/CVE-2023-5363 https://www.openssl.org/news/secadv/20231024.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5363.json https://access.redhat.com/errata/RHSA-2024:0310", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-25.el9_3", "arch_op": "pattern match" }, "QSP4YGVknCXnnhDrDAxftg==": { "id": "QSP4YGVknCXnnhDrDAxftg==", "updater": "rhel-vex", "name": "CVE-2025-4598", "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "issued": "2025-05-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4598 https://bugzilla.redhat.com/show_bug.cgi?id=2369242 https://www.cve.org/CVERecord?id=CVE-2025-4598 https://nvd.nist.gov/vuln/detail/CVE-2025-4598 https://www.openwall.com/lists/oss-security/2025/05/29/3 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4598.json https://access.redhat.com/errata/RHSA-2025:22660", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:252-55.el9_7.7", "arch_op": "pattern match" }, "QTcHwvmTXpVKkHS0xdfb9g==": { "id": "QTcHwvmTXpVKkHS0xdfb9g==", "updater": "rhel-vex", "name": "CVE-2024-32021", "description": "A vulnerability was found in Git. This flaw allows an unauthenticated attacker to place a repository on their target's local system that contains symlinks. During the cloning process, Git could be tricked into creating hardlinked arbitrary files into their repository's objects/ directory, impacting availability and integrity.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32021 https://bugzilla.redhat.com/show_bug.cgi?id=2280484 https://www.cve.org/CVERecord?id=CVE-2024-32021 https://nvd.nist.gov/vuln/detail/CVE-2024-32021 https://github.com/git/git/security/advisories/GHSA-mvxm-9j2h-qjx7 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32021.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "QX/cK7dAcSVwXa3qFcSUeQ==": { "id": "QX/cK7dAcSVwXa3qFcSUeQ==", "updater": "rhel-vex", "name": "CVE-2025-68121", "description": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.", "issued": "2026-02-05T17:48:44Z", "links": "https://access.redhat.com/security/cve/CVE-2025-68121 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://www.cve.org/CVERecord?id=CVE-2025-68121 https://nvd.nist.gov/vuln/detail/CVE-2025-68121 https://go.dev/cl/737700 https://go.dev/issue/77217 https://groups.google.com/g/golang-announce/c/K09ubi9FQFk https://pkg.go.dev/vuln/GO-2026-4337 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68121.json https://access.redhat.com/errata/RHSA-2026:2709", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.25.7-1.el9_7", "arch_op": "pattern match" }, "QX1bQ/CZA5mRbcqjpTc9aA==": { "id": "QX1bQ/CZA5mRbcqjpTc9aA==", "updater": "rhel-vex", "name": "CVE-2021-35065", "description": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "issued": "2022-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35065 https://bugzilla.redhat.com/show_bug.cgi?id=2156324 https://www.cve.org/CVERecord?id=CVE-2021-35065 https://nvd.nist.gov/vuln/detail/CVE-2021-35065 https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35065.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.3-1.16.19.1.1.el9_2", "arch_op": "pattern match" }, "QX9gQ7esz1e73iQHmwojXA==": { "id": "QX9gQ7esz1e73iQHmwojXA==", "updater": "rhel-vex", "name": "CVE-2021-3973", "description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "issued": "2021-11-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3973 https://bugzilla.redhat.com/show_bug.cgi?id=2025059 https://www.cve.org/CVERecord?id=CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3973.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QXekSyzWiuaI8YTxDgngHw==": { "id": "QXekSyzWiuaI8YTxDgngHw==", "updater": "rhel-vex", "name": "CVE-2021-3903", "description": "vim is vulnerable to Heap-based Buffer Overflow", "issued": "2021-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3903.json https://access.redhat.com/errata/RHSA-2024:9405", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-21.el9", "arch_op": "pattern match" }, "QY4aLgQQjP1oPPp38ArMrQ==": { "id": "QY4aLgQQjP1oPPp38ArMrQ==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "QZ7uKIt3KkZJfzRLCLWsIg==": { "id": "QZ7uKIt3KkZJfzRLCLWsIg==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "QZQvSq0tzcJY8GfiU/aXpg==": { "id": "QZQvSq0tzcJY8GfiU/aXpg==", "updater": "rhel-vex", "name": "CVE-2025-8176", "description": "A flaw was found in libtiff. The `get_histogram` function in `file/tiffmedian.c` exhibits a use-after-free condition when processing a specially crafted file, allowing a local attacker to trigger memory corruption. This manipulation results in a use-after-free vulnerability, and can lead to a denial of service.", "issued": "2025-07-26T03:32:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8176 https://bugzilla.redhat.com/show_bug.cgi?id=2383598 https://www.cve.org/CVERecord?id=CVE-2025-8176 https://nvd.nist.gov/vuln/detail/CVE-2025-8176 http://www.libtiff.org/ https://gitlab.com/libtiff/libtiff/-/commit/fe10872e53efba9cc36c66ac4ab3b41a839d5172 https://gitlab.com/libtiff/libtiff/-/issues/707 https://gitlab.com/libtiff/libtiff/-/merge_requests/727 https://vuldb.com/?ctiid.317590 https://vuldb.com/?id.317590 https://vuldb.com/?submit.621796 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8176.json https://access.redhat.com/errata/RHSA-2025:20956", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-15.el9_7.2", "arch_op": "pattern match" }, "QaKFgrY/cUPl6Ls/xAwlFQ==": { "id": "QaKFgrY/cUPl6Ls/xAwlFQ==", "updater": "rhel-vex", "name": "CVE-2025-11495", "description": "A heap based buffer overflow flaw has been discovered in the GNU Binutils package. The affected element is the function elf_x86_64_relocate_section of the file elf64-x86-64.c of the component Linker. This manipulation causes heap-based buffer overflow. The attack can only be executed locally.", "issued": "2025-10-08T20:02:07Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11495 https://bugzilla.redhat.com/show_bug.cgi?id=2402584 https://www.cve.org/CVERecord?id=CVE-2025-11495 https://nvd.nist.gov/vuln/detail/CVE-2025-11495 https://sourceware.org/bugzilla/attachment.cgi?id=16393 https://sourceware.org/bugzilla/show_bug.cgi?id=33502 https://sourceware.org/bugzilla/show_bug.cgi?id=33502#c3 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0 https://vuldb.com/?ctiid.327620 https://vuldb.com/?id.327620 https://vuldb.com/?submit.668290 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11495.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QbgvVzhz2dr5BDvAUM6wFQ==": { "id": "QbgvVzhz2dr5BDvAUM6wFQ==", "updater": "rhel-vex", "name": "CVE-2022-2304", "description": "A stack-based buffer overflow vulnerability was found in Vim's spell_dump_compl() function of the src/spell.c file. This issue occurs because the spell dump goes beyond the end of an array when crafted input is processed. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-07-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2304 https://bugzilla.redhat.com/show_bug.cgi?id=2104416 https://www.cve.org/CVERecord?id=CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2304.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Qbjoqw6Ot3cGOKNyQYBo4g==": { "id": "Qbjoqw6Ot3cGOKNyQYBo4g==", "updater": "rhel-vex", "name": "CVE-2025-14087", "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14087 https://bugzilla.redhat.com/show_bug.cgi?id=2419093 https://www.cve.org/CVERecord?id=CVE-2025-14087 https://nvd.nist.gov/vuln/detail/CVE-2025-14087 https://gitlab.gnome.org/GNOME/glib/-/issues/3834 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14087.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Qe1reyLPtQVZ5wKqKa9jQA==": { "id": "Qe1reyLPtQVZ5wKqKa9jQA==", "updater": "rhel-vex", "name": "CVE-2022-0213", "description": "A flaw was found in vim. The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "issued": "2022-01-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-0213 https://bugzilla.redhat.com/show_bug.cgi?id=2043779 https://www.cve.org/CVERecord?id=CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0213.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QgRg8usqYLpC2SzTmhUKsQ==": { "id": "QgRg8usqYLpC2SzTmhUKsQ==", "updater": "rhel-vex", "name": "CVE-2025-22134", "description": "A flaw was found in Vim. Due to Vim not properly terminating visual mode, a heap buffer overflow condition may be triggered when a user switches buffers using the `:all` command. This issue may lead to unexpected behavior, such as an application crash or memory corruption.", "issued": "2025-01-13T20:41:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22134 https://bugzilla.redhat.com/show_bug.cgi?id=2337437 https://www.cve.org/CVERecord?id=CVE-2025-22134 https://nvd.nist.gov/vuln/detail/CVE-2025-22134 https://github.com/vim/vim/commit/c9a1e257f1630a0866447e53a564f7ff96a80ead https://github.com/vim/vim/security/advisories/GHSA-5rgf-26wj-48v8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22134.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QgyYiUqrv2nc1+RqO1bM4A==": { "id": "QgyYiUqrv2nc1+RqO1bM4A==", "updater": "rhel-vex", "name": "CVE-2023-2602", "description": "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "issued": "2023-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2602 https://bugzilla.redhat.com/show_bug.cgi?id=2209114 https://www.cve.org/CVERecord?id=CVE-2023-2602 https://nvd.nist.gov/vuln/detail/CVE-2023-2602 https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2602.json https://access.redhat.com/errata/RHSA-2023:5071", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libcap", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.48-9.el9_2", "arch_op": "pattern match" }, "QhESIu1eoXqoSNW7jNhlZg==": { "id": "QhESIu1eoXqoSNW7jNhlZg==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-overload", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.31-481.1.el9_6", "arch_op": "pattern match" }, "Qimhraux3dZtFrPRbNJqyw==": { "id": "Qimhraux3dZtFrPRbNJqyw==", "updater": "osv/go", "name": "GO-2023-2043", "description": "Improper handling of special tags within script contexts in html/template", "issued": "2023-09-07T16:11:59Z", "links": "https://go.dev/issue/62197 https://go.dev/cl/526157 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.20.8" }, "QireWdVPs8MzNOJ1scQvdA==": { "id": "QireWdVPs8MzNOJ1scQvdA==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "QjS6b4li9vRMvS2l49iyfw==": { "id": "QjS6b4li9vRMvS2l49iyfw==", "updater": "rhel-vex", "name": "CVE-2023-27534", "description": "A path traversal vulnerability exists in curl \u003c8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27534.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "Qmv/HFfBCKuu6eMPjatnfw==": { "id": "Qmv/HFfBCKuu6eMPjatnfw==", "updater": "rhel-vex", "name": "CVE-2025-14104", "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14104 https://bugzilla.redhat.com/show_bug.cgi?id=2419369 https://www.cve.org/CVERecord?id=CVE-2025-14104 https://nvd.nist.gov/vuln/detail/CVE-2025-14104 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14104.json https://access.redhat.com/errata/RHSA-2026:1913", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "util-linux-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.37.4-21.el9_7", "arch_op": "pattern match" }, "Qp7j7oFs4UbVUHVGblDM1w==": { "id": "Qp7j7oFs4UbVUHVGblDM1w==", "updater": "rhel-vex", "name": "CVE-2024-4032", "description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.3", "arch_op": "pattern match" }, "QqK1O3FCNB9QbClJ7bZ6YA==": { "id": "QqK1O3FCNB9QbClJ7bZ6YA==", "updater": "rhel-vex", "name": "CVE-2024-6119", "description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "issued": "2024-09-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-28.el9_4", "arch_op": "pattern match" }, "QqNagWxBuciWgmqsaHDwZw==": { "id": "QqNagWxBuciWgmqsaHDwZw==", "updater": "rhel-vex", "name": "CVE-2023-23920", "description": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23920 https://bugzilla.redhat.com/show_bug.cgi?id=2172217 https://www.cve.org/CVERecord?id=CVE-2023-23920 https://nvd.nist.gov/vuln/detail/CVE-2023-23920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23920.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "Qr2/3ufYTxjXiJuEKM7I7w==": { "id": "Qr2/3ufYTxjXiJuEKM7I7w==", "updater": "rhel-vex", "name": "CVE-2022-3358", "description": "A flaw was found in OpenSSL, where it incorrectly handles legacy custom ciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions (as well as other similarly named encryption and decryption initialization functions). Instead of using the custom cipher directly, it incorrectly tries to fetch an equivalent cipher from the available providers. An equivalent cipher is found based on the NID passed to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a given cipher. However, it is possible for an application to incorrectly pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef is used this way, the OpenSSL encryption/decryption initialization function will match the NULL cipher as equivalent and fetch this from the available providers. This is successful if the default provider has been loaded (or if a third-party provider has been loaded that offers this cipher). Using the NULL cipher means that the plaintext is emitted as the ciphertext.", "issued": "2022-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3358 https://bugzilla.redhat.com/show_bug.cgi?id=2134740 https://www.cve.org/CVERecord?id=CVE-2022-3358 https://nvd.nist.gov/vuln/detail/CVE-2022-3358 https://www.openssl.org/news/secadv/20221011.txt https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3358.json https://access.redhat.com/errata/RHSA-2023:2523", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-6.el9_2", "arch_op": "pattern match" }, "QrDxAdiYzNE7ZZrkfYGiQQ==": { "id": "QrDxAdiYzNE7ZZrkfYGiQQ==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://inbox.sourceware.org/libc-announce/3ac997b0-28a5-4129-af53-675efe4c2dec@redhat.com/T/#u https://sourceware.org/bugzilla/show_bug.cgi?id=32976 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "QsR+n6O0ULfYayvahAaltg==": { "id": "QsR+n6O0ULfYayvahAaltg==", "updater": "rhel-vex", "name": "CVE-2023-34969", "description": "An assertion failure vulnerability was found in D-Bus. This issue occurs when a privileged monitoring connection (dbus-monitor, busctl monitor, gdbus monitor, or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to \u003cdeny\u003e rules or outgoing message quota. If a privileged user with control over the dbus-daemon is monitoring the message bus traffic using the Monitoring clients like the dbus-monitor or busctl monitor interfaces, then an unprivileged local user with the ability to connect to the same dbus-daemon could send specially crafted request, causing a dbus-daemon to crash, resulting in a denial of service under some circumstances.", "issued": "2023-06-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-34969 https://bugzilla.redhat.com/show_bug.cgi?id=2213166 https://www.cve.org/CVERecord?id=CVE-2023-34969 https://nvd.nist.gov/vuln/detail/CVE-2023-34969 https://gitlab.freedesktop.org/dbus/dbus/-/issues/457 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-34969.json https://access.redhat.com/errata/RHSA-2023:4569", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "dbus", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:1.12.20-7.el9_2.1", "arch_op": "pattern match" }, "QsiHUYCa/QcMQzBitOtxXQ==": { "id": "QsiHUYCa/QcMQzBitOtxXQ==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://nodejs.org/pt/blog/vulnerability/january-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1443", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.18.2-1.module+el9.5.0+22758+4ad2c198", "arch_op": "pattern match" }, "QskDoDnTSvrQeDXklM4YOw==": { "id": "QskDoDnTSvrQeDXklM4YOw==", "updater": "rhel-vex", "name": "CVE-2026-4105", "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "issued": "2026-03-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4105 https://bugzilla.redhat.com/show_bug.cgi?id=2447262 https://www.cve.org/CVERecord?id=CVE-2026-4105 https://nvd.nist.gov/vuln/detail/CVE-2026-4105 https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4105.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QvPHR+YbqNjRrCZl0Ui1yQ==": { "id": "QvPHR+YbqNjRrCZl0Ui1yQ==", "updater": "rhel-vex", "name": "CVE-2017-17095", "description": "A vulnerability was found in LibTIFF, where a heap-based buffer overflow in the pal2rgb function in tools/pal2rgb.c can lead to a denial of service, a remote attacker could exploit this flaw by persuading a victim to open a specially crafted file, causing the application to crash.", "issued": "2017-11-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2017-17095 https://bugzilla.redhat.com/show_bug.cgi?id=1524284 https://www.cve.org/CVERecord?id=CVE-2017-17095 https://nvd.nist.gov/vuln/detail/CVE-2017-17095 https://security.access.redhat.com/data/csaf/v2/vex/2017/cve-2017-17095.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "QwkBpizF3mo2JpevPMDeaw==": { "id": "QwkBpizF3mo2JpevPMDeaw==", "updater": "rhel-vex", "name": "CVE-2025-23165", "description": "A flaw was found in the ReadFileUtf8 internal binding of Node.js. This vulnerability can allow an attacker to cause an application denial of service via repeated file read operations that trigger an unrecoverable memory leak due to a corrupted pointer in the underlying file system binding.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23165 https://bugzilla.redhat.com/show_bug.cgi?id=2367162 https://www.cve.org/CVERecord?id=CVE-2025-23165 https://nvd.nist.gov/vuln/detail/CVE-2025-23165 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23165.json https://access.redhat.com/errata/RHSA-2025:8467", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.9.2-1.22.16.0.1.module+el9.6.0+23151+b1496e9d", "arch_op": "pattern match" }, "QxQ47SEMl+UFCOv8XVwx9A==": { "id": "QxQ47SEMl+UFCOv8XVwx9A==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libstdc++-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "Qzh+CSMQ9O8Q+LoKZ+3MuA==": { "id": "Qzh+CSMQ9O8Q+LoKZ+3MuA==", "updater": "rhel-vex", "name": "CVE-2022-29458", "description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "issued": "2022-04-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-29458.json https://access.redhat.com/errata/RHSA-2025:12876", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9_6.2", "arch_op": "pattern match" }, "QznSXY89jmEtP62PhxgH1g==": { "id": "QznSXY89jmEtP62PhxgH1g==", "updater": "rhel-vex", "name": "CVE-2023-43786", "description": "A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43786 https://bugzilla.redhat.com/show_bug.cgi?id=2242253 https://www.cve.org/CVERecord?id=CVE-2023-43786 https://nvd.nist.gov/vuln/detail/CVE-2023-43786 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43786.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "R+49XKdX2qOOaoykdLSbyw==": { "id": "R+49XKdX2qOOaoykdLSbyw==", "updater": "rhel-vex", "name": "CVE-2025-15467", "description": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.", "issued": "2026-01-27T14:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15467 https://bugzilla.redhat.com/show_bug.cgi?id=2430376 https://www.cve.org/CVERecord?id=CVE-2025-15467 https://nvd.nist.gov/vuln/detail/CVE-2025-15467 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15467.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "R/1pH8uHGa3Vo+JZ4isuOQ==": { "id": "R/1pH8uHGa3Vo+JZ4isuOQ==", "updater": "rhel-vex", "name": "CVE-2024-45341", "description": "A flaw was found in the crypto/x509 package of the Golang standard library. A certificate with a URI, which has a IPv6 address with a zone ID, may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI; this issue only affects users of private PKIs that make use of URIs.", "issued": "2025-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/show_bug.cgi?id=2341750 https://www.cve.org/CVERecord?id=CVE-2024-45341 https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://github.com/golang/go/commit/2b2314e9f6103de322b2e247387c8b01fd0cd5a4 https://github.com/golang/go/issues/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45341.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "R1Akf7BYKFH+Usf+3IS0Cg==": { "id": "R1Akf7BYKFH+Usf+3IS0Cg==", "updater": "rhel-vex", "name": "CVE-2024-32020", "description": "A vulnerability was found in Git. This flaw allows an unauthenticated attacker to place a specialized repository on their target's local system. For performance reasons, Git uses hardlinks when cloning a repository located on the same disk. However, if the repo being cloned is owned by a different user, this can introduce a security risk. At any time in the future, the original repo owner could rewrite the hardlinked files in the cloned user's repo.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32020 https://bugzilla.redhat.com/show_bug.cgi?id=2280466 https://www.cve.org/CVERecord?id=CVE-2024-32020 https://nvd.nist.gov/vuln/detail/CVE-2024-32020 https://github.com/git/git/security/advisories/GHSA-5rfh-556j-fhgj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32020.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "R1x4adkbkgVhxc9hzgUZcA==": { "id": "R1x4adkbkgVhxc9hzgUZcA==", "updater": "rhel-vex", "name": "CVE-2024-25260", "description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "issued": "2024-02-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25260.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "elfutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "R6drGbgnzqKGDiX/RNUdqw==": { "id": "R6drGbgnzqKGDiX/RNUdqw==", "updater": "rhel-vex", "name": "CVE-2024-0553", "description": "A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.", "issued": "2024-01-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0553 https://bugzilla.redhat.com/show_bug.cgi?id=2258412 https://www.cve.org/CVERecord?id=CVE-2024-0553 https://nvd.nist.gov/vuln/detail/CVE-2024-0553 https://gitlab.com/gnutls/gnutls/-/issues/1522 https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0553.json https://access.redhat.com/errata/RHSA-2024:0533", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-23.el9_3.3", "arch_op": "pattern match" }, "R7IaseHP2Jo3rY8+KZLpFQ==": { "id": "R7IaseHP2Jo3rY8+KZLpFQ==", "updater": "rhel-vex", "name": "CVE-2026-27904", "description": "A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and resulting in a Denial of Service (DoS).", "issued": "2026-02-26T01:07:42Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27904 https://bugzilla.redhat.com/show_bug.cgi?id=2442922 https://www.cve.org/CVERecord?id=CVE-2026-27904 https://nvd.nist.gov/vuln/detail/CVE-2026-27904 https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27904.json https://access.redhat.com/errata/RHSA-2026:7896", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.20.2-1.module+el9.7.0+24193+41b7b572", "arch_op": "pattern match" }, "R7XEe59RfqPZwHJmDbOyww==": { "id": "R7XEe59RfqPZwHJmDbOyww==", "updater": "rhel-vex", "name": "CVE-2021-35939", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "R9lgi90skf6A+gEQ2Lu8dg==": { "id": "R9lgi90skf6A+gEQ2Lu8dg==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-DynaLoader", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.47-481.el9", "arch_op": "pattern match" }, "RA9ILX3H27ou2ro1GzHq8Q==": { "id": "RA9ILX3H27ou2ro1GzHq8Q==", "updater": "rhel-vex", "name": "CVE-2024-1394", "description": "A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey​ and ctx​. That function uses named return parameters to free pkey​ and ctx​ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the \"return nil, nil, fail(...)\" pattern, meaning that pkey​ and ctx​ will be nil inside the deferred function that should free them.", "issued": "2024-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-1394 https://bugzilla.redhat.com/show_bug.cgi?id=2262921 https://www.cve.org/CVERecord?id=CVE-2024-1394 https://nvd.nist.gov/vuln/detail/CVE-2024-1394 https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136 https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6 https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f https://pkg.go.dev/vuln/GO-2024-2660 https://vuln.go.dev/ID/GO-2024-2660.json https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1394.json https://access.redhat.com/errata/RHSA-2024:1462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-2.el9_3", "arch_op": "pattern match" }, "RATpPhLUqjEbe+XxyYxOOw==": { "id": "RATpPhLUqjEbe+XxyYxOOw==", "updater": "rhel-vex", "name": "CVE-2022-2257", "description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msg_outtrans_special function. This flaw allows a specially crafted file to crash software or execute code when opened in vim.", "issued": "2022-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2257 https://bugzilla.redhat.com/show_bug.cgi?id=2103133 https://www.cve.org/CVERecord?id=CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2257.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RCa1Bj2enE6hnHOgI0Hpsw==": { "id": "RCa1Bj2enE6hnHOgI0Hpsw==", "updater": "rhel-vex", "name": "CVE-2026-27904", "description": "A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and resulting in a Denial of Service (DoS).", "issued": "2026-02-26T01:07:42Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27904 https://bugzilla.redhat.com/show_bug.cgi?id=2442922 https://www.cve.org/CVERecord?id=CVE-2026-27904 https://nvd.nist.gov/vuln/detail/CVE-2026-27904 https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27904.json https://access.redhat.com/errata/RHSA-2026:7896", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.20.2-1.module+el9.7.0+24193+41b7b572", "arch_op": "pattern match" }, "RDdKN1sSPMFiFxzJJm3X1g==": { "id": "RDdKN1sSPMFiFxzJJm3X1g==", "updater": "rhel-vex", "name": "CVE-2026-26996", "description": "A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.", "issued": "2026-02-20T03:05:21Z", "links": "https://access.redhat.com/security/cve/CVE-2026-26996 https://bugzilla.redhat.com/show_bug.cgi?id=2441268 https://www.cve.org/CVERecord?id=CVE-2026-26996 https://nvd.nist.gov/vuln/detail/CVE-2026-26996 https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5 https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-26996.json https://access.redhat.com/errata/RHSA-2026:7896", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.20.2-1.module+el9.7.0+24193+41b7b572", "arch_op": "pattern match" }, "RDlpzaleAPnYWwZyjvoRug==": { "id": "RDlpzaleAPnYWwZyjvoRug==", "updater": "rhel-vex", "name": "CVE-2024-3596", "description": "A vulnerability in the RADIUS (Remote Authentication Dial-In User Service) protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof UDP-based RADIUS response packets. This can result in unauthorized access by modifying an Access-Reject response to an Access-Accept response, thereby compromising the authentication process.", "issued": "2024-07-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-3596 https://bugzilla.redhat.com/show_bug.cgi?id=2263240 https://www.cve.org/CVERecord?id=CVE-2024-3596 https://nvd.nist.gov/vuln/detail/CVE-2024-3596 https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/ https://datatracker.ietf.org/doc/html/rfc2865 https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf https://w1.fi/security/2024-1/hostapd-and-radius-protocol-forgery-attacks.txt https://www.blastradius.fail/ https://www.kb.cert.org/vuls/id/456537 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3596.json https://access.redhat.com/errata/RHSA-2024:9474", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-4.el9_5", "arch_op": "pattern match" }, "RFeq5rwe+sxgyWgUXeEitA==": { "id": "RFeq5rwe+sxgyWgUXeEitA==", "updater": "osv/go", "name": "GO-2022-0523", "description": "Stack exhaustion when unmarshaling certain documents in encoding/xml", "issued": "2022-07-20T20:52:06Z", "links": "https://go.dev/cl/417061 https://go.googlesource.com/go/+/c4c1993fd2a5b26fe45c09592af6d3388a3b2e08 https://go.dev/issue/53611 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.4" }, "RH0QKqHuyNcotxvkkCiTBA==": { "id": "RH0QKqHuyNcotxvkkCiTBA==", "updater": "rhel-vex", "name": "CVE-2024-45336", "description": "A flaw was found in the net/http package of the Golang standard library. The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to `a.com/` containing an Authorization header redirected to `b.com/` will not send that header to `b.com`. However, the sensitive headers would be restored if the client received a subsequent same-domain redirect. For example, a chain of redirects from `a.com/`, to `b.com/1`, and finally to `b.com/2` would incorrectly send the Authorization header to `b.com/2`.", "issued": "2025-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/show_bug.cgi?id=2341751 https://www.cve.org/CVERecord?id=CVE-2024-45336 https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://github.com/golang/go/issues/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45336.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "RHShqbO2hqcBNPYbKDg/3A==": { "id": "RHShqbO2hqcBNPYbKDg/3A==", "updater": "rhel-vex", "name": "CVE-2026-6732", "description": "A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an internal entity reference. An attacker could exploit this by providing a malicious document, leading to a type confusion error that causes the application to crash. This results in a denial of service (DoS), making the affected system or application unavailable.", "issued": "2026-04-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-6732 https://bugzilla.redhat.com/show_bug.cgi?id=2461300 https://www.cve.org/CVERecord?id=CVE-2026-6732 https://nvd.nist.gov/vuln/detail/CVE-2026-6732 https://gitlab.gnome.org/GNOME/libxml2/-/issues/1097 https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/411 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6732.json", "severity": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RJa5WIC77pr9MGY1RZloTw==": { "id": "RJa5WIC77pr9MGY1RZloTw==", "updater": "rhel-vex", "name": "CVE-2026-21711", "description": "A flaw was found in Node.js. The Node.js Permission Model, designed to restrict network access, incorrectly omits permission checks for Unix Domain Socket (UDS) server operations. This allows local code, even when explicitly denied network access, to create and expose inter-process communication (IPC) endpoints. As a result, unauthorized communication can occur between processes on the same host, bypassing the intended network security restrictions.", "issued": "2026-03-30T19:07:28Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21711 https://bugzilla.redhat.com/show_bug.cgi?id=2453158 https://www.cve.org/CVERecord?id=CVE-2026-21711 https://nvd.nist.gov/vuln/detail/CVE-2026-21711 https://nodejs.org/en/blog/vulnerability/march-2026-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21711.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "RJziShukaon2ShF1sKdneQ==": { "id": "RJziShukaon2ShF1sKdneQ==", "updater": "rhel-vex", "name": "CVE-2024-28757", "description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "issued": "2024-03-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json https://access.redhat.com/errata/RHSA-2024:1530", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-1.el9_3.1", "arch_op": "pattern match" }, "RLGDcCcECNxfaKqTkhDvew==": { "id": "RLGDcCcECNxfaKqTkhDvew==", "updater": "rhel-vex", "name": "CVE-2023-23920", "description": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23920 https://bugzilla.redhat.com/show_bug.cgi?id=2172217 https://www.cve.org/CVERecord?id=CVE-2023-23920 https://nvd.nist.gov/vuln/detail/CVE-2023-23920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23920.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "RLfmH4oizoEHB59VpAV6Kg==": { "id": "RLfmH4oizoEHB59VpAV6Kg==", "updater": "rhel-vex", "name": "CVE-2024-30203", "description": "A flaw was found in Emacs. When Emacs is used as an email client, inline MIME attachments are considered to be trusted by default, allowing a crafted LaTeX document to exhaust the disk space or the inodes allocated for the partition where the /tmp directory is located. This issue possibly results in a denial of service.", "issued": "2024-03-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-30203 https://bugzilla.redhat.com/show_bug.cgi?id=2280296 https://www.cve.org/CVERecord?id=CVE-2024-30203 https://nvd.nist.gov/vuln/detail/CVE-2024-30203 https://www.openwall.com/lists/oss-security/2024/03/25/2 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-30203.json https://access.redhat.com/errata/RHSA-2024:9302", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-10.el9", "arch_op": "pattern match" }, "RPlldG/r8WWd2UCSZ1vzsg==": { "id": "RPlldG/r8WWd2UCSZ1vzsg==", "updater": "rhel-vex", "name": "CVE-2023-46218", "description": "A flaw was found in curl that verifies a given cookie domain against the Public Suffix List. This issue could allow a malicious HTTP server to set \"super cookies\" in curl that are passed back to more origins than what is otherwise allowed or possible.", "issued": "2023-12-06T07:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46218 https://bugzilla.redhat.com/show_bug.cgi?id=2252030 https://www.cve.org/CVERecord?id=CVE-2023-46218 https://nvd.nist.gov/vuln/detail/CVE-2023-46218 https://curl.se/docs/CVE-2023-46218.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46218.json https://access.redhat.com/errata/RHSA-2024:1129", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.3", "arch_op": "pattern match" }, "RReWBnQmCp2XJDUh6xioRQ==": { "id": "RReWBnQmCp2XJDUh6xioRQ==", "updater": "rhel-vex", "name": "CVE-2023-0798", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractContigSamplesShifted8bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0798 https://bugzilla.redhat.com/show_bug.cgi?id=2170157 https://www.cve.org/CVERecord?id=CVE-2023-0798 https://nvd.nist.gov/vuln/detail/CVE-2023-0798 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0798.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "RRtBD+EuTLmzasgAaBJyZw==": { "id": "RRtBD+EuTLmzasgAaBJyZw==", "updater": "rhel-vex", "name": "CVE-2025-11081", "description": "An out of bounds read flaw has been discovered in GNU bin utilities. This issue affects the function dump_dwarf_section of the file binutils/objdump.c. Performing manipulation results in out-of-bounds read. The attack is only possible with local access.", "issued": "2025-09-27T22:02:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11081 https://bugzilla.redhat.com/show_bug.cgi?id=2399944 https://www.cve.org/CVERecord?id=CVE-2025-11081 https://nvd.nist.gov/vuln/detail/CVE-2025-11081 https://github.com/user-attachments/files/20623354/hdf5_crash_3.txt https://sourceware.org/bugzilla/show_bug.cgi?id=33406 https://sourceware.org/bugzilla/show_bug.cgi?id=33406#c2 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f87a66db645caf8cc0e6fc87b0c28c78a38af59b https://vuldb.com/?ctiid.326122 https://vuldb.com/?id.326122 https://vuldb.com/?submit.661275 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11081.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RTmPkhx0MCxt8vC1skZm/A==": { "id": "RTmPkhx0MCxt8vC1skZm/A==", "updater": "rhel-vex", "name": "CVE-2025-59466", "description": "A stack overflow flaw has been discovered in Node.js error handling where \"Maximum call stack size exceeded\" errors become uncatchable when `async_hooks.createHook()` is enabled. Instead of reaching `process.on('uncaughtException')`, the process terminates, making the crash unrecoverable. Applications that rely on `AsyncLocalStorage` (v22, v20) or `async_hooks.createHook()` (v24, v22, v20) become vulnerable to denial-of-service crashes triggered by deep recursion under specific conditions.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-59466 https://bugzilla.redhat.com/show_bug.cgi?id=2431343 https://www.cve.org/CVERecord?id=CVE-2025-59466 https://nvd.nist.gov/vuln/detail/CVE-2025-59466 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-59466.json https://access.redhat.com/errata/RHSA-2026:2783", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.20.0-1.module+el9.7.0+23895+0637d423", "arch_op": "pattern match" }, "RU6xHn/9SV8lotyX3JW1ZQ==": { "id": "RU6xHn/9SV8lotyX3JW1ZQ==", "updater": "rhel-vex", "name": "CVE-2022-4904", "description": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.", "issued": "2022-12-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4904 https://bugzilla.redhat.com/show_bug.cgi?id=2168631 https://www.cve.org/CVERecord?id=CVE-2022-4904 https://nvd.nist.gov/vuln/detail/CVE-2022-4904 https://github.com/c-ares/c-ares/issues/496 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4904.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "RUDcnDBVSmf+/LWMe4Tqgw==": { "id": "RUDcnDBVSmf+/LWMe4Tqgw==", "updater": "rhel-vex", "name": "CVE-2021-3826", "description": "A vulnerability was found in Libiberty. A heap and stack buffer overflow found in the dlang_lname function in d-demangle.c leads to a denial of service.", "issued": "2021-09-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3826 https://bugzilla.redhat.com/show_bug.cgi?id=2122627 https://www.cve.org/CVERecord?id=CVE-2021-3826 https://nvd.nist.gov/vuln/detail/CVE-2021-3826 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3826.json https://access.redhat.com/errata/RHSA-2023:6372", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gdb-headless", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:10.2-11.el9", "arch_op": "pattern match" }, "RXSYUreBGXQz5Vll3C130A==": { "id": "RXSYUreBGXQz5Vll3C130A==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "Rd2hVVbUws+mcvoC7DaoiQ==": { "id": "Rd2hVVbUws+mcvoC7DaoiQ==", "updater": "rhel-vex", "name": "CVE-2022-4292", "description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-12-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4292.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Rf7m+dbWxZxBNm1A9nfdqg==": { "id": "Rf7m+dbWxZxBNm1A9nfdqg==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "RfXeDDRCykmZZMDXVfaGtg==": { "id": "RfXeDDRCykmZZMDXVfaGtg==", "updater": "rhel-vex", "name": "CVE-2025-32415", "description": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.", "issued": "2025-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32415 https://bugzilla.redhat.com/show_bug.cgi?id=2360768 https://www.cve.org/CVERecord?id=CVE-2025-32415 https://nvd.nist.gov/vuln/detail/CVE-2025-32415 https://gitlab.gnome.org/GNOME/libxml2/-/issues/890 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32415.json https://access.redhat.com/errata/RHSA-2025:13428", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-12.el9_6", "arch_op": "pattern match" }, "RgBI11FezD5/LF6u61IQtw==": { "id": "RgBI11FezD5/LF6u61IQtw==", "updater": "rhel-vex", "name": "CVE-2022-48554", "description": "A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash.", "issued": "2022-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-48554 https://bugzilla.redhat.com/show_bug.cgi?id=2235714 https://www.cve.org/CVERecord?id=CVE-2022-48554 https://nvd.nist.gov/vuln/detail/CVE-2022-48554 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-48554.json https://access.redhat.com/errata/RHSA-2024:2512", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "file-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:5.39-16.el9", "arch_op": "pattern match" }, "Rm7aeXEOy4+PSaaC/AfGyw==": { "id": "Rm7aeXEOy4+PSaaC/AfGyw==", "updater": "rhel-vex", "name": "CVE-2025-25724", "description": "A flaw was found in the libarchive package. Affected versions of libarchive do not check a strftime return value, which can lead to a denial of service or unspecified other impacts via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.", "issued": "2025-03-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-25724 https://bugzilla.redhat.com/show_bug.cgi?id=2349221 https://www.cve.org/CVERecord?id=CVE-2025-25724 https://nvd.nist.gov/vuln/detail/CVE-2025-25724 https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92 https://github.com/Ekkosun/pocs/blob/main/bsdtarbug https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-25724.json https://access.redhat.com/errata/RHSA-2025:9431", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "bsdtar", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-5.el9_6", "arch_op": "pattern match" }, "RnzVpoLf3gQvIDiBFFXm6w==": { "id": "RnzVpoLf3gQvIDiBFFXm6w==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "RoQvxPrgcpXyTej834bT2Q==": { "id": "RoQvxPrgcpXyTej834bT2Q==", "updater": "rhel-vex", "name": "CVE-2024-57360", "description": "A flaw was found in the nm utility of binutils. A local user who specifies the `--without-symbol-versions` option on a specially crafted ELF file can trigger a segmentation fault condition. This may lead to an application crash or other undefined behavior.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-57360 https://bugzilla.redhat.com/show_bug.cgi?id=2339263 https://www.cve.org/CVERecord?id=CVE-2024-57360 https://nvd.nist.gov/vuln/detail/CVE-2024-57360 https://sourceware.org/bugzilla/show_bug.cgi?id=32467 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-57360.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RxiYxX3H5lL8cc7k0ac/mQ==": { "id": "RxiYxX3H5lL8cc7k0ac/mQ==", "updater": "rhel-vex", "name": "CVE-2025-4516", "description": "A vulnerability has been identified in CPython's bytes.decode() function when used with the \"unicode_escape\" encoding and the \"ignore\" or \"replace\" error handling modes. This flaw can result in the incorrect decoding of byte strings. While this may not directly lead to traditional security breaches like data exfiltration, the resulting unexpected program behavior could introduce instability, logic errors, or unintended side effects within applications that rely on this specific decoding functionality.", "issued": "2025-05-15T13:29:20Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4516 https://bugzilla.redhat.com/show_bug.cgi?id=2366509 https://www.cve.org/CVERecord?id=CVE-2025-4516 https://nvd.nist.gov/vuln/detail/CVE-2025-4516 https://github.com/python/cpython/commit/69b4387f78f413e8c47572a85b3478c47eba8142 https://github.com/python/cpython/commit/9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e https://github.com/python/cpython/issues/133767 https://github.com/python/cpython/pull/129648 https://mail.python.org/archives/list/security-announce@python.org/thread/L75IPBBTSCYEF56I2M4KIW353BB3AY74/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4516.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3.9", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RxmnlWamNxvphCIuarducQ==": { "id": "RxmnlWamNxvphCIuarducQ==", "updater": "rhel-vex", "name": "CVE-2023-30086", "description": "A vulnerability was found in the libtiff library. This flaw causes a buffer overflow in libtiff that allows a local attacker to cause a denial of service via the tiffcp function in tiffcp.c.", "issued": "2023-05-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30086 https://bugzilla.redhat.com/show_bug.cgi?id=2203650 https://www.cve.org/CVERecord?id=CVE-2023-30086 https://nvd.nist.gov/vuln/detail/CVE-2023-30086 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30086.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "RxwFiIUPJYMo6r5lfv+sdQ==": { "id": "RxwFiIUPJYMo6r5lfv+sdQ==", "updater": "rhel-vex", "name": "CVE-2022-47011", "description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "issued": "2022-06-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Ry6vRm+cs1w4rnhTcw+4ww==": { "id": "Ry6vRm+cs1w4rnhTcw+4ww==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "Rz0KcMyzx8GC2p+YUZpHPQ==": { "id": "Rz0KcMyzx8GC2p+YUZpHPQ==", "updater": "rhel-vex", "name": "CVE-2024-4603", "description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.  In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "issued": "2024-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "S01BJ2Ht59Iq71LsHWKLzg==": { "id": "S01BJ2Ht59Iq71LsHWKLzg==", "updater": "rhel-vex", "name": "CVE-2023-23919", "description": "A cryptographic vulnerability exists in Node.js \u003c19.2.0, \u003c18.14.1, \u003c16.19.1, \u003c14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23919 https://bugzilla.redhat.com/show_bug.cgi?id=2172170 https://www.cve.org/CVERecord?id=CVE-2023-23919 https://nvd.nist.gov/vuln/detail/CVE-2023-23919 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23919.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "S2Vz+b7SfKEl74LFjj2t7Q==": { "id": "S2Vz+b7SfKEl74LFjj2t7Q==", "updater": "rhel-vex", "name": "CVE-2025-27614", "description": "There's a vulnerability in gitk where an user can be tricked to run malicious scripts supplied by the attacker when running gitk filename command. When successfully exploited this vulnerability may result in arbitrary code execution.", "issued": "2025-07-08T13:01:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27614 https://bugzilla.redhat.com/show_bug.cgi?id=2379125 https://www.cve.org/CVERecord?id=CVE-2025-27614 https://nvd.nist.gov/vuln/detail/CVE-2025-27614 https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/ https://www.openwall.com/lists/oss-security/2025/07/08/4 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27614.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "S2g7delheJOLf2DxVbw0Hg==": { "id": "S2g7delheJOLf2DxVbw0Hg==", "updater": "rhel-vex", "name": "CVE-2024-0450", "description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.1", "arch_op": "pattern match" }, "S2kC/8+NtHD0EdQuoPqXlg==": { "id": "S2kC/8+NtHD0EdQuoPqXlg==", "updater": "rhel-vex", "name": "CVE-2024-1394", "description": "A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey​ and ctx​. That function uses named return parameters to free pkey​ and ctx​ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the \"return nil, nil, fail(...)\" pattern, meaning that pkey​ and ctx​ will be nil inside the deferred function that should free them.", "issued": "2024-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-1394 https://bugzilla.redhat.com/show_bug.cgi?id=2262921 https://www.cve.org/CVERecord?id=CVE-2024-1394 https://nvd.nist.gov/vuln/detail/CVE-2024-1394 https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136 https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6 https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f https://pkg.go.dev/vuln/GO-2024-2660 https://vuln.go.dev/ID/GO-2024-2660.json https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1394.json https://access.redhat.com/errata/RHSA-2024:1462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-2.el9_3", "arch_op": "pattern match" }, "S3c04CkV3MUFBzUssTpBSg==": { "id": "S3c04CkV3MUFBzUssTpBSg==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "S5Dzz9cigoJDCj8s5UcT0g==": { "id": "S5Dzz9cigoJDCj8s5UcT0g==", "updater": "rhel-vex", "name": "CVE-2022-41409", "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "issued": "2023-07-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "pcre2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "S9GgHs7lpMPNDjvswObhPg==": { "id": "S9GgHs7lpMPNDjvswObhPg==", "updater": "rhel-vex", "name": "CVE-2024-25062", "description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "issued": "2024-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_4", "arch_op": "pattern match" }, "SBAWrxfXaQ2Ka48xajW62A==": { "id": "SBAWrxfXaQ2Ka48xajW62A==", "updater": "rhel-vex", "name": "CVE-2023-24807", "description": "Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24807 https://bugzilla.redhat.com/show_bug.cgi?id=2172204 https://www.cve.org/CVERecord?id=CVE-2023-24807 https://nvd.nist.gov/vuln/detail/CVE-2023-24807 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24807.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "SFiwTqc+C9HkxslIGbfU0g==": { "id": "SFiwTqc+C9HkxslIGbfU0g==", "updater": "rhel-vex", "name": "CVE-2023-23936", "description": "A flaw was found in the fetch API in Node.js that did not prevent CRLF injection in the 'host' header. This issue could allow HTTP response splitting and HTTP header injection.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23936 https://bugzilla.redhat.com/show_bug.cgi?id=2172190 https://www.cve.org/CVERecord?id=CVE-2023-23936 https://nvd.nist.gov/vuln/detail/CVE-2023-23936 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23936.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "SFoELvc6okNKWKi7mExikA==": { "id": "SFoELvc6okNKWKi7mExikA==", "updater": "rhel-vex", "name": "CVE-2024-21896", "description": "A flaw was found in Node.js. The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path is to be treated as a buffer, the implementation uses Buffer.from() to obtain a buffer from the result of path.resolve(). By monkey-patching buffer internals, namely, Buffer.prototype.utf8Write, the application can modify the result of path.resolve(), which leads to a path traversal vulnerability.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21896 https://bugzilla.redhat.com/show_bug.cgi?id=2265717 https://www.cve.org/CVERecord?id=CVE-2024-21896 https://nvd.nist.gov/vuln/detail/CVE-2024-21896 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21896.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "SIPkCsjtWsrsJnfVRjxnKA==": { "id": "SIPkCsjtWsrsJnfVRjxnKA==", "updater": "rhel-vex", "name": "CVE-2023-29404", "description": "A flaw was found in golang. The go command may execute arbitrary code at build time when using cgo. This can occur when running \"go get\" on a malicious module, or when running any other command which builds untrusted code. This can be triggered by linker flags, specified via a \"#cgo LDFLAGS\" directive. The arguments for a number of flags which are non-optional are incorrectly considered optional, allowing disallowed flags to be smuggled through the LDFLAGS sanitization. This affects usage of both the gc and gccgo compilers.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29404 https://bugzilla.redhat.com/show_bug.cgi?id=2217565 https://www.cve.org/CVERecord?id=CVE-2023-29404 https://nvd.nist.gov/vuln/detail/CVE-2023-29404 https://go.dev/cl/501225 https://go.dev/issue/60305 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1841 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29404.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "SJA+1v6mehbGh4JXJ2n5jA==": { "id": "SJA+1v6mehbGh4JXJ2n5jA==", "updater": "rhel-vex", "name": "CVE-2026-22695", "description": "A flaw was found in libpng, a reference library for processing PNG (Portable Network Graphics) image files. A local attacker could exploit a heap buffer over-read vulnerability in the `png_image_finish_read` function by tricking a user into processing a specially crafted interlaced 16-bit PNG file with an 8-bit output format and non-minimal row stride. This could lead to a denial of service (DoS) and potentially information disclosure.", "issued": "2026-01-12T22:55:40Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22695 https://bugzilla.redhat.com/show_bug.cgi?id=2428825 https://www.cve.org/CVERecord?id=CVE-2026-22695 https://nvd.nist.gov/vuln/detail/CVE-2026-22695 https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea https://github.com/pnggroup/libpng/commit/e4f7ad4ea2 https://github.com/pnggroup/libpng/issues/778 https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22695.json https://access.redhat.com/errata/RHSA-2026:3405", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libpng-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:1.6.37-12.el9_7.2", "arch_op": "pattern match" }, "SKOD3G/MxX5t9s/HjT+ehg==": { "id": "SKOD3G/MxX5t9s/HjT+ehg==", "updater": "rhel-vex", "name": "CVE-2024-6387", "description": "A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.", "issued": "2024-07-01T08:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6387 https://bugzilla.redhat.com/show_bug.cgi?id=2294604 https://www.cve.org/CVERecord?id=CVE-2024-6387 https://nvd.nist.gov/vuln/detail/CVE-2024-6387 https://santandersecurityresearch.github.io/blog/sshing_the_masses.html https://www.openssh.com/txt/release-9.8 https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6387.json https://access.redhat.com/errata/RHSA-2024:4312", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-38.el9_4.1", "arch_op": "pattern match" }, "SKyAPnATFclliIE0mjtq+w==": { "id": "SKyAPnATFclliIE0mjtq+w==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "SPxMxLW2DZ8IvP04UR/H6g==": { "id": "SPxMxLW2DZ8IvP04UR/H6g==", "updater": "rhel-vex", "name": "CVE-2025-5683", "description": "A flaw was found in qt. Loading a specially crafted ICNS image file within QImage results in a crash. This flaw allows a local attacker to provide a malicious image. The vulnerability is exploited via the image loading process, leading to application termination.", "issued": "2025-06-05T05:31:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5683 https://bugzilla.redhat.com/show_bug.cgi?id=2370384 https://www.cve.org/CVERecord?id=CVE-2025-5683 https://nvd.nist.gov/vuln/detail/CVE-2025-5683 https://codereview.qt-project.org/c/qt/qtimageformats/+/644548 https://issues.oss-fuzz.com/issues/415350704 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5683.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "qt5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "SRL0fsSEDtOf7vYyf/BewQ==": { "id": "SRL0fsSEDtOf7vYyf/BewQ==", "updater": "rhel-vex", "name": "CVE-2023-6597", "description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.1", "arch_op": "pattern match" }, "SRtj8i4HsQkjCyC1YPMDYw==": { "id": "SRtj8i4HsQkjCyC1YPMDYw==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "SS38Q6SbT7pMry4emWgqdg==": { "id": "SS38Q6SbT7pMry4emWgqdg==", "updater": "rhel-vex", "name": "CVE-2023-39318", "description": "A flaw was found in Golang. The html/template package did not properly handle HMTL-like \"\u003c!--\" and \"--\u003e\" comment tokens, nor hashbang \"#!\" comment tokens, in \u003cscript\u003e contexts. This issue may cause the template parser to improperly interpret the contents of \u003cscript\u003e contexts, causing actions to be improperly escaped.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39318 https://bugzilla.redhat.com/show_bug.cgi?id=2237776 https://www.cve.org/CVERecord?id=CVE-2023-39318 https://nvd.nist.gov/vuln/detail/CVE-2023-39318 https://go.dev/cl/526156 https://go.dev/issue/62196 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2041.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39318.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "SSAJUNd+iNG0Dh0JEHjSXA==": { "id": "SSAJUNd+iNG0Dh0JEHjSXA==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Getopt-Std", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.12-481.el9", "arch_op": "pattern match" }, "SSReN3l+Qu29CQbqRghmtA==": { "id": "SSReN3l+Qu29CQbqRghmtA==", "updater": "rhel-vex", "name": "CVE-2026-33416", "description": "A flaw was found in libpng, a library used for processing PNG (Portable Network Graphics) image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can still be referenced, leading to a use-after-free condition. An attacker could potentially exploit this to achieve arbitrary code execution or cause a denial of service.", "issued": "2026-03-26T16:48:54Z", "links": "https://access.redhat.com/security/cve/CVE-2026-33416 https://bugzilla.redhat.com/show_bug.cgi?id=2451805 https://www.cve.org/CVERecord?id=CVE-2026-33416 https://nvd.nist.gov/vuln/detail/CVE-2026-33416 https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667 https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25 https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1 https://github.com/pnggroup/libpng/pull/824 https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33416.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libpng", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ST+HmAso4vf4Hnu6TuBXXQ==": { "id": "ST+HmAso4vf4Hnu6TuBXXQ==", "updater": "rhel-vex", "name": "CVE-2025-12818", "description": "A vulnerability has been identified in PostgreSQL’s libpq client library, where integer wraparound in several allocation-size calculations allows a peer or input provider to cause an undersized buffer and then write out-of-bounds by hundreds of megabytes. This can lead to a client application segmentation fault or crash when using libpq to connect to a PostgreSQL server.", "issued": "2025-11-13T13:00:12Z", "links": "https://access.redhat.com/security/cve/CVE-2025-12818 https://bugzilla.redhat.com/show_bug.cgi?id=2414826 https://www.cve.org/CVERecord?id=CVE-2025-12818 https://nvd.nist.gov/vuln/detail/CVE-2025-12818 https://www.postgresql.org/support/security/CVE-2025-12818/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-12818.json https://access.redhat.com/errata/RHSA-2026:0458", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libpq", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:13.23-1.el9_7", "arch_op": "pattern match" }, "STluRm8qQBZc5ygxny9Znw==": { "id": "STluRm8qQBZc5ygxny9Znw==", "updater": "rhel-vex", "name": "CVE-2026-25547", "description": "A flaw was found in the brace-expansion component. This denial of service (DoS) vulnerability allows a remote attacker to provide specially crafted input containing repeated numeric brace ranges. This input causes the library to attempt an unbounded expansion, consuming excessive CPU and memory resources. This can lead to a system crash, impacting the availability of the service.", "issued": "2026-02-04T21:51:17Z", "links": "https://access.redhat.com/security/cve/CVE-2026-25547 https://bugzilla.redhat.com/show_bug.cgi?id=2436942 https://www.cve.org/CVERecord?id=CVE-2026-25547 https://nvd.nist.gov/vuln/detail/CVE-2026-25547 https://github.com/isaacs/brace-expansion/security/advisories/GHSA-7h2j-956f-4vf2 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25547.json https://access.redhat.com/errata/RHSA-2026:7302", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461", "arch_op": "pattern match" }, "SU1MGh9+Zg3Zuy+khiN0Og==": { "id": "SU1MGh9+Zg3Zuy+khiN0Og==", "updater": "rhel-vex", "name": "CVE-2025-0938", "description": "A flaw was found in Python. The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.", "issued": "2025-01-31T17:51:35Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0938 https://bugzilla.redhat.com/show_bug.cgi?id=2343237 https://www.cve.org/CVERecord?id=CVE-2025-0938 https://nvd.nist.gov/vuln/detail/CVE-2025-0938 https://github.com/python/cpython/issues/105704 https://github.com/python/cpython/pull/129418 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0938.json https://access.redhat.com/errata/RHSA-2025:6977", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9", "arch_op": "pattern match" }, "SWMi5UoagLshKWAW26MJTw==": { "id": "SWMi5UoagLshKWAW26MJTw==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "SXF95Q57bdA0qf3iy/XSPw==": { "id": "SXF95Q57bdA0qf3iy/XSPw==", "updater": "rhel-vex", "name": "CVE-2024-22020", "description": "A flaw was found in the Node.js package. By embedding non-network imports in data URLs, this flaw allows an attacker to execute arbitrary code, compromising system security.", "issued": "2024-07-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22020 https://bugzilla.redhat.com/show_bug.cgi?id=2296417 https://www.cve.org/CVERecord?id=CVE-2024-22020 https://nvd.nist.gov/vuln/detail/CVE-2024-22020 https://hackerone.com/reports/2092749 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22020.json https://access.redhat.com/errata/RHSA-2024:6147", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.4-1.module+el9.4.0+22195+c221878e", "arch_op": "pattern match" }, "SYSyRuW2vXdWcXLSfRP1aQ==": { "id": "SYSyRuW2vXdWcXLSfRP1aQ==", "updater": "rhel-vex", "name": "CVE-2025-15281", "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "issued": "2026-01-20T13:22:46Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15281 https://bugzilla.redhat.com/show_bug.cgi?id=2431196 https://www.cve.org/CVERecord?id=CVE-2025-15281 https://nvd.nist.gov/vuln/detail/CVE-2025-15281 https://sourceware.org/bugzilla/show_bug.cgi?id=33814 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15281.json https://access.redhat.com/errata/RHSA-2026:2786", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-231.el9_7.10", "arch_op": "pattern match" }, "SaWdJL5a+HL0ZieRiKpgNA==": { "id": "SaWdJL5a+HL0ZieRiKpgNA==", "updater": "rhel-vex", "name": "CVE-2024-38428", "description": "A flaw was found in wget. Incorrect handling of semicolons in the userinfo subcomponent of a URI allows it to be misinterpreted as part of the host subcomponent, potentially exposing user credentials.", "issued": "2024-06-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-38428 https://bugzilla.redhat.com/show_bug.cgi?id=2292836 https://www.cve.org/CVERecord?id=CVE-2024-38428 https://nvd.nist.gov/vuln/detail/CVE-2024-38428 https://lists.gnu.org/archive/html/bug-wget/2024-06/msg00005.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-38428.json https://access.redhat.com/errata/RHSA-2024:6192", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "wget", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-8.el9_4", "arch_op": "pattern match" }, "Sal0GJMIh5Nqb3U4N6ro0g==": { "id": "Sal0GJMIh5Nqb3U4N6ro0g==", "updater": "rhel-vex", "name": "CVE-2023-0466", "description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "SbrfelK/hRkg8QJAv7881A==": { "id": "SbrfelK/hRkg8QJAv7881A==", "updater": "osv/go", "name": "GO-2023-1570", "description": "Panic on large handshake records in crypto/tls", "issued": "2023-02-16T22:24:51Z", "links": "https://go.dev/issue/58001 https://go.dev/cl/468125 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.6" }, "SbvnfacnQ1X9A0OepqCdbg==": { "id": "SbvnfacnQ1X9A0OepqCdbg==", "updater": "rhel-vex", "name": "CVE-2025-59465", "description": "A denial of service flaw has been discovered in NodeJS. A malformed `HTTP/2 HEADERS` frame with oversized, invalid `HPACK` data can cause Node.js to crash by triggering an unhandled `TLSSocket` error `ECONNRESET`. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not attach explicit error handlers to secure sockets", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-59465 https://bugzilla.redhat.com/show_bug.cgi?id=2431349 https://www.cve.org/CVERecord?id=CVE-2025-59465 https://nvd.nist.gov/vuln/detail/CVE-2025-59465 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-59465.json https://access.redhat.com/errata/RHSA-2026:2781", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.13.0-1.module+el9.7.0+23894+c8377628", "arch_op": "pattern match" }, "ScOp6HuJxBp54FxFpTVDnA==": { "id": "ScOp6HuJxBp54FxFpTVDnA==", "updater": "rhel-vex", "name": "CVE-2026-25645", "description": "A flaw was found in the `requests` HTTP library, specifically in the `requests.utils.extract_zipped_paths()` function, which is used to load Certificate Authority (CA) bundles. A local attacker can exploit this vulnerability by pre-creating a malicious CA bundle file in the system's temporary directory. When a vulnerable application initializes the `requests` library, it may load this malicious file instead of the legitimate CA bundle, leading to a bypass of security controls and potential integrity compromise.", "issued": "2026-03-25T17:02:48Z", "links": "https://access.redhat.com/security/cve/CVE-2026-25645 https://bugzilla.redhat.com/show_bug.cgi?id=2451408 https://www.cve.org/CVERecord?id=CVE-2026-25645 https://nvd.nist.gov/vuln/detail/CVE-2026-25645 https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7 https://github.com/psf/requests/releases/tag/v2.33.0 https://github.com/psf/requests/security/advisories/GHSA-gc5v-m9x4-r6x2 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25645.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "SdlHZBjfHlAbNa/I1YXwQA==": { "id": "SdlHZBjfHlAbNa/I1YXwQA==", "updater": "rhel-vex", "name": "CVE-2025-10158", "description": "An out of bounds read flaw has been discovered in rsync. A malicious client acting as the receiver of an rsync file transfer can trigger an OOB read via a negative array index. The rsync client requires at least read access to the remote rsync module to trigger the issue.", "issued": "2025-11-18T14:24:19Z", "links": "https://access.redhat.com/security/cve/CVE-2025-10158 https://bugzilla.redhat.com/show_bug.cgi?id=2415637 https://www.cve.org/CVERecord?id=CVE-2025-10158 https://nvd.nist.gov/vuln/detail/CVE-2025-10158 https://attackerkb.com/assessments/fbacb2a6-d1cd-4011-bb3a-f06b1c8306b1 https://github.com/RsyncProject/rsync/commit/797e17fc4a6f15e3b1756538a9f812b63942686f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-10158.json https://access.redhat.com/errata/RHSA-2026:6390", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "rsync", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.2.5-3.el9_7.2", "arch_op": "pattern match" }, "SduSwzmffGiGJfqQDrSyEA==": { "id": "SduSwzmffGiGJfqQDrSyEA==", "updater": "rhel-vex", "name": "CVE-2022-3570", "description": "A heap-based buffer overflow flaw was found in Libtiff's tiffcrop utility. This issue occurs during the conversion of a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes an out-of-bound access resulting an application crash, eventually leading to a denial of service.", "issued": "2022-02-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3570 https://bugzilla.redhat.com/show_bug.cgi?id=2142734 https://www.cve.org/CVERecord?id=CVE-2022-3570 https://nvd.nist.gov/vuln/detail/CVE-2022-3570 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3570.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "Seg9bNv2Tp+fFcixDR+uTQ==": { "id": "Seg9bNv2Tp+fFcixDR+uTQ==", "updater": "rhel-vex", "name": "CVE-2026-27904", "description": "A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and resulting in a Denial of Service (DoS).", "issued": "2026-02-26T01:07:42Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27904 https://bugzilla.redhat.com/show_bug.cgi?id=2442922 https://www.cve.org/CVERecord?id=CVE-2026-27904 https://nvd.nist.gov/vuln/detail/CVE-2026-27904 https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27904.json https://access.redhat.com/errata/RHSA-2026:7896", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572", "arch_op": "pattern match" }, "SfJy5i/9nh3s5fpZxZDQCg==": { "id": "SfJy5i/9nh3s5fpZxZDQCg==", "updater": "rhel-vex", "name": "CVE-2026-4786", "description": "A flaw was found in the Python webbrowser.open() API. If a specially crafted URL containing \"%action\" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution.", "issued": "2026-04-13T21:52:19Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4786 https://bugzilla.redhat.com/show_bug.cgi?id=2458049 https://www.cve.org/CVERecord?id=CVE-2026-4786 https://nvd.nist.gov/vuln/detail/CVE-2026-4786 https://github.com/python/cpython/issues/148169 https://github.com/python/cpython/pull/148170 https://mail.python.org/archives/list/security-announce@python.org/thread/JQDUNJVB4AQNTJECSUKOBDU3XCJIPSE5/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4786.json https://access.redhat.com/errata/RHSA-2026:10949", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.25-3.el9_7.3", "arch_op": "pattern match" }, "Sfn7NNniMfKKkrbS2KIlnA==": { "id": "Sfn7NNniMfKKkrbS2KIlnA==", "updater": "rhel-vex", "name": "CVE-2024-55549", "description": "A flaw was found in libxslt. This vulnerability allows an attacker to trigger a use-after-free issue by excluding result prefixes.", "issued": "2025-03-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-55549 https://bugzilla.redhat.com/show_bug.cgi?id=2352484 https://www.cve.org/CVERecord?id=CVE-2024-55549 https://nvd.nist.gov/vuln/detail/CVE-2024-55549 https://gitlab.gnome.org/GNOME/libxslt/-/issues/127 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-55549.json https://access.redhat.com/errata/RHSA-2025:7410", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxslt-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.1.34-13.el9_6", "arch_op": "pattern match" }, "Sgu/tfTuRDchfvDOoiuHSw==": { "id": "Sgu/tfTuRDchfvDOoiuHSw==", "updater": "rhel-vex", "name": "CVE-2026-1525", "description": "A flaw was found in undici, a Node.js HTTP/1.1 client. A remote attacker could exploit this vulnerability by sending HTTP/1.1 requests that include duplicate Content-Length headers with different casing (e.g., \"Content-Length\" and \"content-length\"). This can lead to HTTP Request Smuggling, a technique where an attacker sends an ambiguous request that is interpreted differently by a proxy and a backend server. Successful exploitation could result in unauthorized access, cache poisoning, or credential hijacking. It may also cause a Denial of Service (DoS) if strict HTTP parsers reject the malformed requests.", "issued": "2026-03-12T19:56:55Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1525 https://bugzilla.redhat.com/show_bug.cgi?id=2447144 https://www.cve.org/CVERecord?id=CVE-2026-1525 https://nvd.nist.gov/vuln/detail/CVE-2026-1525 https://cna.openjsf.org/security-advisories.html https://cwe.mitre.org/data/definitions/444.html https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm https://hackerone.com/reports/3556037 https://www.rfc-editor.org/rfc/rfc9110.html#section-8.6 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1525.json https://access.redhat.com/errata/RHSA-2026:7302", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461", "arch_op": "pattern match" }, "SjRIPS8zwG2cWHBok+S2aw==": { "id": "SjRIPS8zwG2cWHBok+S2aw==", "updater": "rhel-vex", "name": "CVE-2025-61728", "description": "A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.", "issued": "2026-01-28T19:30:31Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61728 https://bugzilla.redhat.com/show_bug.cgi?id=2434431 https://www.cve.org/CVERecord?id=CVE-2025-61728 https://nvd.nist.gov/vuln/detail/CVE-2025-61728 https://go.dev/cl/736713 https://go.dev/issue/77102 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://pkg.go.dev/vuln/GO-2026-4342 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61728.json https://access.redhat.com/errata/RHSA-2026:2709", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.25.7-1.el9_7", "arch_op": "pattern match" }, "SjbW0rogoRJo0my37ozMDg==": { "id": "SjbW0rogoRJo0my37ozMDg==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "Sl37ASpmhZPtZSKlrwYF6A==": { "id": "Sl37ASpmhZPtZSKlrwYF6A==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://nodejs.org/pt/blog/vulnerability/january-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1446", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.6-1.module+el9.5.0+22773+9a359385", "arch_op": "pattern match" }, "SmczXqxeZRCcJykxG3Abrg==": { "id": "SmczXqxeZRCcJykxG3Abrg==", "updater": "rhel-vex", "name": "CVE-2024-32465", "description": "A flaw was found in Git in a full copy of a Git repository. A prerequisite for this vulnerability is for an unauthenticated attacker to place a specialized repository on their target's local system. If the victim were to clone this repository, it could result in arbitrary code execution.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32465 https://bugzilla.redhat.com/show_bug.cgi?id=2280446 https://www.cve.org/CVERecord?id=CVE-2024-32465 https://nvd.nist.gov/vuln/detail/CVE-2024-32465 https://github.com/git/git/security/advisories/GHSA-vm9j-46j9-qvq4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32465.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "SnI5fUbXuT/Xt+VkGvddww==": { "id": "SnI5fUbXuT/Xt+VkGvddww==", "updater": "rhel-vex", "name": "CVE-2022-3517", "description": "A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.", "issued": "2022-02-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3517 https://bugzilla.redhat.com/show_bug.cgi?id=2134609 https://www.cve.org/CVERecord?id=CVE-2022-3517 https://nvd.nist.gov/vuln/detail/CVE-2022-3517 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3517.json https://access.redhat.com/errata/RHSA-2022:8832", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.2-1.18.12.1.1.module+el9.1.0.z+17326+318294bb", "arch_op": "pattern match" }, "SqKI5VB6698Nen4zsScUuw==": { "id": "SqKI5VB6698Nen4zsScUuw==", "updater": "rhel-vex", "name": "CVE-2024-24783", "description": "A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24783 https://bugzilla.redhat.com/show_bug.cgi?id=2268019 https://www.cve.org/CVERecord?id=CVE-2024-24783 https://nvd.nist.gov/vuln/detail/CVE-2024-24783 http://www.openwall.com/lists/oss-security/2024/03/08/4 https://github.com/advisories/GHSA-3q2c-pvp5-3cqp https://go.dev/cl/569339 https://go.dev/issue/65390 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://pkg.go.dev/vuln/GO-2024-2598 https://security.netapp.com/advisory/ntap-20240329-0005 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24783.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "Srb0jwMVUQlaoxewBgoI7A==": { "id": "Srb0jwMVUQlaoxewBgoI7A==", "updater": "rhel-vex", "name": "CVE-2026-27135", "description": "A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service (DoS).", "issued": "2026-03-18T17:59:02Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27135 https://bugzilla.redhat.com/show_bug.cgi?id=2448754 https://www.cve.org/CVERecord?id=CVE-2026-27135 https://nvd.nist.gov/vuln/detail/CVE-2026-27135 https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27135.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "SsDTRy6ZHTEEM+UFVh6QDQ==": { "id": "SsDTRy6ZHTEEM+UFVh6QDQ==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://inbox.sourceware.org/libc-announce/3ac997b0-28a5-4129-af53-675efe4c2dec@redhat.com/T/#u https://sourceware.org/bugzilla/show_bug.cgi?id=32976 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "SsFE9yHqow9BNx1O4nMcCg==": { "id": "SsFE9yHqow9BNx1O4nMcCg==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "SsNZleqCp7tmOqFZQ6ZaBA==": { "id": "SsNZleqCp7tmOqFZQ6ZaBA==", "updater": "rhel-vex", "name": "CVE-2024-34156", "description": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://www.cve.org/CVERecord?id=CVE-2024-34156 https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3106 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34156.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "Stfm7ne4Ofst02xkZn9K1w==": { "id": "Stfm7ne4Ofst02xkZn9K1w==", "updater": "rhel-vex", "name": "CVE-2022-43552", "description": "A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols, curl can use a heap-allocated struct after it has been freed and shut down the code path in its transfer.", "issued": "2022-12-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-43552 https://bugzilla.redhat.com/show_bug.cgi?id=2152652 https://www.cve.org/CVERecord?id=CVE-2022-43552 https://nvd.nist.gov/vuln/detail/CVE-2022-43552 https://curl.se/docs/CVE-2022-43552.html https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-43552.json https://access.redhat.com/errata/RHSA-2023:2478", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9", "arch_op": "pattern match" }, "SueY1m9dU5duigybt2Nk8g==": { "id": "SueY1m9dU5duigybt2Nk8g==", "updater": "rhel-vex", "name": "CVE-2025-55132", "description": "A file access flaw has been discovered in NodeJS. A file's access and modification timestamps to be changed via `futimes()` even when the process has only read permissions. Unlike `utimes()`, `futimes()` does not apply the expected write-permission checks, which means file metadata can be modified in read-only directories. This behavior could be used to alter timestamps in ways that obscure activity, reducing the reliability of logs.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-55132 https://bugzilla.redhat.com/show_bug.cgi?id=2431338 https://www.cve.org/CVERecord?id=CVE-2025-55132 https://nvd.nist.gov/vuln/detail/CVE-2025-55132 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-55132.json https://access.redhat.com/errata/RHSA-2026:2782", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.22.0-1.module+el9.7.0+23896+b5802de9", "arch_op": "pattern match" }, "SvhQ7tNvl6ANrVnaJ4cBNw==": { "id": "SvhQ7tNvl6ANrVnaJ4cBNw==", "updater": "rhel-vex", "name": "CVE-2022-3099", "description": "A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-09-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3099 https://bugzilla.redhat.com/show_bug.cgi?id=2124157 https://www.cve.org/CVERecord?id=CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3099.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Sw8bDdvvxQW2LmbjS6B1hg==": { "id": "Sw8bDdvvxQW2LmbjS6B1hg==", "updater": "rhel-vex", "name": "CVE-2022-30630", "description": "A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-30630 https://bugzilla.redhat.com/show_bug.cgi?id=2107371 https://www.cve.org/CVERecord?id=CVE-2022-30630 https://nvd.nist.gov/vuln/detail/CVE-2022-30630 https://go.dev/issue/53415 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-30630.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "T+jfDhqJcXwVQ38oWEz/6g==": { "id": "T+jfDhqJcXwVQ38oWEz/6g==", "updater": "rhel-vex", "name": "CVE-2025-14104", "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14104 https://bugzilla.redhat.com/show_bug.cgi?id=2419369 https://www.cve.org/CVERecord?id=CVE-2025-14104 https://nvd.nist.gov/vuln/detail/CVE-2025-14104 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14104.json https://access.redhat.com/errata/RHSA-2026:1913", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libsmartcols", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.37.4-21.el9_7", "arch_op": "pattern match" }, "T0HgzMn5d4x2X74gH/2z+g==": { "id": "T0HgzMn5d4x2X74gH/2z+g==", "updater": "rhel-vex", "name": "CVE-2026-2229", "description": "A flaw was found in the undici WebSocket client. A remote malicious server can exploit this vulnerability by sending a WebSocket frame with an invalid `server_max_window_bits` parameter within the permessage-deflate extension. This improper validation causes the client's Node.js process to terminate, leading to a denial-of-service (DoS) condition for the client.", "issued": "2026-03-12T20:27:05Z", "links": "https://access.redhat.com/security/cve/CVE-2026-2229 https://bugzilla.redhat.com/show_bug.cgi?id=2447143 https://www.cve.org/CVERecord?id=CVE-2026-2229 https://nvd.nist.gov/vuln/detail/CVE-2026-2229 https://cna.openjsf.org/security-advisories.html https://datatracker.ietf.org/doc/html/rfc7692 https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8 https://hackerone.com/reports/3487486 https://nodejs.org/api/zlib.html#class-zlibinflateraw https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2229.json https://access.redhat.com/errata/RHSA-2026:7302", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.22.2-1.module+el9.7.0+24157+8ddb2461", "arch_op": "pattern match" }, "T1160/hke2bN2YNtHQGAVQ==": { "id": "T1160/hke2bN2YNtHQGAVQ==", "updater": "rhel-vex", "name": "CVE-2023-7104", "description": "A vulnerability has been identified in SQLite3. This issue affects the sessionReadRecord function of the ext/session/sqlite3session.c function in the make alltest Handler component. Manipulation may cause a heap-based buffer overflow to occur.", "issued": "2023-12-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7104 https://bugzilla.redhat.com/show_bug.cgi?id=2256194 https://www.cve.org/CVERecord?id=CVE-2023-7104 https://nvd.nist.gov/vuln/detail/CVE-2023-7104 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7104.json https://access.redhat.com/errata/RHSA-2024:0465", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "sqlite-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-7.el9_3", "arch_op": "pattern match" }, "T1AEmBcJCa6ktci+apxdAg==": { "id": "T1AEmBcJCa6ktci+apxdAg==", "updater": "rhel-vex", "name": "CVE-2025-55132", "description": "A file access flaw has been discovered in NodeJS. A file's access and modification timestamps to be changed via `futimes()` even when the process has only read permissions. Unlike `utimes()`, `futimes()` does not apply the expected write-permission checks, which means file metadata can be modified in read-only directories. This behavior could be used to alter timestamps in ways that obscure activity, reducing the reliability of logs.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-55132 https://bugzilla.redhat.com/show_bug.cgi?id=2431338 https://www.cve.org/CVERecord?id=CVE-2025-55132 https://nvd.nist.gov/vuln/detail/CVE-2025-55132 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-55132.json https://access.redhat.com/errata/RHSA-2026:2781", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.13.0-1.module+el9.7.0+23894+c8377628", "arch_op": "pattern match" }, "T2rcJ7DPtdiGNP7r4L5R2g==": { "id": "T2rcJ7DPtdiGNP7r4L5R2g==", "updater": "rhel-vex", "name": "CVE-2023-24807", "description": "Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24807 https://bugzilla.redhat.com/show_bug.cgi?id=2172204 https://www.cve.org/CVERecord?id=CVE-2023-24807 https://nvd.nist.gov/vuln/detail/CVE-2023-24807 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24807.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.3-1.16.19.1.1.el9_2", "arch_op": "pattern match" }, "T38zlL6BTag6EVZfMAMcaw==": { "id": "T38zlL6BTag6EVZfMAMcaw==", "updater": "rhel-vex", "name": "CVE-2024-5535", "description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "T4bxk7MHk24P39KEeRKoig==": { "id": "T4bxk7MHk24P39KEeRKoig==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "T5/Q0DOZypWV6o3x9ziKqw==": { "id": "T5/Q0DOZypWV6o3x9ziKqw==", "updater": "rhel-vex", "name": "CVE-2024-6387", "description": "A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.", "issued": "2024-07-01T08:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6387 https://bugzilla.redhat.com/show_bug.cgi?id=2294604 https://www.cve.org/CVERecord?id=CVE-2024-6387 https://nvd.nist.gov/vuln/detail/CVE-2024-6387 https://santandersecurityresearch.github.io/blog/sshing_the_masses.html https://www.openssh.com/txt/release-9.8 https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6387.json https://access.redhat.com/errata/RHSA-2024:4312", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-38.el9_4.1", "arch_op": "pattern match" }, "T507T5wFbtPlOW9lG7LxIA==": { "id": "T507T5wFbtPlOW9lG7LxIA==", "updater": "rhel-vex", "name": "CVE-2024-0727", "description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "issued": "2024-01-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "T5Nghm4crNWWnUrYvZZItg==": { "id": "T5Nghm4crNWWnUrYvZZItg==", "updater": "rhel-vex", "name": "CVE-2022-2124", "description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "issued": "2022-06-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2124.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "T6MROVROqLQIoY85LYvLww==": { "id": "T6MROVROqLQIoY85LYvLww==", "updater": "rhel-vex", "name": "CVE-2022-29458", "description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "issued": "2022-04-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-29458.json https://access.redhat.com/errata/RHSA-2025:12876", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9_6.2", "arch_op": "pattern match" }, "T8IbBnTK2Iv5YVT88l9ngQ==": { "id": "T8IbBnTK2Iv5YVT88l9ngQ==", "updater": "rhel-vex", "name": "CVE-2025-62408", "description": "A flaw was found in c-ares. This vulnerability allows a Denial of Service (DoS) via terminating a query after maximum attempts when using `read_answer()` and `process_answer()` functions.", "issued": "2025-12-08T22:04:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-62408 https://bugzilla.redhat.com/show_bug.cgi?id=2420217 https://www.cve.org/CVERecord?id=CVE-2025-62408 https://nvd.nist.gov/vuln/detail/CVE-2025-62408 https://github.com/c-ares/c-ares/commit/714bf5675c541bd1e668a8db8e67ce012651e618 https://github.com/c-ares/c-ares/security/advisories/GHSA-jq53-42q6-pqr5 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-62408.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "T9nCb/lA5TdipGMhtb6HJA==": { "id": "T9nCb/lA5TdipGMhtb6HJA==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "TA2J/BLShfgMiVMvb2bFmA==": { "id": "TA2J/BLShfgMiVMvb2bFmA==", "updater": "rhel-vex", "name": "CVE-2025-32988", "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\n\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", "issued": "2025-07-10T07:55:14Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32988 https://bugzilla.redhat.com/show_bug.cgi?id=2359622 https://www.cve.org/CVERecord?id=CVE-2025-32988 https://nvd.nist.gov/vuln/detail/CVE-2025-32988 https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32988.json https://access.redhat.com/errata/RHSA-2025:16116", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-6.el9_6.2", "arch_op": "pattern match" }, "TAntNn3gBlGhX3mRHNXfWw==": { "id": "TAntNn3gBlGhX3mRHNXfWw==", "updater": "rhel-vex", "name": "CVE-2024-12747", "description": "A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation.", "issued": "2025-01-14T15:06:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12747 https://bugzilla.redhat.com/show_bug.cgi?id=2332968 https://www.cve.org/CVERecord?id=CVE-2024-12747 https://nvd.nist.gov/vuln/detail/CVE-2024-12747 https://kb.cert.org/vuls/id/952657 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12747.json https://access.redhat.com/errata/RHSA-2025:7050", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "rsync", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.2.5-3.el9", "arch_op": "pattern match" }, "TBYZOvAMUG/MxA4GOKP5FQ==": { "id": "TBYZOvAMUG/MxA4GOKP5FQ==", "updater": "rhel-vex", "name": "CVE-2025-59465", "description": "A denial of service flaw has been discovered in NodeJS. A malformed `HTTP/2 HEADERS` frame with oversized, invalid `HPACK` data can cause Node.js to crash by triggering an unhandled `TLSSocket` error `ECONNRESET`. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not attach explicit error handlers to secure sockets", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-59465 https://bugzilla.redhat.com/show_bug.cgi?id=2431349 https://www.cve.org/CVERecord?id=CVE-2025-59465 https://nvd.nist.gov/vuln/detail/CVE-2025-59465 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-59465.json https://access.redhat.com/errata/RHSA-2026:2782", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.22.0-1.module+el9.7.0+23896+b5802de9", "arch_op": "pattern match" }, "TCtup4kp9cBGgmnLMbI+rw==": { "id": "TCtup4kp9cBGgmnLMbI+rw==", "updater": "rhel-vex", "name": "CVE-2023-40745", "description": "LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.", "issued": "2023-07-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-40745 https://bugzilla.redhat.com/show_bug.cgi?id=2235265 https://www.cve.org/CVERecord?id=CVE-2023-40745 https://nvd.nist.gov/vuln/detail/CVE-2023-40745 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-40745.json https://access.redhat.com/errata/RHSA-2024:2289", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9", "arch_op": "pattern match" }, "TEg+H5IUFEuL8/4VudXtEg==": { "id": "TEg+H5IUFEuL8/4VudXtEg==", "updater": "rhel-vex", "name": "CVE-2022-3554", "description": "A flaw was found in LibX11. There is a possible memory leak in the _XimRegisterIMInstantiateCallback() of modules/im/ximcp/imsClbk.c. This issue may lead to limited availability.", "issued": "2022-10-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3554 https://bugzilla.redhat.com/show_bug.cgi?id=2136411 https://www.cve.org/CVERecord?id=CVE-2022-3554 https://nvd.nist.gov/vuln/detail/CVE-2022-3554 https://ubuntu.com/security/CVE-2022-3554 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3554.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "TFku8MBahkkWbmKYS7dbIQ==": { "id": "TFku8MBahkkWbmKYS7dbIQ==", "updater": "rhel-vex", "name": "CVE-2023-32611", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32611 https://bugzilla.redhat.com/show_bug.cgi?id=2211829 https://www.cve.org/CVERecord?id=CVE-2023-32611 https://nvd.nist.gov/vuln/detail/CVE-2023-32611 https://gitlab.gnome.org/GNOME/glib/-/issues/2797 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32611.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "TGjVfFW0jWP1/Slr8hCo8Q==": { "id": "TGjVfFW0jWP1/Slr8hCo8Q==", "updater": "osv/go", "name": "GO-2025-3751", "description": "Sensitive headers not cleared on cross-origin redirect in net/http", "issued": "2025-06-11T16:23:58Z", "links": "https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.23.10" }, "TI1OyePXauC23iR42z7HKg==": { "id": "TI1OyePXauC23iR42z7HKg==", "updater": "rhel-vex", "name": "CVE-2023-46809", "description": "A flaw was found in Node.js. The privateDecrypt() API of the crypto library may allow a covert timing side-channel during PKCS#1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decrypt captured RSA ciphertexts or forge signatures, especially in scenarios involving API endpoints processing JSON Web Encryption messages.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46809 https://bugzilla.redhat.com/show_bug.cgi?id=2264569 https://www.cve.org/CVERecord?id=CVE-2023-46809 https://nvd.nist.gov/vuln/detail/CVE-2023-46809 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46809.json https://access.redhat.com/errata/RHSA-2024:1503", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.19.1-1.module+el9.3.0+21388+22892fb9", "arch_op": "pattern match" }, "TIcWaTRsDD52irGN4xUQyA==": { "id": "TIcWaTRsDD52irGN4xUQyA==", "updater": "rhel-vex", "name": "CVE-2022-2125", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "issued": "2022-06-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2125.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "TK/tQUH9MhuStrQUTQS1ZQ==": { "id": "TK/tQUH9MhuStrQUTQS1ZQ==", "updater": "rhel-vex", "name": "CVE-2023-31147", "description": "A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom() are unavailable, c-ares will use rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand(), so it will generate predictable output.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31147 https://bugzilla.redhat.com/show_bug.cgi?id=2209501 https://www.cve.org/CVERecord?id=CVE-2023-31147 https://nvd.nist.gov/vuln/detail/CVE-2023-31147 https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31147.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "TMzu1Teu8W2WYCPcLUGpbg==": { "id": "TMzu1Teu8W2WYCPcLUGpbg==", "updater": "rhel-vex", "name": "CVE-2025-5222", "description": "A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.", "issued": "2024-11-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5222 https://bugzilla.redhat.com/show_bug.cgi?id=2368600 https://www.cve.org/CVERecord?id=CVE-2025-5222 https://nvd.nist.gov/vuln/detail/CVE-2025-5222 https://unicode-org.atlassian.net/jira/software/c/projects/ICU/issues/ICU-22957 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5222.json https://access.redhat.com/errata/RHSA-2025:12083", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libicu-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:67.1-10.el9_6", "arch_op": "pattern match" }, "TN9ZqAQo2vEW/Tx62EpRcg==": { "id": "TN9ZqAQo2vEW/Tx62EpRcg==", "updater": "rhel-vex", "name": "CVE-2024-21896", "description": "A flaw was found in Node.js. The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path is to be treated as a buffer, the implementation uses Buffer.from() to obtain a buffer from the result of path.resolve(). By monkey-patching buffer internals, namely, Buffer.prototype.utf8Write, the application can modify the result of path.resolve(), which leads to a path traversal vulnerability.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21896 https://bugzilla.redhat.com/show_bug.cgi?id=2265717 https://www.cve.org/CVERecord?id=CVE-2024-21896 https://nvd.nist.gov/vuln/detail/CVE-2024-21896 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21896.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "TNb7OrRxFn2Bis7zp2oi8A==": { "id": "TNb7OrRxFn2Bis7zp2oi8A==", "updater": "rhel-vex", "name": "CVE-2025-9165", "description": "A memory leak flaw was found in LibTIFF. This vulnerability affects the _TIFFmallocExt/_TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 function in the file tools/tiffcmp.c of the tiffcmp component. Executing manipulation can lead to a memory leak. The attack is restricted to local execution.", "issued": "2025-08-19T20:02:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9165 https://bugzilla.redhat.com/show_bug.cgi?id=2389574 https://www.cve.org/CVERecord?id=CVE-2025-9165 https://nvd.nist.gov/vuln/detail/CVE-2025-9165 http://www.libtiff.org/ https://drive.google.com/file/d/1FWhmkzksH8-qU0ZM6seBzGNB3aPnX3G8/view?usp=sharing https://gitlab.com/libtiff/libtiff/-/commit/ed141286a37f6e5ddafb5069347ff5d587e7a4e0 https://gitlab.com/libtiff/libtiff/-/issues/728 https://gitlab.com/libtiff/libtiff/-/merge_requests/747 https://vuldb.com/?ctiid.320543 https://vuldb.com/?id.320543 https://vuldb.com/?submit.630506 https://vuldb.com/?submit.630507 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9165.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "TQEoFglRNgkSreqoAySz5A==": { "id": "TQEoFglRNgkSreqoAySz5A==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1438", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-4.el9_3", "arch_op": "pattern match" }, "TQa/g/LeIEmPrJezTGlmcw==": { "id": "TQa/g/LeIEmPrJezTGlmcw==", "updater": "rhel-vex", "name": "CVE-2026-1526", "description": "A flaw was found in undici. A remote attacker can exploit this vulnerability by sending a specially crafted compressed frame, known as a \"decompression bomb,\" during permessage-deflate decompression. The undici WebSocket client does not properly limit the size of decompressed data, leading to unbounded memory consumption. This can cause the Node.js process to exhaust available memory, resulting in a denial of service (DoS) where the process crashes or becomes unresponsive.", "issued": "2026-03-12T20:08:05Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1526 https://bugzilla.redhat.com/show_bug.cgi?id=2447142 https://www.cve.org/CVERecord?id=CVE-2026-1526 https://nvd.nist.gov/vuln/detail/CVE-2026-1526 https://cna.openjsf.org/security-advisories.html https://datatracker.ietf.org/doc/html/rfc7692 https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q https://hackerone.com/reports/3481206 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1526.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "TRC0h0EsXNyoIhQGny9CvA==": { "id": "TRC0h0EsXNyoIhQGny9CvA==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://nodejs.org/pt/blog/vulnerability/january-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1443", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198", "arch_op": "pattern match" }, "TRd8qEGSmZkjG+mmOfTmTg==": { "id": "TRd8qEGSmZkjG+mmOfTmTg==", "updater": "rhel-vex", "name": "CVE-2021-35939", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "TT6ujth4uzblGI4VcnKBOw==": { "id": "TT6ujth4uzblGI4VcnKBOw==", "updater": "rhel-vex", "name": "CVE-2025-12084", "description": "A flaw was found in cpython. This vulnerability allows impacted availability via a quadratic algorithm in `xml.dom.minidom` methods, such as `appendChild()`, when building excessively nested documents due to a dependency on `_clear_id_cache()`", "issued": "2025-12-03T18:55:32Z", "links": "https://access.redhat.com/security/cve/CVE-2025-12084 https://bugzilla.redhat.com/show_bug.cgi?id=2418655 https://www.cve.org/CVERecord?id=CVE-2025-12084 https://nvd.nist.gov/vuln/detail/CVE-2025-12084 https://github.com/python/cpython/issues/142145 https://github.com/python/cpython/pull/142146 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-12084.json https://access.redhat.com/errata/RHSA-2026:1478", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.25-3.el9_7", "arch_op": "pattern match" }, "TTh9HGJJgt1I4lhDqtPBIA==": { "id": "TTh9HGJJgt1I4lhDqtPBIA==", "updater": "osv/go", "name": "GO-2022-1095", "description": "Unsanitized NUL in environment variables on Windows in syscall and os/exec", "issued": "2022-11-01T23:55:57Z", "links": "https://go.dev/issue/56284 https://go.dev/cl/446916 https://groups.google.com/g/golang-announce/c/mbHY1UY3BaM/m/hSpmRzk-AgAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.8" }, "TU6sUeJdvbpf1Uxt7QBVXQ==": { "id": "TU6sUeJdvbpf1Uxt7QBVXQ==", "updater": "rhel-vex", "name": "CVE-2025-32414", "description": "A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.", "issued": "2025-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32414 https://bugzilla.redhat.com/show_bug.cgi?id=2358121 https://www.cve.org/CVERecord?id=CVE-2025-32414 https://nvd.nist.gov/vuln/detail/CVE-2025-32414 https://gitlab.gnome.org/GNOME/libxml2/-/issues/889 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32414.json https://access.redhat.com/errata/RHSA-2025:13428", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-12.el9_6", "arch_op": "pattern match" }, "TUvm6koxiDQRc/8CJ4TCOA==": { "id": "TUvm6koxiDQRc/8CJ4TCOA==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "TXvJlim3LAUzBPedea1SGA==": { "id": "TXvJlim3LAUzBPedea1SGA==", "updater": "rhel-vex", "name": "CVE-2026-22796", "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22796 https://bugzilla.redhat.com/show_bug.cgi?id=2430390 https://www.cve.org/CVERecord?id=CVE-2026-22796 https://nvd.nist.gov/vuln/detail/CVE-2026-22796 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22796.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "TccjTp2Y8sTyWrjrm24IKA==": { "id": "TccjTp2Y8sTyWrjrm24IKA==", "updater": "rhel-vex", "name": "CVE-2025-14104", "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14104 https://bugzilla.redhat.com/show_bug.cgi?id=2419369 https://www.cve.org/CVERecord?id=CVE-2025-14104 https://nvd.nist.gov/vuln/detail/CVE-2025-14104 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14104.json https://access.redhat.com/errata/RHSA-2026:1913", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libmount", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.37.4-21.el9_7", "arch_op": "pattern match" }, "Tgjy7QZmeE1bsLws5liQbA==": { "id": "Tgjy7QZmeE1bsLws5liQbA==", "updater": "rhel-vex", "name": "CVE-2026-1525", "description": "A flaw was found in undici, a Node.js HTTP/1.1 client. A remote attacker could exploit this vulnerability by sending HTTP/1.1 requests that include duplicate Content-Length headers with different casing (e.g., \"Content-Length\" and \"content-length\"). This can lead to HTTP Request Smuggling, a technique where an attacker sends an ambiguous request that is interpreted differently by a proxy and a backend server. Successful exploitation could result in unauthorized access, cache poisoning, or credential hijacking. It may also cause a Denial of Service (DoS) if strict HTTP parsers reject the malformed requests.", "issued": "2026-03-12T19:56:55Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1525 https://bugzilla.redhat.com/show_bug.cgi?id=2447144 https://www.cve.org/CVERecord?id=CVE-2026-1525 https://nvd.nist.gov/vuln/detail/CVE-2026-1525 https://cna.openjsf.org/security-advisories.html https://cwe.mitre.org/data/definitions/444.html https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm https://hackerone.com/reports/3556037 https://www.rfc-editor.org/rfc/rfc9110.html#section-8.6 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1525.json https://access.redhat.com/errata/RHSA-2026:7302", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.22.2-1.module+el9.7.0+24157+8ddb2461", "arch_op": "pattern match" }, "ThUekCEizKQbaM9qGtWShw==": { "id": "ThUekCEizKQbaM9qGtWShw==", "updater": "rhel-vex", "name": "CVE-2024-22020", "description": "A flaw was found in the Node.js package. By embedding non-network imports in data URLs, this flaw allows an attacker to execute arbitrary code, compromising system security.", "issued": "2024-07-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22020 https://bugzilla.redhat.com/show_bug.cgi?id=2296417 https://www.cve.org/CVERecord?id=CVE-2024-22020 https://nvd.nist.gov/vuln/detail/CVE-2024-22020 https://hackerone.com/reports/2092749 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22020.json https://access.redhat.com/errata/RHSA-2024:5815", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.16.0-1.module+el9.4.0+22197+9e60f127", "arch_op": "pattern match" }, "ToyZiPOtBFPiNJOZ8QaYng==": { "id": "ToyZiPOtBFPiNJOZ8QaYng==", "updater": "rhel-vex", "name": "CVE-2025-23167", "description": "A flaw was found in the HTTP parser of Node.js. This vulnerability allows attackers to perform request smuggling and bypass proxy-based access controls via improperly terminated HTTP/1 headers using \\r\\n\\rX instead of the standard \\r\\n\\r\\n.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23167 https://bugzilla.redhat.com/show_bug.cgi?id=2367167 https://www.cve.org/CVERecord?id=CVE-2025-23167 https://nvd.nist.gov/vuln/detail/CVE-2025-23167 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23167.json https://access.redhat.com/errata/RHSA-2025:8468", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.19.2-1.module+el9.6.0+23146+be9976bd", "arch_op": "pattern match" }, "TrfUjn7Hi6JPe4l/9tuyAQ==": { "id": "TrfUjn7Hi6JPe4l/9tuyAQ==", "updater": "rhel-vex", "name": "CVE-2024-28757", "description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "issued": "2024-03-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json https://access.redhat.com/errata/RHBA-2024:2518", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-2.el9_4", "arch_op": "pattern match" }, "TsVNXuAeF3PhiRZhIOjjtQ==": { "id": "TsVNXuAeF3PhiRZhIOjjtQ==", "updater": "rhel-vex", "name": "CVE-2025-50182", "description": "A flaw was found in urllib3. The library fails to properly validate redirect URLs, allowing an attacker to manipulate redirect chains when used in environments like Pyodide utilizing the JavaScript Fetch API. This lack of validation can enable a remote attacker to control the redirect destination, leading to arbitrary URL redirection. Consequently, an attacker can redirect users to malicious websites. This \nvulnerability stems from a failure to constrain the redirect target.", "issued": "2025-06-19T01:42:44Z", "links": "https://access.redhat.com/security/cve/CVE-2025-50182 https://bugzilla.redhat.com/show_bug.cgi?id=2373800 https://www.cve.org/CVERecord?id=CVE-2025-50182 https://nvd.nist.gov/vuln/detail/CVE-2025-50182 https://github.com/urllib3/urllib3/commit/7eb4a2aafe49a279c29b6d1f0ed0f42e9736194f https://github.com/urllib3/urllib3/security/advisories/GHSA-48p4-8xcf-vxj5 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-50182.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "TszqopCoskBv4coMA3/peg==": { "id": "TszqopCoskBv4coMA3/peg==", "updater": "rhel-vex", "name": "CVE-2025-1153", "description": "A flaw was found in GNU Binutils. A specially-crafted payload may be able to trigger a memory leak, which can lead to an application crash or other undefined behavior.", "issued": "2025-02-10T19:00:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1153 https://bugzilla.redhat.com/show_bug.cgi?id=2344743 https://www.cve.org/CVERecord?id=CVE-2025-1153 https://nvd.nist.gov/vuln/detail/CVE-2025-1153 https://sourceware.org/bugzilla/show_bug.cgi?id=32603 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150 https://vuldb.com/?ctiid.295057 https://vuldb.com/?id.295057 https://vuldb.com/?submit.489991 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1153.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "TteHTvD/qC9z9/bg4D+o8w==": { "id": "TteHTvD/qC9z9/bg4D+o8w==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-FileHandle", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.03-481.1.el9_6", "arch_op": "pattern match" }, "TwoNniaY2Urt7TF64epJXg==": { "id": "TwoNniaY2Urt7TF64epJXg==", "updater": "rhel-vex", "name": "CVE-2026-31790", "description": "A flaw was found in openssl. Applications that use RSASVE key encapsulation, a method for securely exchanging encryption keys, may inadvertently expose sensitive data. This vulnerability arises when an application processes a malicious, invalid RSA public key provided by an attacker without proper validation. Consequently, the application might send the contents of an uninitialized memory buffer, which could contain confidential information, to the attacker.", "issued": "2026-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-31790 https://bugzilla.redhat.com/show_bug.cgi?id=2451094 https://www.cve.org/CVERecord?id=CVE-2026-31790 https://nvd.nist.gov/vuln/detail/CVE-2026-31790 https://openssl-library.org/news/secadv/20260407.txt https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-31790.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Tz9Z9WUqfvL0BrLTJjlG5g==": { "id": "Tz9Z9WUqfvL0BrLTJjlG5g==", "updater": "rhel-vex", "name": "CVE-2026-33810", "description": "A flaw was found in the `crypto/x509` package within Go (golang). When verifying a certificate chain, excluded DNS (Domain Name System) constraints are not correctly applied to wildcard DNS Subject Alternative Names (SANs) if the case of the SAN differs from the constraint. This oversight could allow an attacker to bypass certificate validation, potentially leading to the acceptance of a malicious certificate that should have been rejected. This issue specifically impacts the validation of trusted certificate chains.", "issued": "2026-04-08T01:06:56Z", "links": "https://access.redhat.com/security/cve/CVE-2026-33810 https://bugzilla.redhat.com/show_bug.cgi?id=2456335 https://www.cve.org/CVERecord?id=CVE-2026-33810 https://nvd.nist.gov/vuln/detail/CVE-2026-33810 https://go.dev/cl/763763 https://go.dev/issue/78332 https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU https://pkg.go.dev/vuln/GO-2026-4866 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33810.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "U/ITon4/vjzN/EsZEGI38Q==": { "id": "U/ITon4/vjzN/EsZEGI38Q==", "updater": "rhel-vex", "name": "CVE-2023-25652", "description": "A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch.", "issued": "2023-04-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25652 https://bugzilla.redhat.com/show_bug.cgi?id=2188333 https://www.cve.org/CVERecord?id=CVE-2023-25652 https://nvd.nist.gov/vuln/detail/CVE-2023-25652 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25652.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "U06t0kkLaLeKpn0QxtZUSg==": { "id": "U06t0kkLaLeKpn0QxtZUSg==", "updater": "rhel-vex", "name": "CVE-2023-39318", "description": "A flaw was found in Golang. The html/template package did not properly handle HMTL-like \"\u003c!--\" and \"--\u003e\" comment tokens, nor hashbang \"#!\" comment tokens, in \u003cscript\u003e contexts. This issue may cause the template parser to improperly interpret the contents of \u003cscript\u003e contexts, causing actions to be improperly escaped.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39318 https://bugzilla.redhat.com/show_bug.cgi?id=2237776 https://www.cve.org/CVERecord?id=CVE-2023-39318 https://nvd.nist.gov/vuln/detail/CVE-2023-39318 https://go.dev/cl/526156 https://go.dev/issue/62196 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2041.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39318.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "U2e7dgKDqk0OlJ2oJw2iuw==": { "id": "U2e7dgKDqk0OlJ2oJw2iuw==", "updater": "osv/go", "name": "GO-2022-1038", "description": "Incorrect sanitization of forwarded query parameters in net/http/httputil", "issued": "2022-10-06T16:42:43Z", "links": "https://go.dev/issue/54663 https://go.dev/cl/432976 https://groups.google.com/g/golang-announce/c/xtuG5faxtaU", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.7" }, "U2w6LmoqKmaGSd6IxLZGKg==": { "id": "U2w6LmoqKmaGSd6IxLZGKg==", "updater": "rhel-vex", "name": "CVE-2024-34397", "description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "issued": "2024-05-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json https://access.redhat.com/errata/RHSA-2024:6464", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-14.el9_4.1", "arch_op": "pattern match" }, "U31VkPC5v6K7XIsRFDo19w==": { "id": "U31VkPC5v6K7XIsRFDo19w==", "updater": "rhel-vex", "name": "CVE-2024-6232", "description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "issued": "2024-09-03T13:15:05Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:9468", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.19-8.el9_5.1", "arch_op": "pattern match" }, "U47k8+SGMpP7nHNJFxv5oA==": { "id": "U47k8+SGMpP7nHNJFxv5oA==", "updater": "rhel-vex", "name": "CVE-2025-4373", "description": "A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.", "issued": "2025-05-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4373 https://bugzilla.redhat.com/show_bug.cgi?id=2364265 https://www.cve.org/CVERecord?id=CVE-2025-4373 https://nvd.nist.gov/vuln/detail/CVE-2025-4373 https://gitlab.gnome.org/GNOME/glib/-/issues/3677 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4373.json https://access.redhat.com/errata/RHSA-2025:11140", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-16.el9_6.2", "arch_op": "pattern match" }, "U61IeOaU1v6bOHJxSPbCCw==": { "id": "U61IeOaU1v6bOHJxSPbCCw==", "updater": "rhel-vex", "name": "CVE-2024-6923", "description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "issued": "2024-08-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.5", "arch_op": "pattern match" }, "U6XBHhWp5n1+o2ZlJ9FraQ==": { "id": "U6XBHhWp5n1+o2ZlJ9FraQ==", "updater": "rhel-vex", "name": "CVE-2025-6176", "description": "Scrapy are vulnerable to a denial of service (DoS) attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occurs because brotli can achieve extremely high compression ratios for zero-filled data, leading to excessive memory consumption during decompression.", "issued": "2025-10-31T00:00:21Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6176 https://bugzilla.redhat.com/show_bug.cgi?id=2408762 https://www.cve.org/CVERecord?id=CVE-2025-6176 https://nvd.nist.gov/vuln/detail/CVE-2025-6176 https://huntr.com/bounties/2c26a886-5984-47ee-a421-0d5fe1344eb0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6176.json https://access.redhat.com/errata/RHSA-2026:2042", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libbrotli", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.0.9-9.el9_7", "arch_op": "pattern match" }, "U7q9649W3+OXGS9kMwowkw==": { "id": "U7q9649W3+OXGS9kMwowkw==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "U86hsRMcoSpvWp72aUJNFQ==": { "id": "U86hsRMcoSpvWp72aUJNFQ==", "updater": "rhel-vex", "name": "CVE-2023-24538", "description": "A flaw was found in Golang Go. This flaw allows a remote attacker to execute arbitrary code on the system, caused by not properly considering backticks (`) as Javascript string delimiters. By sending a specially crafted request, an attacker execute arbitrary code on the system.", "issued": "2023-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24538 https://bugzilla.redhat.com/show_bug.cgi?id=2184481 https://www.cve.org/CVERecord?id=CVE-2023-24538 https://nvd.nist.gov/vuln/detail/CVE-2023-24538 https://github.com/golang/go/issues/59234 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24538.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "U86r1ELAOJanBnxwrapY0g==": { "id": "U86r1ELAOJanBnxwrapY0g==", "updater": "osv/go", "name": "GO-2025-4015", "description": "Excessive CPU consumption in Reader.ReadResponse in net/textproto", "issued": "2025-10-29T21:51:07Z", "links": "https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.8" }, "UAhBHfztlbXF0z40Y/JYoA==": { "id": "UAhBHfztlbXF0z40Y/JYoA==", "updater": "rhel-vex", "name": "CVE-2026-35414", "description": "A flaw was found in OpenSSH. This vulnerability arises from the incorrect handling of the authorized_keys principals option in uncommon scenarios. Specifically, when a principals list is used with a Certificate Authority that includes comma characters, OpenSSH may misinterpret the input. This could lead to security bypasses, potentially allowing unintended access or information disclosure in specific authentication contexts.", "issued": "2026-04-02T17:08:15Z", "links": "https://access.redhat.com/security/cve/CVE-2026-35414 https://bugzilla.redhat.com/show_bug.cgi?id=2454490 https://www.cve.org/CVERecord?id=CVE-2026-35414 https://nvd.nist.gov/vuln/detail/CVE-2026-35414 https://marc.info/?l=openssh-unix-dev\u0026m=177513443901484\u0026w=2 https://www.openssh.org/releasenotes.html#10.3p1 https://www.openwall.com/lists/oss-security/2026/04/02/3 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-35414.json https://access.redhat.com/errata/RHSA-2026:13381", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-49.el9_7", "arch_op": "pattern match" }, "UApauQbQz6UZdsAuW9miOQ==": { "id": "UApauQbQz6UZdsAuW9miOQ==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "UBV+Z4vQ/HB9/cVGq/+u3w==": { "id": "UBV+Z4vQ/HB9/cVGq/+u3w==", "updater": "rhel-vex", "name": "CVE-2025-53905", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:48:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53905 https://bugzilla.redhat.com/show_bug.cgi?id=2380362 https://www.cve.org/CVERecord?id=CVE-2025-53905 https://nvd.nist.gov/vuln/detail/CVE-2025-53905 https://github.com/vim/vim/commit/87757c6b0a4b2c1f71c72ea8e1438b8fb116b239 https://github.com/vim/vim/security/advisories/GHSA-74v4-f3x9-ppvr https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53905.json https://access.redhat.com/errata/RHSA-2025:17742", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-22.el9_6.1", "arch_op": "pattern match" }, "UBzPfwycyyJOBETwdSTG/w==": { "id": "UBzPfwycyyJOBETwdSTG/w==", "updater": "rhel-vex", "name": "CVE-2024-47814", "description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "issued": "2024-10-07T21:16:01Z", "links": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UC0U9/zd+klwBmGR1YYVPg==": { "id": "UC0U9/zd+klwBmGR1YYVPg==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "UCWDKxZlG+RSFVukTFuFFw==": { "id": "UCWDKxZlG+RSFVukTFuFFw==", "updater": "rhel-vex", "name": "CVE-2025-4598", "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "issued": "2025-05-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4598 https://bugzilla.redhat.com/show_bug.cgi?id=2369242 https://www.cve.org/CVERecord?id=CVE-2025-4598 https://nvd.nist.gov/vuln/detail/CVE-2025-4598 https://www.openwall.com/lists/oss-security/2025/05/29/3 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4598.json https://access.redhat.com/errata/RHSA-2025:22660", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd-rpm-macros", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:252-55.el9_7.7", "arch_op": "pattern match" }, "UEW14H6J4RBSZEjpG6p4bw==": { "id": "UEW14H6J4RBSZEjpG6p4bw==", "updater": "rhel-vex", "name": "CVE-2024-24790", "description": "A flaw was found in the Go language standard library net/netip. The method Is*() (IsPrivate(), IsPublic(), etc) doesn't behave properly when working with IPv6 mapped to IPv4 addresses. The unexpected behavior can lead to integrity and confidentiality issues, specifically when these methods are used to control access to resources or data.", "issued": "2024-06-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24790 https://bugzilla.redhat.com/show_bug.cgi?id=2292787 https://www.cve.org/CVERecord?id=CVE-2024-24790 https://nvd.nist.gov/vuln/detail/CVE-2024-24790 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24790.json https://access.redhat.com/errata/RHSA-2024:4212", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.11-1.el9_4", "arch_op": "pattern match" }, "UEgRngB2KVq3bhFU/6+13Q==": { "id": "UEgRngB2KVq3bhFU/6+13Q==", "updater": "rhel-vex", "name": "CVE-2024-22017", "description": "A flaw was found in Node.js, where the setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid(). This issue allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid().", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22017 https://bugzilla.redhat.com/show_bug.cgi?id=2265727 https://www.cve.org/CVERecord?id=CVE-2024-22017 https://nvd.nist.gov/vuln/detail/CVE-2024-22017 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22017.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "UH1xPpnVOud+f1gKl26ATQ==": { "id": "UH1xPpnVOud+f1gKl26ATQ==", "updater": "rhel-vex", "name": "CVE-2023-23936", "description": "A flaw was found in the fetch API in Node.js that did not prevent CRLF injection in the 'host' header. This issue could allow HTTP response splitting and HTTP header injection.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23936 https://bugzilla.redhat.com/show_bug.cgi?id=2172190 https://www.cve.org/CVERecord?id=CVE-2023-23936 https://nvd.nist.gov/vuln/detail/CVE-2023-23936 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23936.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "UPjX59r3QHIaBVa54cqtzA==": { "id": "UPjX59r3QHIaBVa54cqtzA==", "updater": "rhel-vex", "name": "CVE-2023-45290", "description": "A flaw was discovered in Go's net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45290 https://bugzilla.redhat.com/show_bug.cgi?id=2268017 https://www.cve.org/CVERecord?id=CVE-2023-45290 https://nvd.nist.gov/vuln/detail/CVE-2023-45290 http://www.openwall.com/lists/oss-security/2024/03/08/4 https://go.dev/cl/569341 https://go.dev/issue/65383 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://pkg.go.dev/vuln/GO-2024-2599 https://security.netapp.com/advisory/ntap-20240329-0004 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45290.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "USroe8+XCxLDwAOkjWfs+Q==": { "id": "USroe8+XCxLDwAOkjWfs+Q==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "UTm7DZVRUmqWWBx0Js7vCA==": { "id": "UTm7DZVRUmqWWBx0Js7vCA==", "updater": "rhel-vex", "name": "CVE-2023-29404", "description": "A flaw was found in golang. The go command may execute arbitrary code at build time when using cgo. This can occur when running \"go get\" on a malicious module, or when running any other command which builds untrusted code. This can be triggered by linker flags, specified via a \"#cgo LDFLAGS\" directive. The arguments for a number of flags which are non-optional are incorrectly considered optional, allowing disallowed flags to be smuggled through the LDFLAGS sanitization. This affects usage of both the gc and gccgo compilers.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29404 https://bugzilla.redhat.com/show_bug.cgi?id=2217565 https://www.cve.org/CVERecord?id=CVE-2023-29404 https://nvd.nist.gov/vuln/detail/CVE-2023-29404 https://go.dev/cl/501225 https://go.dev/issue/60305 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1841 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29404.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "UV2MuUVVyu0L6wfdUc0Qpg==": { "id": "UV2MuUVVyu0L6wfdUc0Qpg==", "updater": "rhel-vex", "name": "CVE-2025-23165", "description": "A flaw was found in the ReadFileUtf8 internal binding of Node.js. This vulnerability can allow an attacker to cause an application denial of service via repeated file read operations that trigger an unrecoverable memory leak due to a corrupted pointer in the underlying file system binding.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23165 https://bugzilla.redhat.com/show_bug.cgi?id=2367162 https://www.cve.org/CVERecord?id=CVE-2025-23165 https://nvd.nist.gov/vuln/detail/CVE-2025-23165 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23165.json https://access.redhat.com/errata/RHSA-2025:8468", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.2-1.20.19.2.1.module+el9.6.0+23146+be9976bd", "arch_op": "pattern match" }, "UVRy+pWnw+7xa7f2U2B15Q==": { "id": "UVRy+pWnw+7xa7f2U2B15Q==", "updater": "rhel-vex", "name": "CVE-2023-7008", "description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "issued": "2022-12-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd-pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:252-32.el9_4", "arch_op": "pattern match" }, "UWR5dcXlfiNMz/BIfTGvfQ==": { "id": "UWR5dcXlfiNMz/BIfTGvfQ==", "updater": "rhel-vex", "name": "CVE-2021-35939", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-build-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "Ub9JoNToSyT09hD5MOIlGA==": { "id": "Ub9JoNToSyT09hD5MOIlGA==", "updater": "rhel-vex", "name": "CVE-2025-8961", "description": "A memory corruption flaw was found in libTIFF. This issue affects the May function of the tiffcrop.c file in the tiffcrop component. This attack needs to be approached locally.", "issued": "2025-08-14T12:02:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8961 https://bugzilla.redhat.com/show_bug.cgi?id=2388541 https://www.cve.org/CVERecord?id=CVE-2025-8961 https://nvd.nist.gov/vuln/detail/CVE-2025-8961 http://www.libtiff.org/ https://drive.google.com/file/d/15L4q2eD8GX3Aj3z6SWC3_FbqaM1ChUx2/view?usp=sharing https://gitlab.com/libtiff/libtiff/-/issues/721 https://gitlab.com/libtiff/libtiff/-/issues/721#note_2670686960 https://vuldb.com/?ctiid.319955 https://vuldb.com/?id.319955 https://vuldb.com/?submit.627957 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8961.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UbJne6U4WRZmmyYLeEtt4w==": { "id": "UbJne6U4WRZmmyYLeEtt4w==", "updater": "rhel-vex", "name": "CVE-2025-3277", "description": "A flaw was found in SQLite’s `concat_ws()` function, where an integer overflow can be triggered. The resulting truncated integer can allocate a buffer. When SQLite writes the resulting string to the buffer, it uses the original, untruncated size, and a wild heap buffer overflow size of around 4GB can occur. This issue can result in arbitrary code execution.", "issued": "2025-04-14T16:50:48Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3277 https://bugzilla.redhat.com/show_bug.cgi?id=2359553 https://www.cve.org/CVERecord?id=CVE-2025-3277 https://nvd.nist.gov/vuln/detail/CVE-2025-3277 https://sqlite.org/src/info/498e3f1cf57f164f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3277.json https://access.redhat.com/errata/RHSA-2025:7433", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.15.0-1.module+el9.6.0+23062+9e7801b9", "arch_op": "pattern match" }, "UcI2WjL14mHQYOfXIkpuzA==": { "id": "UcI2WjL14mHQYOfXIkpuzA==", "updater": "rhel-vex", "name": "CVE-2023-29400", "description": "A flaw was found in golang. Templates containing actions in unquoted HTML attributes, for example, \"attr={{.}}\") executed with empty input, could result in output that has unexpected results when parsed due to HTML normalization rules. This issue may allow the injection of arbitrary attributes into tags.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29400 https://bugzilla.redhat.com/show_bug.cgi?id=2196029 https://www.cve.org/CVERecord?id=CVE-2023-29400 https://nvd.nist.gov/vuln/detail/CVE-2023-29400 https://go.dev/issue/59722 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29400.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "UcSRaJxHOHBFxbLpeEwTSA==": { "id": "UcSRaJxHOHBFxbLpeEwTSA==", "updater": "rhel-vex", "name": "CVE-2023-39326", "description": "A flaw was found in the Golang net/http/internal package. This issue may allow a malicious user to send an HTTP request and cause the receiver to read more bytes from network than are in the body (up to 1GiB), causing the receiver to fail reading the response, possibly leading to a Denial of Service (DoS).", "issued": "2023-12-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39326 https://bugzilla.redhat.com/show_bug.cgi?id=2253330 https://www.cve.org/CVERecord?id=CVE-2023-39326 https://nvd.nist.gov/vuln/detail/CVE-2023-39326 https://pkg.go.dev/vuln/GO-2023-2382 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39326.json https://access.redhat.com/errata/RHSA-2024:1131", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-1.el9_3", "arch_op": "pattern match" }, "UdpGJo841LNQDU8fdaEoEQ==": { "id": "UdpGJo841LNQDU8fdaEoEQ==", "updater": "rhel-vex", "name": "CVE-2026-25679", "description": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.", "issued": "2026-03-06T21:28:14Z", "links": "https://access.redhat.com/security/cve/CVE-2026-25679 https://bugzilla.redhat.com/show_bug.cgi?id=2445356 https://www.cve.org/CVERecord?id=CVE-2026-25679 https://nvd.nist.gov/vuln/detail/CVE-2026-25679 https://go.dev/cl/752180 https://go.dev/issue/77578 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://pkg.go.dev/vuln/GO-2026-4601 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25679.json https://access.redhat.com/errata/RHSA-2026:5942", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.25.8-1.el9_7", "arch_op": "pattern match" }, "UeiYbCd+yCsmz4K385pQkQ==": { "id": "UeiYbCd+yCsmz4K385pQkQ==", "updater": "osv/go", "name": "GO-2025-4175", "description": "Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509", "issued": "2025-12-02T20:55:55Z", "links": "https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.11" }, "UeuwcxsDMDrcMU7c13lXsQ==": { "id": "UeuwcxsDMDrcMU7c13lXsQ==", "updater": "rhel-vex", "name": "CVE-2022-4285", "description": "An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.", "issued": "2022-10-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4285 https://bugzilla.redhat.com/show_bug.cgi?id=2150768 https://www.cve.org/CVERecord?id=CVE-2022-4285 https://nvd.nist.gov/vuln/detail/CVE-2022-4285 https://sourceware.org/bugzilla/show_bug.cgi?id=29699 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4285.json https://access.redhat.com/errata/RHSA-2023:6593", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.35.2-42.el9", "arch_op": "pattern match" }, "UgQV4Vz6WyghQx4C2rQgVw==": { "id": "UgQV4Vz6WyghQx4C2rQgVw==", "updater": "rhel-vex", "name": "CVE-2024-12797", "description": "A flaw was found in OpenSSL's RFC7250 Raw Public Key (RPK) authentication. This vulnerability allows man-in-the-middle (MITM) attacks via failure to abort TLS/DTLS handshakes when the server's RPK does not match the expected key despite the SSL_VERIFY_PEER verification mode being set.", "issued": "2025-02-11T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12797 https://bugzilla.redhat.com/show_bug.cgi?id=2342757 https://www.cve.org/CVERecord?id=CVE-2024-12797 https://nvd.nist.gov/vuln/detail/CVE-2024-12797 https://openssl-library.org/news/secadv/20250211.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12797.json https://access.redhat.com/errata/RHSA-2025:1330", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5.1", "arch_op": "pattern match" }, "Uh6QIejNBmYSJ+kLmnZWzw==": { "id": "Uh6QIejNBmYSJ+kLmnZWzw==", "updater": "rhel-vex", "name": "CVE-2023-22652", "description": "A flaw was found in the libeconf library. This issue occurs when parsing a specially crafted configuration file, causing a stack-based buffer overflow, resulting in a denial of service.", "issued": "2023-03-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-22652 https://bugzilla.redhat.com/show_bug.cgi?id=2212463 https://www.cve.org/CVERecord?id=CVE-2023-22652 https://nvd.nist.gov/vuln/detail/CVE-2023-22652 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-22652.json https://access.redhat.com/errata/RHSA-2023:4347", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libeconf", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:0.4.1-3.el9_2", "arch_op": "pattern match" }, "UhBP4F/rEtGjZG3U8Wvp2Q==": { "id": "UhBP4F/rEtGjZG3U8Wvp2Q==", "updater": "rhel-vex", "name": "CVE-2025-23166", "description": "A flaw was found in Node.js, specifically in the C++ method SignTraits::DeriveBits(). This vulnerability can allow a remote attacker to crash the Node.js runtime via untrusted input, triggering an exception in a background thread.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23166 https://bugzilla.redhat.com/show_bug.cgi?id=2367163 https://www.cve.org/CVERecord?id=CVE-2025-23166 https://nvd.nist.gov/vuln/detail/CVE-2025-23166 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23166.json https://access.redhat.com/errata/RHSA-2025:8467", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.16.0-1.module+el9.6.0+23151+b1496e9d", "arch_op": "pattern match" }, "UiO8eKIdcPJIKIj94tK4ug==": { "id": "UiO8eKIdcPJIKIj94tK4ug==", "updater": "rhel-vex", "name": "CVE-2023-0464", "description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "UjXmsuFAyS2A1LN7d6S/5w==": { "id": "UjXmsuFAyS2A1LN7d6S/5w==", "updater": "rhel-vex", "name": "CVE-2025-4674", "description": "A flaw was found in cmd/go. The `go` command can execute arbitrary commands when processing untrusted version control system (VCS) repositories containing malicious configuration. This issue occurs because the command interprets VCS metadata, potentially leading to unintended command execution. This vulnerability allows a malicious actor to trigger this by providing a repository with a crafted VCS configuration, resulting in arbitrary code execution within the context of the `go` process.", "issued": "2025-07-29T21:19:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4674 https://bugzilla.redhat.com/show_bug.cgi?id=2384329 https://www.cve.org/CVERecord?id=CVE-2025-4674 https://nvd.nist.gov/vuln/detail/CVE-2025-4674 https://go.dev/cl/686515 https://go.dev/issue/74380 https://groups.google.com/g/golang-announce/c/gTNJnDXmn34 https://pkg.go.dev/vuln/GO-2025-3828 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4674.json https://access.redhat.com/errata/RHSA-2025:13935", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.6-1.el9_6", "arch_op": "pattern match" }, "UoBD3GwEne6Zwl54oZgCCg==": { "id": "UoBD3GwEne6Zwl54oZgCCg==", "updater": "rhel-vex", "name": "CVE-2024-2511", "description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv1.3 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "issued": "2024-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "Us6zMNu9gwaRC0UH2SSoQw==": { "id": "Us6zMNu9gwaRC0UH2SSoQw==", "updater": "rhel-vex", "name": "CVE-2024-24784", "description": "A flaw was found in Go's net/mail standard library package. The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions made by programs using different parsers.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24784 https://bugzilla.redhat.com/show_bug.cgi?id=2268021 https://www.cve.org/CVERecord?id=CVE-2024-24784 https://nvd.nist.gov/vuln/detail/CVE-2024-24784 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24784.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "UsE9/aKvx7HhPwZe6KY1zw==": { "id": "UsE9/aKvx7HhPwZe6KY1zw==", "updater": "rhel-vex", "name": "CVE-2023-30589", "description": "A vulnerability has been identified in the Node.js, where llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30589 https://bugzilla.redhat.com/show_bug.cgi?id=2219841 https://www.cve.org/CVERecord?id=CVE-2023-30589 https://nvd.nist.gov/vuln/detail/CVE-2023-30589 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30589.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.1.1.el9_2", "arch_op": "pattern match" }, "UsTHWG7fBbgk8T9K0i79Ww==": { "id": "UsTHWG7fBbgk8T9K0i79Ww==", "updater": "rhel-vex", "name": "CVE-2024-2398", "description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "issued": "2024-03-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-29.el9_4.1", "arch_op": "pattern match" }, "UuV6vmv/pMSyQBUW2Wn3bA==": { "id": "UuV6vmv/pMSyQBUW2Wn3bA==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "Uy8P+1ImBLgh4EjZYlMO1Q==": { "id": "Uy8P+1ImBLgh4EjZYlMO1Q==", "updater": "rhel-vex", "name": "CVE-2023-4863", "description": "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", "issued": "2023-09-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4863 https://bugzilla.redhat.com/show_bug.cgi?id=2238431 https://www.cve.org/CVERecord?id=CVE-2023-4863 https://nvd.nist.gov/vuln/detail/CVE-2023-4863 https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/ https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4863.json https://access.redhat.com/errata/RHSA-2023:5214", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libwebp-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.2.0-7.el9_2", "arch_op": "pattern match" }, "UykJtPxmRiaRteAhKYbbOQ==": { "id": "UykJtPxmRiaRteAhKYbbOQ==", "updater": "rhel-vex", "name": "CVE-2021-42574", "description": "A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. An attacker could exploit this to deceive a human reviewer by creating a malicious patch containing well placed BiDi characters. The special handling and rendering of those characters can be then used in an attempt to hide unexpected and potentially dangerous behaviour from the reviewer.", "issued": "2021-11-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-42574 https://bugzilla.redhat.com/show_bug.cgi?id=2005819 https://access.redhat.com/security/vulnerabilities/RHSB-2021-007 https://www.cve.org/CVERecord?id=CVE-2021-42574 https://nvd.nist.gov/vuln/detail/CVE-2021-42574 https://trojansource.codes/ https://www.lightbluetouchpaper.org/2021/11/01/trojan-source-invisible-vulnerabilities/ https://www.unicode.org/reports/tr36/#Bidirectional_Text_Spoofing https://www.unicode.org/reports/tr39/ https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-42574.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "V+7K8Rg1uux3xnVmyH12/A==": { "id": "V+7K8Rg1uux3xnVmyH12/A==", "updater": "rhel-vex", "name": "CVE-2024-28835", "description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:1879", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-23.el9_3.4", "arch_op": "pattern match" }, "V0Rkaf0QFhuzPUd+sx60Og==": { "id": "V0Rkaf0QFhuzPUd+sx60Og==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://nodejs.org/pt/blog/vulnerability/january-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "V0awGVhndNVps/Yhh/P2GQ==": { "id": "V0awGVhndNVps/Yhh/P2GQ==", "updater": "rhel-vex", "name": "CVE-2023-30589", "description": "A vulnerability has been identified in the Node.js, where llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30589 https://bugzilla.redhat.com/show_bug.cgi?id=2219841 https://www.cve.org/CVERecord?id=CVE-2023-30589 https://nvd.nist.gov/vuln/detail/CVE-2023-30589 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30589.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "V2/vsNJeH5BxrzuVis91/A==": { "id": "V2/vsNJeH5BxrzuVis91/A==", "updater": "rhel-vex", "name": "CVE-2025-15282", "description": "Missing newline filtering has been discovered in Python. User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype.", "issued": "2026-01-20T21:35:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15282 https://bugzilla.redhat.com/show_bug.cgi?id=2431366 https://www.cve.org/CVERecord?id=CVE-2025-15282 https://nvd.nist.gov/vuln/detail/CVE-2025-15282 https://github.com/python/cpython/issues/143925 https://github.com/python/cpython/pull/143926 https://mail.python.org/archives/list/security-announce@python.org/thread/X66HL7SISGJT33J53OHXMZT4DFLMHVKF/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15282.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3.9", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "V2C0OnbFKs9wiV3IrUOPew==": { "id": "V2C0OnbFKs9wiV3IrUOPew==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "V4GddSO/lMB9AeE2VC0gSA==": { "id": "V4GddSO/lMB9AeE2VC0gSA==", "updater": "rhel-vex", "name": "CVE-2025-69646", "description": "A flaw was found in binutils. A local attacker can exploit this vulnerability by supplying a malicious input file containing malformed DWARF debug_rnglists data. This can cause the objdump tool to enter an unbounded logging loop, leading to excessive CPU and I/O usage and preventing analysis completion. This issue results in a Denial of Service (DoS).", "issued": "2026-03-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69646 https://bugzilla.redhat.com/show_bug.cgi?id=2445264 https://www.cve.org/CVERecord?id=CVE-2025-69646 https://nvd.nist.gov/vuln/detail/CVE-2025-69646 https://sourceware.org/bugzilla/show_bug.cgi?id=33638 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=598704a00cbac5e85c2bedd363357b5bf6fcee33 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69646.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "V6UHlQALqhW5x7Cn9PKUfg==": { "id": "V6UHlQALqhW5x7Cn9PKUfg==", "updater": "rhel-vex", "name": "CVE-2026-26996", "description": "A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.", "issued": "2026-02-20T03:05:21Z", "links": "https://access.redhat.com/security/cve/CVE-2026-26996 https://bugzilla.redhat.com/show_bug.cgi?id=2441268 https://www.cve.org/CVERecord?id=CVE-2026-26996 https://nvd.nist.gov/vuln/detail/CVE-2026-26996 https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5 https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-26996.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "V8n5VKFkjNZwkLq+W6E59g==": { "id": "V8n5VKFkjNZwkLq+W6E59g==", "updater": "rhel-vex", "name": "CVE-2023-6129", "description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "issued": "2024-01-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "V8tjixCGBsaAWvQP5Hvn+A==": { "id": "V8tjixCGBsaAWvQP5Hvn+A==", "updater": "rhel-vex", "name": "CVE-2026-5713", "description": "A flaw was found in Python. A malicious Python process could exploit the \"profiling.sampling\" module and \"asyncio introspection capabilities\" to read and write memory addresses within a privileged process. This vulnerability occurs when the privileged process connects to the malicious process via its remote debugging feature, potentially leading to information disclosure and arbitrary code execution. Successful exploitation requires repeated connections, which may cause instability in the connecting process.", "issued": "2026-04-14T15:11:51Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5713 https://bugzilla.redhat.com/show_bug.cgi?id=2458239 https://www.cve.org/CVERecord?id=CVE-2026-5713 https://nvd.nist.gov/vuln/detail/CVE-2026-5713 https://github.com/python/cpython/issues/148178 https://github.com/python/cpython/pull/148187 https://mail.python.org/archives/list/security-announce@python.org/thread/OG4RHARYSNIE22GGOMVMCRH76L5HKPLM/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5713.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3.9", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "V9f8Tc0z/tWsm1egJDudPA==": { "id": "V9f8Tc0z/tWsm1egJDudPA==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "V9lyeZvue30g1R6RiITjAw==": { "id": "V9lyeZvue30g1R6RiITjAw==", "updater": "rhel-vex", "name": "CVE-2024-32004", "description": "A vulnerability was found in Git. This vulnerability can be exploited by an unauthenticated attacker who places a specialized repository on the target's local system. If the victim clones this repository, the attacker can execute arbitrary code.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32004 https://bugzilla.redhat.com/show_bug.cgi?id=2280428 https://www.cve.org/CVERecord?id=CVE-2024-32004 https://nvd.nist.gov/vuln/detail/CVE-2024-32004 https://github.com/git/git/security/advisories/GHSA-xfc6-vwr8-r389 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32004.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "VAImfCoV0wqw11Rnggbqlw==": { "id": "VAImfCoV0wqw11Rnggbqlw==", "updater": "rhel-vex", "name": "CVE-2026-1526", "description": "A flaw was found in undici. A remote attacker can exploit this vulnerability by sending a specially crafted compressed frame, known as a \"decompression bomb,\" during permessage-deflate decompression. The undici WebSocket client does not properly limit the size of decompressed data, leading to unbounded memory consumption. This can cause the Node.js process to exhaust available memory, resulting in a denial of service (DoS) where the process crashes or becomes unresponsive.", "issued": "2026-03-12T20:08:05Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1526 https://bugzilla.redhat.com/show_bug.cgi?id=2447142 https://www.cve.org/CVERecord?id=CVE-2026-1526 https://nvd.nist.gov/vuln/detail/CVE-2026-1526 https://cna.openjsf.org/security-advisories.html https://datatracker.ietf.org/doc/html/rfc7692 https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q https://hackerone.com/reports/3481206 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1526.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "VAdEk79bS0dMBh0fcQAI2w==": { "id": "VAdEk79bS0dMBh0fcQAI2w==", "updater": "rhel-vex", "name": "CVE-2026-26996", "description": "A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.", "issued": "2026-02-20T03:05:21Z", "links": "https://access.redhat.com/security/cve/CVE-2026-26996 https://bugzilla.redhat.com/show_bug.cgi?id=2441268 https://www.cve.org/CVERecord?id=CVE-2026-26996 https://nvd.nist.gov/vuln/detail/CVE-2026-26996 https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5 https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-26996.json https://access.redhat.com/errata/RHSA-2026:7896", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.20.2-1.module+el9.7.0+24193+41b7b572", "arch_op": "pattern match" }, "VDQb6roo+zwBamxPu+hGeQ==": { "id": "VDQb6roo+zwBamxPu+hGeQ==", "updater": "rhel-vex", "name": "CVE-2024-5535", "description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "VDdxJUjxgL4zXvGWC/1xnw==": { "id": "VDdxJUjxgL4zXvGWC/1xnw==", "updater": "rhel-vex", "name": "CVE-2025-4138", "description": "A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract() or TarFile.extractall() with the filter= parameter set to \"data\" or \"tar\".", "issued": "2025-06-03T12:59:02Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4138 https://bugzilla.redhat.com/show_bug.cgi?id=2372426 https://www.cve.org/CVERecord?id=CVE-2025-4138 https://nvd.nist.gov/vuln/detail/CVE-2025-4138 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4138.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "VDqplxSZcK9CHQ9RjGiEqQ==": { "id": "VDqplxSZcK9CHQ9RjGiEqQ==", "updater": "rhel-vex", "name": "CVE-2023-32665", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32665 https://bugzilla.redhat.com/show_bug.cgi?id=2211827 https://www.cve.org/CVERecord?id=CVE-2023-32665 https://nvd.nist.gov/vuln/detail/CVE-2023-32665 https://gitlab.gnome.org/GNOME/glib/-/issues/2121 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32665.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "VEE7ccbKf4EH2dNVXOf2uA==": { "id": "VEE7ccbKf4EH2dNVXOf2uA==", "updater": "rhel-vex", "name": "CVE-2025-64118", "description": "A flaw was found in node-tar, a Tar utility for Node.js. This vulnerability allows a local attacker to potentially disclose sensitive information. When the .t (or .list) function is used with { sync: true } to read tar entry contents, and the tar file is concurrently modified on disk to a smaller size, the function may return uninitialized memory contents. This could lead to the exposure of arbitrary data.", "issued": "2025-10-30T17:50:20Z", "links": "https://access.redhat.com/security/cve/CVE-2025-64118 https://bugzilla.redhat.com/show_bug.cgi?id=2407440 https://www.cve.org/CVERecord?id=CVE-2025-64118 https://nvd.nist.gov/vuln/detail/CVE-2025-64118 https://github.com/isaacs/node-tar/commit/5330eb04bc43014f216e5c271b40d5c00d45224d https://github.com/isaacs/node-tar/issues/445 https://github.com/isaacs/node-tar/pull/446 https://github.com/isaacs/node-tar/security/advisories/GHSA-29xp-372q-xqph https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-64118.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "VGewdTS02tdqYoORYHK7Rg==": { "id": "VGewdTS02tdqYoORYHK7Rg==", "updater": "rhel-vex", "name": "CVE-2022-39253", "description": "Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source's `$GIT_DIR/objects` directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via `--no-hardlinks`). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim's machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the `--recurse-submodules` option. Git does not create symbolic links in the `$GIT_DIR/objects` directory. The problem has been patched in the versions published on 2022-10-18, and backported to v2.30.x. Potential workarounds: Avoid cloning untrusted repositories using the `--local` optimization when on a shared machine, either by passing the `--no-local` option to `git clone` or cloning from a URL that uses the `file://` scheme. Alternatively, avoid cloning repositories from untrusted sources with `--recurse-submodules` or run `git config --global protocol.file.allow user`.", "issued": "2022-10-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-39253 https://bugzilla.redhat.com/show_bug.cgi?id=2137422 https://www.cve.org/CVERecord?id=CVE-2022-39253 https://nvd.nist.gov/vuln/detail/CVE-2022-39253 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-39253.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "VJAm4vMolMmA2ytzFknQUA==": { "id": "VJAm4vMolMmA2ytzFknQUA==", "updater": "rhel-vex", "name": "CVE-2023-52356", "description": "A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.", "issued": "2023-11-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-52356 https://bugzilla.redhat.com/show_bug.cgi?id=2251344 https://www.cve.org/CVERecord?id=CVE-2023-52356 https://nvd.nist.gov/vuln/detail/CVE-2023-52356 https://gitlab.com/libtiff/libtiff/-/issues/622 https://gitlab.com/libtiff/libtiff/-/merge_requests/546 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52356.json https://access.redhat.com/errata/RHSA-2025:20801", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-15.el9", "arch_op": "pattern match" }, "VKPJSs7Cf+zeQ6s9gNUvhw==": { "id": "VKPJSs7Cf+zeQ6s9gNUvhw==", "updater": "rhel-vex", "name": "CVE-2026-35388", "description": "A flaw was found in OpenSSH. This vulnerability allows for a low integrity impact due to the omission of connection multiplexing confirmation for proxy-mode multiplexing sessions. A local user, under specific and complex conditions requiring user interaction, could potentially establish a multiplexed session without explicit confirmation, leading to unintended data handling.", "issued": "2026-04-02T16:57:31Z", "links": "https://access.redhat.com/security/cve/CVE-2026-35388 https://bugzilla.redhat.com/show_bug.cgi?id=2454500 https://www.cve.org/CVERecord?id=CVE-2026-35388 https://nvd.nist.gov/vuln/detail/CVE-2026-35388 https://marc.info/?l=openssh-unix-dev\u0026m=177513443901484\u0026w=2 https://www.openssh.org/releasenotes.html#10.3p1 https://www.openwall.com/lists/oss-security/2026/04/02/3 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-35388.json https://access.redhat.com/errata/RHSA-2026:13381", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-49.el9_7", "arch_op": "pattern match" }, "VMHGA3jL56ecJElCiIU9nQ==": { "id": "VMHGA3jL56ecJElCiIU9nQ==", "updater": "rhel-vex", "name": "CVE-2026-4786", "description": "A flaw was found in the Python webbrowser.open() API. If a specially crafted URL containing \"%action\" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution.", "issued": "2026-04-13T21:52:19Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4786 https://bugzilla.redhat.com/show_bug.cgi?id=2458049 https://www.cve.org/CVERecord?id=CVE-2026-4786 https://nvd.nist.gov/vuln/detail/CVE-2026-4786 https://github.com/python/cpython/issues/148169 https://github.com/python/cpython/pull/148170 https://mail.python.org/archives/list/security-announce@python.org/thread/JQDUNJVB4AQNTJECSUKOBDU3XCJIPSE5/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4786.json https://access.redhat.com/errata/RHSA-2026:10949", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.25-3.el9_7.3", "arch_op": "pattern match" }, "VNA7ljkMyeRq9SDNO9drHQ==": { "id": "VNA7ljkMyeRq9SDNO9drHQ==", "updater": "osv/go", "name": "GO-2023-1568", "description": "Path traversal on Windows in path/filepath", "issued": "2023-02-16T19:49:19Z", "links": "https://go.dev/issue/57274 https://go.dev/cl/468123 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.6" }, "VQ+eWJsUMBep4PD4xfj8Vw==": { "id": "VQ+eWJsUMBep4PD4xfj8Vw==", "updater": "rhel-vex", "name": "CVE-2022-3517", "description": "A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.", "issued": "2022-02-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3517 https://bugzilla.redhat.com/show_bug.cgi?id=2134609 https://www.cve.org/CVERecord?id=CVE-2022-3517 https://nvd.nist.gov/vuln/detail/CVE-2022-3517 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3517.json https://access.redhat.com/errata/RHSA-2022:8832", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.12.1-1.module+el9.1.0.z+17326+318294bb", "arch_op": "pattern match" }, "VUNwpBj4hvcLARxqxrvCCg==": { "id": "VUNwpBj4hvcLARxqxrvCCg==", "updater": "rhel-vex", "name": "CVE-2024-21891", "description": "A flaw was found in Node.js. Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwritten with user-defined implementations, leading to a filesystem permission model bypass through a path traversal attack.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21891 https://bugzilla.redhat.com/show_bug.cgi?id=2265720 https://www.cve.org/CVERecord?id=CVE-2024-21891 https://nvd.nist.gov/vuln/detail/CVE-2024-21891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21891.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "VVK93SGSs31Rb325qicorA==": { "id": "VVK93SGSs31Rb325qicorA==", "updater": "rhel-vex", "name": "CVE-2022-29458", "description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "issued": "2022-04-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-29458.json https://access.redhat.com/errata/RHSA-2025:12876", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9_6.2", "arch_op": "pattern match" }, "VVUozaap6uAAqX8QCLFGyg==": { "id": "VVUozaap6uAAqX8QCLFGyg==", "updater": "rhel-vex", "name": "CVE-2023-3817", "description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "VWEbeFnFOHy1IkG21b5a5g==": { "id": "VWEbeFnFOHy1IkG21b5a5g==", "updater": "rhel-vex", "name": "CVE-2023-30571", "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "issued": "2023-05-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "VYGbkY0i6P3tRJd9mM1wNg==": { "id": "VYGbkY0i6P3tRJd9mM1wNg==", "updater": "rhel-vex", "name": "CVE-2026-1489", "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1489 https://bugzilla.redhat.com/show_bug.cgi?id=2433348 https://www.cve.org/CVERecord?id=CVE-2026-1489 https://nvd.nist.gov/vuln/detail/CVE-2026-1489 https://gitlab.gnome.org/GNOME/glib/-/issues/3872 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1489.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "VZxWbc2wJwiwTLhillEtpA==": { "id": "VZxWbc2wJwiwTLhillEtpA==", "updater": "rhel-vex", "name": "CVE-2024-21892", "description": "A flaw was found in Node.js. On Linux, Node.js ignores certain environment variables if an unprivileged user has set them while the process is running with elevated privileges, except for CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when other capabilities have been set. This flaw allows unprivileged users to inject code that inherits the process's elevated privileges.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21892 https://bugzilla.redhat.com/show_bug.cgi?id=2264582 https://www.cve.org/CVERecord?id=CVE-2024-21892 https://nvd.nist.gov/vuln/detail/CVE-2024-21892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21892.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "Vbqm1jpiIiIM2rxq++FdoQ==": { "id": "Vbqm1jpiIiIM2rxq++FdoQ==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "VcgFEXPgpzLsj5tOjILVtw==": { "id": "VcgFEXPgpzLsj5tOjILVtw==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "VdMk4kWMgrdK/5+i3n6XhA==": { "id": "VdMk4kWMgrdK/5+i3n6XhA==", "updater": "rhel-vex", "name": "CVE-2025-23083", "description": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.", "issued": "2025-01-22T01:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23083 https://bugzilla.redhat.com/show_bug.cgi?id=2339392 https://www.cve.org/CVERecord?id=CVE-2025-23083 https://nvd.nist.gov/vuln/detail/CVE-2025-23083 https://nodejs.org/en/blog/vulnerability/january-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23083.json https://access.redhat.com/errata/RHSA-2025:1443", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.18.2-1.module+el9.5.0+22758+4ad2c198", "arch_op": "pattern match" }, "VdavXNeRp4EjkXxldYSiUw==": { "id": "VdavXNeRp4EjkXxldYSiUw==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "VgTIKWxJpYFkd788UcqT3A==": { "id": "VgTIKWxJpYFkd788UcqT3A==", "updater": "rhel-vex", "name": "CVE-2025-32414", "description": "A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.", "issued": "2025-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32414 https://bugzilla.redhat.com/show_bug.cgi?id=2358121 https://www.cve.org/CVERecord?id=CVE-2025-32414 https://nvd.nist.gov/vuln/detail/CVE-2025-32414 https://gitlab.gnome.org/GNOME/libxml2/-/issues/889 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32414.json https://access.redhat.com/errata/RHSA-2025:13428", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-12.el9_6", "arch_op": "pattern match" }, "VgaIsJDFBatjqT1h+RQLFQ==": { "id": "VgaIsJDFBatjqT1h+RQLFQ==", "updater": "rhel-vex", "name": "CVE-2023-25652", "description": "A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch.", "issued": "2023-04-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25652 https://bugzilla.redhat.com/show_bug.cgi?id=2188333 https://www.cve.org/CVERecord?id=CVE-2023-25652 https://nvd.nist.gov/vuln/detail/CVE-2023-25652 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25652.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "Vl7X+IopOqzOWh1MyUOYCw==": { "id": "Vl7X+IopOqzOWh1MyUOYCw==", "updater": "rhel-vex", "name": "CVE-2024-1394", "description": "A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey​ and ctx​. That function uses named return parameters to free pkey​ and ctx​ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the \"return nil, nil, fail(...)\" pattern, meaning that pkey​ and ctx​ will be nil inside the deferred function that should free them.", "issued": "2024-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-1394 https://bugzilla.redhat.com/show_bug.cgi?id=2262921 https://www.cve.org/CVERecord?id=CVE-2024-1394 https://nvd.nist.gov/vuln/detail/CVE-2024-1394 https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136 https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6 https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f https://pkg.go.dev/vuln/GO-2024-2660 https://vuln.go.dev/ID/GO-2024-2660.json https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1394.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "Vm1exr1mz0tcpwIoZQ3ySQ==": { "id": "Vm1exr1mz0tcpwIoZQ3ySQ==", "updater": "rhel-vex", "name": "CVE-2026-35387", "description": "A flaw was found in OpenSSH. This vulnerability allows the system to use unintended Elliptic Curve Digital Signature Algorithm (ECDSA) algorithms. This occurs because the configuration for accepted public key algorithms is misinterpreted, leading to the use of weaker cryptographic methods than intended. This could potentially allow an attacker to compromise the confidentiality of data.", "issued": "2026-04-02T16:52:53Z", "links": "https://access.redhat.com/security/cve/CVE-2026-35387 https://bugzilla.redhat.com/show_bug.cgi?id=2454494 https://www.cve.org/CVERecord?id=CVE-2026-35387 https://nvd.nist.gov/vuln/detail/CVE-2026-35387 https://marc.info/?l=openssh-unix-dev\u0026m=177513443901484\u0026w=2 https://www.openssh.org/releasenotes.html#10.3p1 https://www.openwall.com/lists/oss-security/2026/04/02/3 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-35387.json https://access.redhat.com/errata/RHSA-2026:13381", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-49.el9_7", "arch_op": "pattern match" }, "VnqYDU7XWi+aYnVQJuYtxQ==": { "id": "VnqYDU7XWi+aYnVQJuYtxQ==", "updater": "rhel-vex", "name": "CVE-2024-45341", "description": "A flaw was found in the crypto/x509 package of the Golang standard library. A certificate with a URI, which has a IPv6 address with a zone ID, may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI; this issue only affects users of private PKIs that make use of URIs.", "issued": "2025-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/show_bug.cgi?id=2341750 https://www.cve.org/CVERecord?id=CVE-2024-45341 https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://github.com/golang/go/commit/2b2314e9f6103de322b2e247387c8b01fd0cd5a4 https://github.com/golang/go/issues/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45341.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "delve", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.1-2.el9_5", "arch_op": "pattern match" }, "VwRZMkFc1pqkTIff/cjZtQ==": { "id": "VwRZMkFc1pqkTIff/cjZtQ==", "updater": "rhel-vex", "name": "CVE-2025-6075", "description": "A vulnerability in Python’s os.path.expandvars() function that can cause performance degradation. When processing specially crafted, user-controlled input with nested environment variable patterns, the function exhibits quadratic time complexity, potentially leading to excessive CPU usage and denial of service (DoS) conditions. No code execution or data exposure occurs, so the impact is limited to performance slowdown.", "issued": "2025-10-31T16:41:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6075 https://bugzilla.redhat.com/show_bug.cgi?id=2408891 https://www.cve.org/CVERecord?id=CVE-2025-6075 https://nvd.nist.gov/vuln/detail/CVE-2025-6075 https://github.com/python/cpython/issues/136065 https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6075.json https://access.redhat.com/errata/RHSA-2025:23342", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.25-2.el9_7", "arch_op": "pattern match" }, "Vwf+9XwzpTrnxfhej9q9cg==": { "id": "Vwf+9XwzpTrnxfhej9q9cg==", "updater": "rhel-vex", "name": "CVE-2025-65018", "description": "A buffer overflow flaw has been discovered in libpng. There is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds.", "issued": "2025-11-24T23:50:18Z", "links": "https://access.redhat.com/security/cve/CVE-2025-65018 https://bugzilla.redhat.com/show_bug.cgi?id=2416907 https://www.cve.org/CVERecord?id=CVE-2025-65018 https://nvd.nist.gov/vuln/detail/CVE-2025-65018 https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea https://github.com/pnggroup/libpng/issues/755 https://github.com/pnggroup/libpng/pull/757 https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-65018.json https://access.redhat.com/errata/RHSA-2026:0238", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libpng", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:1.6.37-12.el9_7.1", "arch_op": "pattern match" }, "VxNINARrmRd6QnZ2htNesA==": { "id": "VxNINARrmRd6QnZ2htNesA==", "updater": "rhel-vex", "name": "CVE-2025-22874", "description": "A flaw was found in Go's crypto/x509 package. This vulnerability allows improper certificate validation, bypassing policy constraints via using ExtKeyUsageAny in VerifyOptions.KeyUsages.", "issued": "2025-06-11T16:42:52Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22874 https://bugzilla.redhat.com/show_bug.cgi?id=2372320 https://www.cve.org/CVERecord?id=CVE-2025-22874 https://nvd.nist.gov/vuln/detail/CVE-2025-22874 https://go.dev/cl/670375 https://go.dev/issue/73612 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://pkg.go.dev/vuln/GO-2025-3749 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22874.json https://access.redhat.com/errata/RHSA-2025:10676", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.4-1.el9_6", "arch_op": "pattern match" }, "VyeYHICkBiXwLbWKsz4//A==": { "id": "VyeYHICkBiXwLbWKsz4//A==", "updater": "rhel-vex", "name": "CVE-2024-22020", "description": "A flaw was found in the Node.js package. By embedding non-network imports in data URLs, this flaw allows an attacker to execute arbitrary code, compromising system security.", "issued": "2024-07-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22020 https://bugzilla.redhat.com/show_bug.cgi?id=2296417 https://www.cve.org/CVERecord?id=CVE-2024-22020 https://nvd.nist.gov/vuln/detail/CVE-2024-22020 https://hackerone.com/reports/2092749 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22020.json https://access.redhat.com/errata/RHSA-2024:5815", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.1-1.20.16.0.1.module+el9.4.0+22197+9e60f127", "arch_op": "pattern match" }, "W01A5sOetTjsV/4bYawPgA==": { "id": "W01A5sOetTjsV/4bYawPgA==", "updater": "rhel-vex", "name": "CVE-2025-4673", "description": "A flaw was found in net/http. Handling Proxy-Authorization and Proxy-Authenticate headers during cross-origin redirects allows these headers to be inadvertently forwarded, potentially exposing sensitive authentication credentials. This flaw allows a network-based attacker to manipulate redirect responses, unintentionally exposing authentication details to unauthorized parties.", "issued": "2025-06-11T16:42:53Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4673 https://bugzilla.redhat.com/show_bug.cgi?id=2373305 https://www.cve.org/CVERecord?id=CVE-2025-4673 https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://pkg.go.dev/vuln/GO-2025-3751 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4673.json https://access.redhat.com/errata/RHSA-2025:10676", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.4-1.el9_6", "arch_op": "pattern match" }, "W08Ska67/8hV/b3GYflglQ==": { "id": "W08Ska67/8hV/b3GYflglQ==", "updater": "rhel-vex", "name": "CVE-2023-32067", "description": "A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32067 https://bugzilla.redhat.com/show_bug.cgi?id=2209502 https://www.cve.org/CVERecord?id=CVE-2023-32067 https://nvd.nist.gov/vuln/detail/CVE-2023-32067 https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32067.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.0-1.18.14.2.3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "W0TAw6aTfwXOMlJwloDkZA==": { "id": "W0TAw6aTfwXOMlJwloDkZA==", "updater": "rhel-vex", "name": "CVE-2021-4136", "description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "issued": "2021-12-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-4136 https://bugzilla.redhat.com/show_bug.cgi?id=2034720 https://www.cve.org/CVERecord?id=CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-4136.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "W1tMz8vPaPxg0wpYqAjagA==": { "id": "W1tMz8vPaPxg0wpYqAjagA==", "updater": "rhel-vex", "name": "CVE-2026-25646", "description": "A heap based buffer overflow flaw has been discovered in LibPNG. Prior to version 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification.", "issued": "2026-02-10T17:04:38Z", "links": "https://access.redhat.com/security/cve/CVE-2026-25646 https://bugzilla.redhat.com/show_bug.cgi?id=2438542 https://www.cve.org/CVERecord?id=CVE-2026-25646 https://nvd.nist.gov/vuln/detail/CVE-2026-25646 http://www.openwall.com/lists/oss-security/2026/02/09/7 https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88 https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25646.json https://access.redhat.com/errata/RHSA-2026:3405", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libpng", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:1.6.37-12.el9_7.2", "arch_op": "pattern match" }, "W38wbfyrQoe88ivLfgHXaA==": { "id": "W38wbfyrQoe88ivLfgHXaA==", "updater": "rhel-vex", "name": "CVE-2026-1525", "description": "A flaw was found in undici, a Node.js HTTP/1.1 client. A remote attacker could exploit this vulnerability by sending HTTP/1.1 requests that include duplicate Content-Length headers with different casing (e.g., \"Content-Length\" and \"content-length\"). This can lead to HTTP Request Smuggling, a technique where an attacker sends an ambiguous request that is interpreted differently by a proxy and a backend server. Successful exploitation could result in unauthorized access, cache poisoning, or credential hijacking. It may also cause a Denial of Service (DoS) if strict HTTP parsers reject the malformed requests.", "issued": "2026-03-12T19:56:55Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1525 https://bugzilla.redhat.com/show_bug.cgi?id=2447144 https://www.cve.org/CVERecord?id=CVE-2026-1525 https://nvd.nist.gov/vuln/detail/CVE-2026-1525 https://cna.openjsf.org/security-advisories.html https://cwe.mitre.org/data/definitions/444.html https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm https://hackerone.com/reports/3556037 https://www.rfc-editor.org/rfc/rfc9110.html#section-8.6 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1525.json https://access.redhat.com/errata/RHSA-2026:7302", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.22.2-1.module+el9.7.0+24157+8ddb2461", "arch_op": "pattern match" }, "W3qe9/KhW5BUF2s+kXxVcA==": { "id": "W3qe9/KhW5BUF2s+kXxVcA==", "updater": "rhel-vex", "name": "CVE-2023-5981", "description": "A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.", "issued": "2023-11-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5981 https://bugzilla.redhat.com/show_bug.cgi?id=2248445 https://www.cve.org/CVERecord?id=CVE-2023-5981 https://nvd.nist.gov/vuln/detail/CVE-2023-5981 https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5981.json https://access.redhat.com/errata/RHSA-2024:0533", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-23.el9_3.3", "arch_op": "pattern match" }, "W4i+1AnMm5l6mD/A/2lJnQ==": { "id": "W4i+1AnMm5l6mD/A/2lJnQ==", "updater": "rhel-vex", "name": "CVE-2026-33636", "description": "A flaw was found in libpng. A remote attacker could exploit an out-of-bounds read and write vulnerability in the ARM/AArch64 Neon-optimized palette expansion path. This occurs when processing a final partial chunk of 8-bit paletted rows without verifying sufficient input pixels, leading to dereferencing pointers before the start of the row buffer and writing expanded pixel data to underflowed positions. This flaw can result in information disclosure and denial of service.", "issued": "2026-03-26T16:51:58Z", "links": "https://access.redhat.com/security/cve/CVE-2026-33636 https://bugzilla.redhat.com/show_bug.cgi?id=2451819 https://www.cve.org/CVERecord?id=CVE-2026-33636 https://nvd.nist.gov/vuln/detail/CVE-2026-33636 https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869 https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3 https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33636.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libpng", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "W5AFCpfA9GqOU4nKI8CYwQ==": { "id": "W5AFCpfA9GqOU4nKI8CYwQ==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://nodejs.org/pt/blog/vulnerability/january-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1446", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385", "arch_op": "pattern match" }, "W5SSItV7fPTUmtVkE5E9HQ==": { "id": "W5SSItV7fPTUmtVkE5E9HQ==", "updater": "rhel-vex", "name": "CVE-2026-25646", "description": "A heap based buffer overflow flaw has been discovered in LibPNG. Prior to version 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification.", "issued": "2026-02-10T17:04:38Z", "links": "https://access.redhat.com/security/cve/CVE-2026-25646 https://bugzilla.redhat.com/show_bug.cgi?id=2438542 https://www.cve.org/CVERecord?id=CVE-2026-25646 https://nvd.nist.gov/vuln/detail/CVE-2026-25646 http://www.openwall.com/lists/oss-security/2026/02/09/7 https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88 https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25646.json https://access.redhat.com/errata/RHSA-2026:3405", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libpng-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:1.6.37-12.el9_7.2", "arch_op": "pattern match" }, "W5birtu1clZwp55QDPxkAA==": { "id": "W5birtu1clZwp55QDPxkAA==", "updater": "rhel-vex", "name": "CVE-2023-5678", "description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "issued": "2023-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "W9IdHW1dLxMcDTawlof8yw==": { "id": "W9IdHW1dLxMcDTawlof8yw==", "updater": "rhel-vex", "name": "CVE-2024-28863", "description": "A flaw was found in ISAACS's node-tar, where it is vulnerable to a denial of service, caused by the lack of folder count validation. The vulnerability exists due to the application not properly controlling the consumption of internal resources while parsing a tar file. By sending a specially crafted request, a remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28863 https://bugzilla.redhat.com/show_bug.cgi?id=2293200 https://www.cve.org/CVERecord?id=CVE-2024-28863 https://nvd.nist.gov/vuln/detail/CVE-2024-28863 https://github.com/isaacs/node-tar/security/advisories/GHSA-f5x3-32g6-xq36 https://security.netapp.com/advisory/ntap-20240524-0005/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28863.json https://access.redhat.com/errata/RHSA-2024:6147", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.4-1.module+el9.4.0+22195+c221878e", "arch_op": "pattern match" }, "W9Pcn9xdPg78KgFAK5oOyQ==": { "id": "W9Pcn9xdPg78KgFAK5oOyQ==", "updater": "rhel-vex", "name": "CVE-2024-0450", "description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.1", "arch_op": "pattern match" }, "WACsy7vAhq3GJRyxAuj7NA==": { "id": "WACsy7vAhq3GJRyxAuj7NA==", "updater": "rhel-vex", "name": "CVE-2023-4752", "description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "issued": "2023-09-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4752.json https://access.redhat.com/errata/RHSA-2025:7440", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-22.el9_6", "arch_op": "pattern match" }, "WALxwIFXDH8ZvKesDKBFiQ==": { "id": "WALxwIFXDH8ZvKesDKBFiQ==", "updater": "rhel-vex", "name": "CVE-2025-4138", "description": "A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract() or TarFile.extractall() with the filter= parameter set to \"data\" or \"tar\".", "issued": "2025-06-03T12:59:02Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4138 https://bugzilla.redhat.com/show_bug.cgi?id=2372426 https://www.cve.org/CVERecord?id=CVE-2025-4138 https://nvd.nist.gov/vuln/detail/CVE-2025-4138 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4138.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "WCZXmTnbo+2lbMuZdpH8NA==": { "id": "WCZXmTnbo+2lbMuZdpH8NA==", "updater": "rhel-vex", "name": "CVE-2023-27043", "description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "issued": "2023-04-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27043 https://bugzilla.redhat.com/show_bug.cgi?id=2196183 https://www.cve.org/CVERecord?id=CVE-2023-27043 https://nvd.nist.gov/vuln/detail/CVE-2023-27043 https://access.redhat.com/articles/7051467 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27043.json https://access.redhat.com/errata/RHSA-2024:0466", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-1.el9_3.1", "arch_op": "pattern match" }, "WFXV6zzHKCX8JuqtokClVw==": { "id": "WFXV6zzHKCX8JuqtokClVw==", "updater": "rhel-vex", "name": "CVE-2023-0465", "description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "WGccGAwrqbQSNjycPuaPsA==": { "id": "WGccGAwrqbQSNjycPuaPsA==", "updater": "rhel-vex", "name": "CVE-2022-43552", "description": "A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols, curl can use a heap-allocated struct after it has been freed and shut down the code path in its transfer.", "issued": "2022-12-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-43552 https://bugzilla.redhat.com/show_bug.cgi?id=2152652 https://www.cve.org/CVERecord?id=CVE-2022-43552 https://nvd.nist.gov/vuln/detail/CVE-2022-43552 https://curl.se/docs/CVE-2022-43552.html https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-43552.json https://access.redhat.com/errata/RHSA-2023:2478", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9", "arch_op": "pattern match" }, "WGwIYJUrzsJ4/8TTyxMGGQ==": { "id": "WGwIYJUrzsJ4/8TTyxMGGQ==", "updater": "rhel-vex", "name": "CVE-2026-27138", "description": "A certificate validation flaw has been discovered in the golang crypto/x509 module. Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chains, or those that use TLS.", "issued": "2026-03-06T21:28:14Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27138 https://bugzilla.redhat.com/show_bug.cgi?id=2445344 https://www.cve.org/CVERecord?id=CVE-2026-27138 https://nvd.nist.gov/vuln/detail/CVE-2026-27138 https://go.dev/cl/752183 https://go.dev/issue/77953 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://pkg.go.dev/vuln/GO-2026-4600 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27138.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "WHLXl098SguAfGDl/9SUeQ==": { "id": "WHLXl098SguAfGDl/9SUeQ==", "updater": "rhel-vex", "name": "CVE-2026-27143", "description": "A flaw was found in the cmd/compile package in the Go standard library. The compiler fails to correctly check for integer overflow or underflow in arithmetic operations involving loop induction variables. As a result, the compiler allows invalid memory indexing to occur at runtime, potentially leading to memory corruption.", "issued": "2026-04-08T01:06:57Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27143 https://bugzilla.redhat.com/show_bug.cgi?id=2456342 https://www.cve.org/CVERecord?id=CVE-2026-27143 https://nvd.nist.gov/vuln/detail/CVE-2026-27143 https://go.dev/cl/763765 https://go.dev/issue/78333 https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU https://pkg.go.dev/vuln/GO-2026-4868 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27143.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "WHMzYQNPFNnp30WX8W+gnw==": { "id": "WHMzYQNPFNnp30WX8W+gnw==", "updater": "rhel-vex", "name": "CVE-2025-9714", "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "issued": "2025-09-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9714 https://bugzilla.redhat.com/show_bug.cgi?id=2392605 https://www.cve.org/CVERecord?id=CVE-2025-9714 https://nvd.nist.gov/vuln/detail/CVE-2025-9714 https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21 https://gitlab.gnome.org/GNOME/libxslt/-/issues/148 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9714.json https://access.redhat.com/errata/RHSA-2025:22376", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-14.el9_7", "arch_op": "pattern match" }, "WIbunUW6+W30QKZc5Tmqzw==": { "id": "WIbunUW6+W30QKZc5Tmqzw==", "updater": "rhel-vex", "name": "CVE-2024-32020", "description": "A vulnerability was found in Git. This flaw allows an unauthenticated attacker to place a specialized repository on their target's local system. For performance reasons, Git uses hardlinks when cloning a repository located on the same disk. However, if the repo being cloned is owned by a different user, this can introduce a security risk. At any time in the future, the original repo owner could rewrite the hardlinked files in the cloned user's repo.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32020 https://bugzilla.redhat.com/show_bug.cgi?id=2280466 https://www.cve.org/CVERecord?id=CVE-2024-32020 https://nvd.nist.gov/vuln/detail/CVE-2024-32020 https://github.com/git/git/security/advisories/GHSA-5rfh-556j-fhgj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32020.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "WKEI7EQhRkCAgIF18HZjKg==": { "id": "WKEI7EQhRkCAgIF18HZjKg==", "updater": "rhel-vex", "name": "CVE-2023-32573", "description": "A vulnerability was found in qt. The security flaw occurs due to uninitialized variable usage in m_unitsPerEm.", "issued": "2023-05-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32573 https://bugzilla.redhat.com/show_bug.cgi?id=2208135 https://www.cve.org/CVERecord?id=CVE-2023-32573 https://nvd.nist.gov/vuln/detail/CVE-2023-32573 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32573.json https://access.redhat.com/errata/RHSA-2023:6369", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "qt5-srpm-macros", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:5.15.9-1.el9", "arch_op": "pattern match" }, "WLpGLJSV+lV8a0xggVfA3A==": { "id": "WLpGLJSV+lV8a0xggVfA3A==", "updater": "rhel-vex", "name": "CVE-2025-48384", "description": "A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return (CR) are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read, resulting in the submodule being checked out to an incorrect location.", "issued": "2025-07-08T18:23:48Z", "links": "https://access.redhat.com/security/cve/CVE-2025-48384 https://bugzilla.redhat.com/show_bug.cgi?id=2378806 https://www.cve.org/CVERecord?id=CVE-2025-48384 https://nvd.nist.gov/vuln/detail/CVE-2025-48384 https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384 https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89 https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9 https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-48384.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "WLri8p9NfgX8reKybIYziw==": { "id": "WLri8p9NfgX8reKybIYziw==", "updater": "rhel-vex", "name": "CVE-2025-31498", "description": "A flaw was found in c-ares. This vulnerability allows a remote or local attacker to cause a use-after-free, potentially leading to application-level denial of service or other unexpected behavior via manipulation of DNS responses or network conditions during query processing.", "issued": "2025-04-08T13:53:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-31498 https://bugzilla.redhat.com/show_bug.cgi?id=2358271 https://www.cve.org/CVERecord?id=CVE-2025-31498 https://nvd.nist.gov/vuln/detail/CVE-2025-31498 https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1 https://github.com/c-ares/c-ares/pull/821 https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-31498.json https://access.redhat.com/errata/RHSA-2025:7426", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.19.1-1.module+el9.6.0+23053+4195b0b2", "arch_op": "pattern match" }, "WNA27LqRIql90O1m/PSAgQ==": { "id": "WNA27LqRIql90O1m/PSAgQ==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "WNRX1UWo4fDLFOhq9mcbIA==": { "id": "WNRX1UWo4fDLFOhq9mcbIA==", "updater": "rhel-vex", "name": "CVE-2023-23936", "description": "A flaw was found in the fetch API in Node.js that did not prevent CRLF injection in the 'host' header. This issue could allow HTTP response splitting and HTTP header injection.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23936 https://bugzilla.redhat.com/show_bug.cgi?id=2172190 https://www.cve.org/CVERecord?id=CVE-2023-23936 https://nvd.nist.gov/vuln/detail/CVE-2023-23936 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23936.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "WOIdi+BEnCeSEkfRBmj1AA==": { "id": "WOIdi+BEnCeSEkfRBmj1AA==", "updater": "rhel-vex", "name": "CVE-2024-34156", "description": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://www.cve.org/CVERecord?id=CVE-2024-34156 https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3106 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34156.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "WOmMgxwwjpbn/RLQX8HPBg==": { "id": "WOmMgxwwjpbn/RLQX8HPBg==", "updater": "rhel-vex", "name": "CVE-2024-24789", "description": "A flaw was found in Golang. The ZIP implementation of the Go language archive/zip library behaves differently than the rest of the ZIP file format implementations. When handling ZIP files with a corrupted central directory record, the library skips over the invalid record and processes the next valid one. This flaw allows a malicious user to access hidden information or files inside maliciously crafted ZIP files.", "issued": "2024-06-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24789 https://bugzilla.redhat.com/show_bug.cgi?id=2292668 https://www.cve.org/CVERecord?id=CVE-2024-24789 https://nvd.nist.gov/vuln/detail/CVE-2024-24789 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24789.json https://access.redhat.com/errata/RHSA-2024:4212", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.11-1.el9_4", "arch_op": "pattern match" }, "WP0Zjo/ORuC7+jbSIrru8A==": { "id": "WP0Zjo/ORuC7+jbSIrru8A==", "updater": "rhel-vex", "name": "CVE-2025-69421", "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69421 https://bugzilla.redhat.com/show_bug.cgi?id=2430387 https://www.cve.org/CVERecord?id=CVE-2025-69421 https://nvd.nist.gov/vuln/detail/CVE-2025-69421 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69421.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "WPBuKgPICmQT6PHBjmoC1A==": { "id": "WPBuKgPICmQT6PHBjmoC1A==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://inbox.sourceware.org/libc-announce/3ac997b0-28a5-4129-af53-675efe4c2dec@redhat.com/T/#u https://sourceware.org/bugzilla/show_bug.cgi?id=32976 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "WV6CLob4bxW/eDgXBTJfxA==": { "id": "WV6CLob4bxW/eDgXBTJfxA==", "updater": "rhel-vex", "name": "CVE-2024-47081", "description": "A flaw was found in the Requests HTTP library. This vulnerability allows leakage of .netrc credentials to third parties via maliciously crafted URLs that exploit a URL parsing issue.", "issued": "2025-06-09T17:57:47Z", "links": "https://access.redhat.com/security/cve/CVE-2024-47081 https://bugzilla.redhat.com/show_bug.cgi?id=2371272 https://www.cve.org/CVERecord?id=CVE-2024-47081 https://nvd.nist.gov/vuln/detail/CVE-2024-47081 http://seclists.org/fulldisclosure/2025/Jun/2 http://www.openwall.com/lists/oss-security/2025/06/03/11 http://www.openwall.com/lists/oss-security/2025/06/03/9 http://www.openwall.com/lists/oss-security/2025/06/04/1 http://www.openwall.com/lists/oss-security/2025/06/04/6 https://github.com/psf/requests/commit/96ba401c1296ab1dda74a2365ef36d88f7d144ef https://github.com/psf/requests/pull/6965 https://github.com/psf/requests/security/advisories/GHSA-9hjg-9r4m-mvj7 https://requests.readthedocs.io/en/latest/api/#requests.Session.trust_env https://seclists.org/fulldisclosure/2025/Jun/2 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47081.json https://access.redhat.com/errata/RHSA-2025:12519", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-requests", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.25.1-10.el9_6", "arch_op": "pattern match" }, "WVPPqMDSvwuthc5RexsDjg==": { "id": "WVPPqMDSvwuthc5RexsDjg==", "updater": "rhel-vex", "name": "CVE-2023-2650", "description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "issued": "2023-05-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2650.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "WVkwWFZlIInzrX99VsKBBQ==": { "id": "WVkwWFZlIInzrX99VsKBBQ==", "updater": "rhel-vex", "name": "CVE-2022-43552", "description": "A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols, curl can use a heap-allocated struct after it has been freed and shut down the code path in its transfer.", "issued": "2022-12-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-43552 https://bugzilla.redhat.com/show_bug.cgi?id=2152652 https://www.cve.org/CVERecord?id=CVE-2022-43552 https://nvd.nist.gov/vuln/detail/CVE-2022-43552 https://curl.se/docs/CVE-2022-43552.html https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-43552.json https://access.redhat.com/errata/RHSA-2023:2478", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9", "arch_op": "pattern match" }, "WXqvm+7SM0p2PgR8h/gpvg==": { "id": "WXqvm+7SM0p2PgR8h/gpvg==", "updater": "rhel-vex", "name": "CVE-2026-1526", "description": "A flaw was found in undici. A remote attacker can exploit this vulnerability by sending a specially crafted compressed frame, known as a \"decompression bomb,\" during permessage-deflate decompression. The undici WebSocket client does not properly limit the size of decompressed data, leading to unbounded memory consumption. This can cause the Node.js process to exhaust available memory, resulting in a denial of service (DoS) where the process crashes or becomes unresponsive.", "issued": "2026-03-12T20:08:05Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1526 https://bugzilla.redhat.com/show_bug.cgi?id=2447142 https://www.cve.org/CVERecord?id=CVE-2026-1526 https://nvd.nist.gov/vuln/detail/CVE-2026-1526 https://cna.openjsf.org/security-advisories.html https://datatracker.ietf.org/doc/html/rfc7692 https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q https://hackerone.com/reports/3481206 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1526.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "WhQSrxicq09HlEU8PxUQSQ==": { "id": "WhQSrxicq09HlEU8PxUQSQ==", "updater": "rhel-vex", "name": "CVE-2025-15468", "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15468 https://bugzilla.redhat.com/show_bug.cgi?id=2430377 https://www.cve.org/CVERecord?id=CVE-2025-15468 https://nvd.nist.gov/vuln/detail/CVE-2025-15468 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15468.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "WhY0uvyUG/ImjnbaewZftw==": { "id": "WhY0uvyUG/ImjnbaewZftw==", "updater": "rhel-vex", "name": "CVE-2026-22796", "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22796 https://bugzilla.redhat.com/show_bug.cgi?id=2430390 https://www.cve.org/CVERecord?id=CVE-2026-22796 https://nvd.nist.gov/vuln/detail/CVE-2026-22796 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22796.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "WhaoYkvfheR7Tz30m0/IKA==": { "id": "WhaoYkvfheR7Tz30m0/IKA==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gcc-plugin-annobin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "WlLXHoXR9O8Ph+uSZ6aDCg==": { "id": "WlLXHoXR9O8Ph+uSZ6aDCg==", "updater": "rhel-vex", "name": "CVE-2025-47912", "description": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.", "issued": "2025-10-29T22:10:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47912 https://bugzilla.redhat.com/show_bug.cgi?id=2407247 https://www.cve.org/CVERecord?id=CVE-2025-47912 https://nvd.nist.gov/vuln/detail/CVE-2025-47912 https://go.dev/cl/709857 https://go.dev/issue/75678 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4010 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47912.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "WnkMM/SD0E+7EEac0/vMVg==": { "id": "WnkMM/SD0E+7EEac0/vMVg==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1503", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9", "arch_op": "pattern match" }, "WoF8HAs7BhQT5cycNGL9tw==": { "id": "WoF8HAs7BhQT5cycNGL9tw==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "WqlqRQL17MeMqdTx+SuEyw==": { "id": "WqlqRQL17MeMqdTx+SuEyw==", "updater": "rhel-vex", "name": "CVE-2025-46835", "description": "A vulnerability was found in the git GUI package. When a user clones an untrusted repository and edits a file located in a maliciously named directory, git GUI may end up creating or overwriting arbitrary files for the running user has written permission. This flaw allows an attacker to modify the content of target files without the affected user's intent, resulting in a data integrity issue.", "issued": "2025-07-10T15:09:42Z", "links": "https://access.redhat.com/security/cve/CVE-2025-46835 https://bugzilla.redhat.com/show_bug.cgi?id=2379326 https://www.cve.org/CVERecord?id=CVE-2025-46835 https://nvd.nist.gov/vuln/detail/CVE-2025-46835 https://github.com/j6t/git-gui/compare/dcda716dbc9c90bcac4611bd1076747671ee0906..a437f5bc93330a70b42a230e52f3bd036ca1b1da https://github.com/j6t/git-gui/security/advisories/GHSA-xfx7-68v4-v8fg https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-46835.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "Ws0fZZUTvLi37jSEx1MM5g==": { "id": "Ws0fZZUTvLi37jSEx1MM5g==", "updater": "rhel-vex", "name": "CVE-2023-28322", "description": "A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28322 https://bugzilla.redhat.com/show_bug.cgi?id=2196793 https://www.cve.org/CVERecord?id=CVE-2023-28322 https://nvd.nist.gov/vuln/detail/CVE-2023-28322 https://curl.se/docs/CVE-2023-28322.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28322.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "Wv5rERdynoJ/gHM2CtgXiw==": { "id": "Wv5rERdynoJ/gHM2CtgXiw==", "updater": "rhel-vex", "name": "CVE-2023-6597", "description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.1", "arch_op": "pattern match" }, "WwkM3aNBW0LnenEr6xDxWQ==": { "id": "WwkM3aNBW0LnenEr6xDxWQ==", "updater": "rhel-vex", "name": "CVE-2023-28321", "description": "A flaw was found in the Curl package. An incorrect International Domain Name (IDN) wildcard match may lead to improper certificate validation.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28321 https://bugzilla.redhat.com/show_bug.cgi?id=2196786 https://www.cve.org/CVERecord?id=CVE-2023-28321 https://nvd.nist.gov/vuln/detail/CVE-2023-28321 https://curl.se/docs/CVE-2023-28321.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28321.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "WxO9le6q4ACTs4KnSuckDw==": { "id": "WxO9le6q4ACTs4KnSuckDw==", "updater": "rhel-vex", "name": "CVE-2024-56433", "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", "issued": "2024-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-56433 https://bugzilla.redhat.com/show_bug.cgi?id=2334165 https://www.cve.org/CVERecord?id=CVE-2024-56433 https://nvd.nist.gov/vuln/detail/CVE-2024-56433 https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241 https://github.com/shadow-maint/shadow/issues/1157 https://github.com/shadow-maint/shadow/releases/tag/4.4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-56433.json https://access.redhat.com/errata/RHSA-2025:20559", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "shadow-utils", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:4.9-15.el9", "arch_op": "pattern match" }, "WxgHh2OQ1QuZWw68VI9xSg==": { "id": "WxgHh2OQ1QuZWw68VI9xSg==", "updater": "rhel-vex", "name": "CVE-2025-55132", "description": "A file access flaw has been discovered in NodeJS. A file's access and modification timestamps to be changed via `futimes()` even when the process has only read permissions. Unlike `utimes()`, `futimes()` does not apply the expected write-permission checks, which means file metadata can be modified in read-only directories. This behavior could be used to alter timestamps in ways that obscure activity, reducing the reliability of logs.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-55132 https://bugzilla.redhat.com/show_bug.cgi?id=2431338 https://www.cve.org/CVERecord?id=CVE-2025-55132 https://nvd.nist.gov/vuln/detail/CVE-2025-55132 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-55132.json https://access.redhat.com/errata/RHSA-2026:2782", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.22.0-1.module+el9.7.0+23896+b5802de9", "arch_op": "pattern match" }, "Wy87cIX7luFb8A/riFwUyw==": { "id": "Wy87cIX7luFb8A/riFwUyw==", "updater": "rhel-vex", "name": "CVE-2022-24765", "description": "A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This allows the owner of the repository to cause arbitrary commands to be executed by other users who access the repository.", "issued": "2022-04-12T10:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-24765 https://bugzilla.redhat.com/show_bug.cgi?id=2073414 https://www.cve.org/CVERecord?id=CVE-2022-24765 https://nvd.nist.gov/vuln/detail/CVE-2022-24765 https://github.com/git-for-windows/git/security/advisories/GHSA-vw2c-22j4-2fh2 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-24765.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "WzMeKgvORq7XF2Xr4q+JaQ==": { "id": "WzMeKgvORq7XF2Xr4q+JaQ==", "updater": "rhel-vex", "name": "CVE-2023-30590", "description": "A vulnerability has been identified in the Node.js, where a generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30590 https://bugzilla.redhat.com/show_bug.cgi?id=2219842 https://www.cve.org/CVERecord?id=CVE-2023-30590 https://nvd.nist.gov/vuln/detail/CVE-2023-30590 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30590.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "X+rjva7ecn1JedeVO9IX9w==": { "id": "X+rjva7ecn1JedeVO9IX9w==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5765", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-3.el9_2", "arch_op": "pattern match" }, "X10PEbhI2yv6KYFUPacecg==": { "id": "X10PEbhI2yv6KYFUPacecg==", "updater": "rhel-vex", "name": "CVE-2022-1619", "description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "issued": "2022-05-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-1619.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "X1UyeDYfkBXcgz2M5KA5LQ==": { "id": "X1UyeDYfkBXcgz2M5KA5LQ==", "updater": "rhel-vex", "name": "CVE-2026-6846", "description": "A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF (Extended Common Object File Format) object file during linking. A local attacker could trick a user into processing this malicious file, which could lead to arbitrary code execution, allowing the attacker to run unauthorized commands, or cause a denial of service, making the system unavailable.", "issued": "2026-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-6846 https://bugzilla.redhat.com/show_bug.cgi?id=2460006 https://www.cve.org/CVERecord?id=CVE-2026-6846 https://nvd.nist.gov/vuln/detail/CVE-2026-6846 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6846.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "X2XVS8beM5noGWCQGlVZ6g==": { "id": "X2XVS8beM5noGWCQGlVZ6g==", "updater": "osv/go", "name": "GO-2026-4865", "description": "JsBraceDepth Context Tracking Bugs (XSS) in html/template", "issued": "2026-04-07T22:53:49Z", "links": "https://go.dev/cl/763762 https://go.dev/issue/78331 https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.25.9" }, "X2wqIFGbKlJQpE/DojrwxA==": { "id": "X2wqIFGbKlJQpE/DojrwxA==", "updater": "rhel-vex", "name": "CVE-2025-31498", "description": "A flaw was found in c-ares. This vulnerability allows a remote or local attacker to cause a use-after-free, potentially leading to application-level denial of service or other unexpected behavior via manipulation of DNS responses or network conditions during query processing.", "issued": "2025-04-08T13:53:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-31498 https://bugzilla.redhat.com/show_bug.cgi?id=2358271 https://www.cve.org/CVERecord?id=CVE-2025-31498 https://nvd.nist.gov/vuln/detail/CVE-2025-31498 https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1 https://github.com/c-ares/c-ares/pull/821 https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-31498.json https://access.redhat.com/errata/RHSA-2025:7426", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.19.1-1.module+el9.6.0+23053+4195b0b2", "arch_op": "pattern match" }, "X4CDljJQJsftQ2RA57ftuw==": { "id": "X4CDljJQJsftQ2RA57ftuw==", "updater": "rhel-vex", "name": "CVE-2021-3807", "description": "A regular expression denial of service (ReDoS) vulnerability was found in nodejs-ansi-regex. This could possibly cause an application using ansi-regex to use an excessive amount of CPU time when matching crafted ANSI escape codes.", "issued": "2021-09-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3807 https://bugzilla.redhat.com/show_bug.cgi?id=2007557 https://www.cve.org/CVERecord?id=CVE-2021-3807 https://nvd.nist.gov/vuln/detail/CVE-2021-3807 https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3807.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "X4Ym25zfqcH7/samBN+yPw==": { "id": "X4Ym25zfqcH7/samBN+yPw==", "updater": "rhel-vex", "name": "CVE-2026-5545", "description": "A flaw was found in libcurl. An application using libcurl that performs an authenticated HTTP(S) request after a Negotiate-authenticated one to the same host may incorrectly reuse the previous connection. This authentication bypass vulnerability allows the second request to be sent over a connection authenticated with different credentials, potentially leading to unauthorized access or information disclosure.", "issued": "2026-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5545 https://bugzilla.redhat.com/show_bug.cgi?id=2461204 https://www.cve.org/CVERecord?id=CVE-2026-5545 https://nvd.nist.gov/vuln/detail/CVE-2026-5545 https://curl.se/docs/CVE-2026-5545.html https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5545.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "X5o2Qoo8DgfpPtqZ+d9MzQ==": { "id": "X5o2Qoo8DgfpPtqZ+d9MzQ==", "updater": "osv/go", "name": "GO-2026-4603", "description": "URLs in meta content attribute actions are not escaped in html/template", "issued": "2026-03-06T21:03:42Z", "links": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://go.dev/issue/77954 https://go.dev/cl/752081", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.25.8" }, "X7DmUVoCri5i6vdYVBBgXg==": { "id": "X7DmUVoCri5i6vdYVBBgXg==", "updater": "rhel-vex", "name": "CVE-2026-1965", "description": "A flaw was found in curl. When an application uses libcurl to make multiple Negotiate-authenticated HTTP or HTTPS requests to the same server with different credentials, libcurl may incorrectly reuse an existing connection. This logical error can cause a subsequent request to be sent using the authentication of a previous user, leading to an authentication bypass.", "issued": "2026-03-11T10:08:52Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1965 https://bugzilla.redhat.com/show_bug.cgi?id=2446448 https://www.cve.org/CVERecord?id=CVE-2026-1965 https://nvd.nist.gov/vuln/detail/CVE-2026-1965 https://curl.se/docs/CVE-2026-1965.html https://curl.se/docs/CVE-2026-1965.json https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1965.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "X7vlygSvbngQQIjU19VnZQ==": { "id": "X7vlygSvbngQQIjU19VnZQ==", "updater": "rhel-vex", "name": "CVE-2025-66199", "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-66199 https://bugzilla.redhat.com/show_bug.cgi?id=2430379 https://www.cve.org/CVERecord?id=CVE-2025-66199 https://nvd.nist.gov/vuln/detail/CVE-2025-66199 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-66199.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "X9G3TF69Pz3xUY5yIPno7w==": { "id": "X9G3TF69Pz3xUY5yIPno7w==", "updater": "rhel-vex", "name": "CVE-2022-41723", "description": "A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests.", "issued": "2023-02-17T14:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41723 https://bugzilla.redhat.com/show_bug.cgi?id=2178358 https://www.cve.org/CVERecord?id=CVE-2022-41723 https://nvd.nist.gov/vuln/detail/CVE-2022-41723 https://github.com/advisories/GHSA-vvpx-j8f3-3w6h https://go.dev/cl/468135 https://go.dev/cl/468295 https://go.dev/issue/57855 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E https://pkg.go.dev/vuln/GO-2023-1571 https://vuln.go.dev/ID/GO-2023-1571.json https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41723.json https://access.redhat.com/errata/RHBA-2023:2181", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.6-2.el9_2", "arch_op": "pattern match" }, "X9na4KYJ5u50u+KLDr2iTQ==": { "id": "X9na4KYJ5u50u+KLDr2iTQ==", "updater": "rhel-vex", "name": "CVE-2022-40090", "description": "A flaw was found in the libtiff library. This issue allows an attacker who can submit a specially crafted file to an application linked with libtiff to cause an infinite loop, resulting in a denial of service.", "issued": "2022-08-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-40090 https://bugzilla.redhat.com/show_bug.cgi?id=2234970 https://www.cve.org/CVERecord?id=CVE-2022-40090 https://nvd.nist.gov/vuln/detail/CVE-2022-40090 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-40090.json https://access.redhat.com/errata/RHSA-2024:2289", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9", "arch_op": "pattern match" }, "XC3MXlpMb9D+YigNspsXlA==": { "id": "XC3MXlpMb9D+YigNspsXlA==", "updater": "rhel-vex", "name": "CVE-2025-23165", "description": "A flaw was found in the ReadFileUtf8 internal binding of Node.js. This vulnerability can allow an attacker to cause an application denial of service via repeated file read operations that trigger an unrecoverable memory leak due to a corrupted pointer in the underlying file system binding.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23165 https://bugzilla.redhat.com/show_bug.cgi?id=2367162 https://www.cve.org/CVERecord?id=CVE-2025-23165 https://nvd.nist.gov/vuln/detail/CVE-2025-23165 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23165.json https://access.redhat.com/errata/RHSA-2025:8467", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.16.0-1.module+el9.6.0+23151+b1496e9d", "arch_op": "pattern match" }, "XEhX6upCFgCYuF9SSk9Iyg==": { "id": "XEhX6upCFgCYuF9SSk9Iyg==", "updater": "rhel-vex", "name": "CVE-2025-26465", "description": "A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.", "issued": "2025-02-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-26465 https://bugzilla.redhat.com/show_bug.cgi?id=2344780 https://www.cve.org/CVERecord?id=CVE-2025-26465 https://nvd.nist.gov/vuln/detail/CVE-2025-26465 https://access.redhat.com/solutions/7109879 https://seclists.org/oss-sec/2025/q1/144 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-26465.json https://access.redhat.com/errata/RHSA-2025:6993", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-45.el9", "arch_op": "pattern match" }, "XH8pWtqEhhBDhQuq+NWhvQ==": { "id": "XH8pWtqEhhBDhQuq+NWhvQ==", "updater": "rhel-vex", "name": "CVE-2023-5129", "description": "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", "issued": "2023-09-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5129 https://bugzilla.redhat.com/show_bug.cgi?id=2240759 https://www.cve.org/CVERecord?id=CVE-2023-5129 https://nvd.nist.gov/vuln/detail/CVE-2023-5129 https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76 https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5129.json https://access.redhat.com/errata/RHSA-2023:5214", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", "normalized_severity": "Unknown", "package": { "id": "", "name": "libwebp", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.2.0-7.el9_2", "arch_op": "pattern match" }, "XHSXqyF2rScxnK03VnME5Q==": { "id": "XHSXqyF2rScxnK03VnME5Q==", "updater": "rhel-vex", "name": "CVE-2025-8176", "description": "A flaw was found in libtiff. The `get_histogram` function in `file/tiffmedian.c` exhibits a use-after-free condition when processing a specially crafted file, allowing a local attacker to trigger memory corruption. This manipulation results in a use-after-free vulnerability, and can lead to a denial of service.", "issued": "2025-07-26T03:32:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8176 https://bugzilla.redhat.com/show_bug.cgi?id=2383598 https://www.cve.org/CVERecord?id=CVE-2025-8176 https://nvd.nist.gov/vuln/detail/CVE-2025-8176 http://www.libtiff.org/ https://gitlab.com/libtiff/libtiff/-/commit/fe10872e53efba9cc36c66ac4ab3b41a839d5172 https://gitlab.com/libtiff/libtiff/-/issues/707 https://gitlab.com/libtiff/libtiff/-/merge_requests/727 https://vuldb.com/?ctiid.317590 https://vuldb.com/?id.317590 https://vuldb.com/?submit.621796 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8176.json https://access.redhat.com/errata/RHSA-2025:19113", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-13.el9_6.2", "arch_op": "pattern match" }, "XKuZX/r+YD1eQ8+4f77NQQ==": { "id": "XKuZX/r+YD1eQ8+4f77NQQ==", "updater": "rhel-vex", "name": "CVE-2025-9086", "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", "issued": "2025-09-12T05:10:03Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9086 https://bugzilla.redhat.com/show_bug.cgi?id=2394750 https://www.cve.org/CVERecord?id=CVE-2025-9086 https://nvd.nist.gov/vuln/detail/CVE-2025-9086 https://curl.se/docs/CVE-2025-9086.html https://curl.se/docs/CVE-2025-9086.json https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6 https://hackerone.com/reports/3294999 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9086.json https://access.redhat.com/errata/RHSA-2026:1350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-35.el9_7.3", "arch_op": "pattern match" }, "XL+Z1BeLmN8Pi7RZ6D6z/w==": { "id": "XL+Z1BeLmN8Pi7RZ6D6z/w==", "updater": "rhel-vex", "name": "CVE-2025-15366", "description": "A flaw was found in the imaplib module in the Python standard library. The imaplib module does not reject control characters, such as newlines, in user-controlled input passed to IMAP commands. This issue allows an attacker to inject additional commands to be executed in the IMAP server.", "issued": "2026-01-20T21:40:24Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15366 https://bugzilla.redhat.com/show_bug.cgi?id=2431368 https://www.cve.org/CVERecord?id=CVE-2025-15366 https://nvd.nist.gov/vuln/detail/CVE-2025-15366 https://github.com/python/cpython/issues/143921 https://github.com/python/cpython/pull/143922 https://mail.python.org/archives/list/security-announce@python.org/thread/DD7C7JZJYTBXMDOWKCEIEBJLBRU64OMR/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15366.json https://access.redhat.com/errata/RHSA-2026:4168", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.25-3.el9_7.1", "arch_op": "pattern match" }, "XL1Nv8y45q8aiA92A99YyA==": { "id": "XL1Nv8y45q8aiA92A99YyA==", "updater": "rhel-vex", "name": "CVE-2023-0512", "description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "issued": "2023-01-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0512.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "XM09w+ZScTz4IEN6LeAUgg==": { "id": "XM09w+ZScTz4IEN6LeAUgg==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "XPUXyp+BOEJyEGOgXafi8Q==": { "id": "XPUXyp+BOEJyEGOgXafi8Q==", "updater": "rhel-vex", "name": "CVE-2022-27943", "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "issued": "2022-03-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-27943.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gcc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "XPiYSctd10AtrHxx1Yivlw==": { "id": "XPiYSctd10AtrHxx1Yivlw==", "updater": "rhel-vex", "name": "CVE-2026-22795", "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22795 https://bugzilla.redhat.com/show_bug.cgi?id=2430389 https://www.cve.org/CVERecord?id=CVE-2026-22795 https://nvd.nist.gov/vuln/detail/CVE-2026-22795 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22795.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "XSCYGr+cvuvD+k3V0XhWSw==": { "id": "XSCYGr+cvuvD+k3V0XhWSw==", "updater": "rhel-vex", "name": "CVE-2023-45143", "description": "A flaw was found in the Undici node package due to the occurrence of Cross-origin requests, possibly leading to a cookie header leakage. By default, cookie headers are forbidden request headers, and they must be enabled. This flaw allows a malicious user to access this leaked cookie if they have control of the redirection.", "issued": "2023-10-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45143 https://bugzilla.redhat.com/show_bug.cgi?id=2244104 https://www.cve.org/CVERecord?id=CVE-2023-45143 https://nvd.nist.gov/vuln/detail/CVE-2023-45143 https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45143.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "XVnPYCI1ck0zTs/Cz6Yl5A==": { "id": "XVnPYCI1ck0zTs/Cz6Yl5A==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "XW4X9/W6MfETfE/VICA4Jw==": { "id": "XW4X9/W6MfETfE/VICA4Jw==", "updater": "rhel-vex", "name": "CVE-2025-1376", "description": "A flaw was found in GNU elfutils. This vulnerability allows denial of service via manipulation of the function elf_strptr in /libelf/elf_strptr.c.", "issued": "2025-02-17T04:31:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1376 https://bugzilla.redhat.com/show_bug.cgi?id=2346061 https://www.cve.org/CVERecord?id=CVE-2025-1376 https://nvd.nist.gov/vuln/detail/CVE-2025-1376 https://sourceware.org/bugzilla/attachment.cgi?id=15940 https://sourceware.org/bugzilla/show_bug.cgi?id=32672 https://sourceware.org/bugzilla/show_bug.cgi?id=32672#c3 https://vuldb.com/?ctiid.295984 https://vuldb.com/?id.295984 https://vuldb.com/?submit.497538 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1376.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "elfutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "XWaBdbEJiHpYXT1f1eBk1Q==": { "id": "XWaBdbEJiHpYXT1f1eBk1Q==", "updater": "rhel-vex", "name": "CVE-2022-47007", "description": "A memory leak was found in function stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "issued": "2022-06-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "XWfDomoStj3uOui0AGO+Tg==": { "id": "XWfDomoStj3uOui0AGO+Tg==", "updater": "rhel-vex", "name": "CVE-2025-23083", "description": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.", "issued": "2025-01-22T01:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23083 https://bugzilla.redhat.com/show_bug.cgi?id=2339392 https://www.cve.org/CVERecord?id=CVE-2025-23083 https://nvd.nist.gov/vuln/detail/CVE-2025-23083 https://nodejs.org/en/blog/vulnerability/january-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23083.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.13.1-1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "XXYPGOxEabdavz27Qo+rWQ==": { "id": "XXYPGOxEabdavz27Qo+rWQ==", "updater": "rhel-vex", "name": "CVE-2024-52006", "description": "A flaw was found in Git. Git defines a line-based protocol that is used to exchange information between Git and Git credential helpers. Some ecosystems, most notably .NET and node.js, interpret single Carriage Return characters as newlines, which render the protections against CVE-2020-5260 incomplete for credential helpers, which has the potential to expose stored credentials to malicious URLs.", "issued": "2025-01-14T18:39:52Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52006 https://bugzilla.redhat.com/show_bug.cgi?id=2337956 https://www.cve.org/CVERecord?id=CVE-2024-52006 https://nvd.nist.gov/vuln/detail/CVE-2024-52006 https://github.com/git-ecosystem/git-credential-manager/security/advisories/GHSA-86c2-4x57-wc8g https://github.com/git/git/commit/b01b9b81d36759cdcd07305e78765199e1bc2060 https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q https://github.com/git/git/security/advisories/GHSA-r5ph-xg7q-xfrp https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52006.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "XXaDpMG90Mb3fV4QxoLqXA==": { "id": "XXaDpMG90Mb3fV4QxoLqXA==", "updater": "rhel-vex", "name": "CVE-2022-25883", "description": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size, resulting in a denial of service.", "issued": "2023-06-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25883 https://bugzilla.redhat.com/show_bug.cgi?id=2216475 https://www.cve.org/CVERecord?id=CVE-2022-25883 https://nvd.nist.gov/vuln/detail/CVE-2022-25883 https://github.com/advisories/GHSA-c2qf-rxjj-qqgw https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25883.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.6.7-1.18.17.1.1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "XcaHXhT/kGXPIEcG1BNy1g==": { "id": "XcaHXhT/kGXPIEcG1BNy1g==", "updater": "rhel-vex", "name": "CVE-2025-61726", "description": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.", "issued": "2026-01-28T19:30:31Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61726 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://www.cve.org/CVERecord?id=CVE-2025-61726 https://nvd.nist.gov/vuln/detail/CVE-2025-61726 https://go.dev/cl/736712 https://go.dev/issue/77101 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://pkg.go.dev/vuln/GO-2026-4341 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61726.json https://access.redhat.com/errata/RHSA-2026:2709", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.25.7-1.el9_7", "arch_op": "pattern match" }, "XctMW4QJZO0RsDAv/VoABQ==": { "id": "XctMW4QJZO0RsDAv/VoABQ==", "updater": "rhel-vex", "name": "CVE-2023-3899", "description": "A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.", "issued": "2023-08-22T14:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3899 https://bugzilla.redhat.com/show_bug.cgi?id=2225407 https://www.cve.org/CVERecord?id=CVE-2023-3899 https://nvd.nist.gov/vuln/detail/CVE-2023-3899 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3899.json https://access.redhat.com/errata/RHSA-2023:4708", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "python3-cloud-what", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.29.33.1-2.el9_2", "arch_op": "pattern match" }, "XdzUGUJMTsfPfs79OXKU4Q==": { "id": "XdzUGUJMTsfPfs79OXKU4Q==", "updater": "rhel-vex", "name": "CVE-2025-14831", "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "issued": "2026-02-09T14:26:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14831 https://bugzilla.redhat.com/show_bug.cgi?id=2423177 https://www.cve.org/CVERecord?id=CVE-2025-14831 https://nvd.nist.gov/vuln/detail/CVE-2025-14831 https://gitlab.com/gnutls/gnutls/-/issues/1773 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14831.json https://access.redhat.com/errata/RHSA-2026:4188", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-10.el9_7", "arch_op": "pattern match" }, "XfjE+J06ONMJAg7vkQ3tbQ==": { "id": "XfjE+J06ONMJAg7vkQ3tbQ==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "XhhNgYgTJmDdYc90YuE8vw==": { "id": "XhhNgYgTJmDdYc90YuE8vw==", "updater": "rhel-vex", "name": "CVE-2024-6232", "description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "issued": "2024-09-03T13:15:05Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.6", "arch_op": "pattern match" }, "XhkP3BSjbvvRVX8X7UztjA==": { "id": "XhkP3BSjbvvRVX8X7UztjA==", "updater": "rhel-vex", "name": "CVE-2025-12084", "description": "A flaw was found in cpython. This vulnerability allows impacted availability via a quadratic algorithm in `xml.dom.minidom` methods, such as `appendChild()`, when building excessively nested documents due to a dependency on `_clear_id_cache()`", "issued": "2025-12-03T18:55:32Z", "links": "https://access.redhat.com/security/cve/CVE-2025-12084 https://bugzilla.redhat.com/show_bug.cgi?id=2418655 https://www.cve.org/CVERecord?id=CVE-2025-12084 https://nvd.nist.gov/vuln/detail/CVE-2025-12084 https://github.com/python/cpython/issues/142145 https://github.com/python/cpython/pull/142146 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-12084.json https://access.redhat.com/errata/RHSA-2026:1478", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.25-3.el9_7", "arch_op": "pattern match" }, "XjQpmqOxrg5I1zgVKxswFw==": { "id": "XjQpmqOxrg5I1zgVKxswFw==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "XkiVaSOj/tcz5wNKnglN4w==": { "id": "XkiVaSOj/tcz5wNKnglN4w==", "updater": "rhel-vex", "name": "CVE-2026-33412", "description": "A flaw was found in Vim. By including a newline character in a pattern passed to Vim's glob() function, an attacker may be able to execute arbitrary shell commands. This command injection vulnerability allows for arbitrary code execution, depending on the user's shell settings.", "issued": "2026-03-24T19:43:07Z", "links": "https://access.redhat.com/security/cve/CVE-2026-33412 https://bugzilla.redhat.com/show_bug.cgi?id=2450907 https://www.cve.org/CVERecord?id=CVE-2026-33412 https://nvd.nist.gov/vuln/detail/CVE-2026-33412 https://github.com/vim/vim/commit/645ed6597d1ea896c712cd7ddbb6edee79577e9a https://github.com/vim/vim/releases/tag/v9.2.0202 https://github.com/vim/vim/security/advisories/GHSA-w5jw-f54h-x46c https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33412.json https://access.redhat.com/errata/RHSA-2026:8259", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-23.el9_7.2", "arch_op": "pattern match" }, "Xme6FM3Lt2Ob4s0txlAE5w==": { "id": "Xme6FM3Lt2Ob4s0txlAE5w==", "updater": "rhel-vex", "name": "CVE-2026-35387", "description": "A flaw was found in OpenSSH. This vulnerability allows the system to use unintended Elliptic Curve Digital Signature Algorithm (ECDSA) algorithms. This occurs because the configuration for accepted public key algorithms is misinterpreted, leading to the use of weaker cryptographic methods than intended. This could potentially allow an attacker to compromise the confidentiality of data.", "issued": "2026-04-02T16:52:53Z", "links": "https://access.redhat.com/security/cve/CVE-2026-35387 https://bugzilla.redhat.com/show_bug.cgi?id=2454494 https://www.cve.org/CVERecord?id=CVE-2026-35387 https://nvd.nist.gov/vuln/detail/CVE-2026-35387 https://marc.info/?l=openssh-unix-dev\u0026m=177513443901484\u0026w=2 https://www.openssh.org/releasenotes.html#10.3p1 https://www.openwall.com/lists/oss-security/2026/04/02/3 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-35387.json https://access.redhat.com/errata/RHSA-2026:13381", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-49.el9_7", "arch_op": "pattern match" }, "Xms/F5NRiyBcCNuPxw8aoA==": { "id": "Xms/F5NRiyBcCNuPxw8aoA==", "updater": "rhel-vex", "name": "CVE-2025-28164", "description": "A flaw was found in libpng. This buffer overflow vulnerability allows a local attacker to cause a denial of service (DoS) by exploiting the `png_create_read_struct()` function. This can lead to the affected system becoming unresponsive or crashing.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-28164 https://bugzilla.redhat.com/show_bug.cgi?id=2433398 https://www.cve.org/CVERecord?id=CVE-2025-28164 https://nvd.nist.gov/vuln/detail/CVE-2025-28164 https://gist.github.com/kittener/506516f8c22178005b4379c8b2a7de20 https://github.com/pnggroup/libpng/issues/655 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-28164.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libpng", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Xnj4Kpl+tPifTh/+xOnglw==": { "id": "Xnj4Kpl+tPifTh/+xOnglw==", "updater": "rhel-vex", "name": "CVE-2025-11187", "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11187 https://bugzilla.redhat.com/show_bug.cgi?id=2430375 https://www.cve.org/CVERecord?id=CVE-2025-11187 https://nvd.nist.gov/vuln/detail/CVE-2025-11187 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11187.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "Xo53LSQ1UPT3k4c2guU75Q==": { "id": "Xo53LSQ1UPT3k4c2guU75Q==", "updater": "rhel-vex", "name": "CVE-2026-6993", "description": "A flaw was found in go-kratos kratos. A remote attacker could exploit a vulnerability in the HTTP server's `NewServer` function, specifically within the `http.DefaultServeMux Fallback Handler`. This manipulation creates an unintended intermediary, which can lead to the disclosure of sensitive information.", "issued": "2026-04-25T18:30:16Z", "links": "https://access.redhat.com/security/cve/CVE-2026-6993 https://bugzilla.redhat.com/show_bug.cgi?id=2461841 https://www.cve.org/CVERecord?id=CVE-2026-6993 https://nvd.nist.gov/vuln/detail/CVE-2026-6993 https://github.com/Yanhu007/kratos/commit/0284a5bcf92b5a7ee015300ce3051baf7ae4718d https://github.com/go-kratos/kratos/ https://github.com/go-kratos/kratos/issues/3810 https://github.com/go-kratos/kratos/pull/3814 https://vuldb.com/submit/797099 https://vuldb.com/vuln/359545 https://vuldb.com/vuln/359545/cti https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6993.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "XoUEjlwE1Uyl1H7Seu8qUw==": { "id": "XoUEjlwE1Uyl1H7Seu8qUw==", "updater": "rhel-vex", "name": "CVE-2024-5642", "description": "A vulnerability was found in Python/CPython that does not disallow configuring an empty list (\"[]\") for SSLContext.set_npn_protocols(), which is an invalid value for the underlying OpenSSL API. This issue results in a buffer over-read when NPN is used. See CVE -2024-5535 for OpenSSL for more information.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-5642 https://bugzilla.redhat.com/show_bug.cgi?id=2294682 https://www.cve.org/CVERecord?id=CVE-2024-5642 https://nvd.nist.gov/vuln/detail/CVE-2024-5642 https://mail.python.org/archives/list/security-announce@python.org/thread/PLP2JI3PJY33YG6P5BZYSSNU66HASXBQ/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5642.json https://access.redhat.com/errata/RHSA-2025:23342", "severity": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.25-2.el9_7", "arch_op": "pattern match" }, "XqfFkzS9GKZn0SPxJdTgfA==": { "id": "XqfFkzS9GKZn0SPxJdTgfA==", "updater": "rhel-vex", "name": "CVE-2026-25547", "description": "A flaw was found in the brace-expansion component. This denial of service (DoS) vulnerability allows a remote attacker to provide specially crafted input containing repeated numeric brace ranges. This input causes the library to attempt an unbounded expansion, consuming excessive CPU and memory resources. This can lead to a system crash, impacting the availability of the service.", "issued": "2026-02-04T21:51:17Z", "links": "https://access.redhat.com/security/cve/CVE-2026-25547 https://bugzilla.redhat.com/show_bug.cgi?id=2436942 https://www.cve.org/CVERecord?id=CVE-2026-25547 https://nvd.nist.gov/vuln/detail/CVE-2026-25547 https://github.com/isaacs/brace-expansion/security/advisories/GHSA-7h2j-956f-4vf2 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25547.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "XsxaedsaFYv/ys7GTRoUVw==": { "id": "XsxaedsaFYv/ys7GTRoUVw==", "updater": "rhel-vex", "name": "CVE-2026-1527", "description": "A flaw was found in undici, a Node.js HTTP/1.1 client. This vulnerability allows a remote attacker to inject malicious data into HTTP headers or prematurely end HTTP requests by sending specially crafted input to the `upgrade` option of `client.request()`. This is possible because undici does not properly validate input for invalid header characters, which could lead to unauthorized information disclosure or bypassing of security controls.", "issued": "2026-03-12T20:17:18Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1527 https://bugzilla.redhat.com/show_bug.cgi?id=2447141 https://www.cve.org/CVERecord?id=CVE-2026-1527 https://nvd.nist.gov/vuln/detail/CVE-2026-1527 https://cna.openjsf.org/security-advisories.html https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq https://hackerone.com/reports/3487198 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1527.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "XuMP4XKeqFlYH9jgvFKXXw==": { "id": "XuMP4XKeqFlYH9jgvFKXXw==", "updater": "rhel-vex", "name": "CVE-2023-2609", "description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "issued": "2023-05-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2609.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Y+LzorqDQD2Povh+kyYSqw==": { "id": "Y+LzorqDQD2Povh+kyYSqw==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "Y/1r01hBo8mhueiynQb9pg==": { "id": "Y/1r01hBo8mhueiynQb9pg==", "updater": "rhel-vex", "name": "CVE-2025-9086", "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", "issued": "2025-09-12T05:10:03Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9086 https://bugzilla.redhat.com/show_bug.cgi?id=2394750 https://www.cve.org/CVERecord?id=CVE-2025-9086 https://nvd.nist.gov/vuln/detail/CVE-2025-9086 https://curl.se/docs/CVE-2025-9086.html https://curl.se/docs/CVE-2025-9086.json https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6 https://hackerone.com/reports/3294999 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9086.json https://access.redhat.com/errata/RHSA-2026:1350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-35.el9_7.3", "arch_op": "pattern match" }, "Y/6FiFNJ+h2jXNTlPOzrnQ==": { "id": "Y/6FiFNJ+h2jXNTlPOzrnQ==", "updater": "rhel-vex", "name": "CVE-2023-0051", "description": "A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.", "issued": "2023-01-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0051 https://bugzilla.redhat.com/show_bug.cgi?id=2161348 https://www.cve.org/CVERecord?id=CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0051.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Y08Ni7+TSPQ/xSSRr851zQ==": { "id": "Y08Ni7+TSPQ/xSSRr851zQ==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "Y2pXpR4HKVIWAZ1sDtjo8A==": { "id": "Y2pXpR4HKVIWAZ1sDtjo8A==", "updater": "rhel-vex", "name": "CVE-2024-32004", "description": "A vulnerability was found in Git. This vulnerability can be exploited by an unauthenticated attacker who places a specialized repository on the target's local system. If the victim clones this repository, the attacker can execute arbitrary code.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32004 https://bugzilla.redhat.com/show_bug.cgi?id=2280428 https://www.cve.org/CVERecord?id=CVE-2024-32004 https://nvd.nist.gov/vuln/detail/CVE-2024-32004 https://github.com/git/git/security/advisories/GHSA-xfc6-vwr8-r389 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32004.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "Y3PSsgfYVK7+nWpNGBO9lQ==": { "id": "Y3PSsgfYVK7+nWpNGBO9lQ==", "updater": "rhel-vex", "name": "CVE-2024-4032", "description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.3", "arch_op": "pattern match" }, "Y6TEBwH0+CoZ50j5sQV23w==": { "id": "Y6TEBwH0+CoZ50j5sQV23w==", "updater": "rhel-vex", "name": "CVE-2021-3968", "description": "A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "issued": "2021-11-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3968 https://bugzilla.redhat.com/show_bug.cgi?id=2025056 https://www.cve.org/CVERecord?id=CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3968.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Y7j+Hhv6OMvu2cmEQkev4Q==": { "id": "Y7j+Hhv6OMvu2cmEQkev4Q==", "updater": "rhel-vex", "name": "CVE-2024-5642", "description": "A vulnerability was found in Python/CPython that does not disallow configuring an empty list (\"[]\") for SSLContext.set_npn_protocols(), which is an invalid value for the underlying OpenSSL API. This issue results in a buffer over-read when NPN is used. See CVE -2024-5535 for OpenSSL for more information.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-5642 https://bugzilla.redhat.com/show_bug.cgi?id=2294682 https://www.cve.org/CVERecord?id=CVE-2024-5642 https://nvd.nist.gov/vuln/detail/CVE-2024-5642 https://mail.python.org/archives/list/security-announce@python.org/thread/PLP2JI3PJY33YG6P5BZYSSNU66HASXBQ/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5642.json https://access.redhat.com/errata/RHSA-2025:23342", "severity": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.25-2.el9_7", "arch_op": "pattern match" }, "Y7ypeGdtYfJMJApDHYX9tg==": { "id": "Y7ypeGdtYfJMJApDHYX9tg==", "updater": "rhel-vex", "name": "CVE-2023-31124", "description": "A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31124 https://bugzilla.redhat.com/show_bug.cgi?id=2209494 https://www.cve.org/CVERecord?id=CVE-2023-31124 https://nvd.nist.gov/vuln/detail/CVE-2023-31124 https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31124.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.0-1.18.14.2.3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "Y9X/nbUFq4l8+xowG5hDkg==": { "id": "Y9X/nbUFq4l8+xowG5hDkg==", "updater": "rhel-vex", "name": "CVE-2023-3446", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "YCFy9R5BUcPVuUEYQkJQ4w==": { "id": "YCFy9R5BUcPVuUEYQkJQ4w==", "updater": "rhel-vex", "name": "CVE-2023-0464", "description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "YGKNwwPTf6g9pxsaSlPd0g==": { "id": "YGKNwwPTf6g9pxsaSlPd0g==", "updater": "osv/go", "name": "GO-2025-4155", "description": "Excessive resource consumption when printing error string for host certificate validation in crypto/x509", "issued": "2025-12-02T18:30:24Z", "links": "https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.11" }, "YHFFhFpG8nzfxX1O469onQ==": { "id": "YHFFhFpG8nzfxX1O469onQ==", "updater": "rhel-vex", "name": "CVE-2025-61726", "description": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.", "issued": "2026-01-28T19:30:31Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61726 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://www.cve.org/CVERecord?id=CVE-2025-61726 https://nvd.nist.gov/vuln/detail/CVE-2025-61726 https://go.dev/cl/736712 https://go.dev/issue/77101 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://pkg.go.dev/vuln/GO-2026-4341 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61726.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "YHdZ6rml8dKQg9XmpjCrnw==": { "id": "YHdZ6rml8dKQg9XmpjCrnw==", "updater": "rhel-vex", "name": "CVE-2024-34156", "description": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://www.cve.org/CVERecord?id=CVE-2024-34156 https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3106 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34156.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "YIgEtVnwIF6/C/aQPFqKxg==": { "id": "YIgEtVnwIF6/C/aQPFqKxg==", "updater": "rhel-vex", "name": "CVE-2026-21713", "description": "A flaw was found in Node.js. The HMAC (Hash-based Message Authentication Code) verification process uses a comparison method that does not take a constant amount of time. This non-constant-time comparison can leak timing information, which, under specific conditions where precise timing measurements are possible, could be exploited by a remote attacker. This allows the attacker to infer sensitive HMAC values, leading to information disclosure.", "issued": "2026-03-30T19:07:28Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21713 https://bugzilla.redhat.com/show_bug.cgi?id=2453160 https://www.cve.org/CVERecord?id=CVE-2026-21713 https://nvd.nist.gov/vuln/detail/CVE-2026-21713 https://nodejs.org/en/blog/vulnerability/march-2026-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21713.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "YIlv6HIDfGqvZL/MDTWWpg==": { "id": "YIlv6HIDfGqvZL/MDTWWpg==", "updater": "rhel-vex", "name": "CVE-2026-3805", "description": "A flaw was found in curl. When handling a second Server Message Block (SMB) request to the same host, curl incorrectly accesses memory that has already been freed. This memory corruption vulnerability, known as a use-after-free, could allow a remote attacker to potentially execute arbitrary code or cause a denial of service.", "issued": "2026-03-11T10:09:37Z", "links": "https://access.redhat.com/security/cve/CVE-2026-3805 https://bugzilla.redhat.com/show_bug.cgi?id=2446451 https://www.cve.org/CVERecord?id=CVE-2026-3805 https://nvd.nist.gov/vuln/detail/CVE-2026-3805 http://www.openwall.com/lists/oss-security/2026/03/11/4 https://curl.se/docs/CVE-2026-3805.html https://curl.se/docs/CVE-2026-3805.json https://hackerone.com/reports/3591944 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3805.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "YJjb6TqEvdj0lSF4MHg4+w==": { "id": "YJjb6TqEvdj0lSF4MHg4+w==", "updater": "rhel-vex", "name": "CVE-2025-12084", "description": "A flaw was found in cpython. This vulnerability allows impacted availability via a quadratic algorithm in `xml.dom.minidom` methods, such as `appendChild()`, when building excessively nested documents due to a dependency on `_clear_id_cache()`", "issued": "2025-12-03T18:55:32Z", "links": "https://access.redhat.com/security/cve/CVE-2025-12084 https://bugzilla.redhat.com/show_bug.cgi?id=2418655 https://www.cve.org/CVERecord?id=CVE-2025-12084 https://nvd.nist.gov/vuln/detail/CVE-2025-12084 https://github.com/python/cpython/issues/142145 https://github.com/python/cpython/pull/142146 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-12084.json https://access.redhat.com/errata/RHSA-2026:1478", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.25-3.el9_7", "arch_op": "pattern match" }, "YJkc0fG7G+dwREiIQihS/A==": { "id": "YJkc0fG7G+dwREiIQihS/A==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "YKgthSAonF3epY42eqsMRw==": { "id": "YKgthSAonF3epY42eqsMRw==", "updater": "rhel-vex", "name": "CVE-2026-3497", "description": "A flaw was found in the OpenSSH GSSAPI (Generic Security Service Application Program Interface) delta patches, as included in various Linux distributions. A remote attacker could exploit this by sending an unexpected GSSAPI message type during the key exchange process. This occurs because the `sshpkt_disconnect()` function, when called on an error, does not properly terminate the process, leading to the continued execution of the program with uninitialized connection variables. Accessing these uninitialized variables can lead to undefined behavior, potentially resulting in information disclosure or a denial of service.", "issued": "2026-03-12T18:27:44Z", "links": "https://access.redhat.com/security/cve/CVE-2026-3497 https://bugzilla.redhat.com/show_bug.cgi?id=2447085 https://www.cve.org/CVERecord?id=CVE-2026-3497 https://nvd.nist.gov/vuln/detail/CVE-2026-3497 https://ubuntu.com/security/CVE-2026-3497 https://www.openwall.com/lists/oss-security/2026/03/12/3 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3497.json https://access.redhat.com/errata/RHSA-2026:6462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-48.el9_7", "arch_op": "pattern match" }, "YPJKJ4DYdTXL0BJCCS9pgA==": { "id": "YPJKJ4DYdTXL0BJCCS9pgA==", "updater": "rhel-vex", "name": "CVE-2023-32067", "description": "A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32067 https://bugzilla.redhat.com/show_bug.cgi?id=2209502 https://www.cve.org/CVERecord?id=CVE-2023-32067 https://nvd.nist.gov/vuln/detail/CVE-2023-32067 https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32067.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "YPUY4Y/POEizUQSOdGH26g==": { "id": "YPUY4Y/POEizUQSOdGH26g==", "updater": "rhel-vex", "name": "CVE-2025-47907", "description": "A flaw was found in database/sql. Concurrent queries can produce unexpected results when a query is cancelled during a Scan method call on returned Rows, creating a race condition. This vulnerability allows an attacker who can initiate and cancel queries to trigger this condition, possibly leading to inconsistent data being returned to the application.", "issued": "2025-08-07T15:25:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47907 https://bugzilla.redhat.com/show_bug.cgi?id=2387083 https://www.cve.org/CVERecord?id=CVE-2025-47907 https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://pkg.go.dev/vuln/GO-2025-3849 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47907.json https://access.redhat.com/errata/RHSA-2025:13935", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.6-1.el9_6", "arch_op": "pattern match" }, "YQVoCJX8BLl6S5wPwmTGtg==": { "id": "YQVoCJX8BLl6S5wPwmTGtg==", "updater": "rhel-vex", "name": "CVE-2023-45290", "description": "A flaw was discovered in Go's net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45290 https://bugzilla.redhat.com/show_bug.cgi?id=2268017 https://www.cve.org/CVERecord?id=CVE-2023-45290 https://nvd.nist.gov/vuln/detail/CVE-2023-45290 http://www.openwall.com/lists/oss-security/2024/03/08/4 https://go.dev/cl/569341 https://go.dev/issue/65383 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://pkg.go.dev/vuln/GO-2024-2599 https://security.netapp.com/advisory/ntap-20240329-0004 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45290.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "YSdK7PYtLQ7JLXu7W4mdRQ==": { "id": "YSdK7PYtLQ7JLXu7W4mdRQ==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-FileHandle", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.03-481.el9", "arch_op": "pattern match" }, "YUwZZ9Cg1FloxBZV60vOCg==": { "id": "YUwZZ9Cg1FloxBZV60vOCg==", "updater": "rhel-vex", "name": "CVE-2022-2522", "description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-07-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2522.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "YVYIQ/H++AefhUYldlykPg==": { "id": "YVYIQ/H++AefhUYldlykPg==", "updater": "rhel-vex", "name": "CVE-2023-26966", "description": "A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to an out-of-bounds read in the uv_encode function in libtiff/tif_luv.c, resulting in a denial of service.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-26966 https://bugzilla.redhat.com/show_bug.cgi?id=2218749 https://www.cve.org/CVERecord?id=CVE-2023-26966 https://nvd.nist.gov/vuln/detail/CVE-2023-26966 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-26966.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "YX2rGofSXHBcNhTOGpNkAA==": { "id": "YX2rGofSXHBcNhTOGpNkAA==", "updater": "rhel-vex", "name": "CVE-2026-4424", "description": "A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction.", "issued": "2026-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4424 https://bugzilla.redhat.com/show_bug.cgi?id=2449006 https://www.cve.org/CVERecord?id=CVE-2026-4424 https://nvd.nist.gov/vuln/detail/CVE-2026-4424 https://github.com/libarchive/libarchive/pull/2898 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4424.json https://access.redhat.com/errata/RHSA-2026:8510", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "High", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-9.el9_7", "arch_op": "pattern match" }, "YXlS56JkLiuXwjbDNwkvdw==": { "id": "YXlS56JkLiuXwjbDNwkvdw==", "updater": "rhel-vex", "name": "CVE-2024-5642", "description": "A vulnerability was found in Python/CPython that does not disallow configuring an empty list (\"[]\") for SSLContext.set_npn_protocols(), which is an invalid value for the underlying OpenSSL API. This issue results in a buffer over-read when NPN is used. See CVE -2024-5535 for OpenSSL for more information.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-5642 https://bugzilla.redhat.com/show_bug.cgi?id=2294682 https://www.cve.org/CVERecord?id=CVE-2024-5642 https://nvd.nist.gov/vuln/detail/CVE-2024-5642 https://mail.python.org/archives/list/security-announce@python.org/thread/PLP2JI3PJY33YG6P5BZYSSNU66HASXBQ/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5642.json https://access.redhat.com/errata/RHSA-2025:23342", "severity": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.25-2.el9_7", "arch_op": "pattern match" }, "YXzXrFNVRnn1xbJjvqeq+w==": { "id": "YXzXrFNVRnn1xbJjvqeq+w==", "updater": "rhel-vex", "name": "CVE-2025-55132", "description": "A file access flaw has been discovered in NodeJS. A file's access and modification timestamps to be changed via `futimes()` even when the process has only read permissions. Unlike `utimes()`, `futimes()` does not apply the expected write-permission checks, which means file metadata can be modified in read-only directories. This behavior could be used to alter timestamps in ways that obscure activity, reducing the reliability of logs.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-55132 https://bugzilla.redhat.com/show_bug.cgi?id=2431338 https://www.cve.org/CVERecord?id=CVE-2025-55132 https://nvd.nist.gov/vuln/detail/CVE-2025-55132 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-55132.json https://access.redhat.com/errata/RHSA-2026:2782", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.22.0-1.module+el9.7.0+23896+b5802de9", "arch_op": "pattern match" }, "YZq+CTlAXva/aUDDEFdZNQ==": { "id": "YZq+CTlAXva/aUDDEFdZNQ==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "YdpqbsRbo4xx71CiWUF39Q==": { "id": "YdpqbsRbo4xx71CiWUF39Q==", "updater": "rhel-vex", "name": "CVE-2026-21441", "description": "urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.", "issued": "2026-01-07T22:09:01Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21441 https://bugzilla.redhat.com/show_bug.cgi?id=2427726 https://www.cve.org/CVERecord?id=CVE-2026-21441 https://nvd.nist.gov/vuln/detail/CVE-2026-21441 https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21441.json https://access.redhat.com/errata/RHSA-2026:1087", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "python3-urllib3", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.26.5-6.el9_7.1", "arch_op": "pattern match" }, "YfE+7ocdRscmJ75uekg0tA==": { "id": "YfE+7ocdRscmJ75uekg0tA==", "updater": "rhel-vex", "name": "CVE-2023-28484", "description": "A NULL pointer dereference vulnerability was found in libxml2. This issue occurs when parsing (invalid) XML schemas.", "issued": "2023-04-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28484 https://bugzilla.redhat.com/show_bug.cgi?id=2185994 https://www.cve.org/CVERecord?id=CVE-2023-28484 https://nvd.nist.gov/vuln/detail/CVE-2023-28484 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28484.json https://access.redhat.com/errata/RHSA-2023:4349", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-3.el9_2.1", "arch_op": "pattern match" }, "YgD8tCzB10z/Jq6XOfCfgQ==": { "id": "YgD8tCzB10z/Jq6XOfCfgQ==", "updater": "rhel-vex", "name": "CVE-2023-25815", "description": "A vulnerability was found in Git. This security flaw occurs when Git compiles with runtime prefix support and runs without translated messages, and it still uses the gettext machinery to display messages, which subsequently looks for translated messages in unexpected places. This flaw allows the malicious placement of crafted messages.", "issued": "2023-04-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25815 https://bugzilla.redhat.com/show_bug.cgi?id=2188337 https://www.cve.org/CVERecord?id=CVE-2023-25815 https://nvd.nist.gov/vuln/detail/CVE-2023-25815 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25815.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "YgehfkOilPM31dosmRXxDA==": { "id": "YgehfkOilPM31dosmRXxDA==", "updater": "rhel-vex", "name": "CVE-2026-35386", "description": "A flaw was found in OpenSSH. This vulnerability allows a remote attacker to achieve arbitrary command execution by injecting shell metacharacters into a username provided on the command line. Exploitation requires an untrusted username and a non-default configuration of the '%' character in `ssh_config`.", "issued": "2026-04-02T16:44:27Z", "links": "https://access.redhat.com/security/cve/CVE-2026-35386 https://bugzilla.redhat.com/show_bug.cgi?id=2454506 https://www.cve.org/CVERecord?id=CVE-2026-35386 https://nvd.nist.gov/vuln/detail/CVE-2026-35386 https://marc.info/?l=openssh-unix-dev\u0026m=177513443901484\u0026w=2 https://www.openssh.org/releasenotes.html#10.3p1 https://www.openwall.com/lists/oss-security/2026/04/02/3 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-35386.json https://access.redhat.com/errata/RHSA-2026:13381", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-49.el9_7", "arch_op": "pattern match" }, "YgwLp863ho/Lz7XdBK6IXw==": { "id": "YgwLp863ho/Lz7XdBK6IXw==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-File-Compare", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.100.600-481.1.el9_6", "arch_op": "pattern match" }, "YjXf6yY9feRqNoLqPt5iEQ==": { "id": "YjXf6yY9feRqNoLqPt5iEQ==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "YlN21JbaOAqORXBYjgJOYA==": { "id": "YlN21JbaOAqORXBYjgJOYA==", "updater": "rhel-vex", "name": "CVE-2021-35939", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-sign-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "YmjsPDVfe7xyjGwOgJunGw==": { "id": "YmjsPDVfe7xyjGwOgJunGw==", "updater": "rhel-vex", "name": "CVE-2023-4752", "description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "issued": "2023-09-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4752.json https://access.redhat.com/errata/RHSA-2025:7440", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-22.el9_6", "arch_op": "pattern match" }, "YnyGgq68v/XTMEk0yU1qsA==": { "id": "YnyGgq68v/XTMEk0yU1qsA==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "YoJO5p1sMUFmCt+7OiX0ow==": { "id": "YoJO5p1sMUFmCt+7OiX0ow==", "updater": "rhel-vex", "name": "CVE-2026-21710", "description": "A flaw was found in Node.js. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request that includes a header named `__proto__`. When a Node.js application processes this request and attempts to access distinct headers, it encounters an unhandled error, leading to an application crash. This can result in a Denial of Service (DoS), making the affected service unavailable to users.", "issued": "2026-03-30T19:07:28Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21710 https://bugzilla.redhat.com/show_bug.cgi?id=2453151 https://www.cve.org/CVERecord?id=CVE-2026-21710 https://nvd.nist.gov/vuln/detail/CVE-2026-21710 https://nodejs.org/en/blog/vulnerability/march-2026-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21710.json https://access.redhat.com/errata/RHSA-2026:7302", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461", "arch_op": "pattern match" }, "YpjyzhR3jAhlzb479lBoJw==": { "id": "YpjyzhR3jAhlzb479lBoJw==", "updater": "rhel-vex", "name": "CVE-2024-36137", "description": "A flaw was found in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. The Node.js Permission Model does not operate on file descriptors. However, operations such as fs.fchown or fs.fchmod can use a \"read-only\" file descriptor to change the owner and permissions of a file.", "issued": "2024-07-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-36137 https://bugzilla.redhat.com/show_bug.cgi?id=2299281 https://www.cve.org/CVERecord?id=CVE-2024-36137 https://nvd.nist.gov/vuln/detail/CVE-2024-36137 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-36137.json https://access.redhat.com/errata/RHSA-2024:5815", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.16.0-1.module+el9.4.0+22197+9e60f127", "arch_op": "pattern match" }, "YtNpM5pykErH+UBXZABWdg==": { "id": "YtNpM5pykErH+UBXZABWdg==", "updater": "rhel-vex", "name": "CVE-2026-28390", "description": "A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax (CMS) EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter field without first verifying its presence. This leads to a NULL pointer dereference, which can cause applications processing the attacker-controlled CMS data to crash, resulting in a Denial of Service (DoS).", "issued": "2026-04-07T22:00:54Z", "links": "https://access.redhat.com/security/cve/CVE-2026-28390 https://bugzilla.redhat.com/show_bug.cgi?id=2456314 https://www.cve.org/CVERecord?id=CVE-2026-28390 https://nvd.nist.gov/vuln/detail/CVE-2026-28390 https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6 https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4 https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788 https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75 https://openssl-library.org/news/secadv/20260407.txt https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-28390.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "YusnUSJD47mdstk8KsgGZQ==": { "id": "YusnUSJD47mdstk8KsgGZQ==", "updater": "osv/go", "name": "GO-2026-4337", "description": "Unexpected session resumption in crypto/tls", "issued": "2026-02-05T17:23:09Z", "links": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk https://go.dev/cl/737700 https://go.dev/issue/77217", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.13" }, "Ywdulqdw8k75jjL2qb8gPg==": { "id": "Ywdulqdw8k75jjL2qb8gPg==", "updater": "rhel-vex", "name": "CVE-2026-5704", "description": "A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files onto a system without detection.", "issued": "2026-04-06T13:36:20Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5704 https://bugzilla.redhat.com/show_bug.cgi?id=2455360 https://www.cve.org/CVERecord?id=CVE-2026-5704 https://nvd.nist.gov/vuln/detail/CVE-2026-5704 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5704.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "YwefEcZX3L6SA4VOQcDTlg==": { "id": "YwefEcZX3L6SA4VOQcDTlg==", "updater": "rhel-vex", "name": "CVE-2026-21711", "description": "A flaw was found in Node.js. The Node.js Permission Model, designed to restrict network access, incorrectly omits permission checks for Unix Domain Socket (UDS) server operations. This allows local code, even when explicitly denied network access, to create and expose inter-process communication (IPC) endpoints. As a result, unauthorized communication can occur between processes on the same host, bypassing the intended network security restrictions.", "issued": "2026-03-30T19:07:28Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21711 https://bugzilla.redhat.com/show_bug.cgi?id=2453158 https://www.cve.org/CVERecord?id=CVE-2026-21711 https://nvd.nist.gov/vuln/detail/CVE-2026-21711 https://nodejs.org/en/blog/vulnerability/march-2026-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21711.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "Z064OaMrPYngYTdOmYFpOw==": { "id": "Z064OaMrPYngYTdOmYFpOw==", "updater": "rhel-vex", "name": "CVE-2026-21717", "description": "A flaw was found in V8's string hashing mechanism within Node.js. A remote attacker can exploit this vulnerability by crafting requests containing integer-like strings. These specially crafted strings cause predictable hash collisions in V8's internal string table, particularly when processed by functions like JSON.parse() on attacker-controlled input. This can significantly degrade the performance of the Node.js process, leading to a Denial of Service (DoS) condition.", "issued": "2026-03-30T19:07:28Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21717 https://bugzilla.redhat.com/show_bug.cgi?id=2453162 https://www.cve.org/CVERecord?id=CVE-2026-21717 https://nvd.nist.gov/vuln/detail/CVE-2026-21717 https://nodejs.org/en/blog/vulnerability/march-2026-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21717.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "Z0bbSkX8e3OUKdJa86CbBw==": { "id": "Z0bbSkX8e3OUKdJa86CbBw==", "updater": "rhel-vex", "name": "CVE-2021-4217", "description": "A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.", "issued": "2022-01-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-4217 https://bugzilla.redhat.com/show_bug.cgi?id=2044583 https://www.cve.org/CVERecord?id=CVE-2021-4217 https://nvd.nist.gov/vuln/detail/CVE-2021-4217 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-4217.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "unzip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Z1WcJp/m0RHVikTcp3uRKA==": { "id": "Z1WcJp/m0RHVikTcp3uRKA==", "updater": "rhel-vex", "name": "CVE-2025-15469", "description": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15469 https://bugzilla.redhat.com/show_bug.cgi?id=2430378 https://www.cve.org/CVERecord?id=CVE-2025-15469 https://nvd.nist.gov/vuln/detail/CVE-2025-15469 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15469.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "Z3lzEUxuKss3/Hx3NeRKoQ==": { "id": "Z3lzEUxuKss3/Hx3NeRKoQ==", "updater": "rhel-vex", "name": "CVE-2026-27904", "description": "A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and resulting in a Denial of Service (DoS).", "issued": "2026-02-26T01:07:42Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27904 https://bugzilla.redhat.com/show_bug.cgi?id=2442922 https://www.cve.org/CVERecord?id=CVE-2026-27904 https://nvd.nist.gov/vuln/detail/CVE-2026-27904 https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27904.json https://access.redhat.com/errata/RHSA-2026:7302", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.22.2-1.module+el9.7.0+24157+8ddb2461", "arch_op": "pattern match" }, "Z5H14Z81HW+BVvKWtV5kDQ==": { "id": "Z5H14Z81HW+BVvKWtV5kDQ==", "updater": "rhel-vex", "name": "CVE-2024-34155", "description": "A flaw was found in the go/parser package of the Golang standard library. Calling any Parse functions on Go source code containing deeply nested literals can cause a panic due to stack exhaustion.", "issued": "2024-09-06T21:15:11Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34155 https://bugzilla.redhat.com/show_bug.cgi?id=2310527 https://www.cve.org/CVERecord?id=CVE-2024-34155 https://nvd.nist.gov/vuln/detail/CVE-2024-34155 https://go.dev/cl/611238 https://go.dev/issue/69138 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3105 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34155.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "Z707rrfU/uxs1xujVpKMRA==": { "id": "Z707rrfU/uxs1xujVpKMRA==", "updater": "rhel-vex", "name": "CVE-2023-2975", "description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "issued": "2023-07-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "Z9vlvDewcgZxmJe4Kp3wxA==": { "id": "Z9vlvDewcgZxmJe4Kp3wxA==", "updater": "rhel-vex", "name": "CVE-2023-2975", "description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "issued": "2023-07-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "ZAG3qysphRz8tGIp96ls9A==": { "id": "ZAG3qysphRz8tGIp96ls9A==", "updater": "osv/go", "name": "GO-2026-4946", "description": "Inefficient policy validation in crypto/x509", "issued": "2026-04-07T22:53:49Z", "links": "https://go.dev/cl/758061 https://go.dev/issue/78281 https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.25.9" }, "ZAKrc32qORy4LwsxMQgfrw==": { "id": "ZAKrc32qORy4LwsxMQgfrw==", "updater": "rhel-vex", "name": "CVE-2023-32559", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding() can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding('spawn_sync') to run arbitrary code outside of the limits defined in a policy.json file.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32559 https://bugzilla.redhat.com/show_bug.cgi?id=2230956 https://www.cve.org/CVERecord?id=CVE-2023-32559 https://nvd.nist.gov/vuln/detail/CVE-2023-32559 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-processbinding-mediumcve-2023-32559 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32559.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.2.1.el9_2", "arch_op": "pattern match" }, "ZAUFPHu5UQZ+B2n+SrWIqQ==": { "id": "ZAUFPHu5UQZ+B2n+SrWIqQ==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-lib", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:0.65-481.el9", "arch_op": "pattern match" }, "ZBDjl4GlHR5BEu3WvRQHHQ==": { "id": "ZBDjl4GlHR5BEu3WvRQHHQ==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "ZC2BsE3IgWbuyuu1cz3YMQ==": { "id": "ZC2BsE3IgWbuyuu1cz3YMQ==", "updater": "rhel-vex", "name": "CVE-2024-37371", "description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-37371 https://bugzilla.redhat.com/show_bug.cgi?id=2294676 https://www.cve.org/CVERecord?id=CVE-2024-37371 https://nvd.nist.gov/vuln/detail/CVE-2024-37371 https://web.mit.edu/kerberos/www/krb5-1.21/ https://www.oracle.com/security-alerts/cpujan2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37371.json https://access.redhat.com/errata/RHSA-2024:6166", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-2.el9_4", "arch_op": "pattern match" }, "ZCWnPSXILcJ9aE646DCmag==": { "id": "ZCWnPSXILcJ9aE646DCmag==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "ZELKWqL7/eOb/qnydXpFAg==": { "id": "ZELKWqL7/eOb/qnydXpFAg==", "updater": "rhel-vex", "name": "CVE-2025-55130", "description": "A flaw in Node.js’s Permissions model allows attackers to bypass `--allow-fs-read` and `--allow-fs-write` restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files. This breaks the expected isolation guarantees and enables arbitrary file read/write.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-55130 https://bugzilla.redhat.com/show_bug.cgi?id=2431352 https://www.cve.org/CVERecord?id=CVE-2025-55130 https://nvd.nist.gov/vuln/detail/CVE-2025-55130 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-55130.json https://access.redhat.com/errata/RHSA-2026:2783", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.20.0-1.module+el9.7.0+23895+0637d423", "arch_op": "pattern match" }, "ZEQbZFnaRO71DxSveNx3og==": { "id": "ZEQbZFnaRO71DxSveNx3og==", "updater": "rhel-vex", "name": "CVE-2025-64720", "description": "A buffer overflow flaw has been discovered in libpng. An out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component ≤ alpha × 257 required by the simplified PNG API.", "issued": "2025-11-24T23:45:38Z", "links": "https://access.redhat.com/security/cve/CVE-2025-64720 https://bugzilla.redhat.com/show_bug.cgi?id=2416904 https://www.cve.org/CVERecord?id=CVE-2025-64720 https://nvd.nist.gov/vuln/detail/CVE-2025-64720 https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643 https://github.com/pnggroup/libpng/issues/686 https://github.com/pnggroup/libpng/pull/751 https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-64720.json https://access.redhat.com/errata/RHSA-2026:0238", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libpng", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:1.6.37-12.el9_7.1", "arch_op": "pattern match" }, "ZMCWgxkMJ4LjF/nj5/+01g==": { "id": "ZMCWgxkMJ4LjF/nj5/+01g==", "updater": "rhel-vex", "name": "CVE-2023-32002", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of Module._load() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2230948 https://www.cve.org/CVERecord?id=CVE-2023-32002 https://nvd.nist.gov/vuln/detail/CVE-2023-32002 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-module_load-highcve-2023-32002 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32002.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "ZMp4FVCkBvOUuQnhgF/KRQ==": { "id": "ZMp4FVCkBvOUuQnhgF/KRQ==", "updater": "rhel-vex", "name": "CVE-2025-0938", "description": "A flaw was found in Python. The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.", "issued": "2025-01-31T17:51:35Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0938 https://bugzilla.redhat.com/show_bug.cgi?id=2343237 https://www.cve.org/CVERecord?id=CVE-2025-0938 https://nvd.nist.gov/vuln/detail/CVE-2025-0938 https://github.com/python/cpython/issues/105704 https://github.com/python/cpython/pull/129418 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0938.json https://access.redhat.com/errata/RHSA-2025:6977", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9", "arch_op": "pattern match" }, "ZNESegZx5Vgpkv3OXwE5Cw==": { "id": "ZNESegZx5Vgpkv3OXwE5Cw==", "updater": "rhel-vex", "name": "CVE-2023-23946", "description": "A vulnerability was found in Git. This security issue occurs when feeding a crafted input to \"git apply.\" A path outside the working tree can be overwritten by the user running \"git apply.\"", "issued": "2023-02-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23946 https://bugzilla.redhat.com/show_bug.cgi?id=2168161 https://www.cve.org/CVERecord?id=CVE-2023-23946 https://nvd.nist.gov/vuln/detail/CVE-2023-23946 https://github.blog/2023-02-14-git-security-vulnerabilities-announced-3/ https://github.com/git/git/security/advisories/GHSA-r87m-v37r-cwfh https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23946.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "ZNpRshLHRo06/00CGV605Q==": { "id": "ZNpRshLHRo06/00CGV605Q==", "updater": "rhel-vex", "name": "CVE-2025-11083", "description": "A head based buffer overflow flaw has been discovered in GNU bin utilities. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally.", "issued": "2025-09-27T23:02:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11083 https://bugzilla.redhat.com/show_bug.cgi?id=2399948 https://www.cve.org/CVERecord?id=CVE-2025-11083 https://nvd.nist.gov/vuln/detail/CVE-2025-11083 https://sourceware.org/bugzilla/attachment.cgi?id=16353 https://sourceware.org/bugzilla/show_bug.cgi?id=33457 https://sourceware.org/bugzilla/show_bug.cgi?id=33457#c1 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=9ca499644a21ceb3f946d1c179c38a83be084490 https://vuldb.com/?ctiid.326124 https://vuldb.com/?id.326124 https://vuldb.com/?submit.661277 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11083.json https://access.redhat.com/errata/RHSA-2025:23343", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.35.2-67.el9_7.1", "arch_op": "pattern match" }, "ZPTYG1GW4N8khhdO0sFXlQ==": { "id": "ZPTYG1GW4N8khhdO0sFXlQ==", "updater": "rhel-vex", "name": "CVE-2024-39331", "description": "A flaw was found in Emacs. Arbitrary shell commands can be executed without prompting when an Org mode file is opened or when the Org mode is enabled, when Emacs is used as an email client, this issue can be triggered when previewing email attachments.", "issued": "2024-06-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-39331 https://bugzilla.redhat.com/show_bug.cgi?id=2293942 https://www.cve.org/CVERecord?id=CVE-2024-39331 https://nvd.nist.gov/vuln/detail/CVE-2024-39331 https://www.openwall.com/lists/oss-security/2024/06/23/1 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-39331.json https://access.redhat.com/errata/RHSA-2024:6510", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-10.el9_4", "arch_op": "pattern match" }, "ZQsszFOlqLuLyfXZGfRKxQ==": { "id": "ZQsszFOlqLuLyfXZGfRKxQ==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "ZUoGCxFJ/+PUPUdg60izwg==": { "id": "ZUoGCxFJ/+PUPUdg60izwg==", "updater": "rhel-vex", "name": "CVE-2021-35939", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "ZZEVbWhAYTXw9FIX3zIAtw==": { "id": "ZZEVbWhAYTXw9FIX3zIAtw==", "updater": "rhel-vex", "name": "CVE-2023-32559", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding() can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding('spawn_sync') to run arbitrary code outside of the limits defined in a policy.json file.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32559 https://bugzilla.redhat.com/show_bug.cgi?id=2230956 https://www.cve.org/CVERecord?id=CVE-2023-32559 https://nvd.nist.gov/vuln/detail/CVE-2023-32559 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-processbinding-mediumcve-2023-32559 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32559.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "ZZLfaN7MH3nRy8BlgA10kg==": { "id": "ZZLfaN7MH3nRy8BlgA10kg==", "updater": "rhel-vex", "name": "CVE-2023-27534", "description": "A path traversal vulnerability exists in curl \u003c8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27534.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "ZZYlhV9nOBPxmh+lN8Wzlg==": { "id": "ZZYlhV9nOBPxmh+lN8Wzlg==", "updater": "rhel-vex", "name": "CVE-2026-27144", "description": "A flaw was found in the cmd/compile package in the Go standard library. A no-op interface conversion prevented the compiler from correctly identifying non-overlapping memory moves. As a result, the compiler allows unsafe memory move operations to occur at runtime, potentially causing data corruption, memory corruption or unexpected application behavior.", "issued": "2026-04-08T01:06:56Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27144 https://bugzilla.redhat.com/show_bug.cgi?id=2456340 https://www.cve.org/CVERecord?id=CVE-2026-27144 https://nvd.nist.gov/vuln/detail/CVE-2026-27144 https://go.dev/cl/763764 https://go.dev/issue/78371 https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU https://pkg.go.dev/vuln/GO-2026-4867 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27144.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ZZj+FChMvULXnT4QSAEvQQ==": { "id": "ZZj+FChMvULXnT4QSAEvQQ==", "updater": "rhel-vex", "name": "CVE-2022-3970", "description": "An integer overflow flaw was found in LibTIFF. This issue exists in the TIFFReadRGBATileExt function of the libtiff/tif_getimage.c file, and may lead to a buffer overflow.", "issued": "2022-11-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3970 https://bugzilla.redhat.com/show_bug.cgi?id=2148918 https://www.cve.org/CVERecord?id=CVE-2022-3970 https://nvd.nist.gov/vuln/detail/CVE-2022-3970 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3970.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "Zc9mVAa+SgrDGA78Zo8GIg==": { "id": "Zc9mVAa+SgrDGA78Zo8GIg==", "updater": "rhel-vex", "name": "CVE-2025-22871", "description": "A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed (LF) instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to send hidden or unauthorized requests.", "issued": "2025-04-08T20:04:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/show_bug.cgi?id=2358493 https://www.cve.org/CVERecord?id=CVE-2025-22871 https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://pkg.go.dev/vuln/GO-2025-3563 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22871.json https://access.redhat.com/errata/RHSA-2025:8476", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.9-1.el9_6", "arch_op": "pattern match" }, "ZeLcisCXFaeQKOi8dej/BQ==": { "id": "ZeLcisCXFaeQKOi8dej/BQ==", "updater": "rhel-vex", "name": "CVE-2023-30086", "description": "A vulnerability was found in the libtiff library. This flaw causes a buffer overflow in libtiff that allows a local attacker to cause a denial of service via the tiffcp function in tiffcp.c.", "issued": "2023-05-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30086 https://bugzilla.redhat.com/show_bug.cgi?id=2203650 https://www.cve.org/CVERecord?id=CVE-2023-30086 https://nvd.nist.gov/vuln/detail/CVE-2023-30086 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30086.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "Zg/5yy5ojZu/q0X+9MCQQA==": { "id": "Zg/5yy5ojZu/q0X+9MCQQA==", "updater": "rhel-vex", "name": "CVE-2024-4603", "description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.  In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "issued": "2024-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "ZhTLRTlcbZumWmiritxOAw==": { "id": "ZhTLRTlcbZumWmiritxOAw==", "updater": "rhel-vex", "name": "CVE-2026-6100", "description": "A flaw was found in Python's decompression modules, including `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile`. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is experiencing high memory usage. Exploitation of this flaw could potentially allow an attacker to execute arbitrary code or access sensitive data. The vulnerability is only present if the program re-uses decompressor instances across multiple decompression calls even after a `MemoryError` is raised during decompression. Using the helper functions to one-shot decompress data such as `lzma.decompress()`, `bz2.decompress()`, `gzip.decompress()`, and `zlib.decompress()` are not affected as a new decompressor instance is used per call. If the decompressor instance is not re-used after an error condition, this usage is similarly not vulnerable.", "issued": "2026-04-13T17:15:47Z", "links": "https://access.redhat.com/security/cve/CVE-2026-6100 https://bugzilla.redhat.com/show_bug.cgi?id=2457932 https://www.cve.org/CVERecord?id=CVE-2026-6100 https://nvd.nist.gov/vuln/detail/CVE-2026-6100 https://github.com/python/cpython/commit/6a5f79c8d7bbf22b083b240910c7a8781a59437d https://github.com/python/cpython/commit/8fc66aef6d7b3ae58f43f5c66f9366cc8cbbfcd2 https://github.com/python/cpython/commit/c3cf71c3366fe49acb776a639405c0eea6169c20 https://github.com/python/cpython/issues/148395 https://github.com/python/cpython/pull/148396 https://mail.python.org/archives/list/security-announce@python.org/thread/HTWB2Z6KT5QQX4RYEZAFININDHNOSIF3/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6100.json https://access.redhat.com/errata/RHSA-2026:10949", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.25-3.el9_7.3", "arch_op": "pattern match" }, "ZhxWQvKqBGgL77fuUQ4Ghg==": { "id": "ZhxWQvKqBGgL77fuUQ4Ghg==", "updater": "rhel-vex", "name": "CVE-2022-3358", "description": "A flaw was found in OpenSSL, where it incorrectly handles legacy custom ciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions (as well as other similarly named encryption and decryption initialization functions). Instead of using the custom cipher directly, it incorrectly tries to fetch an equivalent cipher from the available providers. An equivalent cipher is found based on the NID passed to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a given cipher. However, it is possible for an application to incorrectly pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef is used this way, the OpenSSL encryption/decryption initialization function will match the NULL cipher as equivalent and fetch this from the available providers. This is successful if the default provider has been loaded (or if a third-party provider has been loaded that offers this cipher). Using the NULL cipher means that the plaintext is emitted as the ciphertext.", "issued": "2022-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3358 https://bugzilla.redhat.com/show_bug.cgi?id=2134740 https://www.cve.org/CVERecord?id=CVE-2022-3358 https://nvd.nist.gov/vuln/detail/CVE-2022-3358 https://www.openssl.org/news/secadv/20221011.txt https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3358.json https://access.redhat.com/errata/RHSA-2023:2523", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-6.el9_2", "arch_op": "pattern match" }, "ZiZuAbc4Tq3tBRSI53FjWg==": { "id": "ZiZuAbc4Tq3tBRSI53FjWg==", "updater": "rhel-vex", "name": "CVE-2025-27613", "description": "A vulnerability has been identified in the gitk application that could lead to unauthorized file modification or data loss.\n\nThis flaw manifests in two primary scenarios:\n- Untrusted Repository Cloning: When a user is tricked into cloning an untrusted Git repository and then uses gitk to visualize it without any additional parameters, any writable file on the user's system can be arbitrarily created or truncated. Exploitation via this method also requires the Support per-file encoding option to be explicitly enabled in Gitk's preferences, which is not the default setting.\n- 'Show origin of this line' Command: The vulnerability can also be triggered if a user employs the Show origin of this line command within gitk's main window while viewing a malicious repository. This method does not depend on the Support per-file encoding option being enabled.\n\nThe primary risk is unauthorized file system modification, which could lead to data integrity issues, data loss, or potentially open avenues for further system compromise.", "issued": "2025-07-08T13:01:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27613 https://bugzilla.redhat.com/show_bug.cgi?id=2379124 https://www.cve.org/CVERecord?id=CVE-2025-27613 https://nvd.nist.gov/vuln/detail/CVE-2025-27613 https://github.com/j6t/gitk/security/advisories/GHSA-f3cw-xrj3-wr2v https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/ https://www.openwall.com/lists/oss-security/2025/07/08/4 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27613.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "Zk3m2J10w4VuwKsJJMXB2Q==": { "id": "Zk3m2J10w4VuwKsJJMXB2Q==", "updater": "rhel-vex", "name": "CVE-2024-0727", "description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "issued": "2024-01-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "ZmOheSIAULld8cF9POTj/w==": { "id": "ZmOheSIAULld8cF9POTj/w==", "updater": "rhel-vex", "name": "CVE-2021-35937", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "Zn86UzCNWJIJ8FVaY91JYg==": { "id": "Zn86UzCNWJIJ8FVaY91JYg==", "updater": "rhel-vex", "name": "CVE-2024-5535", "description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "ZoK4/bCJQ036BMFIy2mG8g==": { "id": "ZoK4/bCJQ036BMFIy2mG8g==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "ZpoRIduwcda+XFGXyoaDAA==": { "id": "ZpoRIduwcda+XFGXyoaDAA==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "ZrKcftBnwBVZKQlRJoJcLw==": { "id": "ZrKcftBnwBVZKQlRJoJcLw==", "updater": "rhel-vex", "name": "CVE-2023-28484", "description": "A NULL pointer dereference vulnerability was found in libxml2. This issue occurs when parsing (invalid) XML schemas.", "issued": "2023-04-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28484 https://bugzilla.redhat.com/show_bug.cgi?id=2185994 https://www.cve.org/CVERecord?id=CVE-2023-28484 https://nvd.nist.gov/vuln/detail/CVE-2023-28484 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28484.json https://access.redhat.com/errata/RHSA-2023:4349", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-3.el9_2.1", "arch_op": "pattern match" }, "ZtlPcxFiuXhGia0ZM6cNBg==": { "id": "ZtlPcxFiuXhGia0ZM6cNBg==", "updater": "rhel-vex", "name": "CVE-2025-53905", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:48:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53905 https://bugzilla.redhat.com/show_bug.cgi?id=2380362 https://www.cve.org/CVERecord?id=CVE-2025-53905 https://nvd.nist.gov/vuln/detail/CVE-2025-53905 https://github.com/vim/vim/commit/87757c6b0a4b2c1f71c72ea8e1438b8fb116b239 https://github.com/vim/vim/security/advisories/GHSA-74v4-f3x9-ppvr https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53905.json https://access.redhat.com/errata/RHSA-2025:20945", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-23.el9_7", "arch_op": "pattern match" }, "Zv+LSqi94387CYLrb5PiCw==": { "id": "Zv+LSqi94387CYLrb5PiCw==", "updater": "rhel-vex", "name": "CVE-2023-29405", "description": "A flaw was found in golang. The go command may execute arbitrary code at build time when using cgo. This can occur when running \"go get\" on a malicious module, or when running any other command which builds untrusted code. This can be triggered by linker flags, specified via a \"#cgo LDFLAGS\" directive. Flags containing embedded spaces are mishandled, allowing disallowed flags to be smuggled through the LDFLAGS sanitization by including them in the argument of another flag. This only affects usage of the gccgo compiler.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29405 https://bugzilla.redhat.com/show_bug.cgi?id=2217569 https://www.cve.org/CVERecord?id=CVE-2023-29405 https://nvd.nist.gov/vuln/detail/CVE-2023-29405 https://go.dev/cl/501224 https://go.dev/issue/60306 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1842 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29405.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "Zwyz7XImU98ApFQj0FPRmw==": { "id": "Zwyz7XImU98ApFQj0FPRmw==", "updater": "osv/go", "name": "GO-2026-4869", "description": "Unbounded allocation for old GNU sparse in archive/tar", "issued": "2026-04-07T22:53:49Z", "links": "https://go.dev/cl/763766 https://go.dev/issue/78301 https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.25.9" }, "Zx7E5aKvS5JXoyQSS0VOKg==": { "id": "Zx7E5aKvS5JXoyQSS0VOKg==", "updater": "rhel-vex", "name": "CVE-2025-59375", "description": "A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.", "issued": "2025-09-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-59375 https://bugzilla.redhat.com/show_bug.cgi?id=2395108 https://www.cve.org/CVERecord?id=CVE-2025-59375 https://nvd.nist.gov/vuln/detail/CVE-2025-59375 https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375 https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-59375.json https://access.redhat.com/errata/RHSA-2025:22175", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "High", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-5.el9_7.1", "arch_op": "pattern match" }, "ZxcJWoacxiKADUWqPITGyA==": { "id": "ZxcJWoacxiKADUWqPITGyA==", "updater": "rhel-vex", "name": "CVE-2025-55130", "description": "A flaw in Node.js’s Permissions model allows attackers to bypass `--allow-fs-read` and `--allow-fs-write` restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files. This breaks the expected isolation guarantees and enables arbitrary file read/write.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-55130 https://bugzilla.redhat.com/show_bug.cgi?id=2431352 https://www.cve.org/CVERecord?id=CVE-2025-55130 https://nvd.nist.gov/vuln/detail/CVE-2025-55130 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-55130.json https://access.redhat.com/errata/RHSA-2026:2781", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.13.0-1.module+el9.7.0+23894+c8377628", "arch_op": "pattern match" }, "ZyINijq7IMSOcH4xz5eNoQ==": { "id": "ZyINijq7IMSOcH4xz5eNoQ==", "updater": "rhel-vex", "name": "CVE-2026-1299", "description": "A flaw was found in the email module in the Python standard library. When serializing an email message, the BytesGenerator class fails to properly quote newline characters for email headers. This issue is exploitable when the LiteralHeader class is used as it does not respect email folding rules, allowing an attacker to inject email headers and potentially modify message recipients or the email body, and spoof sender information.", "issued": "2026-01-23T16:27:13Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1299 https://bugzilla.redhat.com/show_bug.cgi?id=2432437 https://www.cve.org/CVERecord?id=CVE-2026-1299 https://nvd.nist.gov/vuln/detail/CVE-2026-1299 https://cve.org/CVERecord?id=CVE-2024-6923 https://github.com/python/cpython/commit/052e55e7d44718fe46cbba0ca995cb8fcc359413 https://github.com/python/cpython/issues/144125 https://github.com/python/cpython/pull/144126 https://mail.python.org/archives/list/security-announce@python.org/thread/6ZZULGALJTITEAGEXLDJE2C6FORDXPBT/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1299.json https://access.redhat.com/errata/RHSA-2026:4168", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.25-3.el9_7.1", "arch_op": "pattern match" }, "a+77t9fGz9BxOnJlGe2W1Q==": { "id": "a+77t9fGz9BxOnJlGe2W1Q==", "updater": "rhel-vex", "name": "CVE-2022-29187", "description": "A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This issue allows the owner of the repository to cause arbitrary commands to be executed by other users who access the repository.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-29187 https://bugzilla.redhat.com/show_bug.cgi?id=2107439 https://www.cve.org/CVERecord?id=CVE-2022-29187 https://nvd.nist.gov/vuln/detail/CVE-2022-29187 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-29187.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "a/YI2nxM2FSL9LuqLWCJ1A==": { "id": "a/YI2nxM2FSL9LuqLWCJ1A==", "updater": "rhel-vex", "name": "CVE-2024-8176", "description": "A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.", "issued": "2025-03-13T13:51:54Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8176 https://bugzilla.redhat.com/show_bug.cgi?id=2310137 https://www.cve.org/CVERecord?id=CVE-2024-8176 https://nvd.nist.gov/vuln/detail/CVE-2024-8176 https://github.com/libexpat/libexpat/issues/893 https://github.com/libexpat/libexpat/pull/973 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8176.json https://access.redhat.com/errata/RHSA-2025:3531", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-3.el9_5.3", "arch_op": "pattern match" }, "a5tv38r7RoeoKCznzGbyPQ==": { "id": "a5tv38r7RoeoKCznzGbyPQ==", "updater": "rhel-vex", "name": "CVE-2024-6345", "description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "issued": "2024-07-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "python3-setuptools", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:53.0.0-12.el9_4.1", "arch_op": "pattern match" }, "a5xKL7Qrgq3D0d3zE8x4RQ==": { "id": "a5xKL7Qrgq3D0d3zE8x4RQ==", "updater": "rhel-vex", "name": "CVE-2025-8291", "description": "A zip file handling flaw has been discovered in the python standard library `zipfile` module. The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory (EOCD) Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create ZIP archives that are handled differently by the 'zipfile' module compared to other ZIP implementations.", "issued": "2025-10-07T18:10:05Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8291 https://bugzilla.redhat.com/show_bug.cgi?id=2402342 https://www.cve.org/CVERecord?id=CVE-2025-8291 https://nvd.nist.gov/vuln/detail/CVE-2025-8291 https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267 https://github.com/python/cpython/commit/333d4a6f4967d3ace91492a39ededbcf3faa76a6 https://github.com/python/cpython/issues/139700 https://github.com/python/cpython/pull/139702 https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8291.json https://access.redhat.com/errata/RHSA-2025:23342", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.25-2.el9_7", "arch_op": "pattern match" }, "a7PsXEXsbw8aTCMWFxM9mg==": { "id": "a7PsXEXsbw8aTCMWFxM9mg==", "updater": "rhel-vex", "name": "CVE-2025-4138", "description": "A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract() or TarFile.extractall() with the filter= parameter set to \"data\" or \"tar\".", "issued": "2025-06-03T12:59:02Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4138 https://bugzilla.redhat.com/show_bug.cgi?id=2372426 https://www.cve.org/CVERecord?id=CVE-2025-4138 https://nvd.nist.gov/vuln/detail/CVE-2025-4138 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4138.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "a7WPDd2/UqA1rqbo6pjM9Q==": { "id": "a7WPDd2/UqA1rqbo6pjM9Q==", "updater": "rhel-vex", "name": "CVE-2023-27535", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, several FTP settings were left out from the configuration match checks, making them match too easily. The problematic settings are `CURLOPT_FTP_ACCOUNT`, `CURLOPT_FTP_ALTERNATIVE_TO_USER`, `CURLOPT_FTP_SSL_CCC` and `CURLOPT_USE_SSL` level.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27535 https://bugzilla.redhat.com/show_bug.cgi?id=2179073 https://www.cve.org/CVERecord?id=CVE-2023-27535 https://nvd.nist.gov/vuln/detail/CVE-2023-27535 https://curl.se/docs/CVE-2023-27535.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27535.json https://access.redhat.com/errata/RHSA-2023:2650", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.1", "arch_op": "pattern match" }, "a8lEoliaJpwjl9bCwQSdLA==": { "id": "a8lEoliaJpwjl9bCwQSdLA==", "updater": "rhel-vex", "name": "CVE-2022-3857", "description": "[REJECTED CVE] A issue has been identified with libpng in png_setup_paeth_row() function. A crafted PNG image from a n attacker can lead to a segmentation fault and Denial of service.", "issued": "2022-11-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3857 https://bugzilla.redhat.com/show_bug.cgi?id=2142600 https://www.cve.org/CVERecord?id=CVE-2022-3857 https://nvd.nist.gov/vuln/detail/CVE-2022-3857 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3857.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libpng", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "a9FllBAJiFi5FeYl0KG4aQ==": { "id": "a9FllBAJiFi5FeYl0KG4aQ==", "updater": "rhel-vex", "name": "CVE-2024-11053", "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "issued": "2024-12-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-11053 https://bugzilla.redhat.com/show_bug.cgi?id=2331191 https://www.cve.org/CVERecord?id=CVE-2024-11053 https://nvd.nist.gov/vuln/detail/CVE-2024-11053 https://www.oracle.com/security-alerts/cpujan2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-11053.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "aF8KHEW+yeGrdIo+G60sLA==": { "id": "aF8KHEW+yeGrdIo+G60sLA==", "updater": "rhel-vex", "name": "CVE-2025-59466", "description": "A stack overflow flaw has been discovered in Node.js error handling where \"Maximum call stack size exceeded\" errors become uncatchable when `async_hooks.createHook()` is enabled. Instead of reaching `process.on('uncaughtException')`, the process terminates, making the crash unrecoverable. Applications that rely on `AsyncLocalStorage` (v22, v20) or `async_hooks.createHook()` (v24, v22, v20) become vulnerable to denial-of-service crashes triggered by deep recursion under specific conditions.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-59466 https://bugzilla.redhat.com/show_bug.cgi?id=2431343 https://www.cve.org/CVERecord?id=CVE-2025-59466 https://nvd.nist.gov/vuln/detail/CVE-2025-59466 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-59466.json https://access.redhat.com/errata/RHSA-2026:2782", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.22.0-1.module+el9.7.0+23896+b5802de9", "arch_op": "pattern match" }, "aGi0xIYQeGr5qYFMFsAN2w==": { "id": "aGi0xIYQeGr5qYFMFsAN2w==", "updater": "rhel-vex", "name": "CVE-2025-61728", "description": "A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.", "issued": "2026-01-28T19:30:31Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61728 https://bugzilla.redhat.com/show_bug.cgi?id=2434431 https://www.cve.org/CVERecord?id=CVE-2025-61728 https://nvd.nist.gov/vuln/detail/CVE-2025-61728 https://go.dev/cl/736713 https://go.dev/issue/77102 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://pkg.go.dev/vuln/GO-2026-4342 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61728.json https://access.redhat.com/errata/RHSA-2026:2709", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.25.7-1.el9_7", "arch_op": "pattern match" }, "aHbxsEzv/m7Yq5sqD6BR6A==": { "id": "aHbxsEzv/m7Yq5sqD6BR6A==", "updater": "osv/go", "name": "GO-2026-4947", "description": "Unexpected work during chain building in crypto/x509", "issued": "2026-04-07T22:53:49Z", "links": "https://go.dev/cl/758320 https://go.dev/issue/78282 https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.25.9" }, "aJcuD8I2FFtYOQG27x05WQ==": { "id": "aJcuD8I2FFtYOQG27x05WQ==", "updater": "rhel-vex", "name": "CVE-2025-24855", "description": "A flaw was found in libxslt numbers.c. This vulnerability allows a use-after-free, potentially leading to memory corruption or code execution via nested XPath evaluations where an XPath context node can be modified but not restored.", "issued": "2025-03-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-24855 https://bugzilla.redhat.com/show_bug.cgi?id=2352483 https://www.cve.org/CVERecord?id=CVE-2025-24855 https://nvd.nist.gov/vuln/detail/CVE-2025-24855 https://gitlab.gnome.org/GNOME/libxslt/-/issues/128 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-24855.json https://access.redhat.com/errata/RHSA-2025:3107", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxslt-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.1.34-9.el9_5.1", "arch_op": "pattern match" }, "aOUfuyvyyWEe7Z1IZT+fGw==": { "id": "aOUfuyvyyWEe7Z1IZT+fGw==", "updater": "rhel-vex", "name": "CVE-2026-34743", "description": "A flaw was found in XZ Utils. When the `lzma_index_decoder()` function processes an empty index, and a subsequent `lzma_index_append()` operation is performed, insufficient memory is allocated. This can lead to a buffer overflow, potentially causing a denial of service (DoS) for affected systems.", "issued": "2026-04-02T18:36:37Z", "links": "https://access.redhat.com/security/cve/CVE-2026-34743 https://bugzilla.redhat.com/show_bug.cgi?id=2454589 https://www.cve.org/CVERecord?id=CVE-2026-34743 https://nvd.nist.gov/vuln/detail/CVE-2026-34743 https://github.com/tukaani-project/xz/commit/c8c22869e780ff57c96b46939c3d79ff99395f87 https://github.com/tukaani-project/xz/releases/tag/v5.8.3 https://github.com/tukaani-project/xz/security/advisories/GHSA-x872-m794-cxhv https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34743.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "xz", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "aQ/ax84rpyWNveVTm/MQww==": { "id": "aQ/ax84rpyWNveVTm/MQww==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "aQGx6Am8fU9TZmcyiMNL4A==": { "id": "aQGx6Am8fU9TZmcyiMNL4A==", "updater": "rhel-vex", "name": "CVE-2024-43802", "description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "issued": "2024-08-26T19:15:07Z", "links": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "aR+DKIj7GETMsDtNSfYXNA==": { "id": "aR+DKIj7GETMsDtNSfYXNA==", "updater": "rhel-vex", "name": "CVE-2022-35252", "description": "A vulnerability found in curl. This security flaw happens when curl is used to retrieve and parse cookies from an HTTP(S) server, where it accepts cookies using control codes (byte values below 32), and also when cookies that contain such control codes are later sent back to an HTTP(S) server, possibly causing the server to return a 400 response. This issue effectively allows a \"sister site\" to deny service to siblings and cause a denial of service attack.", "issued": "2022-08-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-35252 https://bugzilla.redhat.com/show_bug.cgi?id=2120718 https://www.cve.org/CVERecord?id=CVE-2022-35252 https://nvd.nist.gov/vuln/detail/CVE-2022-35252 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-35252.json https://access.redhat.com/errata/RHSA-2023:2478", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9", "arch_op": "pattern match" }, "aUFq3vh1h0/30jIMgLEGbg==": { "id": "aUFq3vh1h0/30jIMgLEGbg==", "updater": "rhel-vex", "name": "CVE-2022-3599", "description": "An out-of-bounds read flaw was found in the writeSingleSection function in tools/tiffcrop.c in the libtiff package. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could cause a denial of service condition.", "issued": "2022-02-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3599 https://bugzilla.redhat.com/show_bug.cgi?id=2142740 https://www.cve.org/CVERecord?id=CVE-2022-3599 https://nvd.nist.gov/vuln/detail/CVE-2022-3599 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3599.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "ab/GKLlj0s6Lkn9DyDnUUQ==": { "id": "ab/GKLlj0s6Lkn9DyDnUUQ==", "updater": "rhel-vex", "name": "CVE-2025-68119", "description": "A flaw was found in Golang's cmd/go module. This vulnerability allows a local attacker to achieve local code execution by downloading and building modules with specially crafted malicious version strings. On systems with Mercurial (hg) installed, this can occur when downloading modules from non-standard sources due to how external Version Control System (VCS) commands are constructed. Additionally, on systems with Git installed, providing malicious version strings to the toolchain can enable an attacker to write to arbitrary files on the filesystem. This issue is triggered by explicitly supplying these malicious version strings.", "issued": "2026-01-28T19:30:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-68119 https://bugzilla.redhat.com/show_bug.cgi?id=2434438 https://www.cve.org/CVERecord?id=CVE-2025-68119 https://nvd.nist.gov/vuln/detail/CVE-2025-68119 https://go.dev/cl/736710 https://go.dev/issue/77099 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://pkg.go.dev/vuln/GO-2026-4338 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68119.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "abYhvv2PIAbu240JiMWauA==": { "id": "abYhvv2PIAbu240JiMWauA==", "updater": "rhel-vex", "name": "CVE-2025-61145", "description": "A denial of service flaw via segmentation fault has been found in libtiff. This segmentation fault vulnerability is caused by accessing invalid or corrupted memory addresses during memory deallocation operations. The root issue lies in the cleanup logic of the main function where the program attempts to free memory that has been corrupted or points to an invalid memory region.", "issued": "2026-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61145 https://bugzilla.redhat.com/show_bug.cgi?id=2441975 https://www.cve.org/CVERecord?id=CVE-2025-61145 https://nvd.nist.gov/vuln/detail/CVE-2025-61145 https://gist.github.com/optionGo/062f109569196dbffd8ac12020b42289 https://gitlab.com/libtiff/libtiff/-/issues/736 https://gitlab.com/libtiff/libtiff/-/merge_requests/753 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61145.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ac4lX1PsJ8EE0cPV3DeA7Q==": { "id": "ac4lX1PsJ8EE0cPV3DeA7Q==", "updater": "rhel-vex", "name": "CVE-2023-29491", "description": "A vulnerability was found in ncurses and occurs when used by a setuid application. This flaw allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "issued": "2023-04-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29491 https://bugzilla.redhat.com/show_bug.cgi?id=2191704 https://www.cve.org/CVERecord?id=CVE-2023-29491 https://nvd.nist.gov/vuln/detail/CVE-2023-29491 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29491.json https://access.redhat.com/errata/RHSA-2023:6698", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "ncurses-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9", "arch_op": "pattern match" }, "ae3lHA7MmabWs4AIbhandQ==": { "id": "ae3lHA7MmabWs4AIbhandQ==", "updater": "rhel-vex", "name": "CVE-2026-3833", "description": "A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of `nameConstraints` labels, specifically for `dNSName` (DNS) or `rfc822Name` (email) constraints within `excludedSubtrees` or `permittedSubtrees`. A remote attacker can exploit this by crafting a leaf certificate with casing differences in the Subject Alternative Name (SAN), leading to a policy bypass where a certificate that should be rejected is instead accepted. This could result in unauthorized access or information disclosure.", "issued": "2026-04-30T17:26:28Z", "links": "https://access.redhat.com/security/cve/CVE-2026-3833 https://bugzilla.redhat.com/show_bug.cgi?id=2445763 https://www.cve.org/CVERecord?id=CVE-2026-3833 https://nvd.nist.gov/vuln/detail/CVE-2026-3833 https://gitlab.com/gnutls/gnutls/-/issues/1803 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3833.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ah5gJjq6ntKGHe05l2QLEA==": { "id": "ah5gJjq6ntKGHe05l2QLEA==", "updater": "rhel-vex", "name": "CVE-2025-11414", "description": "A flaw was found in binutils. Processing a specially crafted object file with the ld linker can trigger an out-of-bounds read in the get_link_hash_entry function in the bfd/elflink.c file due to an improper check, causing a crash and resulting in a denial of service.", "issued": "2025-10-07T22:32:07Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11414 https://bugzilla.redhat.com/show_bug.cgi?id=2402424 https://www.cve.org/CVERecord?id=CVE-2025-11414 https://nvd.nist.gov/vuln/detail/CVE-2025-11414 https://sourceware.org/bugzilla/show_bug.cgi?id=33450 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=aeaaa9af6359c8e394ce9cf24911fec4f4d23703 https://vuldb.com/?id.327350 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11414.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ajN2ub+i7la5x0tiLPy3pQ==": { "id": "ajN2ub+i7la5x0tiLPy3pQ==", "updater": "rhel-vex", "name": "CVE-2025-61732", "description": "A flaw was found in Go's 'cgo tool'. This vulnerability arises from a discrepancy in how Go and C/C++ comments are parsed, which allows for malicious code to be hidden within comments and then \"smuggled\" into the compiled `cgo` binary. An attacker could exploit this to embed and execute arbitrary code, potentially leading to significant system compromise.", "issued": "2026-02-05T03:42:26Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61732 https://bugzilla.redhat.com/show_bug.cgi?id=2437016 https://www.cve.org/CVERecord?id=CVE-2025-61732 https://nvd.nist.gov/vuln/detail/CVE-2025-61732 https://go.dev/cl/734220 https://go.dev/issue/76697 https://groups.google.com/g/golang-announce/c/K09ubi9FQFk https://pkg.go.dev/vuln/GO-2026-4433 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61732.json https://access.redhat.com/errata/RHSA-2026:2709", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.25.7-1.el9_7", "arch_op": "pattern match" }, "akEF6NF80R9wfgwbXmOEDA==": { "id": "akEF6NF80R9wfgwbXmOEDA==", "updater": "rhel-vex", "name": "CVE-2023-0466", "description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "akJLZ6dhkrnudAb8gXyuyw==": { "id": "akJLZ6dhkrnudAb8gXyuyw==", "updater": "rhel-vex", "name": "CVE-2025-59466", "description": "A stack overflow flaw has been discovered in Node.js error handling where \"Maximum call stack size exceeded\" errors become uncatchable when `async_hooks.createHook()` is enabled. Instead of reaching `process.on('uncaughtException')`, the process terminates, making the crash unrecoverable. Applications that rely on `AsyncLocalStorage` (v22, v20) or `async_hooks.createHook()` (v24, v22, v20) become vulnerable to denial-of-service crashes triggered by deep recursion under specific conditions.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-59466 https://bugzilla.redhat.com/show_bug.cgi?id=2431343 https://www.cve.org/CVERecord?id=CVE-2025-59466 https://nvd.nist.gov/vuln/detail/CVE-2025-59466 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-59466.json https://access.redhat.com/errata/RHSA-2026:2782", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.22.0-1.module+el9.7.0+23896+b5802de9", "arch_op": "pattern match" }, "alSeOMnzCu4eh8h4VjVrpA==": { "id": "alSeOMnzCu4eh8h4VjVrpA==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "am8Nu2Xz4xTgOxf+V74bZg==": { "id": "am8Nu2Xz4xTgOxf+V74bZg==", "updater": "rhel-vex", "name": "CVE-2023-32002", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of Module._load() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2230948 https://www.cve.org/CVERecord?id=CVE-2023-32002 https://nvd.nist.gov/vuln/detail/CVE-2023-32002 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-module_load-highcve-2023-32002 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32002.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.17.1-1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "anPJmbS134IB2gfGIWKJ0Q==": { "id": "anPJmbS134IB2gfGIWKJ0Q==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1443", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.18.2-1.module+el9.5.0+22758+4ad2c198", "arch_op": "pattern match" }, "aqaaxa85Ibw3RSMRWLL7yg==": { "id": "aqaaxa85Ibw3RSMRWLL7yg==", "updater": "rhel-vex", "name": "CVE-2023-6129", "description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "issued": "2024-01-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "aqmerajri2owkCLHieW70w==": { "id": "aqmerajri2owkCLHieW70w==", "updater": "rhel-vex", "name": "CVE-2025-8194", "description": "A flaw was found in the Python tarfile module. Processing a specially crafted tar archive, specifically an archive with negative offsets, can cause an infinite loop and deadlock. This issue results in a denial of service in the Python application using the tarfile module.", "issued": "2025-07-28T18:42:44Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8194 https://bugzilla.redhat.com/show_bug.cgi?id=2384043 https://www.cve.org/CVERecord?id=CVE-2025-8194 https://nvd.nist.gov/vuln/detail/CVE-2025-8194 https://github.com/python/cpython/issues/130577 https://github.com/python/cpython/pull/137027 https://mail.python.org/archives/list/security-announce@python.org/thread/ZULLF3IZ726XP5EY7XJ7YIN3K5MDYR2D/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8194.json https://access.redhat.com/errata/RHSA-2025:15019", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.2", "arch_op": "pattern match" }, "atAnLiOuVhy8qyEUVNzM2w==": { "id": "atAnLiOuVhy8qyEUVNzM2w==", "updater": "rhel-vex", "name": "CVE-2022-48338", "description": "A flaw was found in the Emacs package. A malicious ruby source file may cause a local command injection.", "issued": "2023-02-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-48338 https://bugzilla.redhat.com/show_bug.cgi?id=2171988 https://www.cve.org/CVERecord?id=CVE-2022-48338 https://nvd.nist.gov/vuln/detail/CVE-2022-48338 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-48338.json https://access.redhat.com/errata/RHSA-2023:2626", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-8.el9_2.1", "arch_op": "pattern match" }, "b+WKHvVRvScXQjTpsI/dQA==": { "id": "b+WKHvVRvScXQjTpsI/dQA==", "updater": "rhel-vex", "name": "CVE-2025-6176", "description": "Scrapy are vulnerable to a denial of service (DoS) attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occurs because brotli can achieve extremely high compression ratios for zero-filled data, leading to excessive memory consumption during decompression.", "issued": "2025-10-31T00:00:21Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6176 https://bugzilla.redhat.com/show_bug.cgi?id=2408762 https://www.cve.org/CVERecord?id=CVE-2025-6176 https://nvd.nist.gov/vuln/detail/CVE-2025-6176 https://huntr.com/bounties/2c26a886-5984-47ee-a421-0d5fe1344eb0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6176.json https://access.redhat.com/errata/RHSA-2026:2042", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libbrotli", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.0.9-9.el9_7", "arch_op": "pattern match" }, "b/JoMKSdjTg9hoFgyAsYGg==": { "id": "b/JoMKSdjTg9hoFgyAsYGg==", "updater": "rhel-vex", "name": "CVE-2024-34158", "description": "A flaw was found in the go/build/constraint package of the Golang standard library. Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34158 https://bugzilla.redhat.com/show_bug.cgi?id=2310529 https://www.cve.org/CVERecord?id=CVE-2024-34158 https://nvd.nist.gov/vuln/detail/CVE-2024-34158 https://go.dev/cl/611240 https://go.dev/issue/69141 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3107 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34158.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "b2xf65/2S45gOxG8Grxy0g==": { "id": "b2xf65/2S45gOxG8Grxy0g==", "updater": "rhel-vex", "name": "CVE-2023-5441", "description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "issued": "2023-10-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5441.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "b3gcqhWrOMtSFjkTMyyWQw==": { "id": "b3gcqhWrOMtSFjkTMyyWQw==", "updater": "rhel-vex", "name": "CVE-2023-32067", "description": "A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32067 https://bugzilla.redhat.com/show_bug.cgi?id=2209502 https://www.cve.org/CVERecord?id=CVE-2023-32067 https://nvd.nist.gov/vuln/detail/CVE-2023-32067 https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32067.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "b7Ve+kRpf1f/Y0XXi0L2vA==": { "id": "b7Ve+kRpf1f/Y0XXi0L2vA==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://inbox.sourceware.org/libc-announce/3ac997b0-28a5-4129-af53-675efe4c2dec@redhat.com/T/#u https://sourceware.org/bugzilla/show_bug.cgi?id=32976 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "b8ZUCmMy8tFNcjKWAPWexQ==": { "id": "b8ZUCmMy8tFNcjKWAPWexQ==", "updater": "rhel-vex", "name": "CVE-2026-21713", "description": "A flaw was found in Node.js. The HMAC (Hash-based Message Authentication Code) verification process uses a comparison method that does not take a constant amount of time. This non-constant-time comparison can leak timing information, which, under specific conditions where precise timing measurements are possible, could be exploited by a remote attacker. This allows the attacker to infer sensitive HMAC values, leading to information disclosure.", "issued": "2026-03-30T19:07:28Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21713 https://bugzilla.redhat.com/show_bug.cgi?id=2453160 https://www.cve.org/CVERecord?id=CVE-2026-21713 https://nvd.nist.gov/vuln/detail/CVE-2026-21713 https://nodejs.org/en/blog/vulnerability/march-2026-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21713.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "b8cX6Z3ptet250uYs1XjIQ==": { "id": "b8cX6Z3ptet250uYs1XjIQ==", "updater": "rhel-vex", "name": "CVE-2023-39322", "description": "A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39322 https://bugzilla.redhat.com/show_bug.cgi?id=2237778 https://www.cve.org/CVERecord?id=CVE-2023-39322 https://nvd.nist.gov/vuln/detail/CVE-2023-39322 https://go.dev/cl/523039 https://go.dev/issue/62266 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2045.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39322.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "b9Kb4WNexa+E+t+B4ZpfRA==": { "id": "b9Kb4WNexa+E+t+B4ZpfRA==", "updater": "rhel-vex", "name": "CVE-2025-49794", "description": "A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the \u003csch:name path=\"...\"/\u003e schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.", "issued": "2025-06-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-49794 https://bugzilla.redhat.com/show_bug.cgi?id=2372373 https://www.cve.org/CVERecord?id=CVE-2025-49794 https://nvd.nist.gov/vuln/detail/CVE-2025-49794 https://gitlab.gnome.org/GNOME/libxml2/-/issues/931 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-49794.json https://access.redhat.com/errata/RHSA-2025:10699", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-10.el9_6", "arch_op": "pattern match" }, "b9vpp7YMXEAHYnt8gPj4PA==": { "id": "b9vpp7YMXEAHYnt8gPj4PA==", "updater": "rhel-vex", "name": "CVE-2025-15469", "description": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15469 https://bugzilla.redhat.com/show_bug.cgi?id=2430378 https://www.cve.org/CVERecord?id=CVE-2025-15469 https://nvd.nist.gov/vuln/detail/CVE-2025-15469 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15469.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "bACUKZThWu3kcO82NfO4eg==": { "id": "bACUKZThWu3kcO82NfO4eg==", "updater": "rhel-vex", "name": "CVE-2023-1264", "description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "issued": "2023-03-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1264.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "bDMsFO9+dr7IgrwHxKJ/2g==": { "id": "bDMsFO9+dr7IgrwHxKJ/2g==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgcc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "bDhy7gfmPOwxr6lS2HOcFg==": { "id": "bDhy7gfmPOwxr6lS2HOcFg==", "updater": "rhel-vex", "name": "CVE-2025-49796", "description": "A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.", "issued": "2025-06-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-49796 https://bugzilla.redhat.com/show_bug.cgi?id=2372385 https://www.cve.org/CVERecord?id=CVE-2025-49796 https://nvd.nist.gov/vuln/detail/CVE-2025-49796 https://gitlab.gnome.org/GNOME/libxml2/-/issues/933 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-49796.json https://access.redhat.com/errata/RHSA-2025:10699", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-10.el9_6", "arch_op": "pattern match" }, "bDvGK7B1/5BJREOCtiSQyw==": { "id": "bDvGK7B1/5BJREOCtiSQyw==", "updater": "rhel-vex", "name": "CVE-2024-37371", "description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-37371 https://bugzilla.redhat.com/show_bug.cgi?id=2294676 https://www.cve.org/CVERecord?id=CVE-2024-37371 https://nvd.nist.gov/vuln/detail/CVE-2024-37371 https://web.mit.edu/kerberos/www/krb5-1.21/ https://www.oracle.com/security-alerts/cpujan2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37371.json https://access.redhat.com/errata/RHSA-2024:6166", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-2.el9_4", "arch_op": "pattern match" }, "bELtRRWF07YgwEcu9KD6Jg==": { "id": "bELtRRWF07YgwEcu9KD6Jg==", "updater": "rhel-vex", "name": "CVE-2026-1526", "description": "A flaw was found in undici. A remote attacker can exploit this vulnerability by sending a specially crafted compressed frame, known as a \"decompression bomb,\" during permessage-deflate decompression. The undici WebSocket client does not properly limit the size of decompressed data, leading to unbounded memory consumption. This can cause the Node.js process to exhaust available memory, resulting in a denial of service (DoS) where the process crashes or becomes unresponsive.", "issued": "2026-03-12T20:08:05Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1526 https://bugzilla.redhat.com/show_bug.cgi?id=2447142 https://www.cve.org/CVERecord?id=CVE-2026-1526 https://nvd.nist.gov/vuln/detail/CVE-2026-1526 https://cna.openjsf.org/security-advisories.html https://datatracker.ietf.org/doc/html/rfc7692 https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q https://hackerone.com/reports/3481206 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1526.json https://access.redhat.com/errata/RHSA-2026:7302", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461", "arch_op": "pattern match" }, "bJGGlc8FG/c2T93ktUh6Ig==": { "id": "bJGGlc8FG/c2T93ktUh6Ig==", "updater": "rhel-vex", "name": "CVE-2025-66418", "description": "A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain causes the client system to consume a virtually unbounded amount of CPU resources and memory. The high resource usage leads to service disruption, making the application unresponsive.", "issued": "2025-12-05T16:02:15Z", "links": "https://access.redhat.com/security/cve/CVE-2025-66418 https://bugzilla.redhat.com/show_bug.cgi?id=2419455 https://www.cve.org/CVERecord?id=CVE-2025-66418 https://nvd.nist.gov/vuln/detail/CVE-2025-66418 https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8 https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-66418.json https://access.redhat.com/errata/RHSA-2026:1087", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "python3-urllib3", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.26.5-6.el9_7.1", "arch_op": "pattern match" }, "bKE3ov27WR5dMz8a/M+jUA==": { "id": "bKE3ov27WR5dMz8a/M+jUA==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "bN/37R0s8WD9IOTdf9jzwA==": { "id": "bN/37R0s8WD9IOTdf9jzwA==", "updater": "rhel-vex", "name": "CVE-2026-21637", "description": "A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when `pskCallback` or `ALPNCallback` are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths (tlsClientError and error), causing either immediate process termination or silent file descriptor leaks that eventually lead to denial of service. Because these callbacks process attacker-controlled input during the TLS handshake, a remote client can repeatedly trigger the issue. This vulnerability affects TLS servers using PSK or ALPN callbacks across Node.js versions where these callbacks throw without being safely wrapped.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21637 https://bugzilla.redhat.com/show_bug.cgi?id=2431340 https://www.cve.org/CVERecord?id=CVE-2026-21637 https://nvd.nist.gov/vuln/detail/CVE-2026-21637 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21637.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "bOC69k4Gpn8Av1w/ra2Tdw==": { "id": "bOC69k4Gpn8Av1w/ra2Tdw==", "updater": "rhel-vex", "name": "CVE-2025-14104", "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14104 https://bugzilla.redhat.com/show_bug.cgi?id=2419369 https://www.cve.org/CVERecord?id=CVE-2025-14104 https://nvd.nist.gov/vuln/detail/CVE-2025-14104 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14104.json https://access.redhat.com/errata/RHSA-2026:1913", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libuuid", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.37.4-21.el9_7", "arch_op": "pattern match" }, "bOMmd0jIpY2e7Cl4owS24g==": { "id": "bOMmd0jIpY2e7Cl4owS24g==", "updater": "rhel-vex", "name": "CVE-2025-4517", "description": "A flaw was found in the CPython tarfile module. This vulnerability allows arbitrary filesystem writes outside the extraction directory via extracting untrusted tar archives using the TarFile.extractall() or TarFile.extract() methods with the extraction filter parameter set to \"data\" or \"tar\".", "issued": "2025-06-03T12:58:50Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4517 https://bugzilla.redhat.com/show_bug.cgi?id=2370016 https://www.cve.org/CVERecord?id=CVE-2025-4517 https://nvd.nist.gov/vuln/detail/CVE-2025-4517 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4517.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "bQ1N5xPGM/wU59iAjdfQ6A==": { "id": "bQ1N5xPGM/wU59iAjdfQ6A==", "updater": "rhel-vex", "name": "CVE-2025-15468", "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15468 https://bugzilla.redhat.com/show_bug.cgi?id=2430377 https://www.cve.org/CVERecord?id=CVE-2025-15468 https://nvd.nist.gov/vuln/detail/CVE-2025-15468 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15468.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "bS+af0/VFTa2vHJUfxeH5g==": { "id": "bS+af0/VFTa2vHJUfxeH5g==", "updater": "rhel-vex", "name": "CVE-2025-61732", "description": "A flaw was found in Go's 'cgo tool'. This vulnerability arises from a discrepancy in how Go and C/C++ comments are parsed, which allows for malicious code to be hidden within comments and then \"smuggled\" into the compiled `cgo` binary. An attacker could exploit this to embed and execute arbitrary code, potentially leading to significant system compromise.", "issued": "2026-02-05T03:42:26Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61732 https://bugzilla.redhat.com/show_bug.cgi?id=2437016 https://www.cve.org/CVERecord?id=CVE-2025-61732 https://nvd.nist.gov/vuln/detail/CVE-2025-61732 https://go.dev/cl/734220 https://go.dev/issue/76697 https://groups.google.com/g/golang-announce/c/K09ubi9FQFk https://pkg.go.dev/vuln/GO-2026-4433 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61732.json https://access.redhat.com/errata/RHSA-2026:2709", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.25.7-1.el9_7", "arch_op": "pattern match" }, "bUleeXyDhPPtw2/S2E8kiw==": { "id": "bUleeXyDhPPtw2/S2E8kiw==", "updater": "rhel-vex", "name": "CVE-2025-68121", "description": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.", "issued": "2026-02-05T17:48:44Z", "links": "https://access.redhat.com/security/cve/CVE-2025-68121 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://www.cve.org/CVERecord?id=CVE-2025-68121 https://nvd.nist.gov/vuln/detail/CVE-2025-68121 https://go.dev/cl/737700 https://go.dev/issue/77217 https://groups.google.com/g/golang-announce/c/K09ubi9FQFk https://pkg.go.dev/vuln/GO-2026-4337 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68121.json https://access.redhat.com/errata/RHSA-2026:2709", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.25.7-1.el9_7", "arch_op": "pattern match" }, "bVLJeNp3UltT+T1xu6C55A==": { "id": "bVLJeNp3UltT+T1xu6C55A==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "bZGx+ktPNqzyr9hXBoIOTA==": { "id": "bZGx+ktPNqzyr9hXBoIOTA==", "updater": "rhel-vex", "name": "CVE-2025-4598", "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "issued": "2025-05-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4598 https://bugzilla.redhat.com/show_bug.cgi?id=2369242 https://www.cve.org/CVERecord?id=CVE-2025-4598 https://nvd.nist.gov/vuln/detail/CVE-2025-4598 https://www.openwall.com/lists/oss-security/2025/05/29/3 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4598.json https://access.redhat.com/errata/RHSA-2025:22660", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:252-55.el9_7.7", "arch_op": "pattern match" }, "bb9X6domCAmA+m40PgE/jg==": { "id": "bb9X6domCAmA+m40PgE/jg==", "updater": "rhel-vex", "name": "CVE-2024-21896", "description": "A flaw was found in Node.js. The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path is to be treated as a buffer, the implementation uses Buffer.from() to obtain a buffer from the result of path.resolve(). By monkey-patching buffer internals, namely, Buffer.prototype.utf8Write, the application can modify the result of path.resolve(), which leads to a path traversal vulnerability.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21896 https://bugzilla.redhat.com/show_bug.cgi?id=2265717 https://www.cve.org/CVERecord?id=CVE-2024-21896 https://nvd.nist.gov/vuln/detail/CVE-2024-21896 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21896.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "be+F+Fkt9wYh4z6YwfNqdw==": { "id": "be+F+Fkt9wYh4z6YwfNqdw==", "updater": "rhel-vex", "name": "CVE-2022-35252", "description": "A vulnerability found in curl. This security flaw happens when curl is used to retrieve and parse cookies from an HTTP(S) server, where it accepts cookies using control codes (byte values below 32), and also when cookies that contain such control codes are later sent back to an HTTP(S) server, possibly causing the server to return a 400 response. This issue effectively allows a \"sister site\" to deny service to siblings and cause a denial of service attack.", "issued": "2022-08-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-35252 https://bugzilla.redhat.com/show_bug.cgi?id=2120718 https://www.cve.org/CVERecord?id=CVE-2022-35252 https://nvd.nist.gov/vuln/detail/CVE-2022-35252 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-35252.json https://access.redhat.com/errata/RHSA-2023:2478", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9", "arch_op": "pattern match" }, "bf41zTvm6HAv6xdiXpwGWQ==": { "id": "bf41zTvm6HAv6xdiXpwGWQ==", "updater": "rhel-vex", "name": "CVE-2025-32728", "description": "A flaw was found in OpenSSH. In affected versions of sshd, the DisableForwarding directive does not fully adhere to the intended functionality as documented. Specifically, it fails to disable X11 and agent forwarding, which may allow unintended access under certain configurations.", "issued": "2025-04-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32728 https://bugzilla.redhat.com/show_bug.cgi?id=2358767 https://www.cve.org/CVERecord?id=CVE-2025-32728 https://nvd.nist.gov/vuln/detail/CVE-2025-32728 https://lists.mindrot.org/pipermail/openssh-unix-dev/2025-April/041879.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32728.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "bfa/XbakkA2/5GrUyvwSyw==": { "id": "bfa/XbakkA2/5GrUyvwSyw==", "updater": "rhel-vex", "name": "CVE-2024-52005", "description": "A flaw was found in Git. When cloning, fetching, or pushing from a server, informational or error messages are transported from the remote Git process to the client via a sideband channel. These messages are prefixed with \"remote:\" and printed directly to the standard error output. Typically, this standard error output is connected to a terminal that understands ANSI escape sequences, which Git did not protect against. Most modern terminals support control sequences that can be used by a malicious actor to hide and misrepresent information or to mislead the user into executing untrusted scripts.", "issued": "2025-01-15T17:35:02Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52005 https://bugzilla.redhat.com/show_bug.cgi?id=2338289 https://www.cve.org/CVERecord?id=CVE-2024-52005 https://nvd.nist.gov/vuln/detail/CVE-2024-52005 https://github.com/git/git/security/advisories/GHSA-7jjc-gg6m-3329 https://lore.kernel.org/git/1M9FnZ-1taoNo1wwh-00ESSd@mail.gmx.net https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52005.json https://access.redhat.com/errata/RHSA-2025:7409", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.1-2.el9_6", "arch_op": "pattern match" }, "bgGUNdBAEokCVaY0TKwk/w==": { "id": "bgGUNdBAEokCVaY0TKwk/w==", "updater": "rhel-vex", "name": "CVE-2025-6075", "description": "A vulnerability in Python’s os.path.expandvars() function that can cause performance degradation. When processing specially crafted, user-controlled input with nested environment variable patterns, the function exhibits quadratic time complexity, potentially leading to excessive CPU usage and denial of service (DoS) conditions. No code execution or data exposure occurs, so the impact is limited to performance slowdown.", "issued": "2025-10-31T16:41:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6075 https://bugzilla.redhat.com/show_bug.cgi?id=2408891 https://www.cve.org/CVERecord?id=CVE-2025-6075 https://nvd.nist.gov/vuln/detail/CVE-2025-6075 https://github.com/python/cpython/issues/136065 https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6075.json https://access.redhat.com/errata/RHSA-2025:23342", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.25-2.el9_7", "arch_op": "pattern match" }, "bgJs7DKkcMwNTsh9yTDgQg==": { "id": "bgJs7DKkcMwNTsh9yTDgQg==", "updater": "rhel-vex", "name": "CVE-2025-14104", "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14104 https://bugzilla.redhat.com/show_bug.cgi?id=2419369 https://www.cve.org/CVERecord?id=CVE-2025-14104 https://nvd.nist.gov/vuln/detail/CVE-2025-14104 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14104.json https://access.redhat.com/errata/RHSA-2026:1913", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libblkid", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.37.4-21.el9_7", "arch_op": "pattern match" }, "bh7RRRlNP555+LOFASdB0w==": { "id": "bh7RRRlNP555+LOFASdB0w==", "updater": "rhel-vex", "name": "CVE-2022-2980", "description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "issued": "2022-08-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2980.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "bhGWI9pwDmrdv65FPEeviA==": { "id": "bhGWI9pwDmrdv65FPEeviA==", "updater": "rhel-vex", "name": "CVE-2025-59466", "description": "A stack overflow flaw has been discovered in Node.js error handling where \"Maximum call stack size exceeded\" errors become uncatchable when `async_hooks.createHook()` is enabled. Instead of reaching `process.on('uncaughtException')`, the process terminates, making the crash unrecoverable. Applications that rely on `AsyncLocalStorage` (v22, v20) or `async_hooks.createHook()` (v24, v22, v20) become vulnerable to denial-of-service crashes triggered by deep recursion under specific conditions.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-59466 https://bugzilla.redhat.com/show_bug.cgi?id=2431343 https://www.cve.org/CVERecord?id=CVE-2025-59466 https://nvd.nist.gov/vuln/detail/CVE-2025-59466 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-59466.json https://access.redhat.com/errata/RHSA-2026:2782", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.22.0-1.module+el9.7.0+23896+b5802de9", "arch_op": "pattern match" }, "bj9lurrpBxE/q4lRd2Wp7A==": { "id": "bj9lurrpBxE/q4lRd2Wp7A==", "updater": "rhel-vex", "name": "CVE-2025-4673", "description": "A flaw was found in net/http. Handling Proxy-Authorization and Proxy-Authenticate headers during cross-origin redirects allows these headers to be inadvertently forwarded, potentially exposing sensitive authentication credentials. This flaw allows a network-based attacker to manipulate redirect responses, unintentionally exposing authentication details to unauthorized parties.", "issued": "2025-06-11T16:42:53Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4673 https://bugzilla.redhat.com/show_bug.cgi?id=2373305 https://www.cve.org/CVERecord?id=CVE-2025-4673 https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://pkg.go.dev/vuln/GO-2025-3751 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4673.json https://access.redhat.com/errata/RHSA-2025:10676", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.4-1.el9_6", "arch_op": "pattern match" }, "bjkXZ4ZTp29EFzF+wMw4xw==": { "id": "bjkXZ4ZTp29EFzF+wMw4xw==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.2.8.el9_4", "arch_op": "pattern match" }, "bjyLMZdYnkrpUxDySiQ34Q==": { "id": "bjyLMZdYnkrpUxDySiQ34Q==", "updater": "rhel-vex", "name": "CVE-2025-15468", "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15468 https://bugzilla.redhat.com/show_bug.cgi?id=2430377 https://www.cve.org/CVERecord?id=CVE-2025-15468 https://nvd.nist.gov/vuln/detail/CVE-2025-15468 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15468.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "bklfMYFV2WKM17hKPU+5BA==": { "id": "bklfMYFV2WKM17hKPU+5BA==", "updater": "osv/go", "name": "GO-2025-3373", "description": "Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509", "issued": "2025-01-28T00:47:30Z", "links": "https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.22.11" }, "bmNjdpodhrAjmmeNv8j2ZA==": { "id": "bmNjdpodhrAjmmeNv8j2ZA==", "updater": "rhel-vex", "name": "CVE-2023-30590", "description": "A vulnerability has been identified in the Node.js, where a generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30590 https://bugzilla.redhat.com/show_bug.cgi?id=2219842 https://www.cve.org/CVERecord?id=CVE-2023-30590 https://nvd.nist.gov/vuln/detail/CVE-2023-30590 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30590.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "bmwYxyT6fmHIa8FODhI70w==": { "id": "bmwYxyT6fmHIa8FODhI70w==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "bmyf3V3WjS7kQmiAcGoBiQ==": { "id": "bmyf3V3WjS7kQmiAcGoBiQ==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "bnbyK7dxlE/oYVQQzP4AfQ==": { "id": "bnbyK7dxlE/oYVQQzP4AfQ==", "updater": "rhel-vex", "name": "CVE-2026-21715", "description": "A flaw was found in Node.js. The Node.js Permission Model, intended to restrict filesystem access, does not properly enforce read permission checks for the `fs.realpathSync.native()` function. This vulnerability allows code operating under `--permission` with restricted `--allow-fs-read` flags to bypass security controls. Consequently, an attacker can use `fs.realpathSync.native()` to determine file existence, resolve symbolic link targets, and enumerate filesystem paths outside of permitted directories, leading to information disclosure.", "issued": "2026-03-30T19:07:28Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21715 https://bugzilla.redhat.com/show_bug.cgi?id=2453152 https://www.cve.org/CVERecord?id=CVE-2026-21715 https://nvd.nist.gov/vuln/detail/CVE-2026-21715 https://nodejs.org/en/blog/vulnerability/march-2026-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21715.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "bpM7BDVV04atOPduc9mI8Q==": { "id": "bpM7BDVV04atOPduc9mI8Q==", "updater": "rhel-vex", "name": "CVE-2024-6232", "description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "issued": "2024-09-03T13:15:05Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:9468", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.19-8.el9_5.1", "arch_op": "pattern match" }, "bpwdCug2xQZhmaazCqwIew==": { "id": "bpwdCug2xQZhmaazCqwIew==", "updater": "rhel-vex", "name": "CVE-2023-51767", "description": "An authentication bypass vulnerability was found in a modified version of OpenSSH. When common types of DRAM memory are used, it might allow row hammer attacks because the integer value of authenticated authpassword does not resist flips of a single bit. Exploiting a Rowhammer-style attack to flip bits in memory, forces successful authentication by setting the return code to 0.", "issued": "2023-12-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-51767 https://bugzilla.redhat.com/show_bug.cgi?id=2255850 https://www.cve.org/CVERecord?id=CVE-2023-51767 https://nvd.nist.gov/vuln/detail/CVE-2023-51767 https://arxiv.org/abs/2309.02545 https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/auth-passwd.c#L77 https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/monitor.c#L878 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-51767.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "bqEGDVpuXY3j7Kr18B5E4w==": { "id": "bqEGDVpuXY3j7Kr18B5E4w==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "brTmpkOORx2yJvCnkPzYRw==": { "id": "brTmpkOORx2yJvCnkPzYRw==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "bugTfOdgCaATW4vTnuXTSQ==": { "id": "bugTfOdgCaATW4vTnuXTSQ==", "updater": "rhel-vex", "name": "CVE-2025-70873", "description": "A flaw was found in SQLite. This information disclosure vulnerability exists within the zipfile extension, specifically in the zipfileInflate function. A remote attacker could exploit this by providing a specially crafted ZIP file. Successful exploitation could lead to the disclosure of sensitive heap memory information.", "issued": "2026-03-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-70873 https://bugzilla.redhat.com/show_bug.cgi?id=2447086 https://www.cve.org/CVERecord?id=CVE-2025-70873 https://nvd.nist.gov/vuln/detail/CVE-2025-70873 https://gist.github.com/cnwangjihe/f496393f30f5ecec5b18c8f5ab072054 https://sqlite.org/forum/forumpost/761eac3c82 https://sqlite.org/src/info/3d459f1fb1bd1b5e https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-70873.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "by+PAyhAcd2LS2O/tZxbRQ==": { "id": "by+PAyhAcd2LS2O/tZxbRQ==", "updater": "rhel-vex", "name": "CVE-2025-5245", "description": "A denial-of-service vulnerability has been identified in GNU Binutils, affecting versions up to 2.44. The flaw resides within the debug_type_samep function in the /binutils/debug.c file of the objdump component. An attacker with local access can trigger a program crash by manipulating input data, leading to a denial of service for the objdump utility.", "issued": "2025-05-27T14:31:12Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5245 https://bugzilla.redhat.com/show_bug.cgi?id=2368771 https://www.cve.org/CVERecord?id=CVE-2025-5245 https://nvd.nist.gov/vuln/detail/CVE-2025-5245 https://sourceware.org/bugzilla/attachment.cgi?id=16004 https://sourceware.org/bugzilla/show_bug.cgi?id=32829 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6c3458a8b7ee7d39f070c7b2350851cb2110c65a https://vuldb.com/?ctiid.310347 https://vuldb.com/?id.310347 https://vuldb.com/?submit.584635 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5245.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "by27tPFgbmYSIGNVHDyy/w==": { "id": "by27tPFgbmYSIGNVHDyy/w==", "updater": "rhel-vex", "name": "CVE-2025-68160", "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-68160 https://bugzilla.redhat.com/show_bug.cgi?id=2430380 https://www.cve.org/CVERecord?id=CVE-2025-68160 https://nvd.nist.gov/vuln/detail/CVE-2025-68160 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68160.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "by4qEj8r2+yQ8xw2ZHB4/Q==": { "id": "by4qEj8r2+yQ8xw2ZHB4/Q==", "updater": "rhel-vex", "name": "CVE-2025-7425", "description": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.", "issued": "2025-07-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-7425 https://bugzilla.redhat.com/show_bug.cgi?id=2379274 https://www.cve.org/CVERecord?id=CVE-2025-7425 https://nvd.nist.gov/vuln/detail/CVE-2025-7425 https://gitlab.gnome.org/GNOME/libxslt/-/issues/140 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-7425.json https://access.redhat.com/errata/RHSA-2025:12447", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-11.el9_6", "arch_op": "pattern match" }, "bytYw82gsP7fmiiqIEcGNw==": { "id": "bytYw82gsP7fmiiqIEcGNw==", "updater": "rhel-vex", "name": "CVE-2023-30588", "description": "A vulnerability has been identified in the Node.js, where an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30588 https://bugzilla.redhat.com/show_bug.cgi?id=2219838 https://www.cve.org/CVERecord?id=CVE-2023-30588 https://nvd.nist.gov/vuln/detail/CVE-2023-30588 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30588.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "bzewxC8waOXL414yMxKcqQ==": { "id": "bzewxC8waOXL414yMxKcqQ==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "c+walK0V+dA1g3qnPME4Ow==": { "id": "c+walK0V+dA1g3qnPME4Ow==", "updater": "rhel-vex", "name": "CVE-2023-32006", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32006 https://bugzilla.redhat.com/show_bug.cgi?id=2230955 https://www.cve.org/CVERecord?id=CVE-2023-32006 https://nvd.nist.gov/vuln/detail/CVE-2023-32006 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-impersonate-other-modules-in-using-moduleconstructorcreaterequire-mediumcve-2023-32006 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32006.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.17.1-1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "c/+IhJOZwrUFnxH/AA8NiA==": { "id": "c/+IhJOZwrUFnxH/AA8NiA==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "c/EuG5G0xeL87UQs3yxxqQ==": { "id": "c/EuG5G0xeL87UQs3yxxqQ==", "updater": "rhel-vex", "name": "CVE-2023-3899", "description": "A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.", "issued": "2023-08-22T14:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3899 https://bugzilla.redhat.com/show_bug.cgi?id=2225407 https://www.cve.org/CVERecord?id=CVE-2023-3899 https://nvd.nist.gov/vuln/detail/CVE-2023-3899 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3899.json https://access.redhat.com/errata/RHSA-2023:4708", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "subscription-manager", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.29.33.1-2.el9_2", "arch_op": "pattern match" }, "c/TMKje5Txl9grWesV+S0A==": { "id": "c/TMKje5Txl9grWesV+S0A==", "updater": "rhel-vex", "name": "CVE-2023-45288", "description": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45288 https://bugzilla.redhat.com/show_bug.cgi?id=2268273 https://www.cve.org/CVERecord?id=CVE-2023-45288 https://nvd.nist.gov/vuln/detail/CVE-2023-45288 https://nowotarski.info/http2-continuation-flood/ https://pkg.go.dev/vuln/GO-2024-2687 https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45288.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "c0R7sQMFyTIRhp8ZTCTmlw==": { "id": "c0R7sQMFyTIRhp8ZTCTmlw==", "updater": "rhel-vex", "name": "CVE-2023-29499", "description": "A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29499 https://bugzilla.redhat.com/show_bug.cgi?id=2211828 https://www.cve.org/CVERecord?id=CVE-2023-29499 https://nvd.nist.gov/vuln/detail/CVE-2023-29499 https://gitlab.gnome.org/GNOME/glib/-/issues/2794 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29499.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "c1lEpxuKpeMWatR0F4jVaw==": { "id": "c1lEpxuKpeMWatR0F4jVaw==", "updater": "rhel-vex", "name": "CVE-2026-25547", "description": "A flaw was found in the brace-expansion component. This denial of service (DoS) vulnerability allows a remote attacker to provide specially crafted input containing repeated numeric brace ranges. This input causes the library to attempt an unbounded expansion, consuming excessive CPU and memory resources. This can lead to a system crash, impacting the availability of the service.", "issued": "2026-02-04T21:51:17Z", "links": "https://access.redhat.com/security/cve/CVE-2026-25547 https://bugzilla.redhat.com/show_bug.cgi?id=2436942 https://www.cve.org/CVERecord?id=CVE-2026-25547 https://nvd.nist.gov/vuln/detail/CVE-2026-25547 https://github.com/isaacs/brace-expansion/security/advisories/GHSA-7h2j-956f-4vf2 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25547.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "c3NVrHAJ0F90wrDIEwTmUw==": { "id": "c3NVrHAJ0F90wrDIEwTmUw==", "updater": "rhel-vex", "name": "CVE-2026-21637", "description": "A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when `pskCallback` or `ALPNCallback` are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths (tlsClientError and error), causing either immediate process termination or silent file descriptor leaks that eventually lead to denial of service. Because these callbacks process attacker-controlled input during the TLS handshake, a remote client can repeatedly trigger the issue. This vulnerability affects TLS servers using PSK or ALPN callbacks across Node.js versions where these callbacks throw without being safely wrapped.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21637 https://bugzilla.redhat.com/show_bug.cgi?id=2431340 https://www.cve.org/CVERecord?id=CVE-2026-21637 https://nvd.nist.gov/vuln/detail/CVE-2026-21637 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21637.json https://access.redhat.com/errata/RHSA-2026:2783", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.2-1.20.20.0.1.module+el9.7.0+23895+0637d423", "arch_op": "pattern match" }, "c3PMMUG7qpg+sSIEQy9R+g==": { "id": "c3PMMUG7qpg+sSIEQy9R+g==", "updater": "rhel-vex", "name": "CVE-2025-55131", "description": "A memory exposure flaw has been discovered in Node.js. A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the `vm` module with the timeout option. Under specific timing conditions, buffers allocated with `Buffer.alloc` and other `TypedArray` instances like `Uint8Array` may contain leftover data from previous operations, allowing in-process secrets like tokens or passwords to leak or causing data corruption.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-55131 https://bugzilla.redhat.com/show_bug.cgi?id=2431350 https://www.cve.org/CVERecord?id=CVE-2025-55131 https://nvd.nist.gov/vuln/detail/CVE-2025-55131 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-55131.json https://access.redhat.com/errata/RHSA-2026:2781", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.13.0-1.module+el9.7.0+23894+c8377628", "arch_op": "pattern match" }, "c3eMx85yv79gfxNsxZXPHQ==": { "id": "c3eMx85yv79gfxNsxZXPHQ==", "updater": "rhel-vex", "name": "CVE-2023-41175", "description": "A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.", "issued": "2023-07-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-41175 https://bugzilla.redhat.com/show_bug.cgi?id=2235264 https://www.cve.org/CVERecord?id=CVE-2023-41175 https://nvd.nist.gov/vuln/detail/CVE-2023-41175 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-41175.json https://access.redhat.com/errata/RHSA-2024:2289", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9", "arch_op": "pattern match" }, "c4b8AyMPp1ls7ClKiTCbAg==": { "id": "c4b8AyMPp1ls7ClKiTCbAg==", "updater": "rhel-vex", "name": "CVE-2024-36137", "description": "A flaw was found in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. The Node.js Permission Model does not operate on file descriptors. However, operations such as fs.fchown or fs.fchmod can use a \"read-only\" file descriptor to change the owner and permissions of a file.", "issued": "2024-07-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-36137 https://bugzilla.redhat.com/show_bug.cgi?id=2299281 https://www.cve.org/CVERecord?id=CVE-2024-36137 https://nvd.nist.gov/vuln/detail/CVE-2024-36137 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-36137.json https://access.redhat.com/errata/RHSA-2024:5815", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.1-1.20.16.0.1.module+el9.4.0+22197+9e60f127", "arch_op": "pattern match" }, "c95Jb/MAeM4/Wnq2jSIopg==": { "id": "c95Jb/MAeM4/Wnq2jSIopg==", "updater": "rhel-vex", "name": "CVE-2022-25883", "description": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size, resulting in a denial of service.", "issued": "2023-06-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25883 https://bugzilla.redhat.com/show_bug.cgi?id=2216475 https://www.cve.org/CVERecord?id=CVE-2022-25883 https://nvd.nist.gov/vuln/detail/CVE-2022-25883 https://github.com/advisories/GHSA-c2qf-rxjj-qqgw https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25883.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "c9kKQdmqE31JfE8hW1jBfg==": { "id": "c9kKQdmqE31JfE8hW1jBfg==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "cBmZwV0l/QLSSsoNwTuUWA==": { "id": "cBmZwV0l/QLSSsoNwTuUWA==", "updater": "rhel-vex", "name": "CVE-2022-25883", "description": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size, resulting in a denial of service.", "issued": "2023-06-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25883 https://bugzilla.redhat.com/show_bug.cgi?id=2216475 https://www.cve.org/CVERecord?id=CVE-2022-25883 https://nvd.nist.gov/vuln/detail/CVE-2022-25883 https://github.com/advisories/GHSA-c2qf-rxjj-qqgw https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25883.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.17.1-1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "cC3lPQDv1QQiffpXJ4JvcQ==": { "id": "cC3lPQDv1QQiffpXJ4JvcQ==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://inbox.sourceware.org/libc-announce/3ac997b0-28a5-4129-af53-675efe4c2dec@redhat.com/T/#u https://sourceware.org/bugzilla/show_bug.cgi?id=32976 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "cD+9p+2eb4ubWbn/ynDqrQ==": { "id": "cD+9p+2eb4ubWbn/ynDqrQ==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-vars", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.05-481.1.el9_6", "arch_op": "pattern match" }, "cH2BKUm0Ri3t0Dex4X9yvQ==": { "id": "cH2BKUm0Ri3t0Dex4X9yvQ==", "updater": "rhel-vex", "name": "CVE-2025-14104", "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14104 https://bugzilla.redhat.com/show_bug.cgi?id=2419369 https://www.cve.org/CVERecord?id=CVE-2025-14104 https://nvd.nist.gov/vuln/detail/CVE-2025-14104 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14104.json https://access.redhat.com/errata/RHSA-2026:1913", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libmount-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.37.4-21.el9_7", "arch_op": "pattern match" }, "cHe6S9cCUDaq9usM0j2CnQ==": { "id": "cHe6S9cCUDaq9usM0j2CnQ==", "updater": "rhel-vex", "name": "CVE-2025-6069", "description": "A denial-of-service (DoS) vulnerability has been discovered in Python's html.parser.HTMLParser class. When processing specially malformed HTML input, the parsing runtime can become quadratic with respect to the input size. This significantly increased processing time can lead to excessive resource consumption, ultimately causing a denial-of-service condition in applications that rely on this parser.", "issued": "2025-06-17T13:39:46Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6069 https://bugzilla.redhat.com/show_bug.cgi?id=2373234 https://www.cve.org/CVERecord?id=CVE-2025-6069 https://nvd.nist.gov/vuln/detail/CVE-2025-6069 https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949 https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41 https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b https://github.com/python/cpython/issues/135462 https://github.com/python/cpython/pull/135464 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6069.json https://access.redhat.com/errata/RHSA-2025:23342", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.25-2.el9_7", "arch_op": "pattern match" }, "cKtHM3xMrk1VjV0S8Zl4qQ==": { "id": "cKtHM3xMrk1VjV0S8Zl4qQ==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "cLetPtVgm731iRPvGEIeyw==": { "id": "cLetPtVgm731iRPvGEIeyw==", "updater": "rhel-vex", "name": "CVE-2023-39333", "description": "Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39333 https://bugzilla.redhat.com/show_bug.cgi?id=2244418 https://www.cve.org/CVERecord?id=CVE-2023-39333 https://nvd.nist.gov/vuln/detail/CVE-2023-39333 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39333.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "cMY+6QfPqyOZE380Mf5rIQ==": { "id": "cMY+6QfPqyOZE380Mf5rIQ==", "updater": "rhel-vex", "name": "CVE-2022-0351", "description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "issued": "2022-01-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0351.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "cNsQU/uNFf7PsCWqaKxjAQ==": { "id": "cNsQU/uNFf7PsCWqaKxjAQ==", "updater": "rhel-vex", "name": "CVE-2023-30588", "description": "A vulnerability has been identified in the Node.js, where an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30588 https://bugzilla.redhat.com/show_bug.cgi?id=2219838 https://www.cve.org/CVERecord?id=CVE-2023-30588 https://nvd.nist.gov/vuln/detail/CVE-2023-30588 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30588.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.1.1.el9_2", "arch_op": "pattern match" }, "cS/0ymtIhJJUkn3i2OVYww==": { "id": "cS/0ymtIhJJUkn3i2OVYww==", "updater": "rhel-vex", "name": "CVE-2026-26996", "description": "A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.", "issued": "2026-02-20T03:05:21Z", "links": "https://access.redhat.com/security/cve/CVE-2026-26996 https://bugzilla.redhat.com/show_bug.cgi?id=2441268 https://www.cve.org/CVERecord?id=CVE-2026-26996 https://nvd.nist.gov/vuln/detail/CVE-2026-26996 https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5 https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-26996.json https://access.redhat.com/errata/RHSA-2026:7302", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461", "arch_op": "pattern match" }, "cS8BJbrTN4Z2MOJCTGMR8w==": { "id": "cS8BJbrTN4Z2MOJCTGMR8w==", "updater": "rhel-vex", "name": "CVE-2023-48795", "description": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.", "issued": "2023-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48795 https://bugzilla.redhat.com/show_bug.cgi?id=2254210 https://www.cve.org/CVERecord?id=CVE-2023-48795 https://nvd.nist.gov/vuln/detail/CVE-2023-48795 https://access.redhat.com/solutions/7071748 https://terrapin-attack.com/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48795.json https://access.redhat.com/errata/RHSA-2024:1130", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-34.el9_3.3", "arch_op": "pattern match" }, "cSPoRTB3BjDaa16wszdN3g==": { "id": "cSPoRTB3BjDaa16wszdN3g==", "updater": "rhel-vex", "name": "CVE-2023-25193", "description": "A vulnerability was found HarfBuzz. This flaw allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "issued": "2023-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25193 https://bugzilla.redhat.com/show_bug.cgi?id=2167254 https://www.cve.org/CVERecord?id=CVE-2023-25193 https://nvd.nist.gov/vuln/detail/CVE-2023-25193 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25193.json https://access.redhat.com/errata/RHSA-2024:2410", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "harfbuzz-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.7.4-10.el9", "arch_op": "pattern match" }, "cUH9U4T8Wpzm/UIIektEAQ==": { "id": "cUH9U4T8Wpzm/UIIektEAQ==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "cWbhx4ozV3Pkh4rK/phNRA==": { "id": "cWbhx4ozV3Pkh4rK/phNRA==", "updater": "osv/go", "name": "GO-2025-3420", "description": "Sensitive headers incorrectly sent after cross-domain redirect in net/http", "issued": "2025-01-28T00:47:30Z", "links": "https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.22.11" }, "ca+BSCGp5tEYAgJqvm8GFw==": { "id": "ca+BSCGp5tEYAgJqvm8GFw==", "updater": "rhel-vex", "name": "CVE-2023-6237", "description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "issued": "2024-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "cbNKZbfbJhPfPLHi6va27w==": { "id": "cbNKZbfbJhPfPLHi6va27w==", "updater": "rhel-vex", "name": "CVE-2022-3555", "description": "A flaw was found in the libX11 package in the_XFreeX11XCBStructure function of the xcb_disp.c file. The manipulation of the argument dpy may lead to a memory leak, resulting in a crash.", "issued": "2022-10-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3555 https://bugzilla.redhat.com/show_bug.cgi?id=2136412 https://www.cve.org/CVERecord?id=CVE-2022-3555 https://nvd.nist.gov/vuln/detail/CVE-2022-3555 https://ubuntu.com/security/CVE-2022-3555 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3555.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libX11", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "cbSiFirRdrVkpUeOLy/CjA==": { "id": "cbSiFirRdrVkpUeOLy/CjA==", "updater": "rhel-vex", "name": "CVE-2025-9900", "description": "A flaw was found in Libtiff. This vulnerability is a \"write-what-where\" condition, triggered when the library processes a specially crafted TIFF image file.\n\nBy providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.", "issued": "2025-09-22T14:29:35Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9900 https://bugzilla.redhat.com/show_bug.cgi?id=2392784 https://www.cve.org/CVERecord?id=CVE-2025-9900 https://nvd.nist.gov/vuln/detail/CVE-2025-9900 https://github.com/SexyShoelessGodofWar/LibTiff-4.7.0-Write-What-Where?tab=readme-ov-file https://gitlab.com/libtiff/libtiff/-/issues/704 https://gitlab.com/libtiff/libtiff/-/merge_requests/732 https://libtiff.gitlab.io/libtiff/releases/v4.7.1.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9900.json https://access.redhat.com/errata/RHSA-2025:20956", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-15.el9_7.2", "arch_op": "pattern match" }, "cex7jEfdv/MaWi3px1ZgxQ==": { "id": "cex7jEfdv/MaWi3px1ZgxQ==", "updater": "rhel-vex", "name": "CVE-2023-29469", "description": "A flaw was found in libxml2. This issue occurs when hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce inconsistent results, which may lead to various logic or memory errors, including double free errors.", "issued": "2023-04-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29469 https://bugzilla.redhat.com/show_bug.cgi?id=2185984 https://www.cve.org/CVERecord?id=CVE-2023-29469 https://nvd.nist.gov/vuln/detail/CVE-2023-29469 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29469.json https://access.redhat.com/errata/RHSA-2023:4349", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-3.el9_2.1", "arch_op": "pattern match" }, "cgUuYY1sKP0jeDPr/wEn4w==": { "id": "cgUuYY1sKP0jeDPr/wEn4w==", "updater": "rhel-vex", "name": "CVE-2024-24789", "description": "A flaw was found in Golang. The ZIP implementation of the Go language archive/zip library behaves differently than the rest of the ZIP file format implementations. When handling ZIP files with a corrupted central directory record, the library skips over the invalid record and processes the next valid one. This flaw allows a malicious user to access hidden information or files inside maliciously crafted ZIP files.", "issued": "2024-06-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24789 https://bugzilla.redhat.com/show_bug.cgi?id=2292668 https://www.cve.org/CVERecord?id=CVE-2024-24789 https://nvd.nist.gov/vuln/detail/CVE-2024-24789 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24789.json https://access.redhat.com/errata/RHSA-2024:4212", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.11-1.el9_4", "arch_op": "pattern match" }, "chAsSpcJWTbOWxYZ5RrJ4A==": { "id": "chAsSpcJWTbOWxYZ5RrJ4A==", "updater": "rhel-vex", "name": "CVE-2026-21637", "description": "A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when `pskCallback` or `ALPNCallback` are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths (tlsClientError and error), causing either immediate process termination or silent file descriptor leaks that eventually lead to denial of service. Because these callbacks process attacker-controlled input during the TLS handshake, a remote client can repeatedly trigger the issue. This vulnerability affects TLS servers using PSK or ALPN callbacks across Node.js versions where these callbacks throw without being safely wrapped.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21637 https://bugzilla.redhat.com/show_bug.cgi?id=2431340 https://www.cve.org/CVERecord?id=CVE-2026-21637 https://nvd.nist.gov/vuln/detail/CVE-2026-21637 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21637.json https://access.redhat.com/errata/RHSA-2026:2782", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.22.0-1.module+el9.7.0+23896+b5802de9", "arch_op": "pattern match" }, "cjoCrbQlAeGxtTPUlcMPuA==": { "id": "cjoCrbQlAeGxtTPUlcMPuA==", "updater": "rhel-vex", "name": "CVE-2025-26603", "description": "A flaw was found in Vim's :redir command. This vulnerability allows a use-after-free condition via redirecting the :display command to a clipboard register (* or +), which allows access to freed memory.", "issued": "2025-02-18T19:04:24Z", "links": "https://access.redhat.com/security/cve/CVE-2025-26603 https://bugzilla.redhat.com/show_bug.cgi?id=2346346 https://www.cve.org/CVERecord?id=CVE-2025-26603 https://nvd.nist.gov/vuln/detail/CVE-2025-26603 https://github.com/vim/vim/commit/c0f0e2380e5954f4a52a131bf6b8 https://github.com/vim/vim/security/advisories/GHSA-63p5-mwg2-787v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-26603.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ckmL8g+r8c1O3UTEaVeJgQ==": { "id": "ckmL8g+r8c1O3UTEaVeJgQ==", "updater": "rhel-vex", "name": "CVE-2026-25547", "description": "A flaw was found in the brace-expansion component. This denial of service (DoS) vulnerability allows a remote attacker to provide specially crafted input containing repeated numeric brace ranges. This input causes the library to attempt an unbounded expansion, consuming excessive CPU and memory resources. This can lead to a system crash, impacting the availability of the service.", "issued": "2026-02-04T21:51:17Z", "links": "https://access.redhat.com/security/cve/CVE-2026-25547 https://bugzilla.redhat.com/show_bug.cgi?id=2436942 https://www.cve.org/CVERecord?id=CVE-2026-25547 https://nvd.nist.gov/vuln/detail/CVE-2026-25547 https://github.com/isaacs/brace-expansion/security/advisories/GHSA-7h2j-956f-4vf2 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25547.json https://access.redhat.com/errata/RHSA-2026:7302", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.22.2-1.module+el9.7.0+24157+8ddb2461", "arch_op": "pattern match" }, "cly/G/AvUZQM2J1YMymkpQ==": { "id": "cly/G/AvUZQM2J1YMymkpQ==", "updater": "rhel-vex", "name": "CVE-2025-66866", "description": "A flaw was found in BinUtils. An attacker can exploit a vulnerability in the `d_abi_tags` function within the `cp-demangle.c` file by providing a specially crafted Portable Executable (PE) file. This can lead to a Denial of Service (DoS), making the affected application unavailable to legitimate users.", "issued": "2025-12-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-66866 https://bugzilla.redhat.com/show_bug.cgi?id=2425830 https://www.cve.org/CVERecord?id=CVE-2025-66866 https://nvd.nist.gov/vuln/detail/CVE-2025-66866 https://github.com/caozhzh/CRGF-Vul/blob/main/cxxfilt/crash6.md https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-66866.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "cm/gvI0AVbEJW8SbZVw6fw==": { "id": "cm/gvI0AVbEJW8SbZVw6fw==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "cm3OVRYaWfpGnoqokxyhvA==": { "id": "cm3OVRYaWfpGnoqokxyhvA==", "updater": "rhel-vex", "name": "CVE-2026-1527", "description": "A flaw was found in undici, a Node.js HTTP/1.1 client. This vulnerability allows a remote attacker to inject malicious data into HTTP headers or prematurely end HTTP requests by sending specially crafted input to the `upgrade` option of `client.request()`. This is possible because undici does not properly validate input for invalid header characters, which could lead to unauthorized information disclosure or bypassing of security controls.", "issued": "2026-03-12T20:17:18Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1527 https://bugzilla.redhat.com/show_bug.cgi?id=2447141 https://www.cve.org/CVERecord?id=CVE-2026-1527 https://nvd.nist.gov/vuln/detail/CVE-2026-1527 https://cna.openjsf.org/security-advisories.html https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq https://hackerone.com/reports/3487198 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1527.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "coZUZkSgAUHkgS8Joj97mg==": { "id": "coZUZkSgAUHkgS8Joj97mg==", "updater": "rhel-vex", "name": "CVE-2026-4111", "description": "A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.", "issued": "2026-03-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4111 https://bugzilla.redhat.com/show_bug.cgi?id=2446453 https://www.cve.org/CVERecord?id=CVE-2026-4111 https://nvd.nist.gov/vuln/detail/CVE-2026-4111 https://github.com/libarchive/libarchive/pull/2877 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4111.json https://access.redhat.com/errata/RHSA-2026:5080", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "bsdtar", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-7.el9_7", "arch_op": "pattern match" }, "cpPUNXFgwF2pB9MJlxFOqg==": { "id": "cpPUNXFgwF2pB9MJlxFOqg==", "updater": "rhel-vex", "name": "CVE-2026-26996", "description": "A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.", "issued": "2026-02-20T03:05:21Z", "links": "https://access.redhat.com/security/cve/CVE-2026-26996 https://bugzilla.redhat.com/show_bug.cgi?id=2441268 https://www.cve.org/CVERecord?id=CVE-2026-26996 https://nvd.nist.gov/vuln/detail/CVE-2026-26996 https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5 https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-26996.json https://access.redhat.com/errata/RHSA-2026:7302", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.22.2-1.module+el9.7.0+24157+8ddb2461", "arch_op": "pattern match" }, "cpsr/YFJ0iUNtv72fOtdjw==": { "id": "cpsr/YFJ0iUNtv72fOtdjw==", "updater": "osv/go", "name": "GO-2026-4340", "description": "Handshake messages may be processed at the incorrect encryption level in crypto/tls", "issued": "2026-01-28T19:08:09Z", "links": "https://go.dev/cl/724120 https://go.dev/issue/76443 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.12" }, "cr4RGJYSJM2QUssm6cAQ4w==": { "id": "cr4RGJYSJM2QUssm6cAQ4w==", "updater": "rhel-vex", "name": "CVE-2023-4863", "description": "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", "issued": "2023-09-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4863 https://bugzilla.redhat.com/show_bug.cgi?id=2238431 https://www.cve.org/CVERecord?id=CVE-2023-4863 https://nvd.nist.gov/vuln/detail/CVE-2023-4863 https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/ https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4863.json https://access.redhat.com/errata/RHSA-2023:5214", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libwebp", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.2.0-7.el9_2", "arch_op": "pattern match" }, "cv/HKlhaI7EJMBLIaTimwg==": { "id": "cv/HKlhaI7EJMBLIaTimwg==", "updater": "rhel-vex", "name": "CVE-2023-23920", "description": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23920 https://bugzilla.redhat.com/show_bug.cgi?id=2172217 https://www.cve.org/CVERecord?id=CVE-2023-23920 https://nvd.nist.gov/vuln/detail/CVE-2023-23920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23920.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "cw4W3PskPKPJZy+QzFk5bA==": { "id": "cw4W3PskPKPJZy+QzFk5bA==", "updater": "rhel-vex", "name": "CVE-2023-0801", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the _TIFFmemcpy function in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0801 https://bugzilla.redhat.com/show_bug.cgi?id=2170172 https://www.cve.org/CVERecord?id=CVE-2023-0801 https://nvd.nist.gov/vuln/detail/CVE-2023-0801 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0801.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "cwXdqs9AFOcThYn4e8y3yw==": { "id": "cwXdqs9AFOcThYn4e8y3yw==", "updater": "rhel-vex", "name": "CVE-2024-35195", "description": "An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.", "issued": "2024-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-35195 https://bugzilla.redhat.com/show_bug.cgi?id=2282114 https://www.cve.org/CVERecord?id=CVE-2024-35195 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35195.json https://access.redhat.com/errata/RHSA-2025:7049", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-requests", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.25.1-9.el9", "arch_op": "pattern match" }, "cxMZ2TEnkk6RdtuU9fDThg==": { "id": "cxMZ2TEnkk6RdtuU9fDThg==", "updater": "rhel-vex", "name": "CVE-2021-3927", "description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-10-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3927.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "d/522T+B/ARMNSG+3QfAWA==": { "id": "d/522T+B/ARMNSG+3QfAWA==", "updater": "rhel-vex", "name": "CVE-2026-22185", "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "issued": "2026-01-07T20:26:30Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22185 https://bugzilla.redhat.com/show_bug.cgi?id=2427679 https://www.cve.org/CVERecord?id=CVE-2026-22185 https://nvd.nist.gov/vuln/detail/CVE-2026-22185 https://seclists.org/fulldisclosure/2026/Jan/5 https://seclists.org/fulldisclosure/2026/Jan/8 https://www.openldap.org/ https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22185.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openldap", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "d0TdbMsURHlCTk8d2vGLjQ==": { "id": "d0TdbMsURHlCTk8d2vGLjQ==", "updater": "rhel-vex", "name": "CVE-2025-55131", "description": "A memory exposure flaw has been discovered in Node.js. A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the `vm` module with the timeout option. Under specific timing conditions, buffers allocated with `Buffer.alloc` and other `TypedArray` instances like `Uint8Array` may contain leftover data from previous operations, allowing in-process secrets like tokens or passwords to leak or causing data corruption.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-55131 https://bugzilla.redhat.com/show_bug.cgi?id=2431350 https://www.cve.org/CVERecord?id=CVE-2025-55131 https://nvd.nist.gov/vuln/detail/CVE-2025-55131 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-55131.json https://access.redhat.com/errata/RHSA-2026:2783", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.2-1.20.20.0.1.module+el9.7.0+23895+0637d423", "arch_op": "pattern match" }, "d0nPfXoEZybRuV9TMDY3YQ==": { "id": "d0nPfXoEZybRuV9TMDY3YQ==", "updater": "rhel-vex", "name": "CVE-2026-6253", "description": "A flaw was found in curl. When curl is configured to use distinct proxies for different URL schemes, a redirect from a URL using an authenticated proxy to one using an unauthenticated proxy can inadvertently expose the initial proxy's credentials. This improper credential management (CWE-522) may allow an attacker to gain unauthorized access or information by intercepting these disclosed credentials.", "issued": "2026-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-6253 https://bugzilla.redhat.com/show_bug.cgi?id=2461202 https://www.cve.org/CVERecord?id=CVE-2026-6253 https://nvd.nist.gov/vuln/detail/CVE-2026-6253 https://curl.se/docs/CVE-2026-6253.html https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6253.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "d1j+WeBwgxUY2DD8tjQwMA==": { "id": "d1j+WeBwgxUY2DD8tjQwMA==", "updater": "rhel-vex", "name": "CVE-2023-24537", "description": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an infinite loop due to integer overflow when calling any of the Parse functions. By sending a specially crafted input, a remote attacker can cause a denial of service.", "issued": "2023-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24537 https://bugzilla.redhat.com/show_bug.cgi?id=2184484 https://www.cve.org/CVERecord?id=CVE-2023-24537 https://nvd.nist.gov/vuln/detail/CVE-2023-24537 https://github.com/golang/go/issues/59180 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24537.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "d2mdhZ97rWRfD+pslcl6uw==": { "id": "d2mdhZ97rWRfD+pslcl6uw==", "updater": "rhel-vex", "name": "CVE-2023-30590", "description": "A vulnerability has been identified in the Node.js, where a generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30590 https://bugzilla.redhat.com/show_bug.cgi?id=2219842 https://www.cve.org/CVERecord?id=CVE-2023-30590 https://nvd.nist.gov/vuln/detail/CVE-2023-30590 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30590.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.16.1-1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "d8O/Pp2nkWZxFhUyXQucZg==": { "id": "d8O/Pp2nkWZxFhUyXQucZg==", "updater": "rhel-vex", "name": "CVE-2025-1094", "description": "A flaw was found in PostgreSQL. Due to improper neutralization of quoting syntax, affected versions potentially allow a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the affected function's result to construct input to psql, the PostgreSQL interactive terminal. Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when `client_encoding` is `BIG5` and `server_encoding` is one of `EUC_TW` or `MULE_INTERNAL`.", "issued": "2025-02-13T13:00:02Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1094 https://bugzilla.redhat.com/show_bug.cgi?id=2345548 https://www.cve.org/CVERecord?id=CVE-2025-1094 https://nvd.nist.gov/vuln/detail/CVE-2025-1094 https://attackerkb.com/topics/G5s8ZWAbYH/cve-2024-12356/rapid7-analysis https://www.postgresql.org/support/security/CVE-2025-1094/ https://www.rapid7.com/blog/post/2025/02/13/cve-2025-1094-postgresql-psql-sql-injection-fixed/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1094.json https://access.redhat.com/errata/RHSA-2025:1738", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libpq", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:13.20-1.el9_5", "arch_op": "pattern match" }, "d9oy2JiAKtie2N1lu2J6ew==": { "id": "d9oy2JiAKtie2N1lu2J6ew==", "updater": "rhel-vex", "name": "CVE-2026-4224", "description": "A stack overflow flaw has been discovered in the python pyexpat module. When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs. This will result in a program crash.", "issued": "2026-03-16T17:52:26Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4224 https://bugzilla.redhat.com/show_bug.cgi?id=2448181 https://www.cve.org/CVERecord?id=CVE-2026-4224 https://nvd.nist.gov/vuln/detail/CVE-2026-4224 https://github.com/python/cpython/commit/196edfb06a7458377d4d0f4b3cd41724c1f3bd4a https://github.com/python/cpython/commit/e0a8a6da90597a924b300debe045cdb4628ee1f3 https://github.com/python/cpython/commit/eb0e8be3a7e11b87d198a2c3af1ed0eccf532768 https://github.com/python/cpython/issues/145986 https://github.com/python/cpython/pull/145987 https://mail.python.org/archives/list/security-announce@python.org/thread/5M7CGUW3XBRY7II4DK43KF7NQQ3TPZ6R/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4224.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3.9", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "d9qJI4TyihrqXixZ+S73jg==": { "id": "d9qJI4TyihrqXixZ+S73jg==", "updater": "rhel-vex", "name": "CVE-2023-27538", "description": "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27538 https://bugzilla.redhat.com/show_bug.cgi?id=2179103 https://www.cve.org/CVERecord?id=CVE-2023-27538 https://nvd.nist.gov/vuln/detail/CVE-2023-27538 https://curl.se/docs/CVE-2023-27538.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27538.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "dJvtOf1rRIWFniMT4IOhrw==": { "id": "dJvtOf1rRIWFniMT4IOhrw==", "updater": "rhel-vex", "name": "CVE-2025-59466", "description": "A stack overflow flaw has been discovered in Node.js error handling where \"Maximum call stack size exceeded\" errors become uncatchable when `async_hooks.createHook()` is enabled. Instead of reaching `process.on('uncaughtException')`, the process terminates, making the crash unrecoverable. Applications that rely on `AsyncLocalStorage` (v22, v20) or `async_hooks.createHook()` (v24, v22, v20) become vulnerable to denial-of-service crashes triggered by deep recursion under specific conditions.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-59466 https://bugzilla.redhat.com/show_bug.cgi?id=2431343 https://www.cve.org/CVERecord?id=CVE-2025-59466 https://nvd.nist.gov/vuln/detail/CVE-2025-59466 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-59466.json https://access.redhat.com/errata/RHSA-2026:2781", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.13.0-1.module+el9.7.0+23894+c8377628", "arch_op": "pattern match" }, "dKzgwwkG/spsYd8PVvrk6A==": { "id": "dKzgwwkG/spsYd8PVvrk6A==", "updater": "rhel-vex", "name": "CVE-2023-39804", "description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "issued": "2023-12-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39804.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "dMO4fX/IkQ2bi0ds65uBZA==": { "id": "dMO4fX/IkQ2bi0ds65uBZA==", "updater": "rhel-vex", "name": "CVE-2025-53905", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:48:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53905 https://bugzilla.redhat.com/show_bug.cgi?id=2380362 https://www.cve.org/CVERecord?id=CVE-2025-53905 https://nvd.nist.gov/vuln/detail/CVE-2025-53905 https://github.com/vim/vim/commit/87757c6b0a4b2c1f71c72ea8e1438b8fb116b239 https://github.com/vim/vim/security/advisories/GHSA-74v4-f3x9-ppvr https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53905.json https://access.redhat.com/errata/RHSA-2025:20945", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-23.el9_7", "arch_op": "pattern match" }, "dN3ZkuuHRauklH+tfqwFYA==": { "id": "dN3ZkuuHRauklH+tfqwFYA==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "dNHj9TUgbfnbgJUCEellCw==": { "id": "dNHj9TUgbfnbgJUCEellCw==", "updater": "rhel-vex", "name": "CVE-2026-33671", "description": "A flaw was found in Picomatch, a JavaScript glob matcher. This Regular Expression Denial of Service (ReDoS) vulnerability allows a remote attacker to cause excessive CPU consumption and block the Node.js event loop, leading to a denial of service. This occurs when untrusted users supply crafted extglob patterns, specifically those using quantifiers like `+()` and `*()` combined with overlapping alternatives or nested extglobs, which can trigger catastrophic backtracking in the compiled regular expressions.", "issued": "2026-03-26T21:20:48Z", "links": "https://access.redhat.com/security/cve/CVE-2026-33671 https://bugzilla.redhat.com/show_bug.cgi?id=2451986 https://www.cve.org/CVERecord?id=CVE-2026-33671 https://nvd.nist.gov/vuln/detail/CVE-2026-33671 https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33671.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "dO/rj/SVo/ZlfJAB2ajOEQ==": { "id": "dO/rj/SVo/ZlfJAB2ajOEQ==", "updater": "rhel-vex", "name": "CVE-2023-5535", "description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5535.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "dT4TBdsMnRpAlGfPboRcFg==": { "id": "dT4TBdsMnRpAlGfPboRcFg==", "updater": "rhel-vex", "name": "CVE-2024-34158", "description": "A flaw was found in the go/build/constraint package of the Golang standard library. Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34158 https://bugzilla.redhat.com/show_bug.cgi?id=2310529 https://www.cve.org/CVERecord?id=CVE-2024-34158 https://nvd.nist.gov/vuln/detail/CVE-2024-34158 https://go.dev/cl/611240 https://go.dev/issue/69141 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3107 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34158.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "dWdVOD7SorvI9CNble8XGw==": { "id": "dWdVOD7SorvI9CNble8XGw==", "updater": "rhel-vex", "name": "CVE-2025-46835", "description": "A vulnerability was found in the git GUI package. When a user clones an untrusted repository and edits a file located in a maliciously named directory, git GUI may end up creating or overwriting arbitrary files for the running user has written permission. This flaw allows an attacker to modify the content of target files without the affected user's intent, resulting in a data integrity issue.", "issued": "2025-07-10T15:09:42Z", "links": "https://access.redhat.com/security/cve/CVE-2025-46835 https://bugzilla.redhat.com/show_bug.cgi?id=2379326 https://www.cve.org/CVERecord?id=CVE-2025-46835 https://nvd.nist.gov/vuln/detail/CVE-2025-46835 https://github.com/j6t/git-gui/compare/dcda716dbc9c90bcac4611bd1076747671ee0906..a437f5bc93330a70b42a230e52f3bd036ca1b1da https://github.com/j6t/git-gui/security/advisories/GHSA-xfx7-68v4-v8fg https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-46835.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "dWyG19OuEG5lNCJXvpjTag==": { "id": "dWyG19OuEG5lNCJXvpjTag==", "updater": "rhel-vex", "name": "CVE-2025-15367", "description": "A flaw was found in the poplib module in the Python standard library. The poplib module does not reject control characters, such as newlines, in user-controlled input passed to POP3 commands. This issue allows an attacker to inject additional commands to be executed in the POP3 server.", "issued": "2026-01-20T21:47:09Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15367 https://bugzilla.redhat.com/show_bug.cgi?id=2431373 https://www.cve.org/CVERecord?id=CVE-2025-15367 https://nvd.nist.gov/vuln/detail/CVE-2025-15367 https://github.com/python/cpython/issues/143923 https://github.com/python/cpython/pull/143924 https://mail.python.org/archives/list/security-announce@python.org/thread/CBFBOWVGGUJFSGITQCCBZS4GEYYZ7ZNE/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15367.json https://access.redhat.com/errata/RHSA-2026:4168", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.25-3.el9_7.1", "arch_op": "pattern match" }, "dXgWtIQra5a7FOM/lmTQMQ==": { "id": "dXgWtIQra5a7FOM/lmTQMQ==", "updater": "rhel-vex", "name": "CVE-2022-35252", "description": "A vulnerability found in curl. This security flaw happens when curl is used to retrieve and parse cookies from an HTTP(S) server, where it accepts cookies using control codes (byte values below 32), and also when cookies that contain such control codes are later sent back to an HTTP(S) server, possibly causing the server to return a 400 response. This issue effectively allows a \"sister site\" to deny service to siblings and cause a denial of service attack.", "issued": "2022-08-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-35252 https://bugzilla.redhat.com/show_bug.cgi?id=2120718 https://www.cve.org/CVERecord?id=CVE-2022-35252 https://nvd.nist.gov/vuln/detail/CVE-2022-35252 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-35252.json https://access.redhat.com/errata/RHSA-2023:2478", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9", "arch_op": "pattern match" }, "dZ7ryQ0b1w50+eNxXX/Jcg==": { "id": "dZ7ryQ0b1w50+eNxXX/Jcg==", "updater": "rhel-vex", "name": "CVE-2026-29111", "description": "A flaw was found in systemd, a system and service manager. An unprivileged user can exploit this vulnerability by making an Inter-Process Communication (IPC) API call with spurious data. In older versions (v249 and earlier), this can lead to stack overwriting with attacker-controlled content, potentially enabling arbitrary code execution or privilege escalation. In newer versions (v250 and later), the flaw causes systemd to assert and freeze, resulting in a Denial of Service (DoS).", "issued": "2026-03-23T21:03:56Z", "links": "https://access.redhat.com/security/cve/CVE-2026-29111 https://bugzilla.redhat.com/show_bug.cgi?id=2450505 https://www.cve.org/CVERecord?id=CVE-2026-29111 https://nvd.nist.gov/vuln/detail/CVE-2026-29111 https://github.com/systemd/systemd/commit/1d22f706bd04f45f8422e17fbde3f56ece17758a https://github.com/systemd/systemd/commit/20021e7686426052e3a7505425d7e12085feb2a6 https://github.com/systemd/systemd/commit/21167006574d6b83813c7596759b474f56562412 https://github.com/systemd/systemd/commit/3cee294fe8cf4fa0eff933ab21416d099942cabd https://github.com/systemd/systemd/commit/42aee39107fbdd7db1ccd402a2151822b2805e9f https://github.com/systemd/systemd/commit/54588d2dedff54bfb6036670820650e4ea74628f https://github.com/systemd/systemd/commit/7ac3220213690e8a8d6d2a6e81e43bd1dce01d69 https://github.com/systemd/systemd/commit/80acea4ef80a4bb78560ed970c34952299b890d6 https://github.com/systemd/systemd/commit/b5fd14693057e5f2c9b4a49603be64ec3608ff6c https://github.com/systemd/systemd/commit/efa6ba2ab625aaa160ac435a09e6482fc63bdbe8 https://github.com/systemd/systemd/security/advisories/GHSA-gx6q-6f99-m764 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-29111.json https://access.redhat.com/errata/RHSA-2026:13677", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:252-55.el9_7.9", "arch_op": "pattern match" }, "dZdW43K/PTswO8gz0zCkYQ==": { "id": "dZdW43K/PTswO8gz0zCkYQ==", "updater": "rhel-vex", "name": "CVE-2026-1525", "description": "A flaw was found in undici, a Node.js HTTP/1.1 client. A remote attacker could exploit this vulnerability by sending HTTP/1.1 requests that include duplicate Content-Length headers with different casing (e.g., \"Content-Length\" and \"content-length\"). This can lead to HTTP Request Smuggling, a technique where an attacker sends an ambiguous request that is interpreted differently by a proxy and a backend server. Successful exploitation could result in unauthorized access, cache poisoning, or credential hijacking. It may also cause a Denial of Service (DoS) if strict HTTP parsers reject the malformed requests.", "issued": "2026-03-12T19:56:55Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1525 https://bugzilla.redhat.com/show_bug.cgi?id=2447144 https://www.cve.org/CVERecord?id=CVE-2026-1525 https://nvd.nist.gov/vuln/detail/CVE-2026-1525 https://cna.openjsf.org/security-advisories.html https://cwe.mitre.org/data/definitions/444.html https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm https://hackerone.com/reports/3556037 https://www.rfc-editor.org/rfc/rfc9110.html#section-8.6 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1525.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "dc0xpXbQDi3upLAUXz65ZQ==": { "id": "dc0xpXbQDi3upLAUXz65ZQ==", "updater": "rhel-vex", "name": "CVE-2025-55132", "description": "A file access flaw has been discovered in NodeJS. A file's access and modification timestamps to be changed via `futimes()` even when the process has only read permissions. Unlike `utimes()`, `futimes()` does not apply the expected write-permission checks, which means file metadata can be modified in read-only directories. This behavior could be used to alter timestamps in ways that obscure activity, reducing the reliability of logs.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-55132 https://bugzilla.redhat.com/show_bug.cgi?id=2431338 https://www.cve.org/CVERecord?id=CVE-2025-55132 https://nvd.nist.gov/vuln/detail/CVE-2025-55132 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-55132.json https://access.redhat.com/errata/RHSA-2026:2781", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.13.0-1.module+el9.7.0+23894+c8377628", "arch_op": "pattern match" }, "dcH4AHY4X+K0bO3O9nqJrQ==": { "id": "dcH4AHY4X+K0bO3O9nqJrQ==", "updater": "rhel-vex", "name": "CVE-2025-69652", "description": "A flaw was found in binutils. Processing a specially crafted ELF binary file containing malformed DWARF abbrev or debug information with the readelf program using the -w abbrev command line option can trigger an abort, causing a crash and resulting in a denial of service.", "issued": "2026-03-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69652 https://bugzilla.redhat.com/show_bug.cgi?id=2445296 https://www.cve.org/CVERecord?id=CVE-2025-69652 https://nvd.nist.gov/vuln/detail/CVE-2025-69652 https://sourceware.org/bugzilla/show_bug.cgi?id=33701 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=44b79abd0fa12e7947252eb4c6e5d16ed6033e01 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69652.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "dd3EQsCq/udXJ3yVefT72Q==": { "id": "dd3EQsCq/udXJ3yVefT72Q==", "updater": "rhel-vex", "name": "CVE-2026-21716", "description": "A flaw was found in Node.js. An incomplete security fix allows code operating under restricted file system write permissions to bypass these limitations. This vulnerability enables the modification of file permissions and ownership on already-open files, even when explicit write access is denied. Such a bypass could lead to unauthorized changes to system files.", "issued": "2026-03-30T19:07:28Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21716 https://bugzilla.redhat.com/show_bug.cgi?id=2453157 https://www.cve.org/CVERecord?id=CVE-2026-21716 https://nvd.nist.gov/vuln/detail/CVE-2026-21716 https://nodejs.org/en/blog/vulnerability/march-2026-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21716.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "de6Wm8GcUOvZ/vqX7ogEtQ==": { "id": "de6Wm8GcUOvZ/vqX7ogEtQ==", "updater": "rhel-vex", "name": "CVE-2021-3903", "description": "vim is vulnerable to Heap-based Buffer Overflow", "issued": "2021-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3903.json https://access.redhat.com/errata/RHSA-2024:9405", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-21.el9", "arch_op": "pattern match" }, "dgb3Uq6TqRF91f0NcIu0Uw==": { "id": "dgb3Uq6TqRF91f0NcIu0Uw==", "updater": "rhel-vex", "name": "CVE-2026-6100", "description": "A flaw was found in Python's decompression modules, including `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile`. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is experiencing high memory usage. Exploitation of this flaw could potentially allow an attacker to execute arbitrary code or access sensitive data. The vulnerability is only present if the program re-uses decompressor instances across multiple decompression calls even after a `MemoryError` is raised during decompression. Using the helper functions to one-shot decompress data such as `lzma.decompress()`, `bz2.decompress()`, `gzip.decompress()`, and `zlib.decompress()` are not affected as a new decompressor instance is used per call. If the decompressor instance is not re-used after an error condition, this usage is similarly not vulnerable.", "issued": "2026-04-13T17:15:47Z", "links": "https://access.redhat.com/security/cve/CVE-2026-6100 https://bugzilla.redhat.com/show_bug.cgi?id=2457932 https://www.cve.org/CVERecord?id=CVE-2026-6100 https://nvd.nist.gov/vuln/detail/CVE-2026-6100 https://github.com/python/cpython/commit/6a5f79c8d7bbf22b083b240910c7a8781a59437d https://github.com/python/cpython/commit/8fc66aef6d7b3ae58f43f5c66f9366cc8cbbfcd2 https://github.com/python/cpython/commit/c3cf71c3366fe49acb776a639405c0eea6169c20 https://github.com/python/cpython/issues/148395 https://github.com/python/cpython/pull/148396 https://mail.python.org/archives/list/security-announce@python.org/thread/HTWB2Z6KT5QQX4RYEZAFININDHNOSIF3/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6100.json https://access.redhat.com/errata/RHSA-2026:10949", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.25-3.el9_7.3", "arch_op": "pattern match" }, "dgwlwyboh6/BQfJsyoE8Eg==": { "id": "dgwlwyboh6/BQfJsyoE8Eg==", "updater": "rhel-vex", "name": "CVE-2025-23166", "description": "A flaw was found in Node.js, specifically in the C++ method SignTraits::DeriveBits(). This vulnerability can allow a remote attacker to crash the Node.js runtime via untrusted input, triggering an exception in a background thread.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23166 https://bugzilla.redhat.com/show_bug.cgi?id=2367163 https://www.cve.org/CVERecord?id=CVE-2025-23166 https://nvd.nist.gov/vuln/detail/CVE-2025-23166 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23166.json https://access.redhat.com/errata/RHSA-2025:8468", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.19.2-1.module+el9.6.0+23146+be9976bd", "arch_op": "pattern match" }, "dhk9SR7XgMlUT1SwbOzs0A==": { "id": "dhk9SR7XgMlUT1SwbOzs0A==", "updater": "rhel-vex", "name": "CVE-2023-30581", "description": "A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require() can bypass the policy mechanism and require modules outside of the policy.json definition.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30581 https://bugzilla.redhat.com/show_bug.cgi?id=2219824 https://www.cve.org/CVERecord?id=CVE-2023-30581 https://nvd.nist.gov/vuln/detail/CVE-2023-30581 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30581.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "djVJ3xutTQUXY8g8Nh3rxg==": { "id": "djVJ3xutTQUXY8g8Nh3rxg==", "updater": "rhel-vex", "name": "CVE-2026-29111", "description": "A flaw was found in systemd, a system and service manager. An unprivileged user can exploit this vulnerability by making an Inter-Process Communication (IPC) API call with spurious data. In older versions (v249 and earlier), this can lead to stack overwriting with attacker-controlled content, potentially enabling arbitrary code execution or privilege escalation. In newer versions (v250 and later), the flaw causes systemd to assert and freeze, resulting in a Denial of Service (DoS).", "issued": "2026-03-23T21:03:56Z", "links": "https://access.redhat.com/security/cve/CVE-2026-29111 https://bugzilla.redhat.com/show_bug.cgi?id=2450505 https://www.cve.org/CVERecord?id=CVE-2026-29111 https://nvd.nist.gov/vuln/detail/CVE-2026-29111 https://github.com/systemd/systemd/commit/1d22f706bd04f45f8422e17fbde3f56ece17758a https://github.com/systemd/systemd/commit/20021e7686426052e3a7505425d7e12085feb2a6 https://github.com/systemd/systemd/commit/21167006574d6b83813c7596759b474f56562412 https://github.com/systemd/systemd/commit/3cee294fe8cf4fa0eff933ab21416d099942cabd https://github.com/systemd/systemd/commit/42aee39107fbdd7db1ccd402a2151822b2805e9f https://github.com/systemd/systemd/commit/54588d2dedff54bfb6036670820650e4ea74628f https://github.com/systemd/systemd/commit/7ac3220213690e8a8d6d2a6e81e43bd1dce01d69 https://github.com/systemd/systemd/commit/80acea4ef80a4bb78560ed970c34952299b890d6 https://github.com/systemd/systemd/commit/b5fd14693057e5f2c9b4a49603be64ec3608ff6c https://github.com/systemd/systemd/commit/efa6ba2ab625aaa160ac435a09e6482fc63bdbe8 https://github.com/systemd/systemd/security/advisories/GHSA-gx6q-6f99-m764 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-29111.json https://access.redhat.com/errata/RHSA-2026:13677", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:252-55.el9_7.9", "arch_op": "pattern match" }, "dkGOl+YKkRksmyjmvQ3FsA==": { "id": "dkGOl+YKkRksmyjmvQ3FsA==", "updater": "rhel-vex", "name": "CVE-2023-3446", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "dkVrajFcsmFenGJa2HiWQg==": { "id": "dkVrajFcsmFenGJa2HiWQg==", "updater": "rhel-vex", "name": "CVE-2026-29111", "description": "A flaw was found in systemd, a system and service manager. An unprivileged user can exploit this vulnerability by making an Inter-Process Communication (IPC) API call with spurious data. In older versions (v249 and earlier), this can lead to stack overwriting with attacker-controlled content, potentially enabling arbitrary code execution or privilege escalation. In newer versions (v250 and later), the flaw causes systemd to assert and freeze, resulting in a Denial of Service (DoS).", "issued": "2026-03-23T21:03:56Z", "links": "https://access.redhat.com/security/cve/CVE-2026-29111 https://bugzilla.redhat.com/show_bug.cgi?id=2450505 https://www.cve.org/CVERecord?id=CVE-2026-29111 https://nvd.nist.gov/vuln/detail/CVE-2026-29111 https://github.com/systemd/systemd/commit/1d22f706bd04f45f8422e17fbde3f56ece17758a https://github.com/systemd/systemd/commit/20021e7686426052e3a7505425d7e12085feb2a6 https://github.com/systemd/systemd/commit/21167006574d6b83813c7596759b474f56562412 https://github.com/systemd/systemd/commit/3cee294fe8cf4fa0eff933ab21416d099942cabd https://github.com/systemd/systemd/commit/42aee39107fbdd7db1ccd402a2151822b2805e9f https://github.com/systemd/systemd/commit/54588d2dedff54bfb6036670820650e4ea74628f https://github.com/systemd/systemd/commit/7ac3220213690e8a8d6d2a6e81e43bd1dce01d69 https://github.com/systemd/systemd/commit/80acea4ef80a4bb78560ed970c34952299b890d6 https://github.com/systemd/systemd/commit/b5fd14693057e5f2c9b4a49603be64ec3608ff6c https://github.com/systemd/systemd/commit/efa6ba2ab625aaa160ac435a09e6482fc63bdbe8 https://github.com/systemd/systemd/security/advisories/GHSA-gx6q-6f99-m764 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-29111.json https://access.redhat.com/errata/RHSA-2026:13677", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd-pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:252-55.el9_7.9", "arch_op": "pattern match" }, "dkvelc7KXIcNmlVEKWwOSg==": { "id": "dkvelc7KXIcNmlVEKWwOSg==", "updater": "rhel-vex", "name": "CVE-2023-39975", "description": "A vulnerability was found in MIT krb5, where an authenticated attacker can cause a KDC to free the same pointer twice if it can induce a failure in authorization data handling.", "issued": "2023-08-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39975 https://bugzilla.redhat.com/show_bug.cgi?id=2232682 https://www.cve.org/CVERecord?id=CVE-2023-39975 https://nvd.nist.gov/vuln/detail/CVE-2023-39975 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39975.json https://access.redhat.com/errata/RHSA-2023:6699", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-1.el9", "arch_op": "pattern match" }, "dpCbBO9jgzvekz9nKJpSRA==": { "id": "dpCbBO9jgzvekz9nKJpSRA==", "updater": "rhel-vex", "name": "CVE-2023-30588", "description": "A vulnerability has been identified in the Node.js, where an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30588 https://bugzilla.redhat.com/show_bug.cgi?id=2219838 https://www.cve.org/CVERecord?id=CVE-2023-30588 https://nvd.nist.gov/vuln/detail/CVE-2023-30588 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30588.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "dqYoyBWLAQszVE/IX85oqg==": { "id": "dqYoyBWLAQszVE/IX85oqg==", "updater": "rhel-vex", "name": "CVE-2023-27533", "description": "A vulnerability in input validation exists in curl \u003c8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27533 https://bugzilla.redhat.com/show_bug.cgi?id=2179062 https://www.cve.org/CVERecord?id=CVE-2023-27533 https://nvd.nist.gov/vuln/detail/CVE-2023-27533 https://curl.se/docs/CVE-2023-27533.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27533.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "dr+z30s3mVMvpF2iMBJ7YA==": { "id": "dr+z30s3mVMvpF2iMBJ7YA==", "updater": "rhel-vex", "name": "CVE-2025-24928", "description": "A flaw was found in libxml2. This vulnerability allows a stack-based buffer overflow via DTD validation of an untrusted document or untrusted DTD.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-24928 https://bugzilla.redhat.com/show_bug.cgi?id=2346421 https://www.cve.org/CVERecord?id=CVE-2025-24928 https://nvd.nist.gov/vuln/detail/CVE-2025-24928 https://gitlab.gnome.org/GNOME/libxml2/-/issues/847 https://issues.oss-fuzz.com/issues/392687022 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-24928.json https://access.redhat.com/errata/RHSA-2025:2679", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.2", "arch_op": "pattern match" }, "dtQx2uUyC6Kj72i0o1bELQ==": { "id": "dtQx2uUyC6Kj72i0o1bELQ==", "updater": "rhel-vex", "name": "CVE-2026-35414", "description": "A flaw was found in OpenSSH. This vulnerability arises from the incorrect handling of the authorized_keys principals option in uncommon scenarios. Specifically, when a principals list is used with a Certificate Authority that includes comma characters, OpenSSH may misinterpret the input. This could lead to security bypasses, potentially allowing unintended access or information disclosure in specific authentication contexts.", "issued": "2026-04-02T17:08:15Z", "links": "https://access.redhat.com/security/cve/CVE-2026-35414 https://bugzilla.redhat.com/show_bug.cgi?id=2454490 https://www.cve.org/CVERecord?id=CVE-2026-35414 https://nvd.nist.gov/vuln/detail/CVE-2026-35414 https://marc.info/?l=openssh-unix-dev\u0026m=177513443901484\u0026w=2 https://www.openssh.org/releasenotes.html#10.3p1 https://www.openwall.com/lists/oss-security/2026/04/02/3 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-35414.json https://access.redhat.com/errata/RHSA-2026:13381", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-49.el9_7", "arch_op": "pattern match" }, "du8AOXnNlQgdqsSZceyiaQ==": { "id": "du8AOXnNlQgdqsSZceyiaQ==", "updater": "rhel-vex", "name": "CVE-2024-24790", "description": "A flaw was found in the Go language standard library net/netip. The method Is*() (IsPrivate(), IsPublic(), etc) doesn't behave properly when working with IPv6 mapped to IPv4 addresses. The unexpected behavior can lead to integrity and confidentiality issues, specifically when these methods are used to control access to resources or data.", "issued": "2024-06-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24790 https://bugzilla.redhat.com/show_bug.cgi?id=2292787 https://www.cve.org/CVERecord?id=CVE-2024-24790 https://nvd.nist.gov/vuln/detail/CVE-2024-24790 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24790.json https://access.redhat.com/errata/RHSA-2024:4212", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.11-1.el9_4", "arch_op": "pattern match" }, "dwNH2KaulTKNFX+9quNpvw==": { "id": "dwNH2KaulTKNFX+9quNpvw==", "updater": "rhel-vex", "name": "CVE-2021-35937", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "dxRzT6G0UObuWf8SWujnng==": { "id": "dxRzT6G0UObuWf8SWujnng==", "updater": "rhel-vex", "name": "CVE-2023-45289", "description": "A flaw was found in Go's net/http/cookiejar standard library package. When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45289 https://bugzilla.redhat.com/show_bug.cgi?id=2268018 https://www.cve.org/CVERecord?id=CVE-2023-45289 https://nvd.nist.gov/vuln/detail/CVE-2023-45289 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45289.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "e+8uKOviBSOTR4ltKl/Y5Q==": { "id": "e+8uKOviBSOTR4ltKl/Y5Q==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "e+z5vuxLZ95xajn1dSffxw==": { "id": "e+z5vuxLZ95xajn1dSffxw==", "updater": "rhel-vex", "name": "CVE-2025-59466", "description": "A stack overflow flaw has been discovered in Node.js error handling where \"Maximum call stack size exceeded\" errors become uncatchable when `async_hooks.createHook()` is enabled. Instead of reaching `process.on('uncaughtException')`, the process terminates, making the crash unrecoverable. Applications that rely on `AsyncLocalStorage` (v22, v20) or `async_hooks.createHook()` (v24, v22, v20) become vulnerable to denial-of-service crashes triggered by deep recursion under specific conditions.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-59466 https://bugzilla.redhat.com/show_bug.cgi?id=2431343 https://www.cve.org/CVERecord?id=CVE-2025-59466 https://nvd.nist.gov/vuln/detail/CVE-2025-59466 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-59466.json https://access.redhat.com/errata/RHSA-2026:2782", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.22.0-1.module+el9.7.0+23896+b5802de9", "arch_op": "pattern match" }, "e/EuZlSZUQTHCSl8kHuFag==": { "id": "e/EuZlSZUQTHCSl8kHuFag==", "updater": "rhel-vex", "name": "CVE-2025-11187", "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11187 https://bugzilla.redhat.com/show_bug.cgi?id=2430375 https://www.cve.org/CVERecord?id=CVE-2025-11187 https://nvd.nist.gov/vuln/detail/CVE-2025-11187 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11187.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "e/bnYsWq3UNe4TO8qzzb8A==": { "id": "e/bnYsWq3UNe4TO8qzzb8A==", "updater": "rhel-vex", "name": "CVE-2022-47010", "description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "issued": "2022-06-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "e0/Fzu8wfMZp9zX32i9rMQ==": { "id": "e0/Fzu8wfMZp9zX32i9rMQ==", "updater": "rhel-vex", "name": "CVE-2026-27456", "description": "A flaw was found in util-linux. When an /etc/fstab entry is configured with the user,loop options, the `mount` program checks the file path with user permissions but later opens it with root privileges. This creates a brief Time-of-Check-Time-of-Use (TOCTOU) window where an attacker can substitute the intended file with a malicious symbolic link. This allows a local unprivileged user to mount any root-owned file or block device that contains a valid filesystem, gaining full read access to its contents.", "issued": "2026-04-03T21:23:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27456 https://bugzilla.redhat.com/show_bug.cgi?id=2454956 https://www.cve.org/CVERecord?id=CVE-2026-27456 https://nvd.nist.gov/vuln/detail/CVE-2026-27456 https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4 https://github.com/util-linux/util-linux/releases/tag/v2.41.4 https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27456.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "util-linux", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "e0VfCD1REapdkagkByCnXQ==": { "id": "e0VfCD1REapdkagkByCnXQ==", "updater": "rhel-vex", "name": "CVE-2025-3360", "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "issued": "2025-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3360 https://bugzilla.redhat.com/show_bug.cgi?id=2357754 https://www.cve.org/CVERecord?id=CVE-2025-3360 https://nvd.nist.gov/vuln/detail/CVE-2025-3360 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3360.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "e1tWGyUIVU1QafO75am9CA==": { "id": "e1tWGyUIVU1QafO75am9CA==", "updater": "rhel-vex", "name": "CVE-2025-64756", "description": "A flaw was found in glob. This vulnerability allows arbitrary command execution via processing files with malicious names when the glob command-line interface (CLI) is used with the -c/--cmd option, enabling shell metacharacters to trigger command injection.", "issued": "2025-11-17T17:29:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-64756 https://bugzilla.redhat.com/show_bug.cgi?id=2415451 https://www.cve.org/CVERecord?id=CVE-2025-64756 https://nvd.nist.gov/vuln/detail/CVE-2025-64756 https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146 https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-64756.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "e2U3+rnCE0yJbEhq/B49zQ==": { "id": "e2U3+rnCE0yJbEhq/B49zQ==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "e37CxvNgywelF2ouwzqL2Q==": { "id": "e37CxvNgywelF2ouwzqL2Q==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "e3z/W9uylzA9XCJCS6Je3A==": { "id": "e3z/W9uylzA9XCJCS6Je3A==", "updater": "rhel-vex", "name": "CVE-2025-6176", "description": "Scrapy are vulnerable to a denial of service (DoS) attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occurs because brotli can achieve extremely high compression ratios for zero-filled data, leading to excessive memory consumption during decompression.", "issued": "2025-10-31T00:00:21Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6176 https://bugzilla.redhat.com/show_bug.cgi?id=2408762 https://www.cve.org/CVERecord?id=CVE-2025-6176 https://nvd.nist.gov/vuln/detail/CVE-2025-6176 https://huntr.com/bounties/2c26a886-5984-47ee-a421-0d5fe1344eb0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6176.json https://access.redhat.com/errata/RHSA-2026:2042", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "brotli", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.0.9-9.el9_7", "arch_op": "pattern match" }, "e5qPgcasC/ZE1MEWSxEewQ==": { "id": "e5qPgcasC/ZE1MEWSxEewQ==", "updater": "rhel-vex", "name": "CVE-2024-12133", "description": "A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.", "issued": "2025-02-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12133 https://bugzilla.redhat.com/show_bug.cgi?id=2344611 https://www.cve.org/CVERecord?id=CVE-2024-12133 https://nvd.nist.gov/vuln/detail/CVE-2024-12133 https://gitlab.com/gnutls/libtasn1/-/blob/master/doc/security/CVE-2024-12133.md https://gitlab.com/gnutls/libtasn1/-/issues/52 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12133.json https://access.redhat.com/errata/RHSA-2025:7077", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libtasn1", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.0-9.el9", "arch_op": "pattern match" }, "e67z2nzRKHIRzFxg25zTcA==": { "id": "e67z2nzRKHIRzFxg25zTcA==", "updater": "rhel-vex", "name": "CVE-2025-59465", "description": "A denial of service flaw has been discovered in NodeJS. A malformed `HTTP/2 HEADERS` frame with oversized, invalid `HPACK` data can cause Node.js to crash by triggering an unhandled `TLSSocket` error `ECONNRESET`. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not attach explicit error handlers to secure sockets", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-59465 https://bugzilla.redhat.com/show_bug.cgi?id=2431349 https://www.cve.org/CVERecord?id=CVE-2025-59465 https://nvd.nist.gov/vuln/detail/CVE-2025-59465 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-59465.json https://access.redhat.com/errata/RHSA-2026:2782", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.22.0-1.module+el9.7.0+23896+b5802de9", "arch_op": "pattern match" }, "e7h3lwyDkLbzwbeza9/TWw==": { "id": "e7h3lwyDkLbzwbeza9/TWw==", "updater": "rhel-vex", "name": "CVE-2022-4293", "description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "issued": "2022-12-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4293.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "e8Ba4iAzVtDvrookiM9XAg==": { "id": "e8Ba4iAzVtDvrookiM9XAg==", "updater": "rhel-vex", "name": "CVE-2023-32665", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32665 https://bugzilla.redhat.com/show_bug.cgi?id=2211827 https://www.cve.org/CVERecord?id=CVE-2023-32665 https://nvd.nist.gov/vuln/detail/CVE-2023-32665 https://gitlab.gnome.org/GNOME/glib/-/issues/2121 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32665.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "e91QDoc1m7i0h9Urg1XIuQ==": { "id": "e91QDoc1m7i0h9Urg1XIuQ==", "updater": "rhel-vex", "name": "CVE-2023-39319", "description": "A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of \"\u003cscript\", \"\u003c!--\", and \"\u003c/script\" within JS literals in \u003cscript\u003e contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39319 https://bugzilla.redhat.com/show_bug.cgi?id=2237773 https://www.cve.org/CVERecord?id=CVE-2023-39319 https://nvd.nist.gov/vuln/detail/CVE-2023-39319 https://go.dev/cl/526157 https://go.dev/issue/62197 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2043.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39319.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "eDxAdI0cgddAZnBSd4FI0Q==": { "id": "eDxAdI0cgddAZnBSd4FI0Q==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libstdc++", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "eERb0a2u5NJoo8XHmwI23A==": { "id": "eERb0a2u5NJoo8XHmwI23A==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-subs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.03-481.el9", "arch_op": "pattern match" }, "eFT7gARF6nhlfhMNp4LgNA==": { "id": "eFT7gARF6nhlfhMNp4LgNA==", "updater": "rhel-vex", "name": "CVE-2025-69645", "description": "A flaw was found in binutils, specifically in the `objdump` utility. A local attacker can exploit this vulnerability by providing a specially crafted binary file containing malformed DWARF (Debugging With Attributed Record Formats) debug information. This can lead to a logic error during the processing of DWARF compilation units, causing the `objdump` utility to crash and resulting in a denial of service.", "issued": "2026-03-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69645 https://bugzilla.redhat.com/show_bug.cgi?id=2445261 https://www.cve.org/CVERecord?id=CVE-2025-69645 https://nvd.nist.gov/vuln/detail/CVE-2025-69645 https://sourceware.org/bugzilla/show_bug.cgi?id=33637 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=cdb728d4da6184631989b192f1022c219dea7677 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69645.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "eKKwwoH894W3Vae5kYCKtA==": { "id": "eKKwwoH894W3Vae5kYCKtA==", "updater": "rhel-vex", "name": "CVE-2024-56171", "description": "A flaw was found in libxml2. This vulnerability allows a use-after-free via a crafted XML document validated against an XML schema with certain identity constraints or a crafted XML schema.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-56171 https://bugzilla.redhat.com/show_bug.cgi?id=2346416 https://www.cve.org/CVERecord?id=CVE-2024-56171 https://nvd.nist.gov/vuln/detail/CVE-2024-56171 https://gitlab.gnome.org/GNOME/libxml2/-/issues/828 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-56171.json https://access.redhat.com/errata/RHSA-2025:2679", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.2", "arch_op": "pattern match" }, "eKvGCJDf1Iytf5g2d8kaFQ==": { "id": "eKvGCJDf1Iytf5g2d8kaFQ==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "eMVMlNYLRzjk+Xt/peAYqg==": { "id": "eMVMlNYLRzjk+Xt/peAYqg==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "eNUwUuL3W5wSpnxJfClXhg==": { "id": "eNUwUuL3W5wSpnxJfClXhg==", "updater": "rhel-vex", "name": "CVE-2023-27043", "description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "issued": "2023-04-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27043 https://bugzilla.redhat.com/show_bug.cgi?id=2196183 https://www.cve.org/CVERecord?id=CVE-2023-27043 https://nvd.nist.gov/vuln/detail/CVE-2023-27043 https://access.redhat.com/articles/7051467 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27043.json https://access.redhat.com/errata/RHSA-2024:0466", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-1.el9_3.1", "arch_op": "pattern match" }, "eOOfcRLf3CHL5spaYEPovQ==": { "id": "eOOfcRLf3CHL5spaYEPovQ==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "eT0Z6G4b2zSUUUSLlyL8Tg==": { "id": "eT0Z6G4b2zSUUUSLlyL8Tg==", "updater": "rhel-vex", "name": "CVE-2022-4285", "description": "An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.", "issued": "2022-10-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4285 https://bugzilla.redhat.com/show_bug.cgi?id=2150768 https://www.cve.org/CVERecord?id=CVE-2022-4285 https://nvd.nist.gov/vuln/detail/CVE-2022-4285 https://sourceware.org/bugzilla/show_bug.cgi?id=29699 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4285.json https://access.redhat.com/errata/RHSA-2023:6593", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils-gold", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.35.2-42.el9", "arch_op": "pattern match" }, "eTM7aUBt48fzJjd2YY1Kaw==": { "id": "eTM7aUBt48fzJjd2YY1Kaw==", "updater": "rhel-vex", "name": "CVE-2021-35938", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "eUh0vSDVmqXTnsB7jL0b4g==": { "id": "eUh0vSDVmqXTnsB7jL0b4g==", "updater": "rhel-vex", "name": "CVE-2026-5121", "description": "A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for arbitrary code execution on the affected system.", "issued": "2026-03-30T07:44:15Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5121 https://bugzilla.redhat.com/show_bug.cgi?id=2452945 https://www.cve.org/CVERecord?id=CVE-2026-5121 https://nvd.nist.gov/vuln/detail/CVE-2026-5121 https://github.com/advisories/GHSA-2vwv-vqpv-v8vc https://github.com/libarchive/libarchive/pull/2934 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5121.json https://access.redhat.com/errata/RHSA-2026:8510", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-9.el9_7", "arch_op": "pattern match" }, "eUkddiaCaFnfKmT+Sa6bPg==": { "id": "eUkddiaCaFnfKmT+Sa6bPg==", "updater": "rhel-vex", "name": "CVE-2025-11187", "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11187 https://bugzilla.redhat.com/show_bug.cgi?id=2430375 https://www.cve.org/CVERecord?id=CVE-2025-11187 https://nvd.nist.gov/vuln/detail/CVE-2025-11187 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11187.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "eXNCnm2O3ulyDBrjgqgngA==": { "id": "eXNCnm2O3ulyDBrjgqgngA==", "updater": "rhel-vex", "name": "CVE-2024-52533", "description": "A flaw was found in the Glib library. A buffer overflow condition can be triggered in certain conditions due to an off-by-one error in SOCKS4_CONN_MSG_LEN. This issue may lead to an application crash or other undefined behavior.", "issued": "2024-11-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52533 https://bugzilla.redhat.com/show_bug.cgi?id=2325340 https://www.cve.org/CVERecord?id=CVE-2024-52533 https://nvd.nist.gov/vuln/detail/CVE-2024-52533 https://gitlab.gnome.org/GNOME/glib/-/issues/3461 https://gitlab.gnome.org/GNOME/glib/-/releases/2.82.1 https://gitlab.gnome.org/Teams/Releng/security/-/wikis/home https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52533.json https://access.redhat.com/errata/RHSA-2025:11140", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-16.el9_6.2", "arch_op": "pattern match" }, "eZ2tz3j+u7GWuS6rb2RB7g==": { "id": "eZ2tz3j+u7GWuS6rb2RB7g==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "eZDuJI6jaohxUM7fcdYEYA==": { "id": "eZDuJI6jaohxUM7fcdYEYA==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "eaW+XnaOzUpP/JmOZv+wCg==": { "id": "eaW+XnaOzUpP/JmOZv+wCg==", "updater": "rhel-vex", "name": "CVE-2023-26965", "description": "A heap use-after-free vulnerability was found in LibTIFF's tiffcrop utility in the loadImage() function. This flaw allows an attacker to pass a crafted TIFF image file to the tiffcrop utility, which causes an out-of-bounds write access, resulting in an application crash, eventually leading to a denial of service.", "issued": "2023-06-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-26965 https://bugzilla.redhat.com/show_bug.cgi?id=2215206 https://www.cve.org/CVERecord?id=CVE-2023-26965 https://nvd.nist.gov/vuln/detail/CVE-2023-26965 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-26965.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "ecYseAb1rFmqPx4kHRWeQQ==": { "id": "ecYseAb1rFmqPx4kHRWeQQ==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "edf9qrl//4hhbTQ8nlVN7g==": { "id": "edf9qrl//4hhbTQ8nlVN7g==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "eeetX6Vv3iXNMfmjNIPkQg==": { "id": "eeetX6Vv3iXNMfmjNIPkQg==", "updater": "rhel-vex", "name": "CVE-2025-8176", "description": "A flaw was found in libtiff. The `get_histogram` function in `file/tiffmedian.c` exhibits a use-after-free condition when processing a specially crafted file, allowing a local attacker to trigger memory corruption. This manipulation results in a use-after-free vulnerability, and can lead to a denial of service.", "issued": "2025-07-26T03:32:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8176 https://bugzilla.redhat.com/show_bug.cgi?id=2383598 https://www.cve.org/CVERecord?id=CVE-2025-8176 https://nvd.nist.gov/vuln/detail/CVE-2025-8176 http://www.libtiff.org/ https://gitlab.com/libtiff/libtiff/-/commit/fe10872e53efba9cc36c66ac4ab3b41a839d5172 https://gitlab.com/libtiff/libtiff/-/issues/707 https://gitlab.com/libtiff/libtiff/-/merge_requests/727 https://vuldb.com/?ctiid.317590 https://vuldb.com/?id.317590 https://vuldb.com/?submit.621796 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8176.json https://access.redhat.com/errata/RHSA-2025:20956", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-15.el9_7.2", "arch_op": "pattern match" }, "eejojwYHRaSarkdAMLD2OA==": { "id": "eejojwYHRaSarkdAMLD2OA==", "updater": "rhel-vex", "name": "CVE-2023-31130", "description": "A vulnerability was found in c-ares. This issue occurs in the ares_inet_net_pton() function, which is vulnerable to a buffer underflow for certain ipv6 addresses. \"0::00:00:00/2\" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which would require an administrator to configure such an address via ares_set_sortlist().", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31130 https://bugzilla.redhat.com/show_bug.cgi?id=2209497 https://www.cve.org/CVERecord?id=CVE-2023-31130 https://nvd.nist.gov/vuln/detail/CVE-2023-31130 https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31130.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.0-1.18.14.2.3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "eekbTUpqIafepE8Hfmhn6g==": { "id": "eekbTUpqIafepE8Hfmhn6g==", "updater": "rhel-vex", "name": "CVE-2021-4187", "description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "issued": "2021-12-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-4187 https://bugzilla.redhat.com/show_bug.cgi?id=2036129 https://www.cve.org/CVERecord?id=CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-4187.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "effBIHrddz1MPHYj0XdN+A==": { "id": "effBIHrddz1MPHYj0XdN+A==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://inbox.sourceware.org/libc-announce/3ac997b0-28a5-4129-af53-675efe4c2dec@redhat.com/T/#u https://sourceware.org/bugzilla/show_bug.cgi?id=32976 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "eh1RT9v3ol1cjACTvuohFQ==": { "id": "eh1RT9v3ol1cjACTvuohFQ==", "updater": "rhel-vex", "name": "CVE-2024-22018", "description": "A flaw was found in the Node.js package. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve stats from files they do not have explicit read access to.", "issued": "2024-07-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22018 https://bugzilla.redhat.com/show_bug.cgi?id=2296990 https://www.cve.org/CVERecord?id=CVE-2024-22018 https://nvd.nist.gov/vuln/detail/CVE-2024-22018 https://hackerone.com/reports/2145862 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22018.json https://access.redhat.com/errata/RHSA-2024:5815", "severity": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.1-1.20.16.0.1.module+el9.4.0+22197+9e60f127", "arch_op": "pattern match" }, "eh73UwgswuQUUBPGmZNxLg==": { "id": "eh73UwgswuQUUBPGmZNxLg==", "updater": "rhel-vex", "name": "CVE-2023-32067", "description": "A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32067 https://bugzilla.redhat.com/show_bug.cgi?id=2209502 https://www.cve.org/CVERecord?id=CVE-2023-32067 https://nvd.nist.gov/vuln/detail/CVE-2023-32067 https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32067.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "eiMh0pZiJlWSr3FHHfVKhg==": { "id": "eiMh0pZiJlWSr3FHHfVKhg==", "updater": "rhel-vex", "name": "CVE-2025-11083", "description": "A head based buffer overflow flaw has been discovered in GNU bin utilities. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally.", "issued": "2025-09-27T23:02:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11083 https://bugzilla.redhat.com/show_bug.cgi?id=2399948 https://www.cve.org/CVERecord?id=CVE-2025-11083 https://nvd.nist.gov/vuln/detail/CVE-2025-11083 https://sourceware.org/bugzilla/attachment.cgi?id=16353 https://sourceware.org/bugzilla/show_bug.cgi?id=33457 https://sourceware.org/bugzilla/show_bug.cgi?id=33457#c1 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=9ca499644a21ceb3f946d1c179c38a83be084490 https://vuldb.com/?ctiid.326124 https://vuldb.com/?id.326124 https://vuldb.com/?submit.661277 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11083.json https://access.redhat.com/errata/RHSA-2025:23343", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils-gold", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.35.2-67.el9_7.1", "arch_op": "pattern match" }, "ekipReKDch8nQkv6wLHVww==": { "id": "ekipReKDch8nQkv6wLHVww==", "updater": "rhel-vex", "name": "CVE-2025-23165", "description": "A flaw was found in the ReadFileUtf8 internal binding of Node.js. This vulnerability can allow an attacker to cause an application denial of service via repeated file read operations that trigger an unrecoverable memory leak due to a corrupted pointer in the underlying file system binding.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23165 https://bugzilla.redhat.com/show_bug.cgi?id=2367162 https://www.cve.org/CVERecord?id=CVE-2025-23165 https://nvd.nist.gov/vuln/detail/CVE-2025-23165 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23165.json https://access.redhat.com/errata/RHSA-2025:8467", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.16.0-1.module+el9.6.0+23151+b1496e9d", "arch_op": "pattern match" }, "eoZiXVXIYF5HZwY9O+NvfQ==": { "id": "eoZiXVXIYF5HZwY9O+NvfQ==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "eqZVUGTs5pHRR/tV2jQA/Q==": { "id": "eqZVUGTs5pHRR/tV2jQA/Q==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "esWNnTXfVcQMP31EwLadpw==": { "id": "esWNnTXfVcQMP31EwLadpw==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "ewA3f3GyFBJhwPX+CvDYtg==": { "id": "ewA3f3GyFBJhwPX+CvDYtg==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "ezIkXhK2r/dRH2KmSwBPeA==": { "id": "ezIkXhK2r/dRH2KmSwBPeA==", "updater": "rhel-vex", "name": "CVE-2025-55130", "description": "A flaw in Node.js’s Permissions model allows attackers to bypass `--allow-fs-read` and `--allow-fs-write` restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files. This breaks the expected isolation guarantees and enables arbitrary file read/write.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-55130 https://bugzilla.redhat.com/show_bug.cgi?id=2431352 https://www.cve.org/CVERecord?id=CVE-2025-55130 https://nvd.nist.gov/vuln/detail/CVE-2025-55130 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-55130.json https://access.redhat.com/errata/RHSA-2026:2782", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.22.0-1.module+el9.7.0+23896+b5802de9", "arch_op": "pattern match" }, "ezX9kOOahP0wfe4oJbRg6A==": { "id": "ezX9kOOahP0wfe4oJbRg6A==", "updater": "rhel-vex", "name": "CVE-2025-61985", "description": "A flaw was found in OpenSSH where the SSH client accepted \\0 (null) characters in ssh:// URIs. When a ProxyCommand is configured, these characters could alter how the command is parsed, potentially leading to code execution depending on how the proxy is set up.", "issued": "2025-10-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61985 https://bugzilla.redhat.com/show_bug.cgi?id=2401962 https://www.cve.org/CVERecord?id=CVE-2025-61985 https://nvd.nist.gov/vuln/detail/CVE-2025-61985 https://marc.info/?l=openssh-unix-dev\u0026m=175974522032149\u0026w=2 https://www.openssh.com/releasenotes.html#10.1p1 https://www.openwall.com/lists/oss-security/2025/10/06/1 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61985.json https://access.redhat.com/errata/RHSA-2025:23480", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-47.el9_7", "arch_op": "pattern match" }, "f+wdQFOhBCEFYs6UTbgVcw==": { "id": "f+wdQFOhBCEFYs6UTbgVcw==", "updater": "rhel-vex", "name": "CVE-2023-5678", "description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "issued": "2023-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "f5rDGDIgGLk7iLvtlKjm1w==": { "id": "f5rDGDIgGLk7iLvtlKjm1w==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "f6S0OqBhSEfNFL2mdF01Og==": { "id": "f6S0OqBhSEfNFL2mdF01Og==", "updater": "rhel-vex", "name": "CVE-2026-25679", "description": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.", "issued": "2026-03-06T21:28:14Z", "links": "https://access.redhat.com/security/cve/CVE-2026-25679 https://bugzilla.redhat.com/show_bug.cgi?id=2445356 https://www.cve.org/CVERecord?id=CVE-2026-25679 https://nvd.nist.gov/vuln/detail/CVE-2026-25679 https://go.dev/cl/752180 https://go.dev/issue/77578 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://pkg.go.dev/vuln/GO-2026-4601 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25679.json https://access.redhat.com/errata/RHSA-2026:5942", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.25.8-1.el9_7", "arch_op": "pattern match" }, "f6muqKqBGKMbn75htgvMLQ==": { "id": "f6muqKqBGKMbn75htgvMLQ==", "updater": "rhel-vex", "name": "CVE-2024-50602", "description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "issued": "2024-10-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json https://access.redhat.com/errata/RHSA-2024:9541", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-3.el9_5.1", "arch_op": "pattern match" }, "f6oGdnhZomBa/bs3snB3kA==": { "id": "f6oGdnhZomBa/bs3snB3kA==", "updater": "rhel-vex", "name": "CVE-2025-14831", "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "issued": "2026-02-09T14:26:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14831 https://bugzilla.redhat.com/show_bug.cgi?id=2423177 https://www.cve.org/CVERecord?id=CVE-2025-14831 https://nvd.nist.gov/vuln/detail/CVE-2025-14831 https://gitlab.com/gnutls/gnutls/-/issues/1773 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14831.json https://access.redhat.com/errata/RHSA-2026:4188", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-10.el9_7", "arch_op": "pattern match" }, "f8I+U+fazHHULdzT2Vp7cA==": { "id": "f8I+U+fazHHULdzT2Vp7cA==", "updater": "rhel-vex", "name": "CVE-2026-21713", "description": "A flaw was found in Node.js. The HMAC (Hash-based Message Authentication Code) verification process uses a comparison method that does not take a constant amount of time. This non-constant-time comparison can leak timing information, which, under specific conditions where precise timing measurements are possible, could be exploited by a remote attacker. This allows the attacker to infer sensitive HMAC values, leading to information disclosure.", "issued": "2026-03-30T19:07:28Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21713 https://bugzilla.redhat.com/show_bug.cgi?id=2453160 https://www.cve.org/CVERecord?id=CVE-2026-21713 https://nvd.nist.gov/vuln/detail/CVE-2026-21713 https://nodejs.org/en/blog/vulnerability/march-2026-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21713.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "f8p5x6K3g1RRQ6ZIljxpeQ==": { "id": "f8p5x6K3g1RRQ6ZIljxpeQ==", "updater": "rhel-vex", "name": "CVE-2026-21714", "description": "A flaw was found in Node.js. A remote attacker can exploit this vulnerability in Node.js HTTP/2 servers by sending specially crafted WINDOW_UPDATE frames on stream 0 (connection-level). These frames can cause the flow control window to exceed its maximum value, leading to a memory leak as Http2Session objects are not properly cleaned up. This can result in resource exhaustion and a Denial of Service (DoS) condition for the server.", "issued": "2026-03-30T19:07:28Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21714 https://bugzilla.redhat.com/show_bug.cgi?id=2453161 https://www.cve.org/CVERecord?id=CVE-2026-21714 https://nvd.nist.gov/vuln/detail/CVE-2026-21714 https://nodejs.org/en/blog/vulnerability/march-2026-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21714.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "f9AAdWBkmOO1/+acrJji3Q==": { "id": "f9AAdWBkmOO1/+acrJji3Q==", "updater": "rhel-vex", "name": "CVE-2024-12718", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows modification of file metadata, such as timestamps or permissions, outside the intended extraction directory via maliciously crafted tar archives using the filter=\"data\" or filter=\"tar\" extraction filters.", "issued": "2025-06-03T12:59:10Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12718 https://bugzilla.redhat.com/show_bug.cgi?id=2370013 https://www.cve.org/CVERecord?id=CVE-2024-12718 https://nvd.nist.gov/vuln/detail/CVE-2024-12718 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/127987 https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12718.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "fBIyxzoMf4PtxmiD953WFg==": { "id": "fBIyxzoMf4PtxmiD953WFg==", "updater": "rhel-vex", "name": "CVE-2024-55549", "description": "A flaw was found in libxslt. This vulnerability allows an attacker to trigger a use-after-free issue by excluding result prefixes.", "issued": "2025-03-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-55549 https://bugzilla.redhat.com/show_bug.cgi?id=2352484 https://www.cve.org/CVERecord?id=CVE-2024-55549 https://nvd.nist.gov/vuln/detail/CVE-2024-55549 https://gitlab.gnome.org/GNOME/libxslt/-/issues/127 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-55549.json https://access.redhat.com/errata/RHSA-2025:7410", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxslt", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.1.34-13.el9_6", "arch_op": "pattern match" }, "fBicZck0jWBRn2U4JNy52w==": { "id": "fBicZck0jWBRn2U4JNy52w==", "updater": "rhel-vex", "name": "CVE-2026-27135", "description": "A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service (DoS).", "issued": "2026-03-18T17:59:02Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27135 https://bugzilla.redhat.com/show_bug.cgi?id=2448754 https://www.cve.org/CVERecord?id=CVE-2026-27135 https://nvd.nist.gov/vuln/detail/CVE-2026-27135 https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27135.json https://access.redhat.com/errata/RHSA-2026:7896", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.20.2-1.module+el9.7.0+24193+41b7b572", "arch_op": "pattern match" }, "fCueh1dJqv6EGaBRtXT/Xw==": { "id": "fCueh1dJqv6EGaBRtXT/Xw==", "updater": "rhel-vex", "name": "CVE-2026-2229", "description": "A flaw was found in the undici WebSocket client. A remote malicious server can exploit this vulnerability by sending a WebSocket frame with an invalid `server_max_window_bits` parameter within the permessage-deflate extension. This improper validation causes the client's Node.js process to terminate, leading to a denial-of-service (DoS) condition for the client.", "issued": "2026-03-12T20:27:05Z", "links": "https://access.redhat.com/security/cve/CVE-2026-2229 https://bugzilla.redhat.com/show_bug.cgi?id=2447143 https://www.cve.org/CVERecord?id=CVE-2026-2229 https://nvd.nist.gov/vuln/detail/CVE-2026-2229 https://cna.openjsf.org/security-advisories.html https://datatracker.ietf.org/doc/html/rfc7692 https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8 https://hackerone.com/reports/3487486 https://nodejs.org/api/zlib.html#class-zlibinflateraw https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2229.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "fD8Z9mQCc8h27ZwElVMLmA==": { "id": "fD8Z9mQCc8h27ZwElVMLmA==", "updater": "rhel-vex", "name": "CVE-2022-24765", "description": "A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This allows the owner of the repository to cause arbitrary commands to be executed by other users who access the repository.", "issued": "2022-04-12T10:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-24765 https://bugzilla.redhat.com/show_bug.cgi?id=2073414 https://www.cve.org/CVERecord?id=CVE-2022-24765 https://nvd.nist.gov/vuln/detail/CVE-2022-24765 https://github.com/git-for-windows/git/security/advisories/GHSA-vw2c-22j4-2fh2 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-24765.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "fEW9HCDGh5vauL1jhvKpFQ==": { "id": "fEW9HCDGh5vauL1jhvKpFQ==", "updater": "rhel-vex", "name": "CVE-2023-27536", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, the GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27536 https://bugzilla.redhat.com/show_bug.cgi?id=2179092 https://www.cve.org/CVERecord?id=CVE-2023-27536 https://nvd.nist.gov/vuln/detail/CVE-2023-27536 https://curl.se/docs/CVE-2023-27536.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27536.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "fFM0zIKtKuexRqlZMkzQpg==": { "id": "fFM0zIKtKuexRqlZMkzQpg==", "updater": "rhel-vex", "name": "CVE-2025-15468", "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15468 https://bugzilla.redhat.com/show_bug.cgi?id=2430377 https://www.cve.org/CVERecord?id=CVE-2025-15468 https://nvd.nist.gov/vuln/detail/CVE-2025-15468 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15468.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "fHxgcXxpn2MkgE/aUd2Vkw==": { "id": "fHxgcXxpn2MkgE/aUd2Vkw==", "updater": "rhel-vex", "name": "CVE-2021-29390", "description": "A heap buffer over-read flaw was found in libjpeg-turbo. For certain types of smoothed jpeg images, the decompress_smooth_data() function may improperly enter a condition statement that leads to heap memory read of uninitialized data, which may cause an application crash or loss of confidentiality.", "issued": "2023-08-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-29390 https://bugzilla.redhat.com/show_bug.cgi?id=2235521 https://www.cve.org/CVERecord?id=CVE-2021-29390 https://nvd.nist.gov/vuln/detail/CVE-2021-29390 https://github.com/libjpeg-turbo/libjpeg-turbo/commit/ccaba5d7894ecfb5a8f11e48d3f86e1f14d5a469 https://github.com/libjpeg-turbo/libjpeg-turbo/issues/459#issuecomment-733720010 https://github.com/libjpeg-turbo/libjpeg-turbo/pull/476 https://github.com/libjpeg-turbo/libjpeg-turbo/pull/724 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-29390.json https://access.redhat.com/errata/RHSA-2024:2295", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libjpeg-turbo", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.0.90-7.el9", "arch_op": "pattern match" }, "fI1ruEtJ325PbGUQKXuiVA==": { "id": "fI1ruEtJ325PbGUQKXuiVA==", "updater": "rhel-vex", "name": "CVE-2022-39260", "description": "Git is an open source, scalable, distributed revision control system. `git shell` is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an `int` to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to `execv()`, it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to `git shell` as a login shell in order to be vulnerable to this attack. This problem is patched in versions 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 and users are advised to upgrade to the latest version. Disabling `git shell` access via remote logins is a viable short-term workaround.", "issued": "2022-10-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-39260 https://bugzilla.redhat.com/show_bug.cgi?id=2137423 https://www.cve.org/CVERecord?id=CVE-2022-39260 https://nvd.nist.gov/vuln/detail/CVE-2022-39260 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-39260.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "fJ9ZvBhuvQVNdsen0XKxfw==": { "id": "fJ9ZvBhuvQVNdsen0XKxfw==", "updater": "rhel-vex", "name": "CVE-2026-21710", "description": "A flaw was found in Node.js. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request that includes a header named `__proto__`. When a Node.js application processes this request and attempts to access distinct headers, it encounters an unhandled error, leading to an application crash. This can result in a Denial of Service (DoS), making the affected service unavailable to users.", "issued": "2026-03-30T19:07:28Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21710 https://bugzilla.redhat.com/show_bug.cgi?id=2453151 https://www.cve.org/CVERecord?id=CVE-2026-21710 https://nvd.nist.gov/vuln/detail/CVE-2026-21710 https://nodejs.org/en/blog/vulnerability/march-2026-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21710.json https://access.redhat.com/errata/RHSA-2026:7896", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572", "arch_op": "pattern match" }, "fKSzg5ZVW35n1QRKSQYbUA==": { "id": "fKSzg5ZVW35n1QRKSQYbUA==", "updater": "rhel-vex", "name": "CVE-2024-12085", "description": "A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.", "issued": "2025-01-14T15:06:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12085 https://bugzilla.redhat.com/show_bug.cgi?id=2330539 https://www.cve.org/CVERecord?id=CVE-2024-12085 https://nvd.nist.gov/vuln/detail/CVE-2024-12085 https://kb.cert.org/vuls/id/952657 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12085.json https://access.redhat.com/errata/RHSA-2025:0324", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "High", "package": { "id": "", "name": "rsync", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.2.3-20.el9_5.1", "arch_op": "pattern match" }, "fLX8W8dMekP7EyhcY34ZKg==": { "id": "fLX8W8dMekP7EyhcY34ZKg==", "updater": "rhel-vex", "name": "CVE-2026-26996", "description": "A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.", "issued": "2026-02-20T03:05:21Z", "links": "https://access.redhat.com/security/cve/CVE-2026-26996 https://bugzilla.redhat.com/show_bug.cgi?id=2441268 https://www.cve.org/CVERecord?id=CVE-2026-26996 https://nvd.nist.gov/vuln/detail/CVE-2026-26996 https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5 https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-26996.json https://access.redhat.com/errata/RHSA-2026:7302", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.22.2-1.module+el9.7.0+24157+8ddb2461", "arch_op": "pattern match" }, "fLtdaHqvu72qO520MbPg/A==": { "id": "fLtdaHqvu72qO520MbPg/A==", "updater": "rhel-vex", "name": "CVE-2025-9714", "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "issued": "2025-09-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9714 https://bugzilla.redhat.com/show_bug.cgi?id=2392605 https://www.cve.org/CVERecord?id=CVE-2025-9714 https://nvd.nist.gov/vuln/detail/CVE-2025-9714 https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21 https://gitlab.gnome.org/GNOME/libxslt/-/issues/148 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9714.json https://access.redhat.com/errata/RHSA-2025:22376", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-14.el9_7", "arch_op": "pattern match" }, "fM+r7qYMTXMx81IJhr45YA==": { "id": "fM+r7qYMTXMx81IJhr45YA==", "updater": "rhel-vex", "name": "CVE-2023-32559", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding() can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding('spawn_sync') to run arbitrary code outside of the limits defined in a policy.json file.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32559 https://bugzilla.redhat.com/show_bug.cgi?id=2230956 https://www.cve.org/CVERecord?id=CVE-2023-32559 https://nvd.nist.gov/vuln/detail/CVE-2023-32559 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-processbinding-mediumcve-2023-32559 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32559.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.17.1-1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "fMAAjFKUhFra8hfsyV6M/Q==": { "id": "fMAAjFKUhFra8hfsyV6M/Q==", "updater": "rhel-vex", "name": "CVE-2026-21712", "description": "A flaw was found in Node.js. This vulnerability allows an attacker to cause a Denial of Service (DoS) by providing a malformed Internationalized Domain Name (IDN) to the `url.format()` function. When processed, this malformed input triggers an internal error, causing the Node.js application to crash. This can disrupt services and make them unavailable.", "issued": "2026-03-30T15:13:59Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21712 https://bugzilla.redhat.com/show_bug.cgi?id=2453037 https://www.cve.org/CVERecord?id=CVE-2026-21712 https://nvd.nist.gov/vuln/detail/CVE-2026-21712 https://hackerone.com/reports/3546390 https://nodejs.org/en/blog/vulnerability/march-2026-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21712.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "fMQ6kctftYthbGvZli2/sg==": { "id": "fMQ6kctftYthbGvZli2/sg==", "updater": "rhel-vex", "name": "CVE-2023-27043", "description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "issued": "2023-04-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27043 https://bugzilla.redhat.com/show_bug.cgi?id=2196183 https://www.cve.org/CVERecord?id=CVE-2023-27043 https://nvd.nist.gov/vuln/detail/CVE-2023-27043 https://access.redhat.com/articles/7051467 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27043.json https://access.redhat.com/errata/RHSA-2024:0466", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-1.el9_3.1", "arch_op": "pattern match" }, "fSeU4QTAs+fY+ihLpgdM9A==": { "id": "fSeU4QTAs+fY+ihLpgdM9A==", "updater": "rhel-vex", "name": "CVE-2025-1377", "description": "A flaw was found in GNU elfutils. This vulnerability allows denial of service via manipulation of the gelf_getsymshndx function in strip.c.", "issued": "2025-02-17T05:00:19Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1377 https://bugzilla.redhat.com/show_bug.cgi?id=2346066 https://www.cve.org/CVERecord?id=CVE-2025-1377 https://nvd.nist.gov/vuln/detail/CVE-2025-1377 https://sourceware.org/bugzilla/attachment.cgi?id=15941 https://sourceware.org/bugzilla/show_bug.cgi?id=32673 https://sourceware.org/bugzilla/show_bug.cgi?id=32673#c2 https://vuldb.com/?ctiid.295985 https://vuldb.com/?id.295985 https://vuldb.com/?submit.497539 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1377.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "elfutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fT2bR3Pvvu+yOGDatxsWcw==": { "id": "fT2bR3Pvvu+yOGDatxsWcw==", "updater": "rhel-vex", "name": "CVE-2021-35938", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "fUkL/QrHEZtoCydnxvHQYQ==": { "id": "fUkL/QrHEZtoCydnxvHQYQ==", "updater": "rhel-vex", "name": "CVE-2025-23083", "description": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.", "issued": "2025-01-22T01:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23083 https://bugzilla.redhat.com/show_bug.cgi?id=2339392 https://www.cve.org/CVERecord?id=CVE-2025-23083 https://nvd.nist.gov/vuln/detail/CVE-2025-23083 https://nodejs.org/en/blog/vulnerability/january-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23083.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.13.1-1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "fUlz8/rwVV2PbflGdFYCdw==": { "id": "fUlz8/rwVV2PbflGdFYCdw==", "updater": "rhel-vex", "name": "CVE-2023-26965", "description": "A heap use-after-free vulnerability was found in LibTIFF's tiffcrop utility in the loadImage() function. This flaw allows an attacker to pass a crafted TIFF image file to the tiffcrop utility, which causes an out-of-bounds write access, resulting in an application crash, eventually leading to a denial of service.", "issued": "2023-06-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-26965 https://bugzilla.redhat.com/show_bug.cgi?id=2215206 https://www.cve.org/CVERecord?id=CVE-2023-26965 https://nvd.nist.gov/vuln/detail/CVE-2023-26965 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-26965.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "fVObUUKRXAwXLBcuBzgu5g==": { "id": "fVObUUKRXAwXLBcuBzgu5g==", "updater": "rhel-vex", "name": "CVE-2025-59466", "description": "A stack overflow flaw has been discovered in Node.js error handling where \"Maximum call stack size exceeded\" errors become uncatchable when `async_hooks.createHook()` is enabled. Instead of reaching `process.on('uncaughtException')`, the process terminates, making the crash unrecoverable. Applications that rely on `AsyncLocalStorage` (v22, v20) or `async_hooks.createHook()` (v24, v22, v20) become vulnerable to denial-of-service crashes triggered by deep recursion under specific conditions.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-59466 https://bugzilla.redhat.com/show_bug.cgi?id=2431343 https://www.cve.org/CVERecord?id=CVE-2025-59466 https://nvd.nist.gov/vuln/detail/CVE-2025-59466 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-59466.json https://access.redhat.com/errata/RHSA-2026:2783", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.20.0-1.module+el9.7.0+23895+0637d423", "arch_op": "pattern match" }, "fVstMFtDcM3yfjjb8mKxrg==": { "id": "fVstMFtDcM3yfjjb8mKxrg==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "fZX9tMkRg8Ij95v2HLw9Ew==": { "id": "fZX9tMkRg8Ij95v2HLw9Ew==", "updater": "osv/go", "name": "GO-2025-3750", "description": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall", "issued": "2025-06-11T16:59:06Z", "links": "https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.23.10" }, "fZosNTVXWxoMJAWhA315xQ==": { "id": "fZosNTVXWxoMJAWhA315xQ==", "updater": "rhel-vex", "name": "CVE-2026-35388", "description": "A flaw was found in OpenSSH. This vulnerability allows for a low integrity impact due to the omission of connection multiplexing confirmation for proxy-mode multiplexing sessions. A local user, under specific and complex conditions requiring user interaction, could potentially establish a multiplexed session without explicit confirmation, leading to unintended data handling.", "issued": "2026-04-02T16:57:31Z", "links": "https://access.redhat.com/security/cve/CVE-2026-35388 https://bugzilla.redhat.com/show_bug.cgi?id=2454500 https://www.cve.org/CVERecord?id=CVE-2026-35388 https://nvd.nist.gov/vuln/detail/CVE-2026-35388 https://marc.info/?l=openssh-unix-dev\u0026m=177513443901484\u0026w=2 https://www.openssh.org/releasenotes.html#10.3p1 https://www.openwall.com/lists/oss-security/2026/04/02/3 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-35388.json https://access.redhat.com/errata/RHSA-2026:13381", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-49.el9_7", "arch_op": "pattern match" }, "fZr2KjiaLrxmLBepxX+epw==": { "id": "fZr2KjiaLrxmLBepxX+epw==", "updater": "rhel-vex", "name": "CVE-2025-55131", "description": "A memory exposure flaw has been discovered in Node.js. A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the `vm` module with the timeout option. Under specific timing conditions, buffers allocated with `Buffer.alloc` and other `TypedArray` instances like `Uint8Array` may contain leftover data from previous operations, allowing in-process secrets like tokens or passwords to leak or causing data corruption.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-55131 https://bugzilla.redhat.com/show_bug.cgi?id=2431350 https://www.cve.org/CVERecord?id=CVE-2025-55131 https://nvd.nist.gov/vuln/detail/CVE-2025-55131 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-55131.json https://access.redhat.com/errata/RHSA-2026:2781", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.13.0-1.module+el9.7.0+23894+c8377628", "arch_op": "pattern match" }, "fbRJLkkKyAqhMbdbbcLwwg==": { "id": "fbRJLkkKyAqhMbdbbcLwwg==", "updater": "rhel-vex", "name": "CVE-2025-4207", "description": "A flaw was found in PostgreSQL. A buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can lead to process termination.", "issued": "2025-05-08T14:22:45Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4207 https://bugzilla.redhat.com/show_bug.cgi?id=2365111 https://www.cve.org/CVERecord?id=CVE-2025-4207 https://nvd.nist.gov/vuln/detail/CVE-2025-4207 https://www.postgresql.org/support/security/CVE-2025-4207/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4207.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libpq", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fcEhBEQT+7+nxaOwZEIInQ==": { "id": "fcEhBEQT+7+nxaOwZEIInQ==", "updater": "rhel-vex", "name": "CVE-2022-36227", "description": "A flaw was found in libarchive. A missing check of the return value of the calloc function can cause a NULL pointer dereference in an out-of-memory condition or when a memory allocation limit is reached, resulting in the program linked with libarchive to crash.", "issued": "2022-07-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-36227 https://bugzilla.redhat.com/show_bug.cgi?id=2144972 https://www.cve.org/CVERecord?id=CVE-2022-36227 https://nvd.nist.gov/vuln/detail/CVE-2022-36227 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-36227.json https://access.redhat.com/errata/RHSA-2023:2532", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-4.el9", "arch_op": "pattern match" }, "fcJXnA1/CqZDeUcxpMPyzg==": { "id": "fcJXnA1/CqZDeUcxpMPyzg==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "fdpDWwmwFLyFeyU+CnbxxQ==": { "id": "fdpDWwmwFLyFeyU+CnbxxQ==", "updater": "rhel-vex", "name": "CVE-2023-32002", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of Module._load() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2230948 https://www.cve.org/CVERecord?id=CVE-2023-32002 https://nvd.nist.gov/vuln/detail/CVE-2023-32002 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-module_load-highcve-2023-32002 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32002.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.17.1-1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "fezwmAwUNAjVNYh+YY0Wrw==": { "id": "fezwmAwUNAjVNYh+YY0Wrw==", "updater": "rhel-vex", "name": "CVE-2023-31147", "description": "A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom() are unavailable, c-ares will use rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand(), so it will generate predictable output.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31147 https://bugzilla.redhat.com/show_bug.cgi?id=2209501 https://www.cve.org/CVERecord?id=CVE-2023-31147 https://nvd.nist.gov/vuln/detail/CVE-2023-31147 https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31147.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "ff3woW6bpDBZXooXnBPlNQ==": { "id": "ff3woW6bpDBZXooXnBPlNQ==", "updater": "rhel-vex", "name": "CVE-2023-23916", "description": "A flaw was found in the Curl package. A malicious server can insert an unlimited number of compression steps. This decompression chain could result in out-of-memory errors.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23916 https://bugzilla.redhat.com/show_bug.cgi?id=2167815 https://www.cve.org/CVERecord?id=CVE-2023-23916 https://nvd.nist.gov/vuln/detail/CVE-2023-23916 https://curl.se/docs/CVE-2023-23916.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23916.json https://access.redhat.com/errata/RHSA-2023:1701", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-19.el9_1.2", "arch_op": "pattern match" }, "fjsXh+vV+qSWYTJhGoqerg==": { "id": "fjsXh+vV+qSWYTJhGoqerg==", "updater": "rhel-vex", "name": "CVE-2025-24528", "description": "A flaw was found in krb5. With incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file. This issue can trigger a process crash and lead to a denial of service.", "issued": "2024-01-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-24528 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://www.cve.org/CVERecord?id=CVE-2025-24528 https://nvd.nist.gov/vuln/detail/CVE-2025-24528 https://github.com/krb5/krb5/commit/78ceba024b64d49612375be4a12d1c066b0bfbd0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-24528.json https://access.redhat.com/errata/RHSA-2025:7067", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-6.el9", "arch_op": "pattern match" }, "flC/+W9ll6TqBKBRm/YUiA==": { "id": "flC/+W9ll6TqBKBRm/YUiA==", "updater": "rhel-vex", "name": "CVE-2023-29406", "description": "A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.", "issued": "2023-07-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29406 https://bugzilla.redhat.com/show_bug.cgi?id=2222167 https://www.cve.org/CVERecord?id=CVE-2023-29406 https://nvd.nist.gov/vuln/detail/CVE-2023-29406 https://groups.google.com/g/golang-announce/c/2q13H6LEEx0 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29406.json https://access.redhat.com/errata/RHSA-2023:5738", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.13-1.el9_2", "arch_op": "pattern match" }, "flk8YBa9lwv0ud+syzocqA==": { "id": "flk8YBa9lwv0ud+syzocqA==", "updater": "rhel-vex", "name": "CVE-2025-11839", "description": "An uncheck return value flaw has been discovered in the GNU binutils program. This flaw exists in the `tg_tag_type` function of the file prdbg.c and exploitation of this flaw may lead to a program crash.", "issued": "2025-10-16T14:02:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11839 https://bugzilla.redhat.com/show_bug.cgi?id=2404439 https://www.cve.org/CVERecord?id=CVE-2025-11839 https://nvd.nist.gov/vuln/detail/CVE-2025-11839 https://sourceware.org/bugzilla/attachment.cgi?id=16344 https://sourceware.org/bugzilla/show_bug.cgi?id=33448 https://vuldb.com/?ctiid.328774 https://vuldb.com/?id.328774 https://vuldb.com/?submit.661279 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11839.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ftPQfiVA8qRKJwxT2xcXRw==": { "id": "ftPQfiVA8qRKJwxT2xcXRw==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "fu2viInfwA1Zq9LmALUkzg==": { "id": "fu2viInfwA1Zq9LmALUkzg==", "updater": "rhel-vex", "name": "CVE-2023-2650", "description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "issued": "2023-05-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2650.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "fuOmX+MQWgJjrWZ2kXbtlQ==": { "id": "fuOmX+MQWgJjrWZ2kXbtlQ==", "updater": "rhel-vex", "name": "CVE-2026-0672", "description": "An injection flaw has been discovered in Python. When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.", "issued": "2026-01-20T21:52:33Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0672 https://bugzilla.redhat.com/show_bug.cgi?id=2431374 https://www.cve.org/CVERecord?id=CVE-2026-0672 https://nvd.nist.gov/vuln/detail/CVE-2026-0672 https://github.com/python/cpython/issues/143919 https://github.com/python/cpython/pull/143920 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0672.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3.9", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fwXkQZwZsVuPtoAZBIG06w==": { "id": "fwXkQZwZsVuPtoAZBIG06w==", "updater": "rhel-vex", "name": "CVE-2020-17049", "description": "It was found that the Kerberos Key Distribution Center (KDC) delegation feature, Service for User (S4U), did not sufficiently protect the tickets it's providing from tempering. A malicious, authenticated service principal allowed to delegate could use this flaw to impersonate a non-forwardable user.", "issued": "2020-11-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-17049 https://bugzilla.redhat.com/show_bug.cgi?id=2025721 https://www.cve.org/CVERecord?id=CVE-2020-17049 https://nvd.nist.gov/vuln/detail/CVE-2020-17049 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17049 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-17049.json https://access.redhat.com/errata/RHSA-2023:2570", "severity": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.1-8.el9", "arch_op": "pattern match" }, "fxc/de3PyQgiwjyykMQ4ow==": { "id": "fxc/de3PyQgiwjyykMQ4ow==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "fyE+IA6J77V4hC6QL4QCJQ==": { "id": "fyE+IA6J77V4hC6QL4QCJQ==", "updater": "rhel-vex", "name": "CVE-2023-45285", "description": "A flaw was found in the Golang package cmd/go. This issue permits the fallback to insecure \"git://\" if trying to fetch a .git module that has no \"https://\" or \"git+ssh://\" available.", "issued": "2023-12-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45285 https://bugzilla.redhat.com/show_bug.cgi?id=2253323 https://www.cve.org/CVERecord?id=CVE-2023-45285 https://nvd.nist.gov/vuln/detail/CVE-2023-45285 https://pkg.go.dev/vuln/GO-2023-2383 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45285.json https://access.redhat.com/errata/RHSA-2024:1131", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-1.el9_3", "arch_op": "pattern match" }, "g0XDRtU68aJjKkBv7OKREA==": { "id": "g0XDRtU68aJjKkBv7OKREA==", "updater": "rhel-vex", "name": "CVE-2025-11082", "description": "A head based buffer overflow flaw has been discovered in GNU bin utilities. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution.", "issued": "2025-09-27T22:32:09Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11082 https://bugzilla.redhat.com/show_bug.cgi?id=2399943 https://www.cve.org/CVERecord?id=CVE-2025-11082 https://nvd.nist.gov/vuln/detail/CVE-2025-11082 https://sourceware.org/bugzilla/attachment.cgi?id=16358 https://sourceware.org/bugzilla/show_bug.cgi?id=33464 https://sourceware.org/bugzilla/show_bug.cgi?id=33464#c2 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ea1a0737c7692737a644af0486b71e4a392cbca8 https://vuldb.com/?ctiid.326123 https://vuldb.com/?id.326123 https://vuldb.com/?submit.661276 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11082.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "g2+VTeiFdddqhRpToXK2Vw==": { "id": "g2+VTeiFdddqhRpToXK2Vw==", "updater": "rhel-vex", "name": "CVE-2023-29404", "description": "A flaw was found in golang. The go command may execute arbitrary code at build time when using cgo. This can occur when running \"go get\" on a malicious module, or when running any other command which builds untrusted code. This can be triggered by linker flags, specified via a \"#cgo LDFLAGS\" directive. The arguments for a number of flags which are non-optional are incorrectly considered optional, allowing disallowed flags to be smuggled through the LDFLAGS sanitization. This affects usage of both the gc and gccgo compilers.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29404 https://bugzilla.redhat.com/show_bug.cgi?id=2217565 https://www.cve.org/CVERecord?id=CVE-2023-29404 https://nvd.nist.gov/vuln/detail/CVE-2023-29404 https://go.dev/cl/501225 https://go.dev/issue/60305 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1841 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29404.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "g29pa0L/tOFblhQQDFeJbA==": { "id": "g29pa0L/tOFblhQQDFeJbA==", "updater": "osv/go", "name": "GO-2022-0533", "description": "Path traversal via Clean on Windows in path/filepath", "issued": "2022-07-28T17:25:07Z", "links": "https://go.dev/cl/401595 https://go.googlesource.com/go/+/9cd1818a7d019c02fa4898b3e45a323e35033290 https://go.dev/issue/52476 https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.3" }, "g3/sX4CO9sGFGMvToQ+how==": { "id": "g3/sX4CO9sGFGMvToQ+how==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "g6ZHihkpvpkr3oZoVOs05w==": { "id": "g6ZHihkpvpkr3oZoVOs05w==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:20936", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-9.el9_7", "arch_op": "pattern match" }, "g6spFzT6DoopzuQCE0pjRg==": { "id": "g6spFzT6DoopzuQCE0pjRg==", "updater": "rhel-vex", "name": "CVE-2022-2285", "description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "issued": "2022-07-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2285.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "g8hJlpBfWMarbfdU+OkQdw==": { "id": "g8hJlpBfWMarbfdU+OkQdw==", "updater": "rhel-vex", "name": "CVE-2024-10524", "description": "A flaw was found in the Wget package. Wget might issue an FTP request to a different host in configurations where the HTTP shorthand format is used with user-provided input. An attacker may be able to use specially crafted input to cause Wget to access an arbitrary host.", "issued": "2024-11-19T14:23:09Z", "links": "https://access.redhat.com/security/cve/CVE-2024-10524 https://bugzilla.redhat.com/show_bug.cgi?id=2327303 https://www.cve.org/CVERecord?id=CVE-2024-10524 https://nvd.nist.gov/vuln/detail/CVE-2024-10524 https://git.savannah.gnu.org/cgit/wget.git/commit/?id=c419542d956a2607bbce5df64b9d378a8588d778 https://jfrog.com/blog/cve-2024-10524-wget-zero-day-vulnerability/ https://seclists.org/oss-sec/2024/q4/107 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10524.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "wget", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "g9gU2/SbcO/F9X65zpT4Uw==": { "id": "g9gU2/SbcO/F9X65zpT4Uw==", "updater": "rhel-vex", "name": "CVE-2024-0727", "description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "issued": "2024-01-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "gC8lb/CZmVxLK6PkYWC9cw==": { "id": "gC8lb/CZmVxLK6PkYWC9cw==", "updater": "rhel-vex", "name": "CVE-2023-5363", "description": "A flaw was found in OpenSSL in how it processes key and initialization vector (IV) lengths. This issue can lead to potential truncation or overruns during the initialization of some symmetric ciphers. A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. Both truncations and overruns of the key and the IV will produce incorrect results and could, in some cases, trigger a memory exception.", "issued": "2023-10-24T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5363 https://bugzilla.redhat.com/show_bug.cgi?id=2243839 https://www.cve.org/CVERecord?id=CVE-2023-5363 https://nvd.nist.gov/vuln/detail/CVE-2023-5363 https://www.openssl.org/news/secadv/20231024.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5363.json https://access.redhat.com/errata/RHSA-2024:0310", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-25.el9_3", "arch_op": "pattern match" }, "gCKIolAPxKn/MwnZqQ5viA==": { "id": "gCKIolAPxKn/MwnZqQ5viA==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "gFgnmTqhW1tr7jmOrXQQQQ==": { "id": "gFgnmTqhW1tr7jmOrXQQQQ==", "updater": "rhel-vex", "name": "CVE-2026-21715", "description": "A flaw was found in Node.js. The Node.js Permission Model, intended to restrict filesystem access, does not properly enforce read permission checks for the `fs.realpathSync.native()` function. This vulnerability allows code operating under `--permission` with restricted `--allow-fs-read` flags to bypass security controls. Consequently, an attacker can use `fs.realpathSync.native()` to determine file existence, resolve symbolic link targets, and enumerate filesystem paths outside of permitted directories, leading to information disclosure.", "issued": "2026-03-30T19:07:28Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21715 https://bugzilla.redhat.com/show_bug.cgi?id=2453152 https://www.cve.org/CVERecord?id=CVE-2026-21715 https://nvd.nist.gov/vuln/detail/CVE-2026-21715 https://nodejs.org/en/blog/vulnerability/march-2026-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21715.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "gGrGej/Pj6/poAgebFb+dg==": { "id": "gGrGej/Pj6/poAgebFb+dg==", "updater": "rhel-vex", "name": "CVE-2022-3352", "description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "issued": "2022-09-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3352.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "gH8HDGn0WlFpVq75mRFmZA==": { "id": "gH8HDGn0WlFpVq75mRFmZA==", "updater": "rhel-vex", "name": "CVE-2026-2581", "description": "A flaw was found in Undici. When the `interceptors.deduplicate()` feature is enabled, response data for deduplicated requests can accumulate in memory. A remote attacker, by sending large or chunked responses and concurrent identical requests from an untrusted endpoint, can exploit this uncontrolled resource consumption. This leads to high memory usage and potential Out-Of-Memory (OOM) process termination, resulting in a Denial of Service (DoS) for the application.", "issued": "2026-03-12T20:13:19Z", "links": "https://access.redhat.com/security/cve/CVE-2026-2581 https://bugzilla.redhat.com/show_bug.cgi?id=2447140 https://www.cve.org/CVERecord?id=CVE-2026-2581 https://nvd.nist.gov/vuln/detail/CVE-2026-2581 https://cna.openjsf.org/security-advisories.html https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h https://hackerone.com/reports/3513473 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2581.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "gIt1VKjk5s7zkgD1H7aLmQ==": { "id": "gIt1VKjk5s7zkgD1H7aLmQ==", "updater": "rhel-vex", "name": "CVE-2023-38408", "description": "A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an attacker with control of the forwarded agent-socket on the server and the ability to write to the filesystem of the client host to execute arbitrary code with the privileges of the user running the ssh-agent.", "issued": "2023-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38408 https://bugzilla.redhat.com/show_bug.cgi?id=2224173 https://www.cve.org/CVERecord?id=CVE-2023-38408 https://nvd.nist.gov/vuln/detail/CVE-2023-38408 https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38408.json https://access.redhat.com/errata/RHSA-2023:4412", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-30.el9_2", "arch_op": "pattern match" }, "gJ/fF2D4AXb0sjRGNWgixw==": { "id": "gJ/fF2D4AXb0sjRGNWgixw==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "gNGv6C2nj/tHk2ntVJUOWw==": { "id": "gNGv6C2nj/tHk2ntVJUOWw==", "updater": "rhel-vex", "name": "CVE-2022-47011", "description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "issued": "2022-06-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "gNlF6/GdqE8VbQCfjdB0tg==": { "id": "gNlF6/GdqE8VbQCfjdB0tg==", "updater": "rhel-vex", "name": "CVE-2024-45336", "description": "A flaw was found in the net/http package of the Golang standard library. The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to `a.com/` containing an Authorization header redirected to `b.com/` will not send that header to `b.com`. However, the sensitive headers would be restored if the client received a subsequent same-domain redirect. For example, a chain of redirects from `a.com/`, to `b.com/1`, and finally to `b.com/2` would incorrectly send the Authorization header to `b.com/2`.", "issued": "2025-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/show_bug.cgi?id=2341751 https://www.cve.org/CVERecord?id=CVE-2024-45336 https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://github.com/golang/go/issues/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45336.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "gOogxiWB/WP4jrEWNQnPXA==": { "id": "gOogxiWB/WP4jrEWNQnPXA==", "updater": "rhel-vex", "name": "CVE-2026-41035", "description": "A flaw was found in rsync. When rsync is configured to handle extended attributes (using the -X or --xattrs option), a remote attacker can exploit a use-after-free vulnerability. This occurs because the receive_xattr function incorrectly processes an untrusted length value during a sorting operation, leading to memory corruption. Successful exploitation can result in a denial of service, causing the rsync process to crash, and may potentially allow for arbitrary code execution.", "issued": "2026-04-16T06:53:05Z", "links": "https://access.redhat.com/security/cve/CVE-2026-41035 https://bugzilla.redhat.com/show_bug.cgi?id=2458898 https://www.cve.org/CVERecord?id=CVE-2026-41035 https://nvd.nist.gov/vuln/detail/CVE-2026-41035 https://github.com/RsyncProject/rsync/issues/871 https://github.com/RsyncProject/rsync/releases https://www.openwall.com/lists/oss-security/2026/04/16/2 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-41035.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", "normalized_severity": "High", "package": { "id": "", "name": "rsync", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "gPjSjC7XxsCvs5w6EQPViQ==": { "id": "gPjSjC7XxsCvs5w6EQPViQ==", "updater": "rhel-vex", "name": "CVE-2025-68160", "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-68160 https://bugzilla.redhat.com/show_bug.cgi?id=2430380 https://www.cve.org/CVERecord?id=CVE-2025-68160 https://nvd.nist.gov/vuln/detail/CVE-2025-68160 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68160.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "gR+h15dyWueqbKII4cPOWg==": { "id": "gR+h15dyWueqbKII4cPOWg==", "updater": "rhel-vex", "name": "CVE-2023-27536", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, the GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27536 https://bugzilla.redhat.com/show_bug.cgi?id=2179092 https://www.cve.org/CVERecord?id=CVE-2023-27536 https://nvd.nist.gov/vuln/detail/CVE-2023-27536 https://curl.se/docs/CVE-2023-27536.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27536.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "gZKcOjx7BKTLxDMH6ZvfGw==": { "id": "gZKcOjx7BKTLxDMH6ZvfGw==", "updater": "rhel-vex", "name": "CVE-2025-4330", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows bypassing of extraction filters, enabling symlink traversal outside the intended extraction directory and potential modification of file metadata via malicious tar archives using TarFile.extractall() or TarFile.extract() with the filter=\"data\" or filter=\"tar\" parameters. This issue leads to potentially overwriting or modifying system files and metadata.", "issued": "2025-06-03T12:58:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4330 https://bugzilla.redhat.com/show_bug.cgi?id=2370014 https://www.cve.org/CVERecord?id=CVE-2025-4330 https://nvd.nist.gov/vuln/detail/CVE-2025-4330 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4330.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "gZW7OlWAfe3YqvPh9YUqJA==": { "id": "gZW7OlWAfe3YqvPh9YUqJA==", "updater": "rhel-vex", "name": "CVE-2024-6119", "description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "issued": "2024-09-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-28.el9_4", "arch_op": "pattern match" }, "gaDJ+6UMi8jegvsDECsoeg==": { "id": "gaDJ+6UMi8jegvsDECsoeg==", "updater": "rhel-vex", "name": "CVE-2024-4603", "description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.  In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "issued": "2024-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "gchW+O287jwZk0Cnma5sKw==": { "id": "gchW+O287jwZk0Cnma5sKw==", "updater": "rhel-vex", "name": "CVE-2023-51385", "description": "A flaw was found in OpenSSH. In certain circumstances, a remote attacker may be able to execute arbitrary OS commands by using expansion tokens, such as %u or %h, with user names or host names that contain shell metacharacters.", "issued": "2023-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-51385 https://bugzilla.redhat.com/show_bug.cgi?id=2255271 https://www.cve.org/CVERecord?id=CVE-2023-51385 https://nvd.nist.gov/vuln/detail/CVE-2023-51385 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-51385.json https://access.redhat.com/errata/RHSA-2024:1130", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-34.el9_3.3", "arch_op": "pattern match" }, "gg092DB69lXLcZyDPZ/RtQ==": { "id": "gg092DB69lXLcZyDPZ/RtQ==", "updater": "rhel-vex", "name": "CVE-2024-24788", "description": "A flaw was found in the net package of the Go stdlib. When a malformed DNS message is received as a response to a query, the Lookup functions within the net package can get stuck in an infinite loop. This issue can lead to resource exhaustion and denial of service (DoS) conditions.", "issued": "2024-05-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24788 https://bugzilla.redhat.com/show_bug.cgi?id=2279814 https://www.cve.org/CVERecord?id=CVE-2024-24788 https://nvd.nist.gov/vuln/detail/CVE-2024-24788 https://pkg.go.dev/vuln/GO-2024-2824 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24788.json https://access.redhat.com/errata/RHBA-2024:3840", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.10-1.el9_4", "arch_op": "pattern match" }, "gg6QYPBlPoN8zpwNyr7x6w==": { "id": "gg6QYPBlPoN8zpwNyr7x6w==", "updater": "rhel-vex", "name": "CVE-2026-29111", "description": "A flaw was found in systemd, a system and service manager. An unprivileged user can exploit this vulnerability by making an Inter-Process Communication (IPC) API call with spurious data. In older versions (v249 and earlier), this can lead to stack overwriting with attacker-controlled content, potentially enabling arbitrary code execution or privilege escalation. In newer versions (v250 and later), the flaw causes systemd to assert and freeze, resulting in a Denial of Service (DoS).", "issued": "2026-03-23T21:03:56Z", "links": "https://access.redhat.com/security/cve/CVE-2026-29111 https://bugzilla.redhat.com/show_bug.cgi?id=2450505 https://www.cve.org/CVERecord?id=CVE-2026-29111 https://nvd.nist.gov/vuln/detail/CVE-2026-29111 https://github.com/systemd/systemd/commit/1d22f706bd04f45f8422e17fbde3f56ece17758a https://github.com/systemd/systemd/commit/20021e7686426052e3a7505425d7e12085feb2a6 https://github.com/systemd/systemd/commit/21167006574d6b83813c7596759b474f56562412 https://github.com/systemd/systemd/commit/3cee294fe8cf4fa0eff933ab21416d099942cabd https://github.com/systemd/systemd/commit/42aee39107fbdd7db1ccd402a2151822b2805e9f https://github.com/systemd/systemd/commit/54588d2dedff54bfb6036670820650e4ea74628f https://github.com/systemd/systemd/commit/7ac3220213690e8a8d6d2a6e81e43bd1dce01d69 https://github.com/systemd/systemd/commit/80acea4ef80a4bb78560ed970c34952299b890d6 https://github.com/systemd/systemd/commit/b5fd14693057e5f2c9b4a49603be64ec3608ff6c https://github.com/systemd/systemd/commit/efa6ba2ab625aaa160ac435a09e6482fc63bdbe8 https://github.com/systemd/systemd/security/advisories/GHSA-gx6q-6f99-m764 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-29111.json https://access.redhat.com/errata/RHSA-2026:13677", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:252-55.el9_7.9", "arch_op": "pattern match" }, "ggJq5z8YW0kySCUAGUYdXg==": { "id": "ggJq5z8YW0kySCUAGUYdXg==", "updater": "rhel-vex", "name": "CVE-2021-35937", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "ggWNBGsBWwx10iidOhjYcw==": { "id": "ggWNBGsBWwx10iidOhjYcw==", "updater": "rhel-vex", "name": "CVE-2026-1299", "description": "A flaw was found in the email module in the Python standard library. When serializing an email message, the BytesGenerator class fails to properly quote newline characters for email headers. This issue is exploitable when the LiteralHeader class is used as it does not respect email folding rules, allowing an attacker to inject email headers and potentially modify message recipients or the email body, and spoof sender information.", "issued": "2026-01-23T16:27:13Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1299 https://bugzilla.redhat.com/show_bug.cgi?id=2432437 https://www.cve.org/CVERecord?id=CVE-2026-1299 https://nvd.nist.gov/vuln/detail/CVE-2026-1299 https://cve.org/CVERecord?id=CVE-2024-6923 https://github.com/python/cpython/commit/052e55e7d44718fe46cbba0ca995cb8fcc359413 https://github.com/python/cpython/issues/144125 https://github.com/python/cpython/pull/144126 https://mail.python.org/archives/list/security-announce@python.org/thread/6ZZULGALJTITEAGEXLDJE2C6FORDXPBT/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1299.json https://access.redhat.com/errata/RHSA-2026:4168", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.25-3.el9_7.1", "arch_op": "pattern match" }, "ghVsimzHhtfG91QJVkK8Jg==": { "id": "ghVsimzHhtfG91QJVkK8Jg==", "updater": "rhel-vex", "name": "CVE-2026-21713", "description": "A flaw was found in Node.js. The HMAC (Hash-based Message Authentication Code) verification process uses a comparison method that does not take a constant amount of time. This non-constant-time comparison can leak timing information, which, under specific conditions where precise timing measurements are possible, could be exploited by a remote attacker. This allows the attacker to infer sensitive HMAC values, leading to information disclosure.", "issued": "2026-03-30T19:07:28Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21713 https://bugzilla.redhat.com/show_bug.cgi?id=2453160 https://www.cve.org/CVERecord?id=CVE-2026-21713 https://nvd.nist.gov/vuln/detail/CVE-2026-21713 https://nodejs.org/en/blog/vulnerability/march-2026-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21713.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "gjn1JHWHaWtPNhKrrRINWw==": { "id": "gjn1JHWHaWtPNhKrrRINWw==", "updater": "rhel-vex", "name": "CVE-2024-9355", "description": "A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum.  It is also possible to force a derived key to be all zeros instead of an unpredictable value.  This may have follow-on implications for the Go TLS stack.", "issued": "2024-09-30T20:53:42Z", "links": "https://access.redhat.com/security/cve/CVE-2024-9355 https://bugzilla.redhat.com/show_bug.cgi?id=2315719 https://www.cve.org/CVERecord?id=CVE-2024-9355 https://nvd.nist.gov/vuln/detail/CVE-2024-9355 https://github.com/golang-fips/openssl/pull/198 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9355.json https://access.redhat.com/errata/RHSA-2024:7550", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-4.el9_4", "arch_op": "pattern match" }, "gl5O329psI82Wn7F+BP/pw==": { "id": "gl5O329psI82Wn7F+BP/pw==", "updater": "rhel-vex", "name": "CVE-2023-45143", "description": "A flaw was found in the Undici node package due to the occurrence of Cross-origin requests, possibly leading to a cookie header leakage. By default, cookie headers are forbidden request headers, and they must be enabled. This flaw allows a malicious user to access this leaked cookie if they have control of the redirection.", "issued": "2023-10-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45143 https://bugzilla.redhat.com/show_bug.cgi?id=2244104 https://www.cve.org/CVERecord?id=CVE-2023-45143 https://nvd.nist.gov/vuln/detail/CVE-2023-45143 https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45143.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "glwEUWfaBwNPBrXUJo34tg==": { "id": "glwEUWfaBwNPBrXUJo34tg==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "gmo+iv72N8R3ZKjUbp9DXg==": { "id": "gmo+iv72N8R3ZKjUbp9DXg==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-interpreter", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "4:5.32.1-481.1.el9_6", "arch_op": "pattern match" }, "gn3bQe/78AdzPhooNm1KQw==": { "id": "gn3bQe/78AdzPhooNm1KQw==", "updater": "rhel-vex", "name": "CVE-2025-66293", "description": "An out of bounds read vulnerability has been discovered in libpng. This vulnerability is in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management.", "issued": "2025-12-03T20:33:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-66293 https://bugzilla.redhat.com/show_bug.cgi?id=2418711 https://www.cve.org/CVERecord?id=CVE-2025-66293 https://nvd.nist.gov/vuln/detail/CVE-2025-66293 https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1 https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a https://github.com/pnggroup/libpng/issues/764 https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-66293.json https://access.redhat.com/errata/RHSA-2026:0238", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libpng-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:1.6.37-12.el9_7.1", "arch_op": "pattern match" }, "goLAuNZUT0caQTKiv7m0Fg==": { "id": "goLAuNZUT0caQTKiv7m0Fg==", "updater": "rhel-vex", "name": "CVE-2024-32021", "description": "A vulnerability was found in Git. This flaw allows an unauthenticated attacker to place a repository on their target's local system that contains symlinks. During the cloning process, Git could be tricked into creating hardlinked arbitrary files into their repository's objects/ directory, impacting availability and integrity.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32021 https://bugzilla.redhat.com/show_bug.cgi?id=2280484 https://www.cve.org/CVERecord?id=CVE-2024-32021 https://nvd.nist.gov/vuln/detail/CVE-2024-32021 https://github.com/git/git/security/advisories/GHSA-mvxm-9j2h-qjx7 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32021.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "gpPTgXxcA95Uk2vaf3/2dw==": { "id": "gpPTgXxcA95Uk2vaf3/2dw==", "updater": "rhel-vex", "name": "CVE-2023-45803", "description": "A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as `POST` to `GET`, as is required by HTTP RFCs. This issue requires a previously trusted service to become compromised in order to have an impact on confidentiality, therefore, the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies; if this is the case, this vulnerability isn't exploitable.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45803 https://bugzilla.redhat.com/show_bug.cgi?id=2246840 https://www.cve.org/CVERecord?id=CVE-2023-45803 https://nvd.nist.gov/vuln/detail/CVE-2023-45803 https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9 https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4 https://www.rfc-editor.org/rfc/rfc9110.html#name-get https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45803.json", "severity": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "gqWTMUdDL1db9YSLA4qpRQ==": { "id": "gqWTMUdDL1db9YSLA4qpRQ==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "grZJQsj3BT+fQns8dkci1g==": { "id": "grZJQsj3BT+fQns8dkci1g==", "updater": "osv/go", "name": "GO-2022-0520", "description": "Exposure of client IP addresses in net/http", "issued": "2022-07-28T17:23:05Z", "links": "https://go.dev/cl/412857 https://go.googlesource.com/go/+/b2cc0fecc2ccd80e6d5d16542cc684f97b3a9c8a https://go.dev/issue/53423 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.4" }, "gs7k9o3a1jAc/zZ5AEytpQ==": { "id": "gs7k9o3a1jAc/zZ5AEytpQ==", "updater": "rhel-vex", "name": "CVE-2022-43548", "description": "A flaw was found in NodeJS. The issue occurs in the Node.js rebinding protector for --inspect that still allows invalid IP addresses, specifically, the octal format. This flaw allows an attacker to perform DNS rebinding and execute arbitrary code.", "issued": "2022-11-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-43548 https://bugzilla.redhat.com/show_bug.cgi?id=2140911 https://www.cve.org/CVERecord?id=CVE-2022-43548 https://nvd.nist.gov/vuln/detail/CVE-2022-43548 https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-octal-ip-address-medium-cve-2022-43548 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-43548.json https://access.redhat.com/errata/RHSA-2022:8832", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.12.1-1.module+el9.1.0.z+17326+318294bb", "arch_op": "pattern match" }, "guG+lyS5JQIDSZS6MEfIow==": { "id": "guG+lyS5JQIDSZS6MEfIow==", "updater": "rhel-vex", "name": "CVE-2025-11840", "description": "An out of bounds read flaw has been discovered in GNU binutils. The `vfinfo` function in the `ldmisc.c` file. Exploitation of this flaw requires local access and may cause a program crash.", "issued": "2025-10-16T15:32:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11840 https://bugzilla.redhat.com/show_bug.cgi?id=2404481 https://www.cve.org/CVERecord?id=CVE-2025-11840 https://nvd.nist.gov/vuln/detail/CVE-2025-11840 https://sourceware.org/bugzilla/attachment.cgi?id=16351 https://sourceware.org/bugzilla/attachment.cgi?id=16357 https://sourceware.org/bugzilla/show_bug.cgi?id=33455 https://vuldb.com/?ctiid.328775 https://vuldb.com/?id.328775 https://vuldb.com/?submit.661281 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11840.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "guovo7cvog/lYbVq887U/w==": { "id": "guovo7cvog/lYbVq887U/w==", "updater": "rhel-vex", "name": "CVE-2023-30589", "description": "A vulnerability has been identified in the Node.js, where llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30589 https://bugzilla.redhat.com/show_bug.cgi?id=2219841 https://www.cve.org/CVERecord?id=CVE-2023-30589 https://nvd.nist.gov/vuln/detail/CVE-2023-30589 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30589.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "gvOYexCvSFjRc1ovPwHsww==": { "id": "gvOYexCvSFjRc1ovPwHsww==", "updater": "rhel-vex", "name": "CVE-2023-34410", "description": "An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.", "issued": "2023-06-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-34410 https://bugzilla.redhat.com/show_bug.cgi?id=2212747 https://www.cve.org/CVERecord?id=CVE-2023-34410 https://nvd.nist.gov/vuln/detail/CVE-2023-34410 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-34410.json https://access.redhat.com/errata/RHSA-2023:6369", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "qt5-srpm-macros", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:5.15.9-1.el9", "arch_op": "pattern match" }, "gx7w+mYZCEGlSNGIkO6bLQ==": { "id": "gx7w+mYZCEGlSNGIkO6bLQ==", "updater": "rhel-vex", "name": "CVE-2026-25547", "description": "A flaw was found in the brace-expansion component. This denial of service (DoS) vulnerability allows a remote attacker to provide specially crafted input containing repeated numeric brace ranges. This input causes the library to attempt an unbounded expansion, consuming excessive CPU and memory resources. This can lead to a system crash, impacting the availability of the service.", "issued": "2026-02-04T21:51:17Z", "links": "https://access.redhat.com/security/cve/CVE-2026-25547 https://bugzilla.redhat.com/show_bug.cgi?id=2436942 https://www.cve.org/CVERecord?id=CVE-2026-25547 https://nvd.nist.gov/vuln/detail/CVE-2026-25547 https://github.com/isaacs/brace-expansion/security/advisories/GHSA-7h2j-956f-4vf2 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25547.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "gxC5QcXnizTYqfkIqc6zTA==": { "id": "gxC5QcXnizTYqfkIqc6zTA==", "updater": "rhel-vex", "name": "CVE-2023-3446", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "h+nOQU6khNxAH7kkGqVqkQ==": { "id": "h+nOQU6khNxAH7kkGqVqkQ==", "updater": "rhel-vex", "name": "CVE-2022-3296", "description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-09-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3296.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "h/OVEZRz5ndHYLHsNXXXMg==": { "id": "h/OVEZRz5ndHYLHsNXXXMg==", "updater": "rhel-vex", "name": "CVE-2023-39326", "description": "A flaw was found in the Golang net/http/internal package. This issue may allow a malicious user to send an HTTP request and cause the receiver to read more bytes from network than are in the body (up to 1GiB), causing the receiver to fail reading the response, possibly leading to a Denial of Service (DoS).", "issued": "2023-12-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39326 https://bugzilla.redhat.com/show_bug.cgi?id=2253330 https://www.cve.org/CVERecord?id=CVE-2023-39326 https://nvd.nist.gov/vuln/detail/CVE-2023-39326 https://pkg.go.dev/vuln/GO-2023-2382 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39326.json https://access.redhat.com/errata/RHSA-2024:1131", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-1.el9_3", "arch_op": "pattern match" }, "h4AMnuZWsySyrebCjsjhxA==": { "id": "h4AMnuZWsySyrebCjsjhxA==", "updater": "rhel-vex", "name": "CVE-2026-21637", "description": "A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when `pskCallback` or `ALPNCallback` are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths (tlsClientError and error), causing either immediate process termination or silent file descriptor leaks that eventually lead to denial of service. Because these callbacks process attacker-controlled input during the TLS handshake, a remote client can repeatedly trigger the issue. This vulnerability affects TLS servers using PSK or ALPN callbacks across Node.js versions where these callbacks throw without being safely wrapped.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21637 https://bugzilla.redhat.com/show_bug.cgi?id=2431340 https://www.cve.org/CVERecord?id=CVE-2026-21637 https://nvd.nist.gov/vuln/detail/CVE-2026-21637 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21637.json https://access.redhat.com/errata/RHSA-2026:2782", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.9.4-1.22.22.0.1.module+el9.7.0+23896+b5802de9", "arch_op": "pattern match" }, "h5U/sk69K9TcWs3P9TuKxQ==": { "id": "h5U/sk69K9TcWs3P9TuKxQ==", "updater": "rhel-vex", "name": "CVE-2022-41723", "description": "A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests.", "issued": "2023-02-17T14:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41723 https://bugzilla.redhat.com/show_bug.cgi?id=2178358 https://www.cve.org/CVERecord?id=CVE-2022-41723 https://nvd.nist.gov/vuln/detail/CVE-2022-41723 https://github.com/advisories/GHSA-vvpx-j8f3-3w6h https://go.dev/cl/468135 https://go.dev/cl/468295 https://go.dev/issue/57855 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E https://pkg.go.dev/vuln/GO-2023-1571 https://vuln.go.dev/ID/GO-2023-1571.json https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41723.json https://access.redhat.com/errata/RHBA-2023:2181", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.6-2.el9_2", "arch_op": "pattern match" }, "h7m1EaKKCwaqq30R6Q/BlQ==": { "id": "h7m1EaKKCwaqq30R6Q/BlQ==", "updater": "rhel-vex", "name": "CVE-2023-1999", "description": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nA double-free in libwebp could have led to memory corruption and a potentially exploitable crash.", "issued": "2023-04-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1999 https://bugzilla.redhat.com/show_bug.cgi?id=2186102 https://www.cve.org/CVERecord?id=CVE-2023-1999 https://nvd.nist.gov/vuln/detail/CVE-2023-1999 https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-1999 https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-1999 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1999.json https://access.redhat.com/errata/RHSA-2023:2078", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libwebp-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.2.0-6.el9_1", "arch_op": "pattern match" }, "h7rVfEQf7/yrRLndyq6HvA==": { "id": "h7rVfEQf7/yrRLndyq6HvA==", "updater": "rhel-vex", "name": "CVE-2023-24532", "description": "A flaw was found in the crypto/internal/nistec golang library. The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars, such as a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh.", "issued": "2023-03-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24532 https://bugzilla.redhat.com/show_bug.cgi?id=2223355 https://www.cve.org/CVERecord?id=CVE-2023-24532 https://nvd.nist.gov/vuln/detail/CVE-2023-24532 https://go.dev/cl/471255 https://go.dev/issue/58647 https://groups.google.com/g/golang-announce/c/3-TpUx48iQY https://pkg.go.dev/vuln/GO-2023-1621 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24532.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "h8RB92Gx2aWFJ7WtAQ4wDA==": { "id": "h8RB92Gx2aWFJ7WtAQ4wDA==", "updater": "rhel-vex", "name": "CVE-2023-4016", "description": "A heap-based buffer overflow vulnerability was found in the procps project when handling untrusted input with the -C option. This issue may allow a user with \"ps\" utility access to write unfiltered data into the process heap, triggering an out-of-bounds write, consuming memory and causing a crash, resulting in a denial of service.", "issued": "2023-08-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4016 https://bugzilla.redhat.com/show_bug.cgi?id=2228494 https://www.cve.org/CVERecord?id=CVE-2023-4016 https://nvd.nist.gov/vuln/detail/CVE-2023-4016 https://gitlab.com/procps-ng/procps/-/commit/2c933ecba3bb1d3041a5a7a53a7b4078a6003413 https://gitlab.com/procps-ng/procps/-/issues/297 https://www.freelists.org/post/procps/ps-buffer-overflow-CVE-20234016 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4016.json https://access.redhat.com/errata/RHSA-2023:6705", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "procps-ng", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.3.17-13.el9", "arch_op": "pattern match" }, "h8nlVtUPrGKdJF9xyffy7g==": { "id": "h8nlVtUPrGKdJF9xyffy7g==", "updater": "rhel-vex", "name": "CVE-2021-35939", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "hECLdfUszFQo2UbzQI3BMQ==": { "id": "hECLdfUszFQo2UbzQI3BMQ==", "updater": "rhel-vex", "name": "CVE-2024-6232", "description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "issued": "2024-09-03T13:15:05Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.6", "arch_op": "pattern match" }, "hEt6vsfHYq4kHELEO5xWxA==": { "id": "hEt6vsfHYq4kHELEO5xWxA==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "hHDtCxiuvJ9VSCSwnEG0Fw==": { "id": "hHDtCxiuvJ9VSCSwnEG0Fw==", "updater": "rhel-vex", "name": "CVE-2026-27135", "description": "A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service (DoS).", "issued": "2026-03-18T17:59:02Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27135 https://bugzilla.redhat.com/show_bug.cgi?id=2448754 https://www.cve.org/CVERecord?id=CVE-2026-27135 https://nvd.nist.gov/vuln/detail/CVE-2026-27135 https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27135.json https://access.redhat.com/errata/RHSA-2026:7668", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libnghttp2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.43.0-6.el9_7.1", "arch_op": "pattern match" }, "hHQvhYHv8KxCCQMiFpmyWg==": { "id": "hHQvhYHv8KxCCQMiFpmyWg==", "updater": "rhel-vex", "name": "CVE-2024-12718", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows modification of file metadata, such as timestamps or permissions, outside the intended extraction directory via maliciously crafted tar archives using the filter=\"data\" or filter=\"tar\" extraction filters.", "issued": "2025-06-03T12:59:10Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12718 https://bugzilla.redhat.com/show_bug.cgi?id=2370013 https://www.cve.org/CVERecord?id=CVE-2024-12718 https://nvd.nist.gov/vuln/detail/CVE-2024-12718 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/127987 https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12718.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "hIHRMVndQh85jnW2uCawbw==": { "id": "hIHRMVndQh85jnW2uCawbw==", "updater": "rhel-vex", "name": "CVE-2025-22874", "description": "A flaw was found in Go's crypto/x509 package. This vulnerability allows improper certificate validation, bypassing policy constraints via using ExtKeyUsageAny in VerifyOptions.KeyUsages.", "issued": "2025-06-11T16:42:52Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22874 https://bugzilla.redhat.com/show_bug.cgi?id=2372320 https://www.cve.org/CVERecord?id=CVE-2025-22874 https://nvd.nist.gov/vuln/detail/CVE-2025-22874 https://go.dev/cl/670375 https://go.dev/issue/73612 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://pkg.go.dev/vuln/GO-2025-3749 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22874.json https://access.redhat.com/errata/RHSA-2025:10676", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.4-1.el9_6", "arch_op": "pattern match" }, "hIP4iOnrw2sfStgfnTKJKw==": { "id": "hIP4iOnrw2sfStgfnTKJKw==", "updater": "rhel-vex", "name": "CVE-2023-30581", "description": "A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require() can bypass the policy mechanism and require modules outside of the policy.json definition.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30581 https://bugzilla.redhat.com/show_bug.cgi?id=2219824 https://www.cve.org/CVERecord?id=CVE-2023-30581 https://nvd.nist.gov/vuln/detail/CVE-2023-30581 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30581.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.16.1-1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "hJqH5PsFQ03HT/LzTwaCXA==": { "id": "hJqH5PsFQ03HT/LzTwaCXA==", "updater": "rhel-vex", "name": "CVE-2025-47912", "description": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.", "issued": "2025-10-29T22:10:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47912 https://bugzilla.redhat.com/show_bug.cgi?id=2407247 https://www.cve.org/CVERecord?id=CVE-2025-47912 https://nvd.nist.gov/vuln/detail/CVE-2025-47912 https://go.dev/cl/709857 https://go.dev/issue/75678 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4010 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47912.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "hK/f5zoJDHjYWcidbJwYsg==": { "id": "hK/f5zoJDHjYWcidbJwYsg==", "updater": "rhel-vex", "name": "CVE-2023-38408", "description": "A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an attacker with control of the forwarded agent-socket on the server and the ability to write to the filesystem of the client host to execute arbitrary code with the privileges of the user running the ssh-agent.", "issued": "2023-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38408 https://bugzilla.redhat.com/show_bug.cgi?id=2224173 https://www.cve.org/CVERecord?id=CVE-2023-38408 https://nvd.nist.gov/vuln/detail/CVE-2023-38408 https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38408.json https://access.redhat.com/errata/RHSA-2023:4412", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-30.el9_2", "arch_op": "pattern match" }, "hMc0MDqaKmmGxo7P4SKmKg==": { "id": "hMc0MDqaKmmGxo7P4SKmKg==", "updater": "rhel-vex", "name": "CVE-2026-28421", "description": "A flaw was found in Vim. This vulnerability, a heap-buffer-overflow and a segmentation fault, exists in the swap file recovery logic. A local attacker could exploit this by providing a specially crafted swap file. This could lead to a denial of service (DoS) or potentially information disclosure.", "issued": "2026-02-27T22:06:34Z", "links": "https://access.redhat.com/security/cve/CVE-2026-28421 https://bugzilla.redhat.com/show_bug.cgi?id=2443474 https://www.cve.org/CVERecord?id=CVE-2026-28421 https://nvd.nist.gov/vuln/detail/CVE-2026-28421 https://github.com/vim/vim/commit/65c1a143c331c886dc28 https://github.com/vim/vim/releases/tag/v9.2.0077 https://github.com/vim/vim/security/advisories/GHSA-r2gw-2x48-jj5p https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-28421.json https://access.redhat.com/errata/RHSA-2026:8259", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-23.el9_7.2", "arch_op": "pattern match" }, "hMwTXtuK2CPZup51st8vag==": { "id": "hMwTXtuK2CPZup51st8vag==", "updater": "rhel-vex", "name": "CVE-2022-25881", "description": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.", "issued": "2023-01-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25881 https://bugzilla.redhat.com/show_bug.cgi?id=2165824 https://www.cve.org/CVERecord?id=CVE-2022-25881 https://nvd.nist.gov/vuln/detail/CVE-2022-25881 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25881.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "hRSnphgIhBaU8a2RyBPsuA==": { "id": "hRSnphgIhBaU8a2RyBPsuA==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:3501", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libnghttp2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.43.0-5.el9_4.3", "arch_op": "pattern match" }, "hUC86VV8kD262xFcev0ZiA==": { "id": "hUC86VV8kD262xFcev0ZiA==", "updater": "rhel-vex", "name": "CVE-2025-11412", "description": "A flaw was found in binutils. Processing a specially crafted object file with the ld linker can trigger an out-of-bounds read in the bfd_elf_gc_record_vtentry function in the bfd/elflink.c file due to a missing sanity check, causing a crash and resulting in a denial of service.", "issued": "2025-10-07T22:02:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11412 https://bugzilla.redhat.com/show_bug.cgi?id=2402425 https://www.cve.org/CVERecord?id=CVE-2025-11412 https://nvd.nist.gov/vuln/detail/CVE-2025-11412 https://sourceware.org/bugzilla/show_bug.cgi?id=33452 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=047435dd988a3975d40c6626a8f739a0b2e154bc https://vuldb.com/?id.327348 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11412.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "hWXaFNGw43ZC0VkI4/s2Pw==": { "id": "hWXaFNGw43ZC0VkI4/s2Pw==", "updater": "rhel-vex", "name": "CVE-2021-35938", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-sign-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "hXiyheRZcHY0l7xO8DNsTg==": { "id": "hXiyheRZcHY0l7xO8DNsTg==", "updater": "rhel-vex", "name": "CVE-2026-21637", "description": "A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when `pskCallback` or `ALPNCallback` are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths (tlsClientError and error), causing either immediate process termination or silent file descriptor leaks that eventually lead to denial of service. Because these callbacks process attacker-controlled input during the TLS handshake, a remote client can repeatedly trigger the issue. This vulnerability affects TLS servers using PSK or ALPN callbacks across Node.js versions where these callbacks throw without being safely wrapped.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21637 https://bugzilla.redhat.com/show_bug.cgi?id=2431340 https://www.cve.org/CVERecord?id=CVE-2026-21637 https://nvd.nist.gov/vuln/detail/CVE-2026-21637 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21637.json https://access.redhat.com/errata/RHSA-2026:2782", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.22.0-1.module+el9.7.0+23896+b5802de9", "arch_op": "pattern match" }, "hYg6jGCQ5Nuq7UsitAzuiw==": { "id": "hYg6jGCQ5Nuq7UsitAzuiw==", "updater": "rhel-vex", "name": "CVE-2023-29469", "description": "A flaw was found in libxml2. This issue occurs when hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce inconsistent results, which may lead to various logic or memory errors, including double free errors.", "issued": "2023-04-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29469 https://bugzilla.redhat.com/show_bug.cgi?id=2185984 https://www.cve.org/CVERecord?id=CVE-2023-29469 https://nvd.nist.gov/vuln/detail/CVE-2023-29469 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29469.json https://access.redhat.com/errata/RHSA-2023:4349", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-3.el9_2.1", "arch_op": "pattern match" }, "haYiiYG8S+76vEnaF2JX0g==": { "id": "haYiiYG8S+76vEnaF2JX0g==", "updater": "rhel-vex", "name": "CVE-2025-68119", "description": "A flaw was found in Golang's cmd/go module. This vulnerability allows a local attacker to achieve local code execution by downloading and building modules with specially crafted malicious version strings. On systems with Mercurial (hg) installed, this can occur when downloading modules from non-standard sources due to how external Version Control System (VCS) commands are constructed. Additionally, on systems with Git installed, providing malicious version strings to the toolchain can enable an attacker to write to arbitrary files on the filesystem. This issue is triggered by explicitly supplying these malicious version strings.", "issued": "2026-01-28T19:30:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-68119 https://bugzilla.redhat.com/show_bug.cgi?id=2434438 https://www.cve.org/CVERecord?id=CVE-2025-68119 https://nvd.nist.gov/vuln/detail/CVE-2025-68119 https://go.dev/cl/736710 https://go.dev/issue/77099 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://pkg.go.dev/vuln/GO-2026-4338 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68119.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "hazOAbpBSQ6ZcoEMkq6UhQ==": { "id": "hazOAbpBSQ6ZcoEMkq6UhQ==", "updater": "rhel-vex", "name": "CVE-2023-5981", "description": "A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.", "issued": "2023-11-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5981 https://bugzilla.redhat.com/show_bug.cgi?id=2248445 https://www.cve.org/CVERecord?id=CVE-2023-5981 https://nvd.nist.gov/vuln/detail/CVE-2023-5981 https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5981.json https://access.redhat.com/errata/RHSA-2024:0533", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-23.el9_3.3", "arch_op": "pattern match" }, "hcytdCNWQ/uK0EA5aDrWOQ==": { "id": "hcytdCNWQ/uK0EA5aDrWOQ==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:11992", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-8.el9_6", "arch_op": "pattern match" }, "hfVFht+buqTExOEVhwr1xQ==": { "id": "hfVFht+buqTExOEVhwr1xQ==", "updater": "rhel-vex", "name": "CVE-2019-12900", "description": "A data integrity error was found in the bzip2 (User-space package) functionality when decompressing. This issue occurs when a user decompresses a particular kind of .bz2 files. A local user could get unexpected results (or corrupted data) as result of decompressing these files.", "issued": "2024-11-15T10:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=2332075 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json https://access.redhat.com/errata/RHSA-2025:0925", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "bzip2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.0.8-10.el9_5", "arch_op": "pattern match" }, "hinEteXkZ2xZbWF5lSQDEw==": { "id": "hinEteXkZ2xZbWF5lSQDEw==", "updater": "rhel-vex", "name": "CVE-2023-0797", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the _TIFFmemcpy function in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0797 https://bugzilla.redhat.com/show_bug.cgi?id=2170151 https://www.cve.org/CVERecord?id=CVE-2023-0797 https://nvd.nist.gov/vuln/detail/CVE-2023-0797 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0797.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "hizVOzI9X9GcBBCKZH/AIg==": { "id": "hizVOzI9X9GcBBCKZH/AIg==", "updater": "rhel-vex", "name": "CVE-2026-21637", "description": "A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when `pskCallback` or `ALPNCallback` are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths (tlsClientError and error), causing either immediate process termination or silent file descriptor leaks that eventually lead to denial of service. Because these callbacks process attacker-controlled input during the TLS handshake, a remote client can repeatedly trigger the issue. This vulnerability affects TLS servers using PSK or ALPN callbacks across Node.js versions where these callbacks throw without being safely wrapped.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21637 https://bugzilla.redhat.com/show_bug.cgi?id=2431340 https://www.cve.org/CVERecord?id=CVE-2026-21637 https://nvd.nist.gov/vuln/detail/CVE-2026-21637 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21637.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "hjzu3I+m68mPWogOfZscVg==": { "id": "hjzu3I+m68mPWogOfZscVg==", "updater": "rhel-vex", "name": "CVE-2023-39318", "description": "A flaw was found in Golang. The html/template package did not properly handle HMTL-like \"\u003c!--\" and \"--\u003e\" comment tokens, nor hashbang \"#!\" comment tokens, in \u003cscript\u003e contexts. This issue may cause the template parser to improperly interpret the contents of \u003cscript\u003e contexts, causing actions to be improperly escaped.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39318 https://bugzilla.redhat.com/show_bug.cgi?id=2237776 https://www.cve.org/CVERecord?id=CVE-2023-39318 https://nvd.nist.gov/vuln/detail/CVE-2023-39318 https://go.dev/cl/526156 https://go.dev/issue/62196 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2041.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39318.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "hlV8M1lvezTjDMlaNPSTvg==": { "id": "hlV8M1lvezTjDMlaNPSTvg==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "hnVuaDEhxbGffMCkOiTy1A==": { "id": "hnVuaDEhxbGffMCkOiTy1A==", "updater": "rhel-vex", "name": "CVE-2023-3446", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "hqWNdyyShysFv4UI5qHkfQ==": { "id": "hqWNdyyShysFv4UI5qHkfQ==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://inbox.sourceware.org/libc-announce/3ac997b0-28a5-4129-af53-675efe4c2dec@redhat.com/T/#u https://sourceware.org/bugzilla/show_bug.cgi?id=32976 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "htRPPeb7P9MNS47zhEuuaw==": { "id": "htRPPeb7P9MNS47zhEuuaw==", "updater": "rhel-vex", "name": "CVE-2024-24791", "description": "A flaw was found in Go. The net/http module mishandles specific server responses from HTTP/1.1 client requests. This issue may render a connection invalid and cause a denial of service.", "issued": "2024-07-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24791 https://bugzilla.redhat.com/show_bug.cgi?id=2295310 https://www.cve.org/CVERecord?id=CVE-2024-24791 https://nvd.nist.gov/vuln/detail/CVE-2024-24791 https://go.dev/cl/591255 https://go.dev/issue/67555 https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24791.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "htuN+yEom1R161MtW9b2yw==": { "id": "htuN+yEom1R161MtW9b2yw==", "updater": "rhel-vex", "name": "CVE-2026-21715", "description": "A flaw was found in Node.js. The Node.js Permission Model, intended to restrict filesystem access, does not properly enforce read permission checks for the `fs.realpathSync.native()` function. This vulnerability allows code operating under `--permission` with restricted `--allow-fs-read` flags to bypass security controls. Consequently, an attacker can use `fs.realpathSync.native()` to determine file existence, resolve symbolic link targets, and enumerate filesystem paths outside of permitted directories, leading to information disclosure.", "issued": "2026-03-30T19:07:28Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21715 https://bugzilla.redhat.com/show_bug.cgi?id=2453152 https://www.cve.org/CVERecord?id=CVE-2026-21715 https://nvd.nist.gov/vuln/detail/CVE-2026-21715 https://nodejs.org/en/blog/vulnerability/march-2026-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21715.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "hv1o+8ALinWTDa5cH4j3rA==": { "id": "hv1o+8ALinWTDa5cH4j3rA==", "updater": "rhel-vex", "name": "CVE-2022-4645", "description": "A flaw was found in tiffcp, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the tiffcp function in tools/tiffcp.c, resulting in a denial of service and limited information disclosure.", "issued": "2023-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4645 https://bugzilla.redhat.com/show_bug.cgi?id=2176220 https://www.cve.org/CVERecord?id=CVE-2022-4645 https://nvd.nist.gov/vuln/detail/CVE-2022-4645 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4645.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "hwn8HSXSxoAi1TYe+ACqPA==": { "id": "hwn8HSXSxoAi1TYe+ACqPA==", "updater": "rhel-vex", "name": "CVE-2023-32006", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32006 https://bugzilla.redhat.com/show_bug.cgi?id=2230955 https://www.cve.org/CVERecord?id=CVE-2023-32006 https://nvd.nist.gov/vuln/detail/CVE-2023-32006 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-impersonate-other-modules-in-using-moduleconstructorcreaterequire-mediumcve-2023-32006 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32006.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.17.1-1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "hx3c9WG+Xum3pwxo0+FyRQ==": { "id": "hx3c9WG+Xum3pwxo0+FyRQ==", "updater": "rhel-vex", "name": "CVE-2023-23919", "description": "A cryptographic vulnerability exists in Node.js \u003c19.2.0, \u003c18.14.1, \u003c16.19.1, \u003c14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23919 https://bugzilla.redhat.com/show_bug.cgi?id=2172170 https://www.cve.org/CVERecord?id=CVE-2023-23919 https://nvd.nist.gov/vuln/detail/CVE-2023-23919 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23919.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "hxluEp8Si16NQcfaJDWcLg==": { "id": "hxluEp8Si16NQcfaJDWcLg==", "updater": "rhel-vex", "name": "CVE-2022-3324", "description": "A stack-based buffer overflow vulnerability was found in Vim's win_redr_ruler() function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers the bug, causing an application to crash, possibly executing code and corrupting memory.", "issued": "2022-09-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3324 https://bugzilla.redhat.com/show_bug.cgi?id=2132558 https://www.cve.org/CVERecord?id=CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3324.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "hzkoKs3QdYyXJMnifzGbxA==": { "id": "hzkoKs3QdYyXJMnifzGbxA==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.13.1-1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "i+IfpRQo89HWL/sPRoOFsw==": { "id": "i+IfpRQo89HWL/sPRoOFsw==", "updater": "rhel-vex", "name": "CVE-2023-0799", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to a use-after-free problem in the extractContigSamplesShifted32bits function in tools/tiffcrop.c, resulting in a Denial of Service.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0799 https://bugzilla.redhat.com/show_bug.cgi?id=2170162 https://www.cve.org/CVERecord?id=CVE-2023-0799 https://nvd.nist.gov/vuln/detail/CVE-2023-0799 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0799.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "i1aZclSgDVfSpq3wWatknQ==": { "id": "i1aZclSgDVfSpq3wWatknQ==", "updater": "rhel-vex", "name": "CVE-2021-3826", "description": "A vulnerability was found in Libiberty. A heap and stack buffer overflow found in the dlang_lname function in d-demangle.c leads to a denial of service.", "issued": "2021-09-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3826 https://bugzilla.redhat.com/show_bug.cgi?id=2122627 https://www.cve.org/CVERecord?id=CVE-2021-3826 https://nvd.nist.gov/vuln/detail/CVE-2021-3826 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3826.json https://access.redhat.com/errata/RHSA-2023:6372", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:10.2-11.el9", "arch_op": "pattern match" }, "i1iqh+iGOleBv5v21I50xw==": { "id": "i1iqh+iGOleBv5v21I50xw==", "updater": "rhel-vex", "name": "CVE-2024-37891", "description": "A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the `Proxy-Authorization` HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-37891 https://bugzilla.redhat.com/show_bug.cgi?id=2292788 https://www.cve.org/CVERecord?id=CVE-2024-37891 https://nvd.nist.gov/vuln/detail/CVE-2024-37891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37891.json https://access.redhat.com/errata/RHSA-2024:6162", "severity": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-urllib3", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.26.5-5.el9_4.1", "arch_op": "pattern match" }, "i2CsObRdsFCFCIvnyVzw5g==": { "id": "i2CsObRdsFCFCIvnyVzw5g==", "updater": "rhel-vex", "name": "CVE-2025-66863", "description": "A flaw was found in BinUtils. Attackers can exploit this vulnerability by providing a specially crafted Portable Executable (PE) file. This can lead to a denial of service, making the affected application unavailable.", "issued": "2025-12-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-66863 https://bugzilla.redhat.com/show_bug.cgi?id=2425824 https://www.cve.org/CVERecord?id=CVE-2025-66863 https://nvd.nist.gov/vuln/detail/CVE-2025-66863 https://github.com/caozhzh/CRGF-Vul/blob/main/cxxfilt/crash2.md https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-66863.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "i3BrKsmhYf5wZYkQCBxUGw==": { "id": "i3BrKsmhYf5wZYkQCBxUGw==", "updater": "rhel-vex", "name": "CVE-2021-43618", "description": "A flaw was found in gmp. An integer overflow vulnerability could allow an attacker to input an integer value leading to a crash. The highest threat from this vulnerability is to system availability.", "issued": "2021-11-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-43618 https://bugzilla.redhat.com/show_bug.cgi?id=2024904 https://www.cve.org/CVERecord?id=CVE-2021-43618 https://nvd.nist.gov/vuln/detail/CVE-2021-43618 https://bugs.debian.org/994405 https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-43618.json https://access.redhat.com/errata/RHSA-2023:6661", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gmp", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:6.2.0-13.el9", "arch_op": "pattern match" }, "i6aHe7Qjo768bvS9xSorFw==": { "id": "i6aHe7Qjo768bvS9xSorFw==", "updater": "rhel-vex", "name": "CVE-2023-40403", "description": "A flaw was found in libxslt package. Processing web content may disclose sensitive information. This issue was addressed with improved memory handling.", "issued": "2023-09-26T20:14:54Z", "links": "https://access.redhat.com/security/cve/CVE-2023-40403 https://bugzilla.redhat.com/show_bug.cgi?id=2349766 https://www.cve.org/CVERecord?id=CVE-2023-40403 https://nvd.nist.gov/vuln/detail/CVE-2023-40403 http://seclists.org/fulldisclosure/2023/Oct/10 http://seclists.org/fulldisclosure/2023/Oct/3 http://seclists.org/fulldisclosure/2023/Oct/4 http://seclists.org/fulldisclosure/2023/Oct/5 http://seclists.org/fulldisclosure/2023/Oct/6 http://seclists.org/fulldisclosure/2023/Oct/8 http://seclists.org/fulldisclosure/2023/Oct/9 https://bugs.chromium.org/p/chromium/issues/detail?id=1356211 https://bugzilla.gnome.org/show_bug.cgi?id=751621 https://gitlab.gnome.org/GNOME/libxslt/-/issues/94 https://support.apple.com/en-us/HT213927 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-40403.json https://access.redhat.com/errata/RHSA-2026:6266", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libxslt", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.1.34-14.el9_7.1", "arch_op": "pattern match" }, "i8zmTjiP3YXXew6ZKB2Ogg==": { "id": "i8zmTjiP3YXXew6ZKB2Ogg==", "updater": "rhel-vex", "name": "CVE-2026-21710", "description": "A flaw was found in Node.js. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request that includes a header named `__proto__`. When a Node.js application processes this request and attempts to access distinct headers, it encounters an unhandled error, leading to an application crash. This can result in a Denial of Service (DoS), making the affected service unavailable to users.", "issued": "2026-03-30T19:07:28Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21710 https://bugzilla.redhat.com/show_bug.cgi?id=2453151 https://www.cve.org/CVERecord?id=CVE-2026-21710 https://nvd.nist.gov/vuln/detail/CVE-2026-21710 https://nodejs.org/en/blog/vulnerability/march-2026-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21710.json https://access.redhat.com/errata/RHSA-2026:7302", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.22.2-1.module+el9.7.0+24157+8ddb2461", "arch_op": "pattern match" }, "iA/QQjWhvxyNLUaetWDlcQ==": { "id": "iA/QQjWhvxyNLUaetWDlcQ==", "updater": "rhel-vex", "name": "CVE-2024-0727", "description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "issued": "2024-01-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "iACEEOg8p4u2oul22eTv+Q==": { "id": "iACEEOg8p4u2oul22eTv+Q==", "updater": "rhel-vex", "name": "CVE-2022-3358", "description": "A flaw was found in OpenSSL, where it incorrectly handles legacy custom ciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions (as well as other similarly named encryption and decryption initialization functions). Instead of using the custom cipher directly, it incorrectly tries to fetch an equivalent cipher from the available providers. An equivalent cipher is found based on the NID passed to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a given cipher. However, it is possible for an application to incorrectly pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef is used this way, the OpenSSL encryption/decryption initialization function will match the NULL cipher as equivalent and fetch this from the available providers. This is successful if the default provider has been loaded (or if a third-party provider has been loaded that offers this cipher). Using the NULL cipher means that the plaintext is emitted as the ciphertext.", "issued": "2022-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3358 https://bugzilla.redhat.com/show_bug.cgi?id=2134740 https://www.cve.org/CVERecord?id=CVE-2022-3358 https://nvd.nist.gov/vuln/detail/CVE-2022-3358 https://www.openssl.org/news/secadv/20221011.txt https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3358.json https://access.redhat.com/errata/RHSA-2023:2523", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-6.el9_2", "arch_op": "pattern match" }, "iAZzrtYDqIG5uluq/FjhDA==": { "id": "iAZzrtYDqIG5uluq/FjhDA==", "updater": "rhel-vex", "name": "CVE-2025-26465", "description": "A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.", "issued": "2025-02-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-26465 https://bugzilla.redhat.com/show_bug.cgi?id=2344780 https://www.cve.org/CVERecord?id=CVE-2025-26465 https://nvd.nist.gov/vuln/detail/CVE-2025-26465 https://access.redhat.com/solutions/7109879 https://seclists.org/oss-sec/2025/q1/144 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-26465.json https://access.redhat.com/errata/RHSA-2025:6993", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-45.el9", "arch_op": "pattern match" }, "iE+bfILM7uszXcxvEd6gYA==": { "id": "iE+bfILM7uszXcxvEd6gYA==", "updater": "rhel-vex", "name": "CVE-2025-23165", "description": "A flaw was found in the ReadFileUtf8 internal binding of Node.js. This vulnerability can allow an attacker to cause an application denial of service via repeated file read operations that trigger an unrecoverable memory leak due to a corrupted pointer in the underlying file system binding.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23165 https://bugzilla.redhat.com/show_bug.cgi?id=2367162 https://www.cve.org/CVERecord?id=CVE-2025-23165 https://nvd.nist.gov/vuln/detail/CVE-2025-23165 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23165.json https://access.redhat.com/errata/RHSA-2025:8467", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.16.0-1.module+el9.6.0+23151+b1496e9d", "arch_op": "pattern match" }, "iEtbVUUM9WmTLHwIzUrGAw==": { "id": "iEtbVUUM9WmTLHwIzUrGAw==", "updater": "rhel-vex", "name": "CVE-2026-27135", "description": "A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service (DoS).", "issued": "2026-03-18T17:59:02Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27135 https://bugzilla.redhat.com/show_bug.cgi?id=2448754 https://www.cve.org/CVERecord?id=CVE-2026-27135 https://nvd.nist.gov/vuln/detail/CVE-2026-27135 https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27135.json https://access.redhat.com/errata/RHSA-2026:7302", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.22.2-1.module+el9.7.0+24157+8ddb2461", "arch_op": "pattern match" }, "iF/o4aDbQf1DAw7R+LiVQw==": { "id": "iF/o4aDbQf1DAw7R+LiVQw==", "updater": "rhel-vex", "name": "CVE-2025-68972", "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "issued": "2025-12-27T22:52:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-68972 https://bugzilla.redhat.com/show_bug.cgi?id=2425646 https://www.cve.org/CVERecord?id=CVE-2025-68972 https://nvd.nist.gov/vuln/detail/CVE-2025-68972 https://gpg.fail/formfeed https://news.ycombinator.com/item?id=46404339 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68972.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "iFYspvRjIYFKUw7Fpj3PSg==": { "id": "iFYspvRjIYFKUw7Fpj3PSg==", "updater": "rhel-vex", "name": "CVE-2026-34982", "description": "A flaw was found in Vim. A modeline is used to set specific editor options directly from a text file. However, the `complete`, `guitabtooltip`, `printheader` options and the `mapset` function lack proper security checks, allowing an attacker to bypass restrictions and cause arbitrary OS command execution.", "issued": "2026-04-06T15:16:48Z", "links": "https://access.redhat.com/security/cve/CVE-2026-34982 https://bugzilla.redhat.com/show_bug.cgi?id=2455400 https://www.cve.org/CVERecord?id=CVE-2026-34982 https://nvd.nist.gov/vuln/detail/CVE-2026-34982 http://www.openwall.com/lists/oss-security/2026/04/01/1 https://github.com/vim/vim/commit/75661a66a1db1e1f3f1245c615 https://github.com/vim/vim/releases/tag/v9.2.0276 https://github.com/vim/vim/security/advisories/GHSA-8h6p-m6gr-mpw9 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34982.json https://access.redhat.com/errata/RHSA-2026:11510", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "vim-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-23.el9_7.3", "arch_op": "pattern match" }, "iJ/65EjB0RUIoiFFN5HgAw==": { "id": "iJ/65EjB0RUIoiFFN5HgAw==", "updater": "rhel-vex", "name": "CVE-2023-0800", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted16bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0800 https://bugzilla.redhat.com/show_bug.cgi?id=2170167 https://www.cve.org/CVERecord?id=CVE-2023-0800 https://nvd.nist.gov/vuln/detail/CVE-2023-0800 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0800.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "iK/w4oP0ry88Fhi1iG/FpA==": { "id": "iK/w4oP0ry88Fhi1iG/FpA==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-SelectSaver", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.02-481.el9", "arch_op": "pattern match" }, "iKVtZrDNXfISjmDp1xYKBQ==": { "id": "iKVtZrDNXfISjmDp1xYKBQ==", "updater": "rhel-vex", "name": "CVE-2023-39322", "description": "A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39322 https://bugzilla.redhat.com/show_bug.cgi?id=2237778 https://www.cve.org/CVERecord?id=CVE-2023-39322 https://nvd.nist.gov/vuln/detail/CVE-2023-39322 https://go.dev/cl/523039 https://go.dev/issue/62266 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2045.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39322.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "iL/VOECJBzyFgTCwWDppVw==": { "id": "iL/VOECJBzyFgTCwWDppVw==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "iMwaCmNtKHrK2+scb+hkxw==": { "id": "iMwaCmNtKHrK2+scb+hkxw==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "iQtqv3HeCGvWBf2ImnFK1w==": { "id": "iQtqv3HeCGvWBf2ImnFK1w==", "updater": "rhel-vex", "name": "CVE-2025-8941", "description": "A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a \"complete\" fix for CVE-2025-6020.", "issued": "2025-08-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://www.cve.org/CVERecord?id=CVE-2025-8941 https://nvd.nist.gov/vuln/detail/CVE-2025-8941 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8941.json https://access.redhat.com/errata/RHSA-2025:15099", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-26.el9_6", "arch_op": "pattern match" }, "iRRK+UGfH5YqM+4LOHExpQ==": { "id": "iRRK+UGfH5YqM+4LOHExpQ==", "updater": "rhel-vex", "name": "CVE-2024-45492", "description": "A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "issued": "2024-08-30T03:15:03Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45492 https://bugzilla.redhat.com/show_bug.cgi?id=2308617 https://www.cve.org/CVERecord?id=CVE-2024-45492 https://nvd.nist.gov/vuln/detail/CVE-2024-45492 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/889 https://github.com/libexpat/libexpat/pull/892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45492.json https://access.redhat.com/errata/RHSA-2024:6754", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-2.el9_4.1", "arch_op": "pattern match" }, "iRvSvKSGVLHqIXREJ4Ht/w==": { "id": "iRvSvKSGVLHqIXREJ4Ht/w==", "updater": "rhel-vex", "name": "CVE-2023-0464", "description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "iSsTR9jTS/494HfIgB9pGQ==": { "id": "iSsTR9jTS/494HfIgB9pGQ==", "updater": "rhel-vex", "name": "CVE-2023-25815", "description": "A vulnerability was found in Git. This security flaw occurs when Git compiles with runtime prefix support and runs without translated messages, and it still uses the gettext machinery to display messages, which subsequently looks for translated messages in unexpected places. This flaw allows the malicious placement of crafted messages.", "issued": "2023-04-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25815 https://bugzilla.redhat.com/show_bug.cgi?id=2188337 https://www.cve.org/CVERecord?id=CVE-2023-25815 https://nvd.nist.gov/vuln/detail/CVE-2023-25815 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25815.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "iSzOvPxPGZr2PfJTBTQBCQ==": { "id": "iSzOvPxPGZr2PfJTBTQBCQ==", "updater": "rhel-vex", "name": "CVE-2024-29040", "description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "issued": "2024-04-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-29040.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "tpm2-tss", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "iTrL6dXRPICy+0Wmi1qlPw==": { "id": "iTrL6dXRPICy+0Wmi1qlPw==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://nodejs.org/pt/blog/vulnerability/january-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1443", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.18.2-1.module+el9.5.0+22758+4ad2c198", "arch_op": "pattern match" }, "iUURXijANkMZIH/VbXWyYQ==": { "id": "iUURXijANkMZIH/VbXWyYQ==", "updater": "rhel-vex", "name": "CVE-2023-23918", "description": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23918 https://bugzilla.redhat.com/show_bug.cgi?id=2171935 https://www.cve.org/CVERecord?id=CVE-2023-23918 https://nvd.nist.gov/vuln/detail/CVE-2023-23918 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23918.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "iWIsGkw9mQk/URE9m7xoVA==": { "id": "iWIsGkw9mQk/URE9m7xoVA==", "updater": "rhel-vex", "name": "CVE-2025-59465", "description": "A denial of service flaw has been discovered in NodeJS. A malformed `HTTP/2 HEADERS` frame with oversized, invalid `HPACK` data can cause Node.js to crash by triggering an unhandled `TLSSocket` error `ECONNRESET`. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not attach explicit error handlers to secure sockets", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-59465 https://bugzilla.redhat.com/show_bug.cgi?id=2431349 https://www.cve.org/CVERecord?id=CVE-2025-59465 https://nvd.nist.gov/vuln/detail/CVE-2025-59465 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-59465.json https://access.redhat.com/errata/RHSA-2026:2783", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.20.0-1.module+el9.7.0+23895+0637d423", "arch_op": "pattern match" }, "iYahLjRBvYk4Zq4Nz9JtHg==": { "id": "iYahLjRBvYk4Zq4Nz9JtHg==", "updater": "rhel-vex", "name": "CVE-2025-66382", "description": "A flaw was found in libexpat. This vulnerability allows a denial of service (DoS) by processing a crafted file with an approximate size of 2 MiB, leading to dozens of seconds of processing time.", "issued": "2025-11-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-66382 https://bugzilla.redhat.com/show_bug.cgi?id=2417661 https://www.cve.org/CVERecord?id=CVE-2025-66382 https://nvd.nist.gov/vuln/detail/CVE-2025-66382 https://github.com/libexpat/libexpat/issues/1076 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-66382.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ibGOv13N1m/577Kb32wGxw==": { "id": "ibGOv13N1m/577Kb32wGxw==", "updater": "rhel-vex", "name": "CVE-2024-34156", "description": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://www.cve.org/CVERecord?id=CVE-2024-34156 https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3106 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34156.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "icr9XD5DN3YDWvP3naYL+g==": { "id": "icr9XD5DN3YDWvP3naYL+g==", "updater": "rhel-vex", "name": "CVE-2026-5450", "description": "A flaw was found in glibc (GNU C Library). This vulnerability occurs when an application uses the `scanf` family of functions with a `%mc` format specifier, which is used for dynamically allocating memory for character input, and provides an explicit width greater than 1024. This specific combination can lead to a one-byte heap buffer overflow, potentially allowing an attacker to corrupt memory.", "issued": "2026-04-20T20:55:41Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5450 https://bugzilla.redhat.com/show_bug.cgi?id=2459853 https://www.cve.org/CVERecord?id=CVE-2026-5450 https://nvd.nist.gov/vuln/detail/CVE-2026-5450 https://inbox.sourceware.org/libc-announce/b11f0003-6ec1-4bd6-b9de-9e38a4efeca3@redhat.com/T/#u https://nvd.nist.gov/vuln/detail/CVE-2026-5450#range-21286997 https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2026-5450 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5450.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ifl87FYu8EGpCz9Lakl+qg==": { "id": "ifl87FYu8EGpCz9Lakl+qg==", "updater": "rhel-vex", "name": "CVE-2025-55132", "description": "A file access flaw has been discovered in NodeJS. A file's access and modification timestamps to be changed via `futimes()` even when the process has only read permissions. Unlike `utimes()`, `futimes()` does not apply the expected write-permission checks, which means file metadata can be modified in read-only directories. This behavior could be used to alter timestamps in ways that obscure activity, reducing the reliability of logs.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-55132 https://bugzilla.redhat.com/show_bug.cgi?id=2431338 https://www.cve.org/CVERecord?id=CVE-2025-55132 https://nvd.nist.gov/vuln/detail/CVE-2025-55132 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-55132.json https://access.redhat.com/errata/RHSA-2026:2781", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.13.0-1.module+el9.7.0+23894+c8377628", "arch_op": "pattern match" }, "iguNGuUCiP6eJSJt14Jo4g==": { "id": "iguNGuUCiP6eJSJt14Jo4g==", "updater": "rhel-vex", "name": "CVE-2026-1526", "description": "A flaw was found in undici. A remote attacker can exploit this vulnerability by sending a specially crafted compressed frame, known as a \"decompression bomb,\" during permessage-deflate decompression. The undici WebSocket client does not properly limit the size of decompressed data, leading to unbounded memory consumption. This can cause the Node.js process to exhaust available memory, resulting in a denial of service (DoS) where the process crashes or becomes unresponsive.", "issued": "2026-03-12T20:08:05Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1526 https://bugzilla.redhat.com/show_bug.cgi?id=2447142 https://www.cve.org/CVERecord?id=CVE-2026-1526 https://nvd.nist.gov/vuln/detail/CVE-2026-1526 https://cna.openjsf.org/security-advisories.html https://datatracker.ietf.org/doc/html/rfc7692 https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q https://hackerone.com/reports/3481206 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1526.json https://access.redhat.com/errata/RHSA-2026:7302", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.22.2-1.module+el9.7.0+24157+8ddb2461", "arch_op": "pattern match" }, "ihcyIiYlnktNuXSrEgrQjg==": { "id": "ihcyIiYlnktNuXSrEgrQjg==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "ijNNBHI8o+gObvRZ97LRdA==": { "id": "ijNNBHI8o+gObvRZ97LRdA==", "updater": "rhel-vex", "name": "CVE-2021-35937", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-build-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "ija3h8P09PxwjEuLSUS2HA==": { "id": "ija3h8P09PxwjEuLSUS2HA==", "updater": "rhel-vex", "name": "CVE-2026-4438", "description": "A flaw was found in the GNU C library (glibc). When applications use the `gethostbyaddr` or `gethostbyaddr_r` functions with a `nsswitch.conf` configuration that specifies glibc's DNS backend, the library may return an invalid DNS hostname. This violates the DNS specification and could lead to applications receiving incorrect hostname information, potentially impacting network operations or security decisions.", "issued": "2026-03-20T19:59:06Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4438 https://bugzilla.redhat.com/show_bug.cgi?id=2449783 https://www.cve.org/CVERecord?id=CVE-2026-4438 https://nvd.nist.gov/vuln/detail/CVE-2026-4438 https://sourceware.org/bugzilla/show_bug.cgi?id=34015 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4438.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ikYp9FVR/trdSFxeYpqAcA==": { "id": "ikYp9FVR/trdSFxeYpqAcA==", "updater": "rhel-vex", "name": "CVE-2023-38408", "description": "A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an attacker with control of the forwarded agent-socket on the server and the ability to write to the filesystem of the client host to execute arbitrary code with the privileges of the user running the ssh-agent.", "issued": "2023-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38408 https://bugzilla.redhat.com/show_bug.cgi?id=2224173 https://www.cve.org/CVERecord?id=CVE-2023-38408 https://nvd.nist.gov/vuln/detail/CVE-2023-38408 https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38408.json https://access.redhat.com/errata/RHSA-2023:4412", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-30.el9_2", "arch_op": "pattern match" }, "injDY40WUdFqTiXseelJog==": { "id": "injDY40WUdFqTiXseelJog==", "updater": "rhel-vex", "name": "CVE-2026-26996", "description": "A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.", "issued": "2026-02-20T03:05:21Z", "links": "https://access.redhat.com/security/cve/CVE-2026-26996 https://bugzilla.redhat.com/show_bug.cgi?id=2441268 https://www.cve.org/CVERecord?id=CVE-2026-26996 https://nvd.nist.gov/vuln/detail/CVE-2026-26996 https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5 https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-26996.json https://access.redhat.com/errata/RHSA-2026:7896", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572", "arch_op": "pattern match" }, "isT7miwloz6n/DNr9N8lHA==": { "id": "isT7miwloz6n/DNr9N8lHA==", "updater": "rhel-vex", "name": "CVE-2025-61732", "description": "A flaw was found in Go's 'cgo tool'. This vulnerability arises from a discrepancy in how Go and C/C++ comments are parsed, which allows for malicious code to be hidden within comments and then \"smuggled\" into the compiled `cgo` binary. An attacker could exploit this to embed and execute arbitrary code, potentially leading to significant system compromise.", "issued": "2026-02-05T03:42:26Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61732 https://bugzilla.redhat.com/show_bug.cgi?id=2437016 https://www.cve.org/CVERecord?id=CVE-2025-61732 https://nvd.nist.gov/vuln/detail/CVE-2025-61732 https://go.dev/cl/734220 https://go.dev/issue/76697 https://groups.google.com/g/golang-announce/c/K09ubi9FQFk https://pkg.go.dev/vuln/GO-2026-4433 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61732.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "iveVedfC78Qk/6ltHJ21kQ==": { "id": "iveVedfC78Qk/6ltHJ21kQ==", "updater": "rhel-vex", "name": "CVE-2024-34397", "description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "issued": "2024-05-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json https://access.redhat.com/errata/RHSA-2024:6464", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-14.el9_4.1", "arch_op": "pattern match" }, "ixD2h349uZz3eCy55KxIlw==": { "id": "ixD2h349uZz3eCy55KxIlw==", "updater": "rhel-vex", "name": "CVE-2025-69421", "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69421 https://bugzilla.redhat.com/show_bug.cgi?id=2430387 https://www.cve.org/CVERecord?id=CVE-2025-69421 https://nvd.nist.gov/vuln/detail/CVE-2025-69421 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69421.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "ixc06f0H9vqMfsbwQSwwvA==": { "id": "ixc06f0H9vqMfsbwQSwwvA==", "updater": "rhel-vex", "name": "CVE-2023-32636", "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32636.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ixlSuy1zsWjDOO7lFuUNAQ==": { "id": "ixlSuy1zsWjDOO7lFuUNAQ==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "izYg2kL7sTEI8ASmlxRCdA==": { "id": "izYg2kL7sTEI8ASmlxRCdA==", "updater": "rhel-vex", "name": "CVE-2024-24785", "description": "A flaw was found in Go's html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into templates.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24785 https://bugzilla.redhat.com/show_bug.cgi?id=2268022 https://www.cve.org/CVERecord?id=CVE-2024-24785 https://nvd.nist.gov/vuln/detail/CVE-2024-24785 https://go.dev/cl/564196 https://go.dev/issue/65697 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://vuln.go.dev/ID/GO-2024-2610.json https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24785.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "j/6W06GHqfn2irJJ7LDKTQ==": { "id": "j/6W06GHqfn2irJJ7LDKTQ==", "updater": "rhel-vex", "name": "CVE-2023-1255", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the AES-XTS cipher decryption implementation for the 64-bit ARM platform contains an issue that could cause it to read past the input buffer, leading to a crash.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1255 https://bugzilla.redhat.com/show_bug.cgi?id=2188461 https://www.cve.org/CVERecord?id=CVE-2023-1255 https://nvd.nist.gov/vuln/detail/CVE-2023-1255 https://www.openssl.org/news/secadv/20230420.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1255.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "j/Ffe29Pz7uoI3ROVu3/hw==": { "id": "j/Ffe29Pz7uoI3ROVu3/hw==", "updater": "rhel-vex", "name": "CVE-2022-29458", "description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "issued": "2022-04-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-29458.json https://access.redhat.com/errata/RHSA-2025:12876", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9_6.2", "arch_op": "pattern match" }, "j/vFtwZCr4ow5q2VPKgR9g==": { "id": "j/vFtwZCr4ow5q2VPKgR9g==", "updater": "rhel-vex", "name": "CVE-2025-69418", "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69418 https://bugzilla.redhat.com/show_bug.cgi?id=2430381 https://www.cve.org/CVERecord?id=CVE-2025-69418 https://nvd.nist.gov/vuln/detail/CVE-2025-69418 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69418.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "j2qyk9XQmGp7ssMhZKM8jg==": { "id": "j2qyk9XQmGp7ssMhZKM8jg==", "updater": "rhel-vex", "name": "CVE-2026-25749", "description": "A flaw was found in Vim, an open source, command line text editor. This heap buffer overflow vulnerability exists in the tag file resolution logic when processing the 'helpfile' option. A local user could exploit this by providing a specially crafted 'helpfile' option value, leading to a heap buffer overflow. This could result in arbitrary code execution or a denial of service.", "issued": "2026-02-06T22:43:38Z", "links": "https://access.redhat.com/security/cve/CVE-2026-25749 https://bugzilla.redhat.com/show_bug.cgi?id=2437843 https://www.cve.org/CVERecord?id=CVE-2026-25749 https://nvd.nist.gov/vuln/detail/CVE-2026-25749 https://github.com/vim/vim/commit/0714b15940b245108e6e9d7aa2260dd849a26fa9 https://github.com/vim/vim/releases/tag/v9.1.2132 https://github.com/vim/vim/security/advisories/GHSA-5w93-4g67-mm43 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25749.json https://access.redhat.com/errata/RHSA-2026:5602", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-23.el9_7.1", "arch_op": "pattern match" }, "j3PAipb/hCxnbdoUmJvkNQ==": { "id": "j3PAipb/hCxnbdoUmJvkNQ==", "updater": "rhel-vex", "name": "CVE-2025-61984", "description": "A flaw was found in OpenSSH where control characters in usernames were not properly validated when sourced from untrusted inputs like the command line or configuration expansion. If a ProxyCommand is used, these control characters could modify command behavior, potentially leading to code execution.", "issued": "2025-10-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61984 https://bugzilla.redhat.com/show_bug.cgi?id=2401960 https://www.cve.org/CVERecord?id=CVE-2025-61984 https://nvd.nist.gov/vuln/detail/CVE-2025-61984 https://marc.info/?l=openssh-unix-dev\u0026m=175974522032149\u0026w=2 https://www.openssh.com/releasenotes.html#10.1p1 https://www.openwall.com/lists/oss-security/2025/10/06/1 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61984.json https://access.redhat.com/errata/RHSA-2025:23480", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-47.el9_7", "arch_op": "pattern match" }, "j7HjBQaZ5PNpv7JydPZ8OQ==": { "id": "j7HjBQaZ5PNpv7JydPZ8OQ==", "updater": "rhel-vex", "name": "CVE-2025-23166", "description": "A flaw was found in Node.js, specifically in the C++ method SignTraits::DeriveBits(). This vulnerability can allow a remote attacker to crash the Node.js runtime via untrusted input, triggering an exception in a background thread.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23166 https://bugzilla.redhat.com/show_bug.cgi?id=2367163 https://www.cve.org/CVERecord?id=CVE-2025-23166 https://nvd.nist.gov/vuln/detail/CVE-2025-23166 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23166.json https://access.redhat.com/errata/RHSA-2025:8468", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.2-1.20.19.2.1.module+el9.6.0+23146+be9976bd", "arch_op": "pattern match" }, "j7ssITCzXW4N87uje7nkZg==": { "id": "j7ssITCzXW4N87uje7nkZg==", "updater": "rhel-vex", "name": "CVE-2025-61731", "description": "A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the '#cgo pkg-config:' directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a '--log-file' argument to the pkg-config command. This vulnerability can lead to arbitrary file write.", "issued": "2026-01-28T19:30:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61731 https://bugzilla.redhat.com/show_bug.cgi?id=2434433 https://www.cve.org/CVERecord?id=CVE-2025-61731 https://nvd.nist.gov/vuln/detail/CVE-2025-61731 https://go.dev/cl/736711 https://go.dev/issue/77100 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://pkg.go.dev/vuln/GO-2026-4339 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61731.json https://access.redhat.com/errata/RHSA-2026:5942", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.25.8-1.el9_7", "arch_op": "pattern match" }, "j7yoSCks+i8LevHtgFwCwQ==": { "id": "j7yoSCks+i8LevHtgFwCwQ==", "updater": "rhel-vex", "name": "CVE-2023-24056", "description": "A flaw was found in pkgconf, where a variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. This issue may lead to a buffer overflow, which can crash the software.", "issued": "2023-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24056 https://bugzilla.redhat.com/show_bug.cgi?id=2165034 https://www.cve.org/CVERecord?id=CVE-2023-24056 https://nvd.nist.gov/vuln/detail/CVE-2023-24056 https://nullprogram.com/blog/2023/01/18/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24056.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "pkgconf", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "j8SFSR8BZ09zBKgRkzC7Jg==": { "id": "j8SFSR8BZ09zBKgRkzC7Jg==", "updater": "rhel-vex", "name": "CVE-2025-61985", "description": "A flaw was found in OpenSSH where the SSH client accepted \\0 (null) characters in ssh:// URIs. When a ProxyCommand is configured, these characters could alter how the command is parsed, potentially leading to code execution depending on how the proxy is set up.", "issued": "2025-10-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61985 https://bugzilla.redhat.com/show_bug.cgi?id=2401962 https://www.cve.org/CVERecord?id=CVE-2025-61985 https://nvd.nist.gov/vuln/detail/CVE-2025-61985 https://marc.info/?l=openssh-unix-dev\u0026m=175974522032149\u0026w=2 https://www.openssh.com/releasenotes.html#10.1p1 https://www.openwall.com/lists/oss-security/2025/10/06/1 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61985.json https://access.redhat.com/errata/RHSA-2025:23480", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-47.el9_7", "arch_op": "pattern match" }, "j8vL1GycOevI00+qC9aKmw==": { "id": "j8vL1GycOevI00+qC9aKmw==", "updater": "rhel-vex", "name": "CVE-2021-35939", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "jDj44frt+6TCj0cwExt14w==": { "id": "jDj44frt+6TCj0cwExt14w==", "updater": "rhel-vex", "name": "CVE-2024-25062", "description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "issued": "2024-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_4", "arch_op": "pattern match" }, "jGwIyHTli8TFB8vvlYRLgQ==": { "id": "jGwIyHTli8TFB8vvlYRLgQ==", "updater": "rhel-vex", "name": "CVE-2026-32284", "description": "A flaw was found in the msgpack decoder. A remote attacker could send specially crafted, truncated fixext data to an application using the msgpack library. This improper input validation can lead to an out-of-bounds read and a runtime panic, resulting in a denial of service (DoS) attack against the application.", "issued": "2026-03-26T19:40:51Z", "links": "https://access.redhat.com/security/cve/CVE-2026-32284 https://bugzilla.redhat.com/show_bug.cgi?id=2451851 https://www.cve.org/CVERecord?id=CVE-2026-32284 https://nvd.nist.gov/vuln/detail/CVE-2026-32284 https://github.com/golang/vulndb/issues/4513 https://github.com/shamaton/msgpack/issues/59 https://pkg.go.dev/vuln/GO-2026-4513 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32284.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "jL7k69KOM8ZjTH+gwznwQg==": { "id": "jL7k69KOM8ZjTH+gwznwQg==", "updater": "osv/go", "name": "GO-2022-1039", "description": "Memory exhaustion when compiling regular expressions in regexp/syntax", "issued": "2022-10-06T16:42:07Z", "links": "https://go.dev/issue/55949 https://go.dev/cl/439356 https://groups.google.com/g/golang-announce/c/xtuG5faxtaU", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.7" }, "jM18i6BgFcWSycW3ixuZHw==": { "id": "jM18i6BgFcWSycW3ixuZHw==", "updater": "rhel-vex", "name": "CVE-2025-61729", "description": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.", "issued": "2025-12-02T18:54:10Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61729 https://bugzilla.redhat.com/show_bug.cgi?id=2418462 https://www.cve.org/CVERecord?id=CVE-2025-61729 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://pkg.go.dev/vuln/GO-2025-4155 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61729.json https://access.redhat.com/errata/RHSA-2026:0923", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.25.5-2.el9_7", "arch_op": "pattern match" }, "jVeIQzIm92EdkbCIlGT1qA==": { "id": "jVeIQzIm92EdkbCIlGT1qA==", "updater": "rhel-vex", "name": "CVE-2022-3153", "description": "A flaw was found in vim, where it is vulnerable to a null-pointer-dereference in the vim_regcomp() function. This flaw allows a specially crafted file to crash a program or execute code.", "issued": "2022-09-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3153.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "jY7qsjEMOfcaNJkgI4dijw==": { "id": "jY7qsjEMOfcaNJkgI4dijw==", "updater": "rhel-vex", "name": "CVE-2023-26966", "description": "A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to an out-of-bounds read in the uv_encode function in libtiff/tif_luv.c, resulting in a denial of service.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-26966 https://bugzilla.redhat.com/show_bug.cgi?id=2218749 https://www.cve.org/CVERecord?id=CVE-2023-26966 https://nvd.nist.gov/vuln/detail/CVE-2023-26966 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-26966.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "jYkhobM1mHtLOwQie8WeWA==": { "id": "jYkhobM1mHtLOwQie8WeWA==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "jYmxPZjDM/CNw9uJ4rnMHQ==": { "id": "jYmxPZjDM/CNw9uJ4rnMHQ==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "jZXEa4mdIQd85t4aOIhsfA==": { "id": "jZXEa4mdIQd85t4aOIhsfA==", "updater": "rhel-vex", "name": "CVE-2024-12087", "description": "A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client.", "issued": "2025-01-14T15:06:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12087 https://bugzilla.redhat.com/show_bug.cgi?id=2330672 https://www.cve.org/CVERecord?id=CVE-2024-12087 https://nvd.nist.gov/vuln/detail/CVE-2024-12087 https://kb.cert.org/vuls/id/952657 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12087.json https://access.redhat.com/errata/RHSA-2025:7050", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "rsync", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.2.5-3.el9", "arch_op": "pattern match" }, "jZq7+x+5y+AXKvl07ivVBg==": { "id": "jZq7+x+5y+AXKvl07ivVBg==", "updater": "rhel-vex", "name": "CVE-2026-1525", "description": "A flaw was found in undici, a Node.js HTTP/1.1 client. A remote attacker could exploit this vulnerability by sending HTTP/1.1 requests that include duplicate Content-Length headers with different casing (e.g., \"Content-Length\" and \"content-length\"). This can lead to HTTP Request Smuggling, a technique where an attacker sends an ambiguous request that is interpreted differently by a proxy and a backend server. Successful exploitation could result in unauthorized access, cache poisoning, or credential hijacking. It may also cause a Denial of Service (DoS) if strict HTTP parsers reject the malformed requests.", "issued": "2026-03-12T19:56:55Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1525 https://bugzilla.redhat.com/show_bug.cgi?id=2447144 https://www.cve.org/CVERecord?id=CVE-2026-1525 https://nvd.nist.gov/vuln/detail/CVE-2026-1525 https://cna.openjsf.org/security-advisories.html https://cwe.mitre.org/data/definitions/444.html https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm https://hackerone.com/reports/3556037 https://www.rfc-editor.org/rfc/rfc9110.html#section-8.6 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1525.json https://access.redhat.com/errata/RHSA-2026:7302", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.22.2-1.module+el9.7.0+24157+8ddb2461", "arch_op": "pattern match" }, "jbS9IFs59O0uPYg9IZeksQ==": { "id": "jbS9IFs59O0uPYg9IZeksQ==", "updater": "rhel-vex", "name": "CVE-2024-11168", "description": "A flaw was found in Python. The `urllib.parse.urlsplit()` and `urlparse()` functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture compliant. This behavior was not conformant to RFC 3986 and was potentially vulnerable to server-side request forgery (SSRF) if a URL is processed by more than one URL parser.", "issued": "2024-11-12T21:22:23Z", "links": "https://access.redhat.com/security/cve/CVE-2024-11168 https://bugzilla.redhat.com/show_bug.cgi?id=2325776 https://www.cve.org/CVERecord?id=CVE-2024-11168 https://nvd.nist.gov/vuln/detail/CVE-2024-11168 https://github.com/python/cpython/commit/29f348e232e82938ba2165843c448c2b291504c5 https://github.com/python/cpython/commit/b2171a2fd41416cf68afd67460578631d755a550 https://github.com/python/cpython/issues/103848 https://github.com/python/cpython/pull/103849 https://mail.python.org/archives/list/security-announce@python.org/thread/XPWB6XVZ5G5KGEI63M4AWLIEUF5BPH4T/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-11168.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "jcBNjU0VQp8W5rs9GaZnrw==": { "id": "jcBNjU0VQp8W5rs9GaZnrw==", "updater": "rhel-vex", "name": "CVE-2022-4904", "description": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.", "issued": "2022-12-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4904 https://bugzilla.redhat.com/show_bug.cgi?id=2168631 https://www.cve.org/CVERecord?id=CVE-2022-4904 https://nvd.nist.gov/vuln/detail/CVE-2022-4904 https://github.com/c-ares/c-ares/issues/496 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4904.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "jcRqiXZ9kQjBDkPtzEXksQ==": { "id": "jcRqiXZ9kQjBDkPtzEXksQ==", "updater": "rhel-vex", "name": "CVE-2025-55132", "description": "A file access flaw has been discovered in NodeJS. A file's access and modification timestamps to be changed via `futimes()` even when the process has only read permissions. Unlike `utimes()`, `futimes()` does not apply the expected write-permission checks, which means file metadata can be modified in read-only directories. This behavior could be used to alter timestamps in ways that obscure activity, reducing the reliability of logs.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-55132 https://bugzilla.redhat.com/show_bug.cgi?id=2431338 https://www.cve.org/CVERecord?id=CVE-2025-55132 https://nvd.nist.gov/vuln/detail/CVE-2025-55132 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-55132.json https://access.redhat.com/errata/RHSA-2026:2781", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.13.0-1.module+el9.7.0+23894+c8377628", "arch_op": "pattern match" }, "jecTmyeay6DKd/7zioYjow==": { "id": "jecTmyeay6DKd/7zioYjow==", "updater": "rhel-vex", "name": "CVE-2025-3277", "description": "A flaw was found in SQLite’s `concat_ws()` function, where an integer overflow can be triggered. The resulting truncated integer can allocate a buffer. When SQLite writes the resulting string to the buffer, it uses the original, untruncated size, and a wild heap buffer overflow size of around 4GB can occur. This issue can result in arbitrary code execution.", "issued": "2025-04-14T16:50:48Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3277 https://bugzilla.redhat.com/show_bug.cgi?id=2359553 https://www.cve.org/CVERecord?id=CVE-2025-3277 https://nvd.nist.gov/vuln/detail/CVE-2025-3277 https://sqlite.org/src/info/498e3f1cf57f164f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3277.json https://access.redhat.com/errata/RHSA-2025:7433", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.9.2-1.22.15.0.1.module+el9.6.0+23062+9e7801b9", "arch_op": "pattern match" }, "jh1Mqm3BaTYV6MdA+4D74g==": { "id": "jh1Mqm3BaTYV6MdA+4D74g==", "updater": "rhel-vex", "name": "CVE-2023-32559", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding() can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding('spawn_sync') to run arbitrary code outside of the limits defined in a policy.json file.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32559 https://bugzilla.redhat.com/show_bug.cgi?id=2230956 https://www.cve.org/CVERecord?id=CVE-2023-32559 https://nvd.nist.gov/vuln/detail/CVE-2023-32559 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-processbinding-mediumcve-2023-32559 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32559.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.6.7-1.18.17.1.1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "jiVVTQmOtKqVixv7agF/Hg==": { "id": "jiVVTQmOtKqVixv7agF/Hg==", "updater": "rhel-vex", "name": "CVE-2025-27113", "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27113 https://bugzilla.redhat.com/show_bug.cgi?id=2346410 https://www.cve.org/CVERecord?id=CVE-2025-27113 https://nvd.nist.gov/vuln/detail/CVE-2025-27113 https://gitlab.gnome.org/GNOME/libxml2/-/issues/861 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27113.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "jlQB8YKpspXbBoHQT0JY7A==": { "id": "jlQB8YKpspXbBoHQT0JY7A==", "updater": "rhel-vex", "name": "CVE-2021-35937", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-sign-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "jlm8MnE+Ua07hmnpXd564A==": { "id": "jlm8MnE+Ua07hmnpXd564A==", "updater": "rhel-vex", "name": "CVE-2023-6237", "description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "issued": "2024-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "jmCYpsGWnnwiehZQL2tyGg==": { "id": "jmCYpsGWnnwiehZQL2tyGg==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "jtuaBa5xeKFbUsOxJOGtDQ==": { "id": "jtuaBa5xeKFbUsOxJOGtDQ==", "updater": "rhel-vex", "name": "CVE-2025-6395", "description": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", "issued": "2025-07-10T07:56:53Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6395 https://bugzilla.redhat.com/show_bug.cgi?id=2376755 https://www.cve.org/CVERecord?id=CVE-2025-6395 https://nvd.nist.gov/vuln/detail/CVE-2025-6395 https://gitlab.com/gnutls/gnutls/-/issues/1718 https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6395.json https://access.redhat.com/errata/RHSA-2025:16116", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-6.el9_6.2", "arch_op": "pattern match" }, "juRvPdedfeoW/YVn4PBM8Q==": { "id": "juRvPdedfeoW/YVn4PBM8Q==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "jujfK7kvNttCHbG9Y1cEjw==": { "id": "jujfK7kvNttCHbG9Y1cEjw==", "updater": "rhel-vex", "name": "CVE-2025-22873", "description": "A path traversal vulnerability has been identified in the Go os package affecting the Root abstraction, where improper handling of trailing path separators could allow access to the parent directory of a configured root directory. By supplying a filename ending in \"../\", an attacker may be able to open the immediate parent directory of the intended Root. Although this escape does not allow traversal to higher-level ancestors or direct access to files within the parent directory, it may expose directory metadata or unintended filesystem structure if the application passes untrusted path input to Root.Open.", "issued": "2026-02-04T23:05:24Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22873 https://bugzilla.redhat.com/show_bug.cgi?id=2436992 https://www.cve.org/CVERecord?id=CVE-2025-22873 https://nvd.nist.gov/vuln/detail/CVE-2025-22873 http://www.openwall.com/lists/oss-security/2025/05/06/2 https://go.dev/cl/670036 https://go.dev/issue/73555 https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ https://pkg.go.dev/vuln/GO-2026-4403 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22873.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "jvIOr2cGPChl6X44xwkz2w==": { "id": "jvIOr2cGPChl6X44xwkz2w==", "updater": "rhel-vex", "name": "CVE-2023-48795", "description": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.", "issued": "2023-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48795 https://bugzilla.redhat.com/show_bug.cgi?id=2254210 https://www.cve.org/CVERecord?id=CVE-2023-48795 https://nvd.nist.gov/vuln/detail/CVE-2023-48795 https://access.redhat.com/solutions/7071748 https://terrapin-attack.com/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48795.json https://access.redhat.com/errata/RHSA-2024:1130", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-34.el9_3.3", "arch_op": "pattern match" }, "jweM09oSTMKt4t5s2Lpg9g==": { "id": "jweM09oSTMKt4t5s2Lpg9g==", "updater": "rhel-vex", "name": "CVE-2023-29400", "description": "A flaw was found in golang. Templates containing actions in unquoted HTML attributes, for example, \"attr={{.}}\") executed with empty input, could result in output that has unexpected results when parsed due to HTML normalization rules. This issue may allow the injection of arbitrary attributes into tags.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29400 https://bugzilla.redhat.com/show_bug.cgi?id=2196029 https://www.cve.org/CVERecord?id=CVE-2023-29400 https://nvd.nist.gov/vuln/detail/CVE-2023-29400 https://go.dev/issue/59722 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29400.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "jyRfRwiUvNWAyNlZmv3MkQ==": { "id": "jyRfRwiUvNWAyNlZmv3MkQ==", "updater": "rhel-vex", "name": "CVE-2023-38552", "description": "When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to node's policy implementation, thus effectively disabling the integrity check.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38552 https://bugzilla.redhat.com/show_bug.cgi?id=2244415 https://www.cve.org/CVERecord?id=CVE-2023-38552 https://nvd.nist.gov/vuln/detail/CVE-2023-38552 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38552.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "k/2DvTn2KLL28Yuh/WFLmw==": { "id": "k/2DvTn2KLL28Yuh/WFLmw==", "updater": "rhel-vex", "name": "CVE-2023-3576", "description": "A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service.", "issued": "2023-03-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3576 https://bugzilla.redhat.com/show_bug.cgi?id=2219340 https://www.cve.org/CVERecord?id=CVE-2023-3576 https://nvd.nist.gov/vuln/detail/CVE-2023-3576 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3576.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "k/RAvY71xpuUVrSpsGkYlA==": { "id": "k/RAvY71xpuUVrSpsGkYlA==", "updater": "osv/go", "name": "GO-2022-1143", "description": "Restricted file access on Windows in os and net/http", "issued": "2022-12-07T16:08:45Z", "links": "https://go.dev/issue/56694 https://go.dev/cl/455716 https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.9" }, "k2PJBnbhSab9fWak/vBKbQ==": { "id": "k2PJBnbhSab9fWak/vBKbQ==", "updater": "rhel-vex", "name": "CVE-2026-33846", "description": "A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the message_length field remains consistent across all fragments of the same logical message. An attacker can exploit this by sending crafted DTLS fragments with conflicting message_length values, causing the implementation to allocate a buffer based on a smaller initial fragment and subsequently write beyond its bounds using larger, inconsistent fragments. Because the merge operation does not enforce proper bounds checking against the allocated buffer size, this results in an out-of-bounds write on the heap. The vulnerability is remotely exploitable without authentication via the DTLS handshake path and can lead to application crashes or potential memory corruption.", "issued": "2026-05-04T08:53:59Z", "links": "https://access.redhat.com/security/cve/CVE-2026-33846 https://bugzilla.redhat.com/show_bug.cgi?id=2450625 https://www.cve.org/CVERecord?id=CVE-2026-33846 https://nvd.nist.gov/vuln/detail/CVE-2026-33846 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33846.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "gnutls", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "k4dDUqBohIhzwbUS8fZiCA==": { "id": "k4dDUqBohIhzwbUS8fZiCA==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "k5LjlV1zmKau2rAIOnay6g==": { "id": "k5LjlV1zmKau2rAIOnay6g==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5765", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.2.3.el9_2", "arch_op": "pattern match" }, "k6D6o9qP1X41yPQlNQ8aww==": { "id": "k6D6o9qP1X41yPQlNQ8aww==", "updater": "rhel-vex", "name": "CVE-2026-33750", "description": "A flaw was found in the brace-expansion library, a component used for generating strings based on patterns. A remote attacker could exploit this vulnerability by providing a specially crafted brace pattern that includes a zero step value. This malicious input causes the library's sequence generation loop to run indefinitely, leading to excessive memory allocation and causing the process to hang. This results in a Denial of Service (DoS) for the affected application.", "issued": "2026-03-27T14:04:52Z", "links": "https://access.redhat.com/security/cve/CVE-2026-33750 https://bugzilla.redhat.com/show_bug.cgi?id=2452285 https://www.cve.org/CVERecord?id=CVE-2026-33750 https://nvd.nist.gov/vuln/detail/CVE-2026-33750 https://github.com/juliangruber/brace-expansion/blob/daa71bcb4a30a2df9bcb7f7b8daaf2ab30e5794a/src/index.ts#L107-L113 https://github.com/juliangruber/brace-expansion/blob/daa71bcb4a30a2df9bcb7f7b8daaf2ab30e5794a/src/index.ts#L184 https://github.com/juliangruber/brace-expansion/commit/311ac0d54994158c0a384e286a7d6cbb17ee8ed5 https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2 https://github.com/juliangruber/brace-expansion/commit/b9cacd9e55e7a1fa588fe4b7bb1159d52f1d902a https://github.com/juliangruber/brace-expansion/issues/98 https://github.com/juliangruber/brace-expansion/pull/95 https://github.com/juliangruber/brace-expansion/pull/96 https://github.com/juliangruber/brace-expansion/pull/97 https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-f886-m6hf-6m8v https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33750.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "k9Yjqv3ifDP4XwsJSZ8XiQ==": { "id": "k9Yjqv3ifDP4XwsJSZ8XiQ==", "updater": "rhel-vex", "name": "CVE-2023-31130", "description": "A vulnerability was found in c-ares. This issue occurs in the ares_inet_net_pton() function, which is vulnerable to a buffer underflow for certain ipv6 addresses. \"0::00:00:00/2\" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which would require an administrator to configure such an address via ares_set_sortlist().", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31130 https://bugzilla.redhat.com/show_bug.cgi?id=2209497 https://www.cve.org/CVERecord?id=CVE-2023-31130 https://nvd.nist.gov/vuln/detail/CVE-2023-31130 https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31130.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "k9jtJIr2beiO7DTwypDNWw==": { "id": "k9jtJIr2beiO7DTwypDNWw==", "updater": "rhel-vex", "name": "CVE-2026-6844", "description": "A flaw was found in the `readelf` utility of the binutils package. A local attacker could exploit two Denial of Service (DoS) vulnerabilities by providing a specially crafted Executable and Linkable Format (ELF) file. One vulnerability, a resource exhaustion (CWE-400), can lead to an out-of-memory condition. The other, a null pointer dereference (CWE-476), can cause a segmentation fault. Both issues can result in the `readelf` utility becoming unresponsive or crashing, leading to a denial of service.", "issued": "2026-04-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-6844 https://bugzilla.redhat.com/show_bug.cgi?id=2460016 https://www.cve.org/CVERecord?id=CVE-2026-6844 https://nvd.nist.gov/vuln/detail/CVE-2026-6844 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6844.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "kABs7TAnvuphaClsm0yUYQ==": { "id": "kABs7TAnvuphaClsm0yUYQ==", "updater": "rhel-vex", "name": "CVE-2026-2229", "description": "A flaw was found in the undici WebSocket client. A remote malicious server can exploit this vulnerability by sending a WebSocket frame with an invalid `server_max_window_bits` parameter within the permessage-deflate extension. This improper validation causes the client's Node.js process to terminate, leading to a denial-of-service (DoS) condition for the client.", "issued": "2026-03-12T20:27:05Z", "links": "https://access.redhat.com/security/cve/CVE-2026-2229 https://bugzilla.redhat.com/show_bug.cgi?id=2447143 https://www.cve.org/CVERecord?id=CVE-2026-2229 https://nvd.nist.gov/vuln/detail/CVE-2026-2229 https://cna.openjsf.org/security-advisories.html https://datatracker.ietf.org/doc/html/rfc7692 https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8 https://hackerone.com/reports/3487486 https://nodejs.org/api/zlib.html#class-zlibinflateraw https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2229.json https://access.redhat.com/errata/RHSA-2026:7302", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.22.2-1.module+el9.7.0+24157+8ddb2461", "arch_op": "pattern match" }, "kBdyi87P4B1cTF5hLS7ByA==": { "id": "kBdyi87P4B1cTF5hLS7ByA==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "kCgZMoKRMbRx90oiE7jJ+w==": { "id": "kCgZMoKRMbRx90oiE7jJ+w==", "updater": "rhel-vex", "name": "CVE-2022-43552", "description": "A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols, curl can use a heap-allocated struct after it has been freed and shut down the code path in its transfer.", "issued": "2022-12-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-43552 https://bugzilla.redhat.com/show_bug.cgi?id=2152652 https://www.cve.org/CVERecord?id=CVE-2022-43552 https://nvd.nist.gov/vuln/detail/CVE-2022-43552 https://curl.se/docs/CVE-2022-43552.html https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-43552.json https://access.redhat.com/errata/RHSA-2023:2478", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9", "arch_op": "pattern match" }, "kCyfUBctJ+eryOZP6UiDKQ==": { "id": "kCyfUBctJ+eryOZP6UiDKQ==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://nodejs.org/pt/blog/vulnerability/january-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.13.1-1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "kDZjsaAjptkThRRg1TjTRg==": { "id": "kDZjsaAjptkThRRg1TjTRg==", "updater": "rhel-vex", "name": "CVE-2025-14104", "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14104 https://bugzilla.redhat.com/show_bug.cgi?id=2419369 https://www.cve.org/CVERecord?id=CVE-2025-14104 https://nvd.nist.gov/vuln/detail/CVE-2025-14104 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14104.json https://access.redhat.com/errata/RHSA-2026:1913", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "util-linux-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.37.4-21.el9_7", "arch_op": "pattern match" }, "kEe4Kuw3hXrzhJ/JDjR7wg==": { "id": "kEe4Kuw3hXrzhJ/JDjR7wg==", "updater": "rhel-vex", "name": "CVE-2023-45803", "description": "A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as `POST` to `GET`, as is required by HTTP RFCs. This issue requires a previously trusted service to become compromised in order to have an impact on confidentiality, therefore, the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies; if this is the case, this vulnerability isn't exploitable.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45803 https://bugzilla.redhat.com/show_bug.cgi?id=2246840 https://www.cve.org/CVERecord?id=CVE-2023-45803 https://nvd.nist.gov/vuln/detail/CVE-2023-45803 https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9 https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4 https://www.rfc-editor.org/rfc/rfc9110.html#name-get https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45803.json https://access.redhat.com/errata/RHSA-2024:0464", "severity": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-urllib3", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.26.5-3.el9_3.1", "arch_op": "pattern match" }, "kFbIkTDdc0p9e6ndPrAnHA==": { "id": "kFbIkTDdc0p9e6ndPrAnHA==", "updater": "rhel-vex", "name": "CVE-2024-21892", "description": "A flaw was found in Node.js. On Linux, Node.js ignores certain environment variables if an unprivileged user has set them while the process is running with elevated privileges, except for CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when other capabilities have been set. This flaw allows unprivileged users to inject code that inherits the process's elevated privileges.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21892 https://bugzilla.redhat.com/show_bug.cgi?id=2264582 https://www.cve.org/CVERecord?id=CVE-2024-21892 https://nvd.nist.gov/vuln/detail/CVE-2024-21892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21892.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "kHC7JlgJ1gpjDIHxKgXZuQ==": { "id": "kHC7JlgJ1gpjDIHxKgXZuQ==", "updater": "osv/go", "name": "GO-2024-2609", "description": "Comments in display names are incorrectly handled in net/mail", "issued": "2024-03-05T22:15:04Z", "links": "https://go.dev/issue/65083 https://go.dev/cl/555596 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.21.8" }, "kJ/PUfmUBn2Ep03yRLItuQ==": { "id": "kJ/PUfmUBn2Ep03yRLItuQ==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "kMB61Eclf1Qb2Suk3JRmXw==": { "id": "kMB61Eclf1Qb2Suk3JRmXw==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "kQEcZDAS6Ka6J710VZUH9w==": { "id": "kQEcZDAS6Ka6J710VZUH9w==", "updater": "rhel-vex", "name": "CVE-2024-25062", "description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "issued": "2024-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_4", "arch_op": "pattern match" }, "kQL9cvtBFPgCA0FVlrhUBg==": { "id": "kQL9cvtBFPgCA0FVlrhUBg==", "updater": "rhel-vex", "name": "CVE-2025-61731", "description": "A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the '#cgo pkg-config:' directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a '--log-file' argument to the pkg-config command. This vulnerability can lead to arbitrary file write.", "issued": "2026-01-28T19:30:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61731 https://bugzilla.redhat.com/show_bug.cgi?id=2434433 https://www.cve.org/CVERecord?id=CVE-2025-61731 https://nvd.nist.gov/vuln/detail/CVE-2025-61731 https://go.dev/cl/736711 https://go.dev/issue/77100 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://pkg.go.dev/vuln/GO-2026-4339 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61731.json https://access.redhat.com/errata/RHSA-2026:5942", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.25.8-1.el9_7", "arch_op": "pattern match" }, "kQq8hvN2yLWiupMaLbRduA==": { "id": "kQq8hvN2yLWiupMaLbRduA==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Symbol", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.08-481.el9", "arch_op": "pattern match" }, "kRGVc4s/SuXPOfCHc7Q9ug==": { "id": "kRGVc4s/SuXPOfCHc7Q9ug==", "updater": "rhel-vex", "name": "CVE-2023-31147", "description": "A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom() are unavailable, c-ares will use rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand(), so it will generate predictable output.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31147 https://bugzilla.redhat.com/show_bug.cgi?id=2209501 https://www.cve.org/CVERecord?id=CVE-2023-31147 https://nvd.nist.gov/vuln/detail/CVE-2023-31147 https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31147.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "kRa60N9SRvgjl+iiwZ9fZg==": { "id": "kRa60N9SRvgjl+iiwZ9fZg==", "updater": "rhel-vex", "name": "CVE-2023-46218", "description": "A flaw was found in curl that verifies a given cookie domain against the Public Suffix List. This issue could allow a malicious HTTP server to set \"super cookies\" in curl that are passed back to more origins than what is otherwise allowed or possible.", "issued": "2023-12-06T07:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46218 https://bugzilla.redhat.com/show_bug.cgi?id=2252030 https://www.cve.org/CVERecord?id=CVE-2023-46218 https://nvd.nist.gov/vuln/detail/CVE-2023-46218 https://curl.se/docs/CVE-2023-46218.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46218.json https://access.redhat.com/errata/RHSA-2024:1129", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.3", "arch_op": "pattern match" }, "kRj1Frl5pmWWgd5LR0IPyw==": { "id": "kRj1Frl5pmWWgd5LR0IPyw==", "updater": "rhel-vex", "name": "CVE-2025-4435", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows unauthorized file extraction via crafted tar archives when TarFile.errorlevel=0, bypassing expected filtering mechanisms.", "issued": "2025-06-03T12:59:06Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4435 https://bugzilla.redhat.com/show_bug.cgi?id=2370010 https://www.cve.org/CVERecord?id=CVE-2025-4435 https://nvd.nist.gov/vuln/detail/CVE-2025-4435 https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4435.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "kRqkfuoNHXgeW9vp8iyzQw==": { "id": "kRqkfuoNHXgeW9vp8iyzQw==", "updater": "rhel-vex", "name": "CVE-2023-41175", "description": "A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.", "issued": "2023-07-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-41175 https://bugzilla.redhat.com/show_bug.cgi?id=2235264 https://www.cve.org/CVERecord?id=CVE-2023-41175 https://nvd.nist.gov/vuln/detail/CVE-2023-41175 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-41175.json https://access.redhat.com/errata/RHSA-2024:2289", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9", "arch_op": "pattern match" }, "kTasTqgA/HsT2H85z8VDPw==": { "id": "kTasTqgA/HsT2H85z8VDPw==", "updater": "rhel-vex", "name": "CVE-2023-46809", "description": "A flaw was found in Node.js. The privateDecrypt() API of the crypto library may allow a covert timing side-channel during PKCS#1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decrypt captured RSA ciphertexts or forge signatures, especially in scenarios involving API endpoints processing JSON Web Encryption messages.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46809 https://bugzilla.redhat.com/show_bug.cgi?id=2264569 https://www.cve.org/CVERecord?id=CVE-2023-46809 https://nvd.nist.gov/vuln/detail/CVE-2023-46809 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46809.json https://access.redhat.com/errata/RHSA-2024:1503", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.19.1-1.module+el9.3.0+21388+22892fb9", "arch_op": "pattern match" }, "kTyfGInwWoCVv7gGPYCF5g==": { "id": "kTyfGInwWoCVv7gGPYCF5g==", "updater": "rhel-vex", "name": "CVE-2023-2610", "description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "issued": "2023-05-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2610.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "kUo4IyXRh1XFppRDAqTNnw==": { "id": "kUo4IyXRh1XFppRDAqTNnw==", "updater": "rhel-vex", "name": "CVE-2023-33285", "description": "A vulnerability was discovered in Qt. This security flaw occurs in the QDnsLookup function, which has a buffer over-read via a crafted reply from a DNS server.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-33285 https://bugzilla.redhat.com/show_bug.cgi?id=2209488 https://www.cve.org/CVERecord?id=CVE-2023-33285 https://nvd.nist.gov/vuln/detail/CVE-2023-33285 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-33285.json https://access.redhat.com/errata/RHSA-2023:6369", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "qt5-srpm-macros", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:5.15.9-1.el9", "arch_op": "pattern match" }, "kVJhm1LYIfhvn92InJZLDQ==": { "id": "kVJhm1LYIfhvn92InJZLDQ==", "updater": "rhel-vex", "name": "CVE-2023-31147", "description": "A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom() are unavailable, c-ares will use rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand(), so it will generate predictable output.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31147 https://bugzilla.redhat.com/show_bug.cgi?id=2209501 https://www.cve.org/CVERecord?id=CVE-2023-31147 https://nvd.nist.gov/vuln/detail/CVE-2023-31147 https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31147.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.0-1.18.14.2.3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "kVjUyjaMJ0bXnwb03Ksw3A==": { "id": "kVjUyjaMJ0bXnwb03Ksw3A==", "updater": "rhel-vex", "name": "CVE-2024-0450", "description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.1", "arch_op": "pattern match" }, "kXL26w3j4LcAqSQ9tOuWMA==": { "id": "kXL26w3j4LcAqSQ9tOuWMA==", "updater": "rhel-vex", "name": "CVE-2025-23167", "description": "A flaw was found in the HTTP parser of Node.js. This vulnerability allows attackers to perform request smuggling and bypass proxy-based access controls via improperly terminated HTTP/1 headers using \\r\\n\\rX instead of the standard \\r\\n\\r\\n.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23167 https://bugzilla.redhat.com/show_bug.cgi?id=2367167 https://www.cve.org/CVERecord?id=CVE-2025-23167 https://nvd.nist.gov/vuln/detail/CVE-2025-23167 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23167.json https://access.redhat.com/errata/RHSA-2025:8468", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.2-1.20.19.2.1.module+el9.6.0+23146+be9976bd", "arch_op": "pattern match" }, "kaUbMItvWrS1leJMEsAk9A==": { "id": "kaUbMItvWrS1leJMEsAk9A==", "updater": "rhel-vex", "name": "CVE-2022-2284", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "issued": "2022-07-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2284.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "kdSSzkEHTOGF0fpTfXjzcg==": { "id": "kdSSzkEHTOGF0fpTfXjzcg==", "updater": "rhel-vex", "name": "CVE-2022-4904", "description": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.", "issued": "2022-12-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4904 https://bugzilla.redhat.com/show_bug.cgi?id=2168631 https://www.cve.org/CVERecord?id=CVE-2022-4904 https://nvd.nist.gov/vuln/detail/CVE-2022-4904 https://github.com/c-ares/c-ares/issues/496 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4904.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "keMF1HAI1OIF8MvJtPZQ+g==": { "id": "keMF1HAI1OIF8MvJtPZQ+g==", "updater": "rhel-vex", "name": "CVE-2023-31124", "description": "A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31124 https://bugzilla.redhat.com/show_bug.cgi?id=2209494 https://www.cve.org/CVERecord?id=CVE-2023-31124 https://nvd.nist.gov/vuln/detail/CVE-2023-31124 https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31124.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "kgCv9K1pgDK48LdFtpFN9Q==": { "id": "kgCv9K1pgDK48LdFtpFN9Q==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "khaGOQZwNAF+Kql1EAlBfw==": { "id": "khaGOQZwNAF+Kql1EAlBfw==", "updater": "rhel-vex", "name": "CVE-2025-26465", "description": "A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.", "issued": "2025-02-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-26465 https://bugzilla.redhat.com/show_bug.cgi?id=2344780 https://www.cve.org/CVERecord?id=CVE-2025-26465 https://nvd.nist.gov/vuln/detail/CVE-2025-26465 https://access.redhat.com/solutions/7109879 https://seclists.org/oss-sec/2025/q1/144 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-26465.json https://access.redhat.com/errata/RHSA-2025:6993", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-45.el9", "arch_op": "pattern match" }, "khwtIlYEcWkkzJP1rg7BNg==": { "id": "khwtIlYEcWkkzJP1rg7BNg==", "updater": "rhel-vex", "name": "CVE-2023-0466", "description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "ki2PMarj2WoMKDbw3+XV3A==": { "id": "ki2PMarj2WoMKDbw3+XV3A==", "updater": "rhel-vex", "name": "CVE-2026-29111", "description": "A flaw was found in systemd, a system and service manager. An unprivileged user can exploit this vulnerability by making an Inter-Process Communication (IPC) API call with spurious data. In older versions (v249 and earlier), this can lead to stack overwriting with attacker-controlled content, potentially enabling arbitrary code execution or privilege escalation. In newer versions (v250 and later), the flaw causes systemd to assert and freeze, resulting in a Denial of Service (DoS).", "issued": "2026-03-23T21:03:56Z", "links": "https://access.redhat.com/security/cve/CVE-2026-29111 https://bugzilla.redhat.com/show_bug.cgi?id=2450505 https://www.cve.org/CVERecord?id=CVE-2026-29111 https://nvd.nist.gov/vuln/detail/CVE-2026-29111 https://github.com/systemd/systemd/commit/1d22f706bd04f45f8422e17fbde3f56ece17758a https://github.com/systemd/systemd/commit/20021e7686426052e3a7505425d7e12085feb2a6 https://github.com/systemd/systemd/commit/21167006574d6b83813c7596759b474f56562412 https://github.com/systemd/systemd/commit/3cee294fe8cf4fa0eff933ab21416d099942cabd https://github.com/systemd/systemd/commit/42aee39107fbdd7db1ccd402a2151822b2805e9f https://github.com/systemd/systemd/commit/54588d2dedff54bfb6036670820650e4ea74628f https://github.com/systemd/systemd/commit/7ac3220213690e8a8d6d2a6e81e43bd1dce01d69 https://github.com/systemd/systemd/commit/80acea4ef80a4bb78560ed970c34952299b890d6 https://github.com/systemd/systemd/commit/b5fd14693057e5f2c9b4a49603be64ec3608ff6c https://github.com/systemd/systemd/commit/efa6ba2ab625aaa160ac435a09e6482fc63bdbe8 https://github.com/systemd/systemd/security/advisories/GHSA-gx6q-6f99-m764 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-29111.json https://access.redhat.com/errata/RHSA-2026:13677", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:252-55.el9_7.9", "arch_op": "pattern match" }, "kiHPM08GilYyFXQYDbdefw==": { "id": "kiHPM08GilYyFXQYDbdefw==", "updater": "rhel-vex", "name": "CVE-2023-23936", "description": "A flaw was found in the fetch API in Node.js that did not prevent CRLF injection in the 'host' header. This issue could allow HTTP response splitting and HTTP header injection.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23936 https://bugzilla.redhat.com/show_bug.cgi?id=2172190 https://www.cve.org/CVERecord?id=CVE-2023-23936 https://nvd.nist.gov/vuln/detail/CVE-2023-23936 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23936.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "kicrFnXrLH996rjfEw0amg==": { "id": "kicrFnXrLH996rjfEw0amg==", "updater": "rhel-vex", "name": "CVE-2026-27135", "description": "A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service (DoS).", "issued": "2026-03-18T17:59:02Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27135 https://bugzilla.redhat.com/show_bug.cgi?id=2448754 https://www.cve.org/CVERecord?id=CVE-2026-27135 https://nvd.nist.gov/vuln/detail/CVE-2026-27135 https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27135.json https://access.redhat.com/errata/RHSA-2026:7896", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.20.2-1.module+el9.7.0+24193+41b7b572", "arch_op": "pattern match" }, "kjz43GS3cPffEnOhzwtYDQ==": { "id": "kjz43GS3cPffEnOhzwtYDQ==", "updater": "rhel-vex", "name": "CVE-2026-22695", "description": "A flaw was found in libpng, a reference library for processing PNG (Portable Network Graphics) image files. A local attacker could exploit a heap buffer over-read vulnerability in the `png_image_finish_read` function by tricking a user into processing a specially crafted interlaced 16-bit PNG file with an 8-bit output format and non-minimal row stride. This could lead to a denial of service (DoS) and potentially information disclosure.", "issued": "2026-01-12T22:55:40Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22695 https://bugzilla.redhat.com/show_bug.cgi?id=2428825 https://www.cve.org/CVERecord?id=CVE-2026-22695 https://nvd.nist.gov/vuln/detail/CVE-2026-22695 https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea https://github.com/pnggroup/libpng/commit/e4f7ad4ea2 https://github.com/pnggroup/libpng/issues/778 https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22695.json https://access.redhat.com/errata/RHSA-2026:3405", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libpng", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:1.6.37-12.el9_7.2", "arch_op": "pattern match" }, "kkBeA26IUhnokem2LDfx1A==": { "id": "kkBeA26IUhnokem2LDfx1A==", "updater": "rhel-vex", "name": "CVE-2023-27538", "description": "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27538 https://bugzilla.redhat.com/show_bug.cgi?id=2179103 https://www.cve.org/CVERecord?id=CVE-2023-27538 https://nvd.nist.gov/vuln/detail/CVE-2023-27538 https://curl.se/docs/CVE-2023-27538.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27538.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "kkxgUCDqJw1GL8dK+Je2RA==": { "id": "kkxgUCDqJw1GL8dK+Je2RA==", "updater": "rhel-vex", "name": "CVE-2022-39260", "description": "Git is an open source, scalable, distributed revision control system. `git shell` is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an `int` to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to `execv()`, it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to `git shell` as a login shell in order to be vulnerable to this attack. This problem is patched in versions 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 and users are advised to upgrade to the latest version. Disabling `git shell` access via remote logins is a viable short-term workaround.", "issued": "2022-10-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-39260 https://bugzilla.redhat.com/show_bug.cgi?id=2137423 https://www.cve.org/CVERecord?id=CVE-2022-39260 https://nvd.nist.gov/vuln/detail/CVE-2022-39260 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-39260.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "klH60uFrR0WkawaSlcOEKg==": { "id": "klH60uFrR0WkawaSlcOEKg==", "updater": "rhel-vex", "name": "CVE-2026-1484", "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1484 https://bugzilla.redhat.com/show_bug.cgi?id=2433259 https://www.cve.org/CVERecord?id=CVE-2026-1484 https://nvd.nist.gov/vuln/detail/CVE-2026-1484 https://gitlab.gnome.org/GNOME/glib/-/issues/3870 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1484.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "knD9e5c9mhfEteHg6iIbAQ==": { "id": "knD9e5c9mhfEteHg6iIbAQ==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "knUP7wXG3O435cJDvu9Thw==": { "id": "knUP7wXG3O435cJDvu9Thw==", "updater": "rhel-vex", "name": "CVE-2025-69647", "description": "A flaw was found in binutils. Processing a specially crafted ELF binary file containing malformed DWARF loclists data with the readelf program can trigger an infinite loop and result in a denial of service.", "issued": "2026-03-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69647 https://bugzilla.redhat.com/show_bug.cgi?id=2445773 https://www.cve.org/CVERecord?id=CVE-2025-69647 https://nvd.nist.gov/vuln/detail/CVE-2025-69647 https://sourceware.org/bugzilla/show_bug.cgi?id=33640 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=455446bbdc8675f34808187de2bbad4682016ff7 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69647.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "koaJtTt9+fGxG4OSw5hxFA==": { "id": "koaJtTt9+fGxG4OSw5hxFA==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-DynaLoader", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.47-481.1.el9_6", "arch_op": "pattern match" }, "ktNuCXztDAtRpUWlUtIWUg==": { "id": "ktNuCXztDAtRpUWlUtIWUg==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "ktZZSLvjrHrh7DYZ23sMhw==": { "id": "ktZZSLvjrHrh7DYZ23sMhw==", "updater": "rhel-vex", "name": "CVE-2023-45143", "description": "A flaw was found in the Undici node package due to the occurrence of Cross-origin requests, possibly leading to a cookie header leakage. By default, cookie headers are forbidden request headers, and they must be enabled. This flaw allows a malicious user to access this leaked cookie if they have control of the redirection.", "issued": "2023-10-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45143 https://bugzilla.redhat.com/show_bug.cgi?id=2244104 https://www.cve.org/CVERecord?id=CVE-2023-45143 https://nvd.nist.gov/vuln/detail/CVE-2023-45143 https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45143.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "kwBmjCC7+d5xUliMZJPNWA==": { "id": "kwBmjCC7+d5xUliMZJPNWA==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-File-stat", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.09-481.el9", "arch_op": "pattern match" }, "kxjEyJZKMrQwjAj12bH0Ag==": { "id": "kxjEyJZKMrQwjAj12bH0Ag==", "updater": "rhel-vex", "name": "CVE-2024-22018", "description": "A flaw was found in the Node.js package. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve stats from files they do not have explicit read access to.", "issued": "2024-07-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22018 https://bugzilla.redhat.com/show_bug.cgi?id=2296990 https://www.cve.org/CVERecord?id=CVE-2024-22018 https://nvd.nist.gov/vuln/detail/CVE-2024-22018 https://hackerone.com/reports/2145862 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22018.json https://access.redhat.com/errata/RHSA-2024:5815", "severity": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.16.0-1.module+el9.4.0+22197+9e60f127", "arch_op": "pattern match" }, "ky4IJ5u2Ib7CaDmE7xOysg==": { "id": "ky4IJ5u2Ib7CaDmE7xOysg==", "updater": "rhel-vex", "name": "CVE-2021-46822", "description": "A heap-based buffer overflow vulnerability was found in libjpeg-turbo in the get_word_rgb_row() function in rdppm.c. The flaw occurs when the PPM reader in libjpeg-turbo mishandles use of the tjLoadImage() function for loading a 16-bit binary PPM file into a grayscale uncompressed image buffer and then loading a 16-bit binary PGM file into an RGB uncompressed image buffer. This flaw allows a remote attacker to persuade a victim to open a specially-crafted file, causing the application to crash.", "issued": "2021-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-46822 https://bugzilla.redhat.com/show_bug.cgi?id=2100044 https://www.cve.org/CVERecord?id=CVE-2021-46822 https://nvd.nist.gov/vuln/detail/CVE-2021-46822 https://exchange.xforce.ibmcloud.com/vulnerabilities/221567 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-46822.json https://access.redhat.com/errata/RHSA-2023:1068", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libjpeg-turbo-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.0.90-6.el9_1", "arch_op": "pattern match" }, "l/tOmWC5BVb4or7dYqfWjA==": { "id": "l/tOmWC5BVb4or7dYqfWjA==", "updater": "rhel-vex", "name": "CVE-2026-41411", "description": "A flaw was found in Vim, an open-source command-line text editor. This command injection vulnerability occurs during tag file processing. A local user could craft a malicious tags file containing backtick syntax in the filename field. When Vim resolves a tag from this file, it executes the embedded command via the system shell, leading to arbitrary code execution with the privileges of the running user.", "issued": "2026-04-24T16:51:39Z", "links": "https://access.redhat.com/security/cve/CVE-2026-41411 https://bugzilla.redhat.com/show_bug.cgi?id=2461614 https://www.cve.org/CVERecord?id=CVE-2026-41411 https://nvd.nist.gov/vuln/detail/CVE-2026-41411 https://github.com/vim/vim/commit/c78194e41d5a0b05b0ddf383b6679b1503f977fb https://github.com/vim/vim/releases/tag/v9.2.0357 https://github.com/vim/vim/security/advisories/GHSA-cwgx-gcj7-6qh8 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-41411.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "l1pK1ezh6e0g8I+Dp2iK7w==": { "id": "l1pK1ezh6e0g8I+Dp2iK7w==", "updater": "rhel-vex", "name": "CVE-2025-9086", "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", "issued": "2025-09-12T05:10:03Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9086 https://bugzilla.redhat.com/show_bug.cgi?id=2394750 https://www.cve.org/CVERecord?id=CVE-2025-9086 https://nvd.nist.gov/vuln/detail/CVE-2025-9086 https://curl.se/docs/CVE-2025-9086.html https://curl.se/docs/CVE-2025-9086.json https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6 https://hackerone.com/reports/3294999 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9086.json https://access.redhat.com/errata/RHSA-2026:1350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-35.el9_7.3", "arch_op": "pattern match" }, "l2+nQ26t0lYvVluseJErUQ==": { "id": "l2+nQ26t0lYvVluseJErUQ==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-File-Copy", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-481.el9", "arch_op": "pattern match" }, "l2fXal/tlhZFSzN3bmiLSg==": { "id": "l2fXal/tlhZFSzN3bmiLSg==", "updater": "rhel-vex", "name": "CVE-2024-4603", "description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.  In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "issued": "2024-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "l3j9C20yHr6ZHIXLApzl0A==": { "id": "l3j9C20yHr6ZHIXLApzl0A==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "l5Fb8T5ynp1oelRWVY+EaQ==": { "id": "l5Fb8T5ynp1oelRWVY+EaQ==", "updater": "rhel-vex", "name": "CVE-2024-45336", "description": "A flaw was found in the net/http package of the Golang standard library. The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to `a.com/` containing an Authorization header redirected to `b.com/` will not send that header to `b.com`. However, the sensitive headers would be restored if the client received a subsequent same-domain redirect. For example, a chain of redirects from `a.com/`, to `b.com/1`, and finally to `b.com/2` would incorrectly send the Authorization header to `b.com/2`.", "issued": "2025-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/show_bug.cgi?id=2341751 https://www.cve.org/CVERecord?id=CVE-2024-45336 https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://github.com/golang/go/issues/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45336.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "l5eC5C4lpe8Zt0TnNwDO+g==": { "id": "l5eC5C4lpe8Zt0TnNwDO+g==", "updater": "rhel-vex", "name": "CVE-2026-34982", "description": "A flaw was found in Vim. A modeline is used to set specific editor options directly from a text file. However, the `complete`, `guitabtooltip`, `printheader` options and the `mapset` function lack proper security checks, allowing an attacker to bypass restrictions and cause arbitrary OS command execution.", "issued": "2026-04-06T15:16:48Z", "links": "https://access.redhat.com/security/cve/CVE-2026-34982 https://bugzilla.redhat.com/show_bug.cgi?id=2455400 https://www.cve.org/CVERecord?id=CVE-2026-34982 https://nvd.nist.gov/vuln/detail/CVE-2026-34982 http://www.openwall.com/lists/oss-security/2026/04/01/1 https://github.com/vim/vim/commit/75661a66a1db1e1f3f1245c615 https://github.com/vim/vim/releases/tag/v9.2.0276 https://github.com/vim/vim/security/advisories/GHSA-8h6p-m6gr-mpw9 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34982.json https://access.redhat.com/errata/RHSA-2026:11510", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-23.el9_7.3", "arch_op": "pattern match" }, "l5iJurZf3UzepkqgzjvSSQ==": { "id": "l5iJurZf3UzepkqgzjvSSQ==", "updater": "rhel-vex", "name": "CVE-2025-5914", "description": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5914 https://bugzilla.redhat.com/show_bug.cgi?id=2370861 https://www.cve.org/CVERecord?id=CVE-2025-5914 https://nvd.nist.gov/vuln/detail/CVE-2025-5914 https://github.com/libarchive/libarchive/pull/2598 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5914.json https://access.redhat.com/errata/RHSA-2025:14130", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "bsdtar", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-6.el9_6", "arch_op": "pattern match" }, "l6IrI73Pg+lrisEtcgX+0Q==": { "id": "l6IrI73Pg+lrisEtcgX+0Q==", "updater": "rhel-vex", "name": "CVE-2026-3784", "description": "A flaw was found in curl. This vulnerability allows curl to wrongly reuse an existing HTTP proxy connection when performing a CONNECT request to a server, even if the new request uses different authentication credentials for the HTTP proxy. This improper connection reuse could lead to an attacker gaining unauthorized access to resources or information intended for a different user.", "issued": "2026-03-11T10:09:21Z", "links": "https://access.redhat.com/security/cve/CVE-2026-3784 https://bugzilla.redhat.com/show_bug.cgi?id=2446449 https://www.cve.org/CVERecord?id=CVE-2026-3784 https://nvd.nist.gov/vuln/detail/CVE-2026-3784 http://www.openwall.com/lists/oss-security/2026/03/11/3 https://curl.se/docs/CVE-2026-3784.html https://curl.se/docs/CVE-2026-3784.json https://hackerone.com/reports/3584903 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3784.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "l7gfVyLrNH9qcWdXdRt9Kg==": { "id": "l7gfVyLrNH9qcWdXdRt9Kg==", "updater": "rhel-vex", "name": "CVE-2022-30632", "description": "A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-30632 https://bugzilla.redhat.com/show_bug.cgi?id=2107386 https://www.cve.org/CVERecord?id=CVE-2022-30632 https://nvd.nist.gov/vuln/detail/CVE-2022-30632 https://go.dev/issue/53416 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-30632.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "l8driNMmALQs2/V7+uCq+w==": { "id": "l8driNMmALQs2/V7+uCq+w==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-NDBM_File", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.15-481.1.el9_6", "arch_op": "pattern match" }, "l8z3hCmcLYlZgxzha0zw+g==": { "id": "l8z3hCmcLYlZgxzha0zw+g==", "updater": "rhel-vex", "name": "CVE-2023-45288", "description": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45288 https://bugzilla.redhat.com/show_bug.cgi?id=2268273 https://www.cve.org/CVERecord?id=CVE-2023-45288 https://nvd.nist.gov/vuln/detail/CVE-2023-45288 https://nowotarski.info/http2-continuation-flood/ https://pkg.go.dev/vuln/GO-2024-2687 https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45288.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "l91ZStS7zd83ItxB5JiNAw==": { "id": "l91ZStS7zd83ItxB5JiNAw==", "updater": "rhel-vex", "name": "CVE-2026-0865", "description": "Missing newline filtering has been discovered in Python. User-controlled header names and values containing newlines can allow injecting HTTP headers.", "issued": "2026-01-20T21:26:15Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0865 https://bugzilla.redhat.com/show_bug.cgi?id=2431367 https://www.cve.org/CVERecord?id=CVE-2026-0865 https://nvd.nist.gov/vuln/detail/CVE-2026-0865 https://github.com/python/cpython/issues/143916 https://github.com/python/cpython/pull/143917 https://mail.python.org/archives/list/security-announce@python.org/thread/BJ6QPHNSHJTS3A7CFV6IBMCAP2DWRVNT/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0865.json https://access.redhat.com/errata/RHSA-2026:4168", "severity": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.25-3.el9_7.1", "arch_op": "pattern match" }, "lAFNCmDlAVSKGu2gqmWvBw==": { "id": "lAFNCmDlAVSKGu2gqmWvBw==", "updater": "rhel-vex", "name": "CVE-2025-9230", "description": "A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).", "issued": "2025-09-30T23:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9230 https://bugzilla.redhat.com/show_bug.cgi?id=2396054 https://www.cve.org/CVERecord?id=CVE-2025-9230 https://nvd.nist.gov/vuln/detail/CVE-2025-9230 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9230.json https://access.redhat.com/errata/RHSA-2025:21255", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-4.el9_7", "arch_op": "pattern match" }, "lBoi08D0xA11v+agRADO8A==": { "id": "lBoi08D0xA11v+agRADO8A==", "updater": "rhel-vex", "name": "CVE-2025-7425", "description": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.", "issued": "2025-07-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-7425 https://bugzilla.redhat.com/show_bug.cgi?id=2379274 https://www.cve.org/CVERecord?id=CVE-2025-7425 https://nvd.nist.gov/vuln/detail/CVE-2025-7425 https://gitlab.gnome.org/GNOME/libxslt/-/issues/140 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-7425.json https://access.redhat.com/errata/RHSA-2025:12447", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-11.el9_6", "arch_op": "pattern match" }, "lCc1jyHfsFJK2HfULjN8pA==": { "id": "lCc1jyHfsFJK2HfULjN8pA==", "updater": "rhel-vex", "name": "CVE-2025-12781", "description": "A flaw was found in the base64 module in the Python standard library. The b64decode, standard_b64decode and urlsafe_b64decode functions will always accept the '+' and '/' characters even when an alternative base64 alphabet is specified via the altchars parameter that excludes them. This input validation bypass allows malformed or unexpected data to pass through decoding filters, potentially causing logical errors or data integrity issues in applications relying on strict character sets.", "issued": "2026-01-21T19:34:47Z", "links": "https://access.redhat.com/security/cve/CVE-2025-12781 https://bugzilla.redhat.com/show_bug.cgi?id=2431736 https://www.cve.org/CVERecord?id=CVE-2025-12781 https://nvd.nist.gov/vuln/detail/CVE-2025-12781 https://github.com/python/cpython/issues/125346 https://github.com/python/cpython/pull/141128 https://mail.python.org/archives/list/security-announce@python.org/thread/KRI7GC6S27YV5NJ4FPDALS2WI5ENAFJ6/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-12781.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3.9", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "lCd4ciOqH+xVdJTAK6erDg==": { "id": "lCd4ciOqH+xVdJTAK6erDg==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-POSIX", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.94-481.el9", "arch_op": "pattern match" }, "lG2c0hNx+Fgq8Zf8B1rJyw==": { "id": "lG2c0hNx+Fgq8Zf8B1rJyw==", "updater": "rhel-vex", "name": "CVE-2023-30589", "description": "A vulnerability has been identified in the Node.js, where llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30589 https://bugzilla.redhat.com/show_bug.cgi?id=2219841 https://www.cve.org/CVERecord?id=CVE-2023-30589 https://nvd.nist.gov/vuln/detail/CVE-2023-30589 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30589.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.16.1-1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "lH27Z8PmZeo/EM/AegpCTA==": { "id": "lH27Z8PmZeo/EM/AegpCTA==", "updater": "rhel-vex", "name": "CVE-2024-24790", "description": "A flaw was found in the Go language standard library net/netip. The method Is*() (IsPrivate(), IsPublic(), etc) doesn't behave properly when working with IPv6 mapped to IPv4 addresses. The unexpected behavior can lead to integrity and confidentiality issues, specifically when these methods are used to control access to resources or data.", "issued": "2024-06-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24790 https://bugzilla.redhat.com/show_bug.cgi?id=2292787 https://www.cve.org/CVERecord?id=CVE-2024-24790 https://nvd.nist.gov/vuln/detail/CVE-2024-24790 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24790.json https://access.redhat.com/errata/RHSA-2024:4212", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.11-1.el9_4", "arch_op": "pattern match" }, "lHLNxD93t7uUJfmDhNwvCQ==": { "id": "lHLNxD93t7uUJfmDhNwvCQ==", "updater": "rhel-vex", "name": "CVE-2022-3256", "description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-09-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3256.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "lIzMhy2E3/kAp+LsQCQyCA==": { "id": "lIzMhy2E3/kAp+LsQCQyCA==", "updater": "osv/go", "name": "GO-2023-1704", "description": "Excessive memory allocation in net/http and net/textproto", "issued": "2023-04-05T21:04:28Z", "links": "https://go.dev/issue/58975 https://go.dev/cl/481994 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.8" }, "lJ8RTw7m+AgAnWW6upSntA==": { "id": "lJ8RTw7m+AgAnWW6upSntA==", "updater": "rhel-vex", "name": "CVE-2021-45078", "description": "An out-of-bounds flaw was found in binutils’ stabs functionality. The attack needs to be initiated locally where an attacker could convince a victim to read a specially crafted file that is processed by objdump, leading to the disclosure of memory and possibly leading to the execution of arbitrary code or causing the utility to crash.", "issued": "2021-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-45078 https://bugzilla.redhat.com/show_bug.cgi?id=2033715 https://www.cve.org/CVERecord?id=CVE-2021-45078 https://nvd.nist.gov/vuln/detail/CVE-2021-45078 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-45078.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "lJah2RfNfRF+vEQdCucT7w==": { "id": "lJah2RfNfRF+vEQdCucT7w==", "updater": "rhel-vex", "name": "CVE-2024-6232", "description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "issued": "2024-09-03T13:15:05Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:9468", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.19-8.el9_5.1", "arch_op": "pattern match" }, "lKniGV6mBq1xFWJ6V0QVvA==": { "id": "lKniGV6mBq1xFWJ6V0QVvA==", "updater": "rhel-vex", "name": "CVE-2023-29491", "description": "A vulnerability was found in ncurses and occurs when used by a setuid application. This flaw allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "issued": "2023-04-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29491 https://bugzilla.redhat.com/show_bug.cgi?id=2191704 https://www.cve.org/CVERecord?id=CVE-2023-29491 https://nvd.nist.gov/vuln/detail/CVE-2023-29491 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29491.json https://access.redhat.com/errata/RHSA-2023:6698", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "ncurses-base", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9", "arch_op": "pattern match" }, "lM6Cai1zYvH4FYQ8nb6tQg==": { "id": "lM6Cai1zYvH4FYQ8nb6tQg==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "lO89yYeT5Xt1E5KBgR1OXw==": { "id": "lO89yYeT5Xt1E5KBgR1OXw==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "lQ+CMunyB1B/r/pkv6U72w==": { "id": "lQ+CMunyB1B/r/pkv6U72w==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Class-Struct", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:0.66-481.1.el9_6", "arch_op": "pattern match" }, "lQBARBTddFvexevUD04GZA==": { "id": "lQBARBTddFvexevUD04GZA==", "updater": "rhel-vex", "name": "CVE-2026-5745", "description": "A flaw was found in libarchive. A NULL pointer dereference vulnerability exists in the ACL parsing logic, specifically within the archive_acl_from_text_nl() function. When processing a malformed ACL string (such as a bare \"d\" or \"default\" tag without subsequent fields), the function fails to perform adequate validation before advancing the pointer. An attacker can exploit this by providing a maliciously crafted archive, causing an application utilizing the libarchive API (such as bsdtar) to crash, resulting in a Denial of Service (DoS).", "issued": "2026-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5745 https://bugzilla.redhat.com/show_bug.cgi?id=2455921 https://www.cve.org/CVERecord?id=CVE-2026-5745 https://nvd.nist.gov/vuln/detail/CVE-2026-5745 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5745.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "lTNtbu9KrTbZ2ion3t+azw==": { "id": "lTNtbu9KrTbZ2ion3t+azw==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://inbox.sourceware.org/libc-announce/3ac997b0-28a5-4129-af53-675efe4c2dec@redhat.com/T/#u https://sourceware.org/bugzilla/show_bug.cgi?id=32976 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "lVjWozUTbgE/Ed14ZW1okw==": { "id": "lVjWozUTbgE/Ed14ZW1okw==", "updater": "rhel-vex", "name": "CVE-2025-61726", "description": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.", "issued": "2026-01-28T19:30:31Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61726 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://www.cve.org/CVERecord?id=CVE-2025-61726 https://nvd.nist.gov/vuln/detail/CVE-2025-61726 https://go.dev/cl/736712 https://go.dev/issue/77101 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://pkg.go.dev/vuln/GO-2026-4341 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61726.json https://access.redhat.com/errata/RHSA-2026:2709", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.25.7-1.el9_7", "arch_op": "pattern match" }, "lWKRi6BgpanbsQgeIct91A==": { "id": "lWKRi6BgpanbsQgeIct91A==", "updater": "rhel-vex", "name": "CVE-2022-35252", "description": "A vulnerability found in curl. This security flaw happens when curl is used to retrieve and parse cookies from an HTTP(S) server, where it accepts cookies using control codes (byte values below 32), and also when cookies that contain such control codes are later sent back to an HTTP(S) server, possibly causing the server to return a 400 response. This issue effectively allows a \"sister site\" to deny service to siblings and cause a denial of service attack.", "issued": "2022-08-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-35252 https://bugzilla.redhat.com/show_bug.cgi?id=2120718 https://www.cve.org/CVERecord?id=CVE-2022-35252 https://nvd.nist.gov/vuln/detail/CVE-2022-35252 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-35252.json https://access.redhat.com/errata/RHSA-2023:2478", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9", "arch_op": "pattern match" }, "lWdVDKK0NI1ECjrQyrQZhA==": { "id": "lWdVDKK0NI1ECjrQyrQZhA==", "updater": "rhel-vex", "name": "CVE-2025-11414", "description": "A flaw was found in binutils. Processing a specially crafted object file with the ld linker can trigger an out-of-bounds read in the get_link_hash_entry function in the bfd/elflink.c file due to an improper check, causing a crash and resulting in a denial of service.", "issued": "2025-10-07T22:32:07Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11414 https://bugzilla.redhat.com/show_bug.cgi?id=2402424 https://www.cve.org/CVERecord?id=CVE-2025-11414 https://nvd.nist.gov/vuln/detail/CVE-2025-11414 https://sourceware.org/bugzilla/show_bug.cgi?id=33450 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=aeaaa9af6359c8e394ce9cf24911fec4f4d23703 https://vuldb.com/?id.327350 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11414.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "lWxwCNVjYSW4SdS9h9uKvg==": { "id": "lWxwCNVjYSW4SdS9h9uKvg==", "updater": "rhel-vex", "name": "CVE-2025-59464", "description": "A resource consumption flaw has been discovered in NodeJS. A memory leak in Node.js’s OpenSSL integration occurs when converting `X.509` certificate fields to UTF-8 without freeing the allocated buffer. When applications call `socket.getPeerCertificate(true)`, each certificate field leaks memory, allowing remote clients to trigger steady memory growth through repeated TLS connections. Over time this can lead to resource exhaustion and denial of service.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-59464 https://bugzilla.redhat.com/show_bug.cgi?id=2431344 https://www.cve.org/CVERecord?id=CVE-2025-59464 https://nvd.nist.gov/vuln/detail/CVE-2025-59464 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-59464.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "lc0ErrFagkcQxsv9AGKTjw==": { "id": "lc0ErrFagkcQxsv9AGKTjw==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "ldTn/Q3i3BpKZ95U4mfrcQ==": { "id": "ldTn/Q3i3BpKZ95U4mfrcQ==", "updater": "rhel-vex", "name": "CVE-2024-45490", "description": "A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function.", "issued": "2024-08-30T03:15:03Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45490 https://bugzilla.redhat.com/show_bug.cgi?id=2308615 https://www.cve.org/CVERecord?id=CVE-2024-45490 https://nvd.nist.gov/vuln/detail/CVE-2024-45490 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/887 https://github.com/libexpat/libexpat/pull/890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45490.json https://access.redhat.com/errata/RHSA-2024:6754", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-2.el9_4.1", "arch_op": "pattern match" }, "lgYZVj6kPc0Poy1meDiyZQ==": { "id": "lgYZVj6kPc0Poy1meDiyZQ==", "updater": "rhel-vex", "name": "CVE-2025-53905", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:48:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53905 https://bugzilla.redhat.com/show_bug.cgi?id=2380362 https://www.cve.org/CVERecord?id=CVE-2025-53905 https://nvd.nist.gov/vuln/detail/CVE-2025-53905 https://github.com/vim/vim/commit/87757c6b0a4b2c1f71c72ea8e1438b8fb116b239 https://github.com/vim/vim/security/advisories/GHSA-74v4-f3x9-ppvr https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53905.json https://access.redhat.com/errata/RHSA-2025:20945", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-23.el9_7", "arch_op": "pattern match" }, "lh/EYac7XXFvwJr7gkU1TA==": { "id": "lh/EYac7XXFvwJr7gkU1TA==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "ljT4JJv6XdYorFfJ6zbfog==": { "id": "ljT4JJv6XdYorFfJ6zbfog==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "lppk3oI+Rm/KVCEYBGVKcg==": { "id": "lppk3oI+Rm/KVCEYBGVKcg==", "updater": "rhel-vex", "name": "CVE-2026-40355", "description": "A flaw was found in MIT Kerberos 5 (krb5). An unauthenticated remote attacker can exploit a NULL pointer dereference vulnerability by calling `gss_accept_sec_context()` on a system with a NegoEx mechanism registered. This can lead to the termination of the process, resulting in a Denial of Service (DoS).", "issued": "2026-04-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-40355 https://bugzilla.redhat.com/show_bug.cgi?id=2463370 https://www.cve.org/CVERecord?id=CVE-2026-40355 https://nvd.nist.gov/vuln/detail/CVE-2026-40355 https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f https://web.mit.edu/kerberos/advisories/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-40355.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "lsfrxxENmZMCtV8uOKkr8Q==": { "id": "lsfrxxENmZMCtV8uOKkr8Q==", "updater": "rhel-vex", "name": "CVE-2024-6119", "description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "issued": "2024-09-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-28.el9_4", "arch_op": "pattern match" }, "ltoIfsso65jjPxRqV9UMRw==": { "id": "ltoIfsso65jjPxRqV9UMRw==", "updater": "rhel-vex", "name": "CVE-2023-39322", "description": "A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39322 https://bugzilla.redhat.com/show_bug.cgi?id=2237778 https://www.cve.org/CVERecord?id=CVE-2023-39322 https://nvd.nist.gov/vuln/detail/CVE-2023-39322 https://go.dev/cl/523039 https://go.dev/issue/62266 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2045.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39322.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "ltryu+P4IG4b3EAJKjyGHQ==": { "id": "ltryu+P4IG4b3EAJKjyGHQ==", "updater": "rhel-vex", "name": "CVE-2025-53905", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:48:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53905 https://bugzilla.redhat.com/show_bug.cgi?id=2380362 https://www.cve.org/CVERecord?id=CVE-2025-53905 https://nvd.nist.gov/vuln/detail/CVE-2025-53905 https://github.com/vim/vim/commit/87757c6b0a4b2c1f71c72ea8e1438b8fb116b239 https://github.com/vim/vim/security/advisories/GHSA-74v4-f3x9-ppvr https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53905.json https://access.redhat.com/errata/RHSA-2025:17742", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-22.el9_6.1", "arch_op": "pattern match" }, "lv4eSxX+AEAW88phUmOolQ==": { "id": "lv4eSxX+AEAW88phUmOolQ==", "updater": "rhel-vex", "name": "CVE-2024-26462", "description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "issued": "2024-02-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-26462.json https://access.redhat.com/errata/RHSA-2024:9331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-3.el9", "arch_op": "pattern match" }, "lz6O0nYiDpis8SScmTUuSg==": { "id": "lz6O0nYiDpis8SScmTUuSg==", "updater": "rhel-vex", "name": "CVE-2025-1215", "description": "A flaw was found in Vim. A local user may be able to trigger memory corruption by using the `--log` option with a non-existent path, which can lead to an application crash or other undefined behavior.", "issued": "2025-02-12T18:31:06Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1215 https://bugzilla.redhat.com/show_bug.cgi?id=2345318 https://www.cve.org/CVERecord?id=CVE-2025-1215 https://nvd.nist.gov/vuln/detail/CVE-2025-1215 https://github.com/vim/vim/commit/c5654b84480822817bb7b69ebc97c174c91185e9 https://github.com/vim/vim/issues/16606 https://github.com/vim/vim/releases/tag/v9.1.1097 https://vuldb.com/?ctiid.295174 https://vuldb.com/?id.295174 https://vuldb.com/?submit.497546 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1215.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "m+ltkfB6bwuyxpSjgAFr9w==": { "id": "m+ltkfB6bwuyxpSjgAFr9w==", "updater": "rhel-vex", "name": "CVE-2023-5363", "description": "A flaw was found in OpenSSL in how it processes key and initialization vector (IV) lengths. This issue can lead to potential truncation or overruns during the initialization of some symmetric ciphers. A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. Both truncations and overruns of the key and the IV will produce incorrect results and could, in some cases, trigger a memory exception.", "issued": "2023-10-24T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5363 https://bugzilla.redhat.com/show_bug.cgi?id=2243839 https://www.cve.org/CVERecord?id=CVE-2023-5363 https://nvd.nist.gov/vuln/detail/CVE-2023-5363 https://www.openssl.org/news/secadv/20231024.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5363.json https://access.redhat.com/errata/RHSA-2024:0310", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-25.el9_3", "arch_op": "pattern match" }, "m/cpX9gyFETv4B87S/qRxw==": { "id": "m/cpX9gyFETv4B87S/qRxw==", "updater": "rhel-vex", "name": "CVE-2025-11468", "description": "Missing character filtering has been discovered in Python. When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized.", "issued": "2026-01-20T21:09:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11468 https://bugzilla.redhat.com/show_bug.cgi?id=2431375 https://www.cve.org/CVERecord?id=CVE-2025-11468 https://nvd.nist.gov/vuln/detail/CVE-2025-11468 https://github.com/python/cpython/issues/143935 https://github.com/python/cpython/pull/143936 https://mail.python.org/archives/list/security-announce@python.org/thread/FELSEOLBI2QR6YLG6Q7VYF7FWSGQTKLI/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11468.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3.9", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "m/d6QTwNzEzxGSR3T2263Q==": { "id": "m/d6QTwNzEzxGSR3T2263Q==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "m02T5S9rBezyv/+a/R6Fkw==": { "id": "m02T5S9rBezyv/+a/R6Fkw==", "updater": "rhel-vex", "name": "CVE-2024-50349", "description": "A flaw was found in Git. This vulnerability occurs when Git requests credentials via a terminal prompt, for example, without the use of a credential helper. During this process, Git displays the host name for which the credentials are needed, but any URL-encoded parts are decoded and displayed directly. This can allow an attacker to manipulate URLs by including ANSI escape sequences, which can be interpreted by the terminal to mislead users by tricking them into entering passwords that are redirected to malicious attacker-controlled sites.", "issued": "2025-01-14T18:43:42Z", "links": "https://access.redhat.com/security/cve/CVE-2024-50349 https://bugzilla.redhat.com/show_bug.cgi?id=2337824 https://www.cve.org/CVERecord?id=CVE-2024-50349 https://nvd.nist.gov/vuln/detail/CVE-2024-50349 https://github.com/git/git/commit/7725b8100ffbbff2750ee4d61a0fcc1f53a086e8 https://github.com/git/git/commit/c903985bf7e772e2d08275c1a95c8a55ab011577 https://github.com/git/git/security/advisories/GHSA-hmg8-h7qf-7cxr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50349.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "m0VRm0XEm9FSwttsQ8QLaQ==": { "id": "m0VRm0XEm9FSwttsQ8QLaQ==", "updater": "rhel-vex", "name": "CVE-2023-0465", "description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "m2sL00H9lvJ4xs2UqwHxiQ==": { "id": "m2sL00H9lvJ4xs2UqwHxiQ==", "updater": "rhel-vex", "name": "CVE-2022-4904", "description": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.", "issued": "2022-12-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4904 https://bugzilla.redhat.com/show_bug.cgi?id=2168631 https://www.cve.org/CVERecord?id=CVE-2022-4904 https://nvd.nist.gov/vuln/detail/CVE-2022-4904 https://github.com/c-ares/c-ares/issues/496 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4904.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "m4A081U6rE2WLJ4u/pMkqg==": { "id": "m4A081U6rE2WLJ4u/pMkqg==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "m77LjZYd/4k9LSozG2S2mA==": { "id": "m77LjZYd/4k9LSozG2S2mA==", "updater": "rhel-vex", "name": "CVE-2024-50349", "description": "A flaw was found in Git. This vulnerability occurs when Git requests credentials via a terminal prompt, for example, without the use of a credential helper. During this process, Git displays the host name for which the credentials are needed, but any URL-encoded parts are decoded and displayed directly. This can allow an attacker to manipulate URLs by including ANSI escape sequences, which can be interpreted by the terminal to mislead users by tricking them into entering passwords that are redirected to malicious attacker-controlled sites.", "issued": "2025-01-14T18:43:42Z", "links": "https://access.redhat.com/security/cve/CVE-2024-50349 https://bugzilla.redhat.com/show_bug.cgi?id=2337824 https://www.cve.org/CVERecord?id=CVE-2024-50349 https://nvd.nist.gov/vuln/detail/CVE-2024-50349 https://github.com/git/git/commit/7725b8100ffbbff2750ee4d61a0fcc1f53a086e8 https://github.com/git/git/commit/c903985bf7e772e2d08275c1a95c8a55ab011577 https://github.com/git/git/security/advisories/GHSA-hmg8-h7qf-7cxr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50349.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "m94VQcvA5qigjAcL/i2L2Q==": { "id": "m94VQcvA5qigjAcL/i2L2Q==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-File-Basename", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.85-481.1.el9_6", "arch_op": "pattern match" }, "mBrf1Yfgr5icNwG8S0edeA==": { "id": "mBrf1Yfgr5icNwG8S0edeA==", "updater": "rhel-vex", "name": "CVE-2023-29007", "description": "A vulnerability was found in Git. This security flaw occurs when renaming or deleting a section from a configuration file, where certain malicious configuration values may be misinterpreted as the beginning of a new configuration section. This flaw leads to arbitrary configuration injection.", "issued": "2023-04-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29007 https://bugzilla.redhat.com/show_bug.cgi?id=2188338 https://www.cve.org/CVERecord?id=CVE-2023-29007 https://nvd.nist.gov/vuln/detail/CVE-2023-29007 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29007.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "mESXtMr2XIcnFGpdxMD0iA==": { "id": "mESXtMr2XIcnFGpdxMD0iA==", "updater": "rhel-vex", "name": "CVE-2025-15467", "description": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.", "issued": "2026-01-27T14:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15467 https://bugzilla.redhat.com/show_bug.cgi?id=2430376 https://www.cve.org/CVERecord?id=CVE-2025-15467 https://nvd.nist.gov/vuln/detail/CVE-2025-15467 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15467.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "mEw7dcF5jpuxJvu2G3JEew==": { "id": "mEw7dcF5jpuxJvu2G3JEew==", "updater": "rhel-vex", "name": "CVE-2026-34982", "description": "A flaw was found in Vim. A modeline is used to set specific editor options directly from a text file. However, the `complete`, `guitabtooltip`, `printheader` options and the `mapset` function lack proper security checks, allowing an attacker to bypass restrictions and cause arbitrary OS command execution.", "issued": "2026-04-06T15:16:48Z", "links": "https://access.redhat.com/security/cve/CVE-2026-34982 https://bugzilla.redhat.com/show_bug.cgi?id=2455400 https://www.cve.org/CVERecord?id=CVE-2026-34982 https://nvd.nist.gov/vuln/detail/CVE-2026-34982 http://www.openwall.com/lists/oss-security/2026/04/01/1 https://github.com/vim/vim/commit/75661a66a1db1e1f3f1245c615 https://github.com/vim/vim/releases/tag/v9.2.0276 https://github.com/vim/vim/security/advisories/GHSA-8h6p-m6gr-mpw9 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34982.json https://access.redhat.com/errata/RHSA-2026:11510", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "vim-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-23.el9_7.3", "arch_op": "pattern match" }, "mFUy6wspY0y/sfnCfQc0Yw==": { "id": "mFUy6wspY0y/sfnCfQc0Yw==", "updater": "rhel-vex", "name": "CVE-2026-32282", "description": "A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.", "issued": "2026-04-08T01:06:55Z", "links": "https://access.redhat.com/security/cve/CVE-2026-32282 https://bugzilla.redhat.com/show_bug.cgi?id=2456336 https://www.cve.org/CVERecord?id=CVE-2026-32282 https://nvd.nist.gov/vuln/detail/CVE-2026-32282 https://go.dev/cl/763761 https://go.dev/issue/78293 https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU https://pkg.go.dev/vuln/GO-2026-4864 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32282.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-rpm-macros", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "mIzvIMMUHDBMdt3eAx+4Rw==": { "id": "mIzvIMMUHDBMdt3eAx+4Rw==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "mJw+LvAbCoVMIOZXCXNFpg==": { "id": "mJw+LvAbCoVMIOZXCXNFpg==", "updater": "rhel-vex", "name": "CVE-2025-5916", "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5916 https://bugzilla.redhat.com/show_bug.cgi?id=2370872 https://www.cve.org/CVERecord?id=CVE-2025-5916 https://nvd.nist.gov/vuln/detail/CVE-2025-5916 https://github.com/libarchive/libarchive/pull/2568 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5916.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "mL/QvlBQrld+4EwXWLYTNQ==": { "id": "mL/QvlBQrld+4EwXWLYTNQ==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "mNBwoKfe9sN/pVvuupOIpQ==": { "id": "mNBwoKfe9sN/pVvuupOIpQ==", "updater": "rhel-vex", "name": "CVE-2026-1526", "description": "A flaw was found in undici. A remote attacker can exploit this vulnerability by sending a specially crafted compressed frame, known as a \"decompression bomb,\" during permessage-deflate decompression. The undici WebSocket client does not properly limit the size of decompressed data, leading to unbounded memory consumption. This can cause the Node.js process to exhaust available memory, resulting in a denial of service (DoS) where the process crashes or becomes unresponsive.", "issued": "2026-03-12T20:08:05Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1526 https://bugzilla.redhat.com/show_bug.cgi?id=2447142 https://www.cve.org/CVERecord?id=CVE-2026-1526 https://nvd.nist.gov/vuln/detail/CVE-2026-1526 https://cna.openjsf.org/security-advisories.html https://datatracker.ietf.org/doc/html/rfc7692 https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q https://hackerone.com/reports/3481206 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1526.json https://access.redhat.com/errata/RHSA-2026:7302", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.22.2-1.module+el9.7.0+24157+8ddb2461", "arch_op": "pattern match" }, "mOQ3hJyzcYBnd65M1VVdFA==": { "id": "mOQ3hJyzcYBnd65M1VVdFA==", "updater": "osv/go", "name": "GO-2025-4011", "description": "Parsing DER payload can cause memory exhaustion in encoding/asn1", "issued": "2025-10-29T21:50:00Z", "links": "https://go.dev/issue/75671 https://go.dev/cl/709856 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.8" }, "mPAC5fvINjFbBEv6qTd6tQ==": { "id": "mPAC5fvINjFbBEv6qTd6tQ==", "updater": "rhel-vex", "name": "CVE-2023-32611", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32611 https://bugzilla.redhat.com/show_bug.cgi?id=2211829 https://www.cve.org/CVERecord?id=CVE-2023-32611 https://nvd.nist.gov/vuln/detail/CVE-2023-32611 https://gitlab.gnome.org/GNOME/glib/-/issues/2797 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32611.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "mQKKxdEERDHEVyOMhYExEw==": { "id": "mQKKxdEERDHEVyOMhYExEw==", "updater": "rhel-vex", "name": "CVE-2023-30590", "description": "A vulnerability has been identified in the Node.js, where a generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30590 https://bugzilla.redhat.com/show_bug.cgi?id=2219842 https://www.cve.org/CVERecord?id=CVE-2023-30590 https://nvd.nist.gov/vuln/detail/CVE-2023-30590 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30590.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "mQgdyTODJZ/UTHC5haonAg==": { "id": "mQgdyTODJZ/UTHC5haonAg==", "updater": "rhel-vex", "name": "CVE-2026-4647", "description": "A flaw was found in the GNU Binutils BFD library, a widely used component for handling binary files such as object files and executables. The issue occurs when processing specially crafted XCOFF object files, where a relocation type value is not properly validated before being used. This can cause the program to read memory outside of intended bounds. As a result, affected tools may crash or expose unintended memory contents, leading to denial-of-service or limited information disclosure risks.", "issued": "2026-03-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4647 https://bugzilla.redhat.com/show_bug.cgi?id=2450302 https://www.cve.org/CVERecord?id=CVE-2026-4647 https://nvd.nist.gov/vuln/detail/CVE-2026-4647 https://sourceware.org/bugzilla/show_bug.cgi?id=33919 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4647.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "mQwmpMs9V7B+YNSY3NMExw==": { "id": "mQwmpMs9V7B+YNSY3NMExw==", "updater": "rhel-vex", "name": "CVE-2026-1299", "description": "A flaw was found in the email module in the Python standard library. When serializing an email message, the BytesGenerator class fails to properly quote newline characters for email headers. This issue is exploitable when the LiteralHeader class is used as it does not respect email folding rules, allowing an attacker to inject email headers and potentially modify message recipients or the email body, and spoof sender information.", "issued": "2026-01-23T16:27:13Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1299 https://bugzilla.redhat.com/show_bug.cgi?id=2432437 https://www.cve.org/CVERecord?id=CVE-2026-1299 https://nvd.nist.gov/vuln/detail/CVE-2026-1299 https://cve.org/CVERecord?id=CVE-2024-6923 https://github.com/python/cpython/commit/052e55e7d44718fe46cbba0ca995cb8fcc359413 https://github.com/python/cpython/issues/144125 https://github.com/python/cpython/pull/144126 https://mail.python.org/archives/list/security-announce@python.org/thread/6ZZULGALJTITEAGEXLDJE2C6FORDXPBT/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1299.json https://access.redhat.com/errata/RHSA-2026:4168", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.25-3.el9_7.1", "arch_op": "pattern match" }, "mSEMDfE7dS8a+RoMfkjqhg==": { "id": "mSEMDfE7dS8a+RoMfkjqhg==", "updater": "rhel-vex", "name": "CVE-2025-69420", "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69420 https://bugzilla.redhat.com/show_bug.cgi?id=2430388 https://www.cve.org/CVERecord?id=CVE-2025-69420 https://nvd.nist.gov/vuln/detail/CVE-2025-69420 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69420.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "mT/r0SKhQZ91EH4d3KiGWQ==": { "id": "mT/r0SKhQZ91EH4d3KiGWQ==", "updater": "rhel-vex", "name": "CVE-2026-21710", "description": "A flaw was found in Node.js. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request that includes a header named `__proto__`. When a Node.js application processes this request and attempts to access distinct headers, it encounters an unhandled error, leading to an application crash. This can result in a Denial of Service (DoS), making the affected service unavailable to users.", "issued": "2026-03-30T19:07:28Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21710 https://bugzilla.redhat.com/show_bug.cgi?id=2453151 https://www.cve.org/CVERecord?id=CVE-2026-21710 https://nvd.nist.gov/vuln/detail/CVE-2026-21710 https://nodejs.org/en/blog/vulnerability/march-2026-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21710.json https://access.redhat.com/errata/RHSA-2026:7302", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.22.2-1.module+el9.7.0+24157+8ddb2461", "arch_op": "pattern match" }, "mTjHmpUEF29L0I107JlM3Q==": { "id": "mTjHmpUEF29L0I107JlM3Q==", "updater": "rhel-vex", "name": "CVE-2025-59466", "description": "A stack overflow flaw has been discovered in Node.js error handling where \"Maximum call stack size exceeded\" errors become uncatchable when `async_hooks.createHook()` is enabled. Instead of reaching `process.on('uncaughtException')`, the process terminates, making the crash unrecoverable. Applications that rely on `AsyncLocalStorage` (v22, v20) or `async_hooks.createHook()` (v24, v22, v20) become vulnerable to denial-of-service crashes triggered by deep recursion under specific conditions.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-59466 https://bugzilla.redhat.com/show_bug.cgi?id=2431343 https://www.cve.org/CVERecord?id=CVE-2025-59466 https://nvd.nist.gov/vuln/detail/CVE-2025-59466 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-59466.json https://access.redhat.com/errata/RHSA-2026:2781", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.13.0-1.module+el9.7.0+23894+c8377628", "arch_op": "pattern match" }, "mUXGZjQ6odB/7zYNoJjJRA==": { "id": "mUXGZjQ6odB/7zYNoJjJRA==", "updater": "rhel-vex", "name": "CVE-2025-4138", "description": "A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract() or TarFile.extractall() with the filter= parameter set to \"data\" or \"tar\".", "issued": "2025-06-03T12:59:02Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4138 https://bugzilla.redhat.com/show_bug.cgi?id=2372426 https://www.cve.org/CVERecord?id=CVE-2025-4138 https://nvd.nist.gov/vuln/detail/CVE-2025-4138 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4138.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "mX276ORRxpj/FeNL+3OrXg==": { "id": "mX276ORRxpj/FeNL+3OrXg==", "updater": "rhel-vex", "name": "CVE-2023-2650", "description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "issued": "2023-05-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2650.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "mXfTdwl2racpbSHHHKO6EA==": { "id": "mXfTdwl2racpbSHHHKO6EA==", "updater": "rhel-vex", "name": "CVE-2024-4741", "description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "issued": "2024-05-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "mXoGTWRL/KLyEYWh5uyvXQ==": { "id": "mXoGTWRL/KLyEYWh5uyvXQ==", "updater": "rhel-vex", "name": "CVE-2026-28421", "description": "A flaw was found in Vim. This vulnerability, a heap-buffer-overflow and a segmentation fault, exists in the swap file recovery logic. A local attacker could exploit this by providing a specially crafted swap file. This could lead to a denial of service (DoS) or potentially information disclosure.", "issued": "2026-02-27T22:06:34Z", "links": "https://access.redhat.com/security/cve/CVE-2026-28421 https://bugzilla.redhat.com/show_bug.cgi?id=2443474 https://www.cve.org/CVERecord?id=CVE-2026-28421 https://nvd.nist.gov/vuln/detail/CVE-2026-28421 https://github.com/vim/vim/commit/65c1a143c331c886dc28 https://github.com/vim/vim/releases/tag/v9.2.0077 https://github.com/vim/vim/security/advisories/GHSA-r2gw-2x48-jj5p https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-28421.json https://access.redhat.com/errata/RHSA-2026:8259", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-23.el9_7.2", "arch_op": "pattern match" }, "mYgwcPpa/l0bTZdysqbplg==": { "id": "mYgwcPpa/l0bTZdysqbplg==", "updater": "rhel-vex", "name": "CVE-2025-9714", "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "issued": "2025-09-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9714 https://bugzilla.redhat.com/show_bug.cgi?id=2392605 https://www.cve.org/CVERecord?id=CVE-2025-9714 https://nvd.nist.gov/vuln/detail/CVE-2025-9714 https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21 https://gitlab.gnome.org/GNOME/libxslt/-/issues/148 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9714.json https://access.redhat.com/errata/RHSA-2025:22376", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-14.el9_7", "arch_op": "pattern match" }, "mZC3gBcn6x1aC7q9hXUpKg==": { "id": "mZC3gBcn6x1aC7q9hXUpKg==", "updater": "rhel-vex", "name": "CVE-2026-3644", "description": "A control character validation flaw has been discovered in the Python http.cookie module. The Morsel.update(), |= operator, and unpickling paths were not patched to resolve CVE-2026-0672, allowing control characters to bypass input validation. Additionally, BaseCookie.js_output() lacked the output validation applied to BaseCookie.output().", "issued": "2026-03-16T17:37:31Z", "links": "https://access.redhat.com/security/cve/CVE-2026-3644 https://bugzilla.redhat.com/show_bug.cgi?id=2448168 https://www.cve.org/CVERecord?id=CVE-2026-3644 https://nvd.nist.gov/vuln/detail/CVE-2026-3644 https://github.com/python/cpython/commit/57e88c1cf95e1481b94ae57abe1010469d47a6b4 https://github.com/python/cpython/issues/145599 https://github.com/python/cpython/pull/145600 https://mail.python.org/archives/list/security-announce@python.org/thread/H6CADMBCDRFGWCMOXWUIHFJNV43GABJ7/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3644.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3.9", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "mZCCwO//htsOIXazj/SeOw==": { "id": "mZCCwO//htsOIXazj/SeOw==", "updater": "rhel-vex", "name": "CVE-2026-31789", "description": "A flaw was found in OpenSSL. This vulnerability, a heap buffer overflow, affects 32-bit systems when processing an unusually large X.509 certificate. If an application or service attempts to print or log such a specially crafted certificate, it could lead to a system crash or potentially allow an attacker to execute arbitrary code. This issue is considered low severity due to the specific conditions required for exploitation, including the need for an extremely large certificate and a 32-bit operating environment.", "issued": "2026-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-31789 https://bugzilla.redhat.com/show_bug.cgi?id=2451095 https://www.cve.org/CVERecord?id=CVE-2026-31789 https://nvd.nist.gov/vuln/detail/CVE-2026-31789 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-31789.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "mbMEAQXpYoMKq7Io1LfrJA==": { "id": "mbMEAQXpYoMKq7Io1LfrJA==", "updater": "rhel-vex", "name": "CVE-2023-32067", "description": "A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32067 https://bugzilla.redhat.com/show_bug.cgi?id=2209502 https://www.cve.org/CVERecord?id=CVE-2023-32067 https://nvd.nist.gov/vuln/detail/CVE-2023-32067 https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32067.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "mfYVQsCdSPyqR1UobqhEIw==": { "id": "mfYVQsCdSPyqR1UobqhEIw==", "updater": "rhel-vex", "name": "CVE-2023-23918", "description": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23918 https://bugzilla.redhat.com/show_bug.cgi?id=2171935 https://www.cve.org/CVERecord?id=CVE-2023-23918 https://nvd.nist.gov/vuln/detail/CVE-2023-23918 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23918.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "miA8N3aOifbt6s11v8VS/A==": { "id": "miA8N3aOifbt6s11v8VS/A==", "updater": "rhel-vex", "name": "CVE-2024-1394", "description": "A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey​ and ctx​. That function uses named return parameters to free pkey​ and ctx​ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the \"return nil, nil, fail(...)\" pattern, meaning that pkey​ and ctx​ will be nil inside the deferred function that should free them.", "issued": "2024-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-1394 https://bugzilla.redhat.com/show_bug.cgi?id=2262921 https://www.cve.org/CVERecord?id=CVE-2024-1394 https://nvd.nist.gov/vuln/detail/CVE-2024-1394 https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136 https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6 https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f https://pkg.go.dev/vuln/GO-2024-2660 https://vuln.go.dev/ID/GO-2024-2660.json https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1394.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "mjI/WzMYY52AQdc1No8ugQ==": { "id": "mjI/WzMYY52AQdc1No8ugQ==", "updater": "rhel-vex", "name": "CVE-2025-61724", "description": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.", "issued": "2025-10-29T22:10:14Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61724 https://bugzilla.redhat.com/show_bug.cgi?id=2407257 https://www.cve.org/CVERecord?id=CVE-2025-61724 https://nvd.nist.gov/vuln/detail/CVE-2025-61724 https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4015 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61724.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "mjV/DAgymXlZYSj9rj04pg==": { "id": "mjV/DAgymXlZYSj9rj04pg==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "mk/9oG3VlXeyR83vbnlC7g==": { "id": "mk/9oG3VlXeyR83vbnlC7g==", "updater": "rhel-vex", "name": "CVE-2024-24790", "description": "A flaw was found in the Go language standard library net/netip. The method Is*() (IsPrivate(), IsPublic(), etc) doesn't behave properly when working with IPv6 mapped to IPv4 addresses. The unexpected behavior can lead to integrity and confidentiality issues, specifically when these methods are used to control access to resources or data.", "issued": "2024-06-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24790 https://bugzilla.redhat.com/show_bug.cgi?id=2292787 https://www.cve.org/CVERecord?id=CVE-2024-24790 https://nvd.nist.gov/vuln/detail/CVE-2024-24790 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24790.json https://access.redhat.com/errata/RHSA-2024:4212", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.11-1.el9_4", "arch_op": "pattern match" }, "ml41hyZPGVbTkzvmMyY3Yg==": { "id": "ml41hyZPGVbTkzvmMyY3Yg==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://inbox.sourceware.org/libc-announce/3ac997b0-28a5-4129-af53-675efe4c2dec@redhat.com/T/#u https://sourceware.org/bugzilla/show_bug.cgi?id=32976 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "mmFI4mA7exd6BfbwTUwJfQ==": { "id": "mmFI4mA7exd6BfbwTUwJfQ==", "updater": "rhel-vex", "name": "CVE-2021-20197", "description": "There is an open race window when writing output in the following utilities in GNU binutils1: ar, objcopy, strip, and ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.", "issued": "2021-01-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-20197 https://bugzilla.redhat.com/show_bug.cgi?id=1913743 https://www.cve.org/CVERecord?id=CVE-2021-20197 https://nvd.nist.gov/vuln/detail/CVE-2021-20197 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-20197.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "mpDlR2Lk6PsJrTVRdAvAng==": { "id": "mpDlR2Lk6PsJrTVRdAvAng==", "updater": "rhel-vex", "name": "CVE-2024-28834", "description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:1879", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-23.el9_3.4", "arch_op": "pattern match" }, "mpJkDXIXuQphmTXI2ejm1A==": { "id": "mpJkDXIXuQphmTXI2ejm1A==", "updater": "rhel-vex", "name": "CVE-2025-15467", "description": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.", "issued": "2026-01-27T14:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15467 https://bugzilla.redhat.com/show_bug.cgi?id=2430376 https://www.cve.org/CVERecord?id=CVE-2025-15467 https://nvd.nist.gov/vuln/detail/CVE-2025-15467 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15467.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "mqxlcVJc3F4dPOTEtUve1Q==": { "id": "mqxlcVJc3F4dPOTEtUve1Q==", "updater": "rhel-vex", "name": "CVE-2023-23918", "description": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23918 https://bugzilla.redhat.com/show_bug.cgi?id=2171935 https://www.cve.org/CVERecord?id=CVE-2023-23918 https://nvd.nist.gov/vuln/detail/CVE-2023-23918 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23918.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "mwpgk/i3GXoSJDpblt44zg==": { "id": "mwpgk/i3GXoSJDpblt44zg==", "updater": "rhel-vex", "name": "CVE-2023-1255", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the AES-XTS cipher decryption implementation for the 64-bit ARM platform contains an issue that could cause it to read past the input buffer, leading to a crash.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1255 https://bugzilla.redhat.com/show_bug.cgi?id=2188461 https://www.cve.org/CVERecord?id=CVE-2023-1255 https://nvd.nist.gov/vuln/detail/CVE-2023-1255 https://www.openssl.org/news/secadv/20230420.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1255.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "mypK4Oz3YEbjmcF//Lb3ug==": { "id": "mypK4Oz3YEbjmcF//Lb3ug==", "updater": "rhel-vex", "name": "CVE-2023-24538", "description": "A flaw was found in Golang Go. This flaw allows a remote attacker to execute arbitrary code on the system, caused by not properly considering backticks (`) as Javascript string delimiters. By sending a specially crafted request, an attacker execute arbitrary code on the system.", "issued": "2023-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24538 https://bugzilla.redhat.com/show_bug.cgi?id=2184481 https://www.cve.org/CVERecord?id=CVE-2023-24538 https://nvd.nist.gov/vuln/detail/CVE-2023-24538 https://github.com/golang/go/issues/59234 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24538.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "n+8zHdzpUdNYaOfjqM+rvQ==": { "id": "n+8zHdzpUdNYaOfjqM+rvQ==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "n2MoI6iOOGKJg6CiwpZkxg==": { "id": "n2MoI6iOOGKJg6CiwpZkxg==", "updater": "rhel-vex", "name": "CVE-2024-34155", "description": "A flaw was found in the go/parser package of the Golang standard library. Calling any Parse functions on Go source code containing deeply nested literals can cause a panic due to stack exhaustion.", "issued": "2024-09-06T21:15:11Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34155 https://bugzilla.redhat.com/show_bug.cgi?id=2310527 https://www.cve.org/CVERecord?id=CVE-2024-34155 https://nvd.nist.gov/vuln/detail/CVE-2024-34155 https://go.dev/cl/611238 https://go.dev/issue/69138 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3105 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34155.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "n30+9otRNHBUO3IOHvF3kA==": { "id": "n30+9otRNHBUO3IOHvF3kA==", "updater": "rhel-vex", "name": "CVE-2025-14104", "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14104 https://bugzilla.redhat.com/show_bug.cgi?id=2419369 https://www.cve.org/CVERecord?id=CVE-2025-14104 https://nvd.nist.gov/vuln/detail/CVE-2025-14104 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14104.json https://access.redhat.com/errata/RHSA-2026:1913", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libmount-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.37.4-21.el9_7", "arch_op": "pattern match" }, "n39YhRffL6tFFAy/S18A8Q==": { "id": "n39YhRffL6tFFAy/S18A8Q==", "updater": "rhel-vex", "name": "CVE-2025-1371", "description": "A flaw was found in GNU elfutils. This vulnerability allows a NULL pointer dereference via the handle_dynamic_symtab function in readelf.c.", "issued": "2025-02-17T02:31:07Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1371 https://bugzilla.redhat.com/show_bug.cgi?id=2346055 https://www.cve.org/CVERecord?id=CVE-2025-1371 https://nvd.nist.gov/vuln/detail/CVE-2025-1371 https://sourceware.org/bugzilla/attachment.cgi?id=15926 https://sourceware.org/bugzilla/show_bug.cgi?id=32655 https://sourceware.org/bugzilla/show_bug.cgi?id=32655#c2 https://vuldb.com/?ctiid.295978 https://vuldb.com/?id.295978 https://vuldb.com/?submit.496484 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1371.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "elfutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "n5bOb2nwIXCE6i6WEpGlzA==": { "id": "n5bOb2nwIXCE6i6WEpGlzA==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "n6Vm6uSXhVeVnZmJCVL4pw==": { "id": "n6Vm6uSXhVeVnZmJCVL4pw==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "n6coP572PTpURrDz8Q2egA==": { "id": "n6coP572PTpURrDz8Q2egA==", "updater": "rhel-vex", "name": "CVE-2025-66862", "description": "A flaw was found in binutils. Processing a specially crafted PE file with cxxfilt can trigger a heap-based buffer over-read in the gnu_special function in the cplus-dem.c file, causing a crash and resulting in a denial of service.", "issued": "2025-12-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-66862 https://bugzilla.redhat.com/show_bug.cgi?id=2425825 https://www.cve.org/CVERecord?id=CVE-2025-66862 https://nvd.nist.gov/vuln/detail/CVE-2025-66862 https://github.com/caozhzh/CRGF-Vul/blob/main/cxxfilt/crash3.md https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-66862.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "n78TtR5pw5YtOwMk7gVGmg==": { "id": "n78TtR5pw5YtOwMk7gVGmg==", "updater": "rhel-vex", "name": "CVE-2024-56171", "description": "A flaw was found in libxml2. This vulnerability allows a use-after-free via a crafted XML document validated against an XML schema with certain identity constraints or a crafted XML schema.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-56171 https://bugzilla.redhat.com/show_bug.cgi?id=2346416 https://www.cve.org/CVERecord?id=CVE-2024-56171 https://nvd.nist.gov/vuln/detail/CVE-2024-56171 https://gitlab.gnome.org/GNOME/libxml2/-/issues/828 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-56171.json https://access.redhat.com/errata/RHSA-2025:2679", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.2", "arch_op": "pattern match" }, "n8gOZ9FmDLirfTfnNZSfNA==": { "id": "n8gOZ9FmDLirfTfnNZSfNA==", "updater": "rhel-vex", "name": "CVE-2025-61728", "description": "A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.", "issued": "2026-01-28T19:30:31Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61728 https://bugzilla.redhat.com/show_bug.cgi?id=2434431 https://www.cve.org/CVERecord?id=CVE-2025-61728 https://nvd.nist.gov/vuln/detail/CVE-2025-61728 https://go.dev/cl/736713 https://go.dev/issue/77102 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://pkg.go.dev/vuln/GO-2026-4342 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61728.json https://access.redhat.com/errata/RHSA-2026:2709", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.25.7-1.el9_7", "arch_op": "pattern match" }, "n9h0mZrBntcdO8rut9mZew==": { "id": "n9h0mZrBntcdO8rut9mZew==", "updater": "osv/go", "name": "GO-2023-1703", "description": "Backticks not treated as string delimiters in html/template", "issued": "2023-04-05T21:05:27Z", "links": "https://go.dev/issue/59234 https://go.dev/cl/482079 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.8" }, "nAVorfcFz0ZcWPmPpZfMtg==": { "id": "nAVorfcFz0ZcWPmPpZfMtg==", "updater": "rhel-vex", "name": "CVE-2025-9230", "description": "A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).", "issued": "2025-09-30T23:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9230 https://bugzilla.redhat.com/show_bug.cgi?id=2396054 https://www.cve.org/CVERecord?id=CVE-2025-9230 https://nvd.nist.gov/vuln/detail/CVE-2025-9230 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9230.json https://access.redhat.com/errata/RHSA-2025:21255", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-4.el9_7", "arch_op": "pattern match" }, "nD4gdXb8ND61ypX9fYklTQ==": { "id": "nD4gdXb8ND61ypX9fYklTQ==", "updater": "rhel-vex", "name": "CVE-2023-30774", "description": "A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values.", "issued": "2023-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30774 https://bugzilla.redhat.com/show_bug.cgi?id=2187139 https://www.cve.org/CVERecord?id=CVE-2023-30774 https://nvd.nist.gov/vuln/detail/CVE-2023-30774 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30774.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "nF1VC5iJhTtrDBwL8mfOiw==": { "id": "nF1VC5iJhTtrDBwL8mfOiw==", "updater": "rhel-vex", "name": "CVE-2024-12747", "description": "A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation.", "issued": "2025-01-14T15:06:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12747 https://bugzilla.redhat.com/show_bug.cgi?id=2332968 https://www.cve.org/CVERecord?id=CVE-2024-12747 https://nvd.nist.gov/vuln/detail/CVE-2024-12747 https://kb.cert.org/vuls/id/952657 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12747.json https://access.redhat.com/errata/RHSA-2025:7050", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "rsync", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.2.5-3.el9", "arch_op": "pattern match" }, "nFaODSvvA4RrGIiPJ9FjRA==": { "id": "nFaODSvvA4RrGIiPJ9FjRA==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-POSIX", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.94-481.1.el9_6", "arch_op": "pattern match" }, "nGijNEIOx4yiwRd2hN0uZA==": { "id": "nGijNEIOx4yiwRd2hN0uZA==", "updater": "rhel-vex", "name": "CVE-2026-22796", "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22796 https://bugzilla.redhat.com/show_bug.cgi?id=2430390 https://www.cve.org/CVERecord?id=CVE-2026-22796 https://nvd.nist.gov/vuln/detail/CVE-2026-22796 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22796.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "nKGJQ32gv73mgVLbPDD8Qg==": { "id": "nKGJQ32gv73mgVLbPDD8Qg==", "updater": "rhel-vex", "name": "CVE-2023-24807", "description": "Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24807 https://bugzilla.redhat.com/show_bug.cgi?id=2172204 https://www.cve.org/CVERecord?id=CVE-2023-24807 https://nvd.nist.gov/vuln/detail/CVE-2023-24807 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24807.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "nLbsKQgcqXqFJTjqeQs6Vg==": { "id": "nLbsKQgcqXqFJTjqeQs6Vg==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "nM+XWkmaG537tz4PDM13+w==": { "id": "nM+XWkmaG537tz4PDM13+w==", "updater": "rhel-vex", "name": "CVE-2022-41723", "description": "A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests.", "issued": "2023-02-17T14:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41723 https://bugzilla.redhat.com/show_bug.cgi?id=2178358 https://www.cve.org/CVERecord?id=CVE-2022-41723 https://nvd.nist.gov/vuln/detail/CVE-2022-41723 https://github.com/advisories/GHSA-vvpx-j8f3-3w6h https://go.dev/cl/468135 https://go.dev/cl/468295 https://go.dev/issue/57855 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E https://pkg.go.dev/vuln/GO-2023-1571 https://vuln.go.dev/ID/GO-2023-1571.json https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41723.json https://access.redhat.com/errata/RHBA-2023:2181", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.6-2.el9_2", "arch_op": "pattern match" }, "nNNVXLjFvnegTKkITfCBuA==": { "id": "nNNVXLjFvnegTKkITfCBuA==", "updater": "rhel-vex", "name": "CVE-2023-32611", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32611 https://bugzilla.redhat.com/show_bug.cgi?id=2211829 https://www.cve.org/CVERecord?id=CVE-2023-32611 https://nvd.nist.gov/vuln/detail/CVE-2023-32611 https://gitlab.gnome.org/GNOME/glib/-/issues/2797 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32611.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "nNzRt87EkCVymyYuDyEW2w==": { "id": "nNzRt87EkCVymyYuDyEW2w==", "updater": "rhel-vex", "name": "CVE-2023-6597", "description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.1", "arch_op": "pattern match" }, "nOD1OtMP4aGP/bT3iktDEQ==": { "id": "nOD1OtMP4aGP/bT3iktDEQ==", "updater": "osv/go", "name": "GO-2022-1144", "description": "Excessive memory growth in net/http and golang.org/x/net/http2", "issued": "2022-12-08T19:01:21Z", "links": "https://go.dev/issue/56350 https://go.dev/cl/455717 https://go.dev/cl/455635 https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.9" }, "nPl1VYR04nooFy6e74yZlg==": { "id": "nPl1VYR04nooFy6e74yZlg==", "updater": "rhel-vex", "name": "CVE-2023-25136", "description": "A flaw was found in the OpenSSH server (sshd), which introduced a double-free vulnerability during options.kex_algorithms handling. An unauthenticated attacker can trigger the double-free in the default configuration.", "issued": "2023-02-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25136 https://bugzilla.redhat.com/show_bug.cgi?id=2167636 https://www.cve.org/CVERecord?id=CVE-2023-25136 https://nvd.nist.gov/vuln/detail/CVE-2023-25136 https://bugzilla.mindrot.org/show_bug.cgi?id=3522 https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/017_sshd.patch.sig https://github.com/openssh/openssh-portable/commit/486c4dc3b83b4b67d663fb0fa62bc24138ec3946 https://www.openwall.com/lists/oss-security/2023/02/02/2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25136.json https://access.redhat.com/errata/RHSA-2023:2645", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-29.el9_2", "arch_op": "pattern match" }, "nRYrn2tFn8hdV0x+2YRPYQ==": { "id": "nRYrn2tFn8hdV0x+2YRPYQ==", "updater": "rhel-vex", "name": "CVE-2024-28835", "description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:1879", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-23.el9_3.4", "arch_op": "pattern match" }, "nRlBpDuWR9J0Ttd/BugkSQ==": { "id": "nRlBpDuWR9J0Ttd/BugkSQ==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "nS3gw6C5KX889pH0DdnXbQ==": { "id": "nS3gw6C5KX889pH0DdnXbQ==", "updater": "rhel-vex", "name": "CVE-2026-5121", "description": "A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for arbitrary code execution on the affected system.", "issued": "2026-03-30T07:44:15Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5121 https://bugzilla.redhat.com/show_bug.cgi?id=2452945 https://www.cve.org/CVERecord?id=CVE-2026-5121 https://nvd.nist.gov/vuln/detail/CVE-2026-5121 https://github.com/advisories/GHSA-2vwv-vqpv-v8vc https://github.com/libarchive/libarchive/pull/2934 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5121.json https://access.redhat.com/errata/RHSA-2026:8510", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "bsdtar", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-9.el9_7", "arch_op": "pattern match" }, "nS4rhARAcjvkSY8dJUFdOA==": { "id": "nS4rhARAcjvkSY8dJUFdOA==", "updater": "rhel-vex", "name": "CVE-2023-39319", "description": "A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of \"\u003cscript\", \"\u003c!--\", and \"\u003c/script\" within JS literals in \u003cscript\u003e contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39319 https://bugzilla.redhat.com/show_bug.cgi?id=2237773 https://www.cve.org/CVERecord?id=CVE-2023-39319 https://nvd.nist.gov/vuln/detail/CVE-2023-39319 https://go.dev/cl/526157 https://go.dev/issue/62197 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2043.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39319.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "nVEuAeNYaydUTqNE5GOm/w==": { "id": "nVEuAeNYaydUTqNE5GOm/w==", "updater": "rhel-vex", "name": "CVE-2023-24536", "description": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an issue during multipart form parsing. By sending a specially crafted input, a remote attacker can consume large amounts of CPU and memory, resulting in a denial of service.", "issued": "2023-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24536 https://bugzilla.redhat.com/show_bug.cgi?id=2184482 https://www.cve.org/CVERecord?id=CVE-2023-24536 https://nvd.nist.gov/vuln/detail/CVE-2023-24536 https://go.dev/issue/59153 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24536.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "nVgNlf1p1N8UKAkTllJrCA==": { "id": "nVgNlf1p1N8UKAkTllJrCA==", "updater": "rhel-vex", "name": "CVE-2024-24783", "description": "A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24783 https://bugzilla.redhat.com/show_bug.cgi?id=2268019 https://www.cve.org/CVERecord?id=CVE-2024-24783 https://nvd.nist.gov/vuln/detail/CVE-2024-24783 http://www.openwall.com/lists/oss-security/2024/03/08/4 https://github.com/advisories/GHSA-3q2c-pvp5-3cqp https://go.dev/cl/569339 https://go.dev/issue/65390 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://pkg.go.dev/vuln/GO-2024-2598 https://security.netapp.com/advisory/ntap-20240329-0005 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24783.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "nZ2DFaqiaft4/Dqj5SJp4Q==": { "id": "nZ2DFaqiaft4/Dqj5SJp4Q==", "updater": "rhel-vex", "name": "CVE-2025-69421", "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69421 https://bugzilla.redhat.com/show_bug.cgi?id=2430387 https://www.cve.org/CVERecord?id=CVE-2025-69421 https://nvd.nist.gov/vuln/detail/CVE-2025-69421 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69421.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "naO+9RNjE/hIMaezFHe7IA==": { "id": "naO+9RNjE/hIMaezFHe7IA==", "updater": "osv/go", "name": "GO-2024-2888", "description": "Mishandling of corrupt central directory record in archive/zip", "issued": "2024-06-04T22:48:55Z", "links": "https://go.dev/cl/585397 https://go.dev/issue/66869 https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.21.11" }, "nbtTb8L4YMUxpajoNaatQg==": { "id": "nbtTb8L4YMUxpajoNaatQg==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgomp", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "ncqqUTuMttuUZ8SF9/Ywrg==": { "id": "ncqqUTuMttuUZ8SF9/Ywrg==", "updater": "rhel-vex", "name": "CVE-2025-15469", "description": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15469 https://bugzilla.redhat.com/show_bug.cgi?id=2430378 https://www.cve.org/CVERecord?id=CVE-2025-15469 https://nvd.nist.gov/vuln/detail/CVE-2025-15469 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15469.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "nfRozYKxaq/cbStnERagAQ==": { "id": "nfRozYKxaq/cbStnERagAQ==", "updater": "rhel-vex", "name": "CVE-2024-34156", "description": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://www.cve.org/CVERecord?id=CVE-2024-34156 https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3106 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34156.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "nhTPOqyx5Hjq5RaQThVb3A==": { "id": "nhTPOqyx5Hjq5RaQThVb3A==", "updater": "rhel-vex", "name": "CVE-2022-43548", "description": "A flaw was found in NodeJS. The issue occurs in the Node.js rebinding protector for --inspect that still allows invalid IP addresses, specifically, the octal format. This flaw allows an attacker to perform DNS rebinding and execute arbitrary code.", "issued": "2022-11-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-43548 https://bugzilla.redhat.com/show_bug.cgi?id=2140911 https://www.cve.org/CVERecord?id=CVE-2022-43548 https://nvd.nist.gov/vuln/detail/CVE-2022-43548 https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-octal-ip-address-medium-cve-2022-43548 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-43548.json https://access.redhat.com/errata/RHSA-2022:8832", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.12.1-1.module+el9.1.0.z+17326+318294bb", "arch_op": "pattern match" }, "nmCFeE95EAFeqYx2GUkIrQ==": { "id": "nmCFeE95EAFeqYx2GUkIrQ==", "updater": "rhel-vex", "name": "CVE-2025-69651", "description": "A flaw was found in binutils. An attacker could exploit this vulnerability by providing a crafted Executable and Linkable Format (ELF) binary with malformed relocation or symbol data. Processing this malicious binary leads to an invalid pointer free, which triggers memory corruption checks and causes the program to terminate.", "issued": "2026-03-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69651 https://bugzilla.redhat.com/show_bug.cgi?id=2445299 https://www.cve.org/CVERecord?id=CVE-2025-69651 https://nvd.nist.gov/vuln/detail/CVE-2025-69651 https://sourceware.org/bugzilla/show_bug.cgi?id=33700 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ea4bc025abdba85a90e26e13f551c16a44bfa921 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69651.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "noShzkxXeZ6xaXHAA8su4g==": { "id": "noShzkxXeZ6xaXHAA8su4g==", "updater": "rhel-vex", "name": "CVE-2023-22490", "description": "A vulnerability was found in Git. Using a specially-crafted repository, Git can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source $GIT_DIR/objects directory contains symbolic links (CVE-2022-39253), the objects directory may still be a symbolic link.", "issued": "2023-02-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-22490 https://bugzilla.redhat.com/show_bug.cgi?id=2168160 https://www.cve.org/CVERecord?id=CVE-2023-22490 https://nvd.nist.gov/vuln/detail/CVE-2023-22490 https://github.blog/2023-02-14-git-security-vulnerabilities-announced-3/ https://github.com/git/git/security/advisories/GHSA-gw92-x3fm-3g3q https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-22490.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "noUIfMZn5dUZdEKTi/GsOA==": { "id": "noUIfMZn5dUZdEKTi/GsOA==", "updater": "rhel-vex", "name": "CVE-2024-30204", "description": "A flaw was found in Emacs. When Emacs is used as an email client, a preview of a crafted LaTeX document attached to an email can exhaust the disk space or the inodes allocated for the partition where the /tmp directory is located. This issue possibly results in a denial of service.", "issued": "2024-03-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-30204 https://bugzilla.redhat.com/show_bug.cgi?id=2280297 https://www.cve.org/CVERecord?id=CVE-2024-30204 https://nvd.nist.gov/vuln/detail/CVE-2024-30204 https://www.openwall.com/lists/oss-security/2024/03/25/2 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-30204.json https://access.redhat.com/errata/RHSA-2024:9302", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-10.el9", "arch_op": "pattern match" }, "npYdj4HvH6/ZpruXP++2aA==": { "id": "npYdj4HvH6/ZpruXP++2aA==", "updater": "rhel-vex", "name": "CVE-2026-21637", "description": "A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when `pskCallback` or `ALPNCallback` are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths (tlsClientError and error), causing either immediate process termination or silent file descriptor leaks that eventually lead to denial of service. Because these callbacks process attacker-controlled input during the TLS handshake, a remote client can repeatedly trigger the issue. This vulnerability affects TLS servers using PSK or ALPN callbacks across Node.js versions where these callbacks throw without being safely wrapped.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21637 https://bugzilla.redhat.com/show_bug.cgi?id=2431340 https://www.cve.org/CVERecord?id=CVE-2026-21637 https://nvd.nist.gov/vuln/detail/CVE-2026-21637 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21637.json https://access.redhat.com/errata/RHSA-2026:2783", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.20.0-1.module+el9.7.0+23895+0637d423", "arch_op": "pattern match" }, "nqEvJfkqmt5u+8eh9j8mMA==": { "id": "nqEvJfkqmt5u+8eh9j8mMA==", "updater": "rhel-vex", "name": "CVE-2025-68121", "description": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.", "issued": "2026-02-05T17:48:44Z", "links": "https://access.redhat.com/security/cve/CVE-2025-68121 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://www.cve.org/CVERecord?id=CVE-2025-68121 https://nvd.nist.gov/vuln/detail/CVE-2025-68121 https://go.dev/cl/737700 https://go.dev/issue/77217 https://groups.google.com/g/golang-announce/c/K09ubi9FQFk https://pkg.go.dev/vuln/GO-2026-4337 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68121.json https://access.redhat.com/errata/RHSA-2026:2709", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.25.7-1.el9_7", "arch_op": "pattern match" }, "nrMORRsp2EH7zbxJc144bw==": { "id": "nrMORRsp2EH7zbxJc144bw==", "updater": "rhel-vex", "name": "CVE-2026-27135", "description": "A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service (DoS).", "issued": "2026-03-18T17:59:02Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27135 https://bugzilla.redhat.com/show_bug.cgi?id=2448754 https://www.cve.org/CVERecord?id=CVE-2026-27135 https://nvd.nist.gov/vuln/detail/CVE-2026-27135 https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27135.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "ntPgpTaOsf+PmS8l/Ba/Gw==": { "id": "ntPgpTaOsf+PmS8l/Ba/Gw==", "updater": "rhel-vex", "name": "CVE-2024-0397", "description": "A vulnerability was found in Python. A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time that certificates are loaded into the SSLContext, such as during the TLS handshake with a configured certificate directory.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0397 https://bugzilla.redhat.com/show_bug.cgi?id=2301891 https://www.cve.org/CVERecord?id=CVE-2024-0397 https://nvd.nist.gov/vuln/detail/CVE-2024-0397 https://mail.python.org/archives/list/security-announce@python.org/thread/BMAK5BCGKYWNJOACVUSLUF6SFGBIM4VP/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0397.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "nuFsbkH7VzW6LS3WLhSszA==": { "id": "nuFsbkH7VzW6LS3WLhSszA==", "updater": "rhel-vex", "name": "CVE-2026-27171", "description": "A flaw was found in zlib. An attacker providing specially crafted input to the `crc32_combine64` or `crc32_combine_gen64` functions could trigger an infinite loop within the `x2nmodp` function. This leads to excessive CPU consumption, which can result in a Denial of Service (DoS) for the affected system.", "issued": "2026-02-18T02:36:19Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27171 https://bugzilla.redhat.com/show_bug.cgi?id=2440530 https://www.cve.org/CVERecord?id=CVE-2026-27171 https://nvd.nist.gov/vuln/detail/CVE-2026-27171 https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/ https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf https://github.com/madler/zlib/issues/904 https://github.com/madler/zlib/releases/tag/v1.3.2 https://ostif.org/zlib-audit-complete/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27171.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "nxT/hl64jXfWptNxWhmDuA==": { "id": "nxT/hl64jXfWptNxWhmDuA==", "updater": "rhel-vex", "name": "CVE-2025-48384", "description": "A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return (CR) are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read, resulting in the submodule being checked out to an incorrect location.", "issued": "2025-07-08T18:23:48Z", "links": "https://access.redhat.com/security/cve/CVE-2025-48384 https://bugzilla.redhat.com/show_bug.cgi?id=2378806 https://www.cve.org/CVERecord?id=CVE-2025-48384 https://nvd.nist.gov/vuln/detail/CVE-2025-48384 https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384 https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89 https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9 https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-48384.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "ny9UQzoPVAr0qIXyPr3Zuw==": { "id": "ny9UQzoPVAr0qIXyPr3Zuw==", "updater": "rhel-vex", "name": "CVE-2025-8291", "description": "A zip file handling flaw has been discovered in the python standard library `zipfile` module. The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory (EOCD) Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create ZIP archives that are handled differently by the 'zipfile' module compared to other ZIP implementations.", "issued": "2025-10-07T18:10:05Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8291 https://bugzilla.redhat.com/show_bug.cgi?id=2402342 https://www.cve.org/CVERecord?id=CVE-2025-8291 https://nvd.nist.gov/vuln/detail/CVE-2025-8291 https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267 https://github.com/python/cpython/commit/333d4a6f4967d3ace91492a39ededbcf3faa76a6 https://github.com/python/cpython/issues/139700 https://github.com/python/cpython/pull/139702 https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8291.json https://access.redhat.com/errata/RHSA-2025:23342", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.25-2.el9_7", "arch_op": "pattern match" }, "nyAi61ve961xOEKhhdNTkg==": { "id": "nyAi61ve961xOEKhhdNTkg==", "updater": "rhel-vex", "name": "CVE-2025-59465", "description": "A denial of service flaw has been discovered in NodeJS. A malformed `HTTP/2 HEADERS` frame with oversized, invalid `HPACK` data can cause Node.js to crash by triggering an unhandled `TLSSocket` error `ECONNRESET`. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not attach explicit error handlers to secure sockets", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-59465 https://bugzilla.redhat.com/show_bug.cgi?id=2431349 https://www.cve.org/CVERecord?id=CVE-2025-59465 https://nvd.nist.gov/vuln/detail/CVE-2025-59465 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-59465.json https://access.redhat.com/errata/RHSA-2026:2782", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.9.4-1.22.22.0.1.module+el9.7.0+23896+b5802de9", "arch_op": "pattern match" }, "o+oNdKG9C3ouEb/OQo1GOQ==": { "id": "o+oNdKG9C3ouEb/OQo1GOQ==", "updater": "rhel-vex", "name": "CVE-2023-32002", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of Module._load() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2230948 https://www.cve.org/CVERecord?id=CVE-2023-32002 https://nvd.nist.gov/vuln/detail/CVE-2023-32002 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-module_load-highcve-2023-32002 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32002.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.6.7-1.18.17.1.1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "o/JG334q9R0nTyZD1vNw7w==": { "id": "o/JG334q9R0nTyZD1vNw7w==", "updater": "rhel-vex", "name": "CVE-2021-35938", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-sign-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "o16kBwzDyL2DXuhbCPWX9Q==": { "id": "o16kBwzDyL2DXuhbCPWX9Q==", "updater": "rhel-vex", "name": "CVE-2021-3572", "description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "issued": "2021-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3572.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "o1V8hGX+jv19u/R1lSOgXA==": { "id": "o1V8hGX+jv19u/R1lSOgXA==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "o2Jv7s2Wil4Jz6qK6599ww==": { "id": "o2Jv7s2Wil4Jz6qK6599ww==", "updater": "rhel-vex", "name": "CVE-2022-41725", "description": "A flaw was found in Go, where it is vulnerable to a denial of service caused by an excessive resource consumption flaw in the net/http and mime/multipart packages. By sending a specially-crafted request, a remote attacker can cause a denial of service.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41725 https://bugzilla.redhat.com/show_bug.cgi?id=2178488 https://www.cve.org/CVERecord?id=CVE-2022-41725 https://nvd.nist.gov/vuln/detail/CVE-2022-41725 https://go.dev/cl/468124 https://go.dev/issue/58006 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E https://pkg.go.dev/vuln/GO-2023-1569 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41725.json https://access.redhat.com/errata/RHBA-2023:2181", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.6-2.el9_2", "arch_op": "pattern match" }, "o2KTVNHERxR9Fh6aLcwbCA==": { "id": "o2KTVNHERxR9Fh6aLcwbCA==", "updater": "rhel-vex", "name": "CVE-2026-3497", "description": "A flaw was found in the OpenSSH GSSAPI (Generic Security Service Application Program Interface) delta patches, as included in various Linux distributions. A remote attacker could exploit this by sending an unexpected GSSAPI message type during the key exchange process. This occurs because the `sshpkt_disconnect()` function, when called on an error, does not properly terminate the process, leading to the continued execution of the program with uninitialized connection variables. Accessing these uninitialized variables can lead to undefined behavior, potentially resulting in information disclosure or a denial of service.", "issued": "2026-03-12T18:27:44Z", "links": "https://access.redhat.com/security/cve/CVE-2026-3497 https://bugzilla.redhat.com/show_bug.cgi?id=2447085 https://www.cve.org/CVERecord?id=CVE-2026-3497 https://nvd.nist.gov/vuln/detail/CVE-2026-3497 https://ubuntu.com/security/CVE-2026-3497 https://www.openwall.com/lists/oss-security/2026/03/12/3 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3497.json https://access.redhat.com/errata/RHSA-2026:6462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-48.el9_7", "arch_op": "pattern match" }, "o2RzBkbyaO/aJUexQwQheA==": { "id": "o2RzBkbyaO/aJUexQwQheA==", "updater": "rhel-vex", "name": "CVE-2023-31147", "description": "A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom() are unavailable, c-ares will use rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand(), so it will generate predictable output.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31147 https://bugzilla.redhat.com/show_bug.cgi?id=2209501 https://www.cve.org/CVERecord?id=CVE-2023-31147 https://nvd.nist.gov/vuln/detail/CVE-2023-31147 https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31147.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.3-1.16.19.1.2.el9_2", "arch_op": "pattern match" }, "o52gvb+djtuOAe8fWpXboQ==": { "id": "o52gvb+djtuOAe8fWpXboQ==", "updater": "osv/go", "name": "GO-2025-3849", "description": "Incorrect results returned from Rows.Scan in database/sql", "issued": "2025-08-07T15:07:27Z", "links": "https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.23.12" }, "o6arI4B+lOjvgV6k7kauyw==": { "id": "o6arI4B+lOjvgV6k7kauyw==", "updater": "rhel-vex", "name": "CVE-2023-46809", "description": "A flaw was found in Node.js. The privateDecrypt() API of the crypto library may allow a covert timing side-channel during PKCS#1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decrypt captured RSA ciphertexts or forge signatures, especially in scenarios involving API endpoints processing JSON Web Encryption messages.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46809 https://bugzilla.redhat.com/show_bug.cgi?id=2264569 https://www.cve.org/CVERecord?id=CVE-2023-46809 https://nvd.nist.gov/vuln/detail/CVE-2023-46809 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46809.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "o7U6pbXnKgxDi4OXl/ryRA==": { "id": "o7U6pbXnKgxDi4OXl/ryRA==", "updater": "rhel-vex", "name": "CVE-2023-24807", "description": "Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24807 https://bugzilla.redhat.com/show_bug.cgi?id=2172204 https://www.cve.org/CVERecord?id=CVE-2023-24807 https://nvd.nist.gov/vuln/detail/CVE-2023-24807 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24807.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "o8O4Ttqnv0lQfm1yyfyVsw==": { "id": "o8O4Ttqnv0lQfm1yyfyVsw==", "updater": "rhel-vex", "name": "CVE-2022-1720", "description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "issued": "2022-05-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-1720.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "o94cfzaEslnrzBtYm19DkA==": { "id": "o94cfzaEslnrzBtYm19DkA==", "updater": "rhel-vex", "name": "CVE-2022-3970", "description": "An integer overflow flaw was found in LibTIFF. This issue exists in the TIFFReadRGBATileExt function of the libtiff/tif_getimage.c file, and may lead to a buffer overflow.", "issued": "2022-11-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3970 https://bugzilla.redhat.com/show_bug.cgi?id=2148918 https://www.cve.org/CVERecord?id=CVE-2022-3970 https://nvd.nist.gov/vuln/detail/CVE-2022-3970 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3970.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "oAa5rQ+ettvHgaEihiWA9A==": { "id": "oAa5rQ+ettvHgaEihiWA9A==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "oBl0IuwDdaD9PwMwSDcQpg==": { "id": "oBl0IuwDdaD9PwMwSDcQpg==", "updater": "rhel-vex", "name": "CVE-2023-23918", "description": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23918 https://bugzilla.redhat.com/show_bug.cgi?id=2171935 https://www.cve.org/CVERecord?id=CVE-2023-23918 https://nvd.nist.gov/vuln/detail/CVE-2023-23918 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23918.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.3-1.16.19.1.1.el9_2", "arch_op": "pattern match" }, "oCDLcNdeKQmSOcg6w237gw==": { "id": "oCDLcNdeKQmSOcg6w237gw==", "updater": "rhel-vex", "name": "CVE-2024-47081", "description": "A flaw was found in the Requests HTTP library. This vulnerability allows leakage of .netrc credentials to third parties via maliciously crafted URLs that exploit a URL parsing issue.", "issued": "2025-06-09T17:57:47Z", "links": "https://access.redhat.com/security/cve/CVE-2024-47081 https://bugzilla.redhat.com/show_bug.cgi?id=2371272 https://www.cve.org/CVERecord?id=CVE-2024-47081 https://nvd.nist.gov/vuln/detail/CVE-2024-47081 http://seclists.org/fulldisclosure/2025/Jun/2 http://www.openwall.com/lists/oss-security/2025/06/03/11 http://www.openwall.com/lists/oss-security/2025/06/03/9 http://www.openwall.com/lists/oss-security/2025/06/04/1 http://www.openwall.com/lists/oss-security/2025/06/04/6 https://github.com/psf/requests/commit/96ba401c1296ab1dda74a2365ef36d88f7d144ef https://github.com/psf/requests/pull/6965 https://github.com/psf/requests/security/advisories/GHSA-9hjg-9r4m-mvj7 https://requests.readthedocs.io/en/latest/api/#requests.Session.trust_env https://seclists.org/fulldisclosure/2025/Jun/2 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47081.json https://access.redhat.com/errata/RHSA-2025:12519", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-requests", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.25.1-10.el9_6", "arch_op": "pattern match" }, "oCYqRL0yaCqkmUcecOaYrA==": { "id": "oCYqRL0yaCqkmUcecOaYrA==", "updater": "rhel-vex", "name": "CVE-2026-1528", "description": "A flaw was found in undici. A remote attacker could exploit this vulnerability by sending a specially crafted WebSocket frame with an extremely large 64-bit length. This causes undici's ByteParser to overflow its internal calculations, leading to an invalid state and a fatal TypeError. The primary consequence is a Denial of Service (DoS), which terminates the process.", "issued": "2026-03-12T20:21:57Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1528 https://bugzilla.redhat.com/show_bug.cgi?id=2447145 https://www.cve.org/CVERecord?id=CVE-2026-1528 https://nvd.nist.gov/vuln/detail/CVE-2026-1528 https://cna.openjsf.org/security-advisories.html https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj https://hackerone.com/reports/3537648 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1528.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "oDGZCaWnkiaSQdz+QhIr5Q==": { "id": "oDGZCaWnkiaSQdz+QhIr5Q==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "oDr5DknKU9AmvJu2r8+yFw==": { "id": "oDr5DknKU9AmvJu2r8+yFw==", "updater": "rhel-vex", "name": "CVE-2026-22795", "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22795 https://bugzilla.redhat.com/show_bug.cgi?id=2430389 https://www.cve.org/CVERecord?id=CVE-2026-22795 https://nvd.nist.gov/vuln/detail/CVE-2026-22795 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22795.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "oEKqq2GIVwWjorWJihmJiw==": { "id": "oEKqq2GIVwWjorWJihmJiw==", "updater": "rhel-vex", "name": "CVE-2024-0727", "description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "issued": "2024-01-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "oGKMWwqd8g23cJbO7k5MNA==": { "id": "oGKMWwqd8g23cJbO7k5MNA==", "updater": "osv/go", "name": "GO-2023-1753", "description": "Improper handling of empty HTML attributes in html/template", "issued": "2023-05-05T21:10:24Z", "links": "https://go.dev/issue/59722 https://go.dev/cl/491617 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.9" }, "oGVW07Zdco+t8LxGqPbEUA==": { "id": "oGVW07Zdco+t8LxGqPbEUA==", "updater": "rhel-vex", "name": "CVE-2023-32681", "description": "A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuild_proxies is used to recompute and reattach the Proxy-Authorization header to requests when redirected. This behavior only affects proxied requests when credentials are supplied in the URL user information component (for example, https://username:password@proxy:8080).", "issued": "2023-05-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32681 https://bugzilla.redhat.com/show_bug.cgi?id=2209469 https://www.cve.org/CVERecord?id=CVE-2023-32681 https://nvd.nist.gov/vuln/detail/CVE-2023-32681 https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32681.json https://access.redhat.com/errata/RHSA-2023:4350", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-requests", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.25.1-7.el9_2", "arch_op": "pattern match" }, "oGhsPyoyEtiEHT7/0qF+CQ==": { "id": "oGhsPyoyEtiEHT7/0qF+CQ==", "updater": "rhel-vex", "name": "CVE-2025-7545", "description": "A flaw was found in binutils. The `copy_section` function in `binutils/objcopy.c` is susceptible to a heap-based buffer overflow due to improper bounds checking during data copying. This flaw allows a local attacker to provide a specially crafted file. This manipulation can lead to a denial of service.", "issued": "2025-07-13T21:44:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-7545 https://bugzilla.redhat.com/show_bug.cgi?id=2379785 https://www.cve.org/CVERecord?id=CVE-2025-7545 https://nvd.nist.gov/vuln/detail/CVE-2025-7545 https://sourceware.org/bugzilla/attachment.cgi?id=16117 https://sourceware.org/bugzilla/show_bug.cgi?id=33049 https://sourceware.org/bugzilla/show_bug.cgi?id=33049#c1 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944 https://vuldb.com/?ctiid.316243 https://vuldb.com/?id.316243 https://vuldb.com/?submit.614355 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-7545.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "oIBUxFCAPk4vRXBwpcmtFw==": { "id": "oIBUxFCAPk4vRXBwpcmtFw==", "updater": "rhel-vex", "name": "CVE-2022-44840", "description": "A heap-based buffer overflow vulnerability was found in binutils in the find_section_in_set function. This flaw allows an attacker to use a specially crafted payload to trigger a buffer overflow, resulting in issues with availability, confidentiality, and integrity.", "issued": "2022-10-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-44840 https://bugzilla.redhat.com/show_bug.cgi?id=2234004 https://www.cve.org/CVERecord?id=CVE-2022-44840 https://nvd.nist.gov/vuln/detail/CVE-2022-44840 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-44840.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "oIxZENYISdQtE42Fc34Vyg==": { "id": "oIxZENYISdQtE42Fc34Vyg==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://inbox.sourceware.org/libc-announce/3ac997b0-28a5-4129-af53-675efe4c2dec@redhat.com/T/#u https://sourceware.org/bugzilla/show_bug.cgi?id=32976 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "oNps3pS/KBKadK++zlgktA==": { "id": "oNps3pS/KBKadK++zlgktA==", "updater": "rhel-vex", "name": "CVE-2025-22866", "description": "A flaw was found in the Golang crypto/internal/nistec package. Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Considering how this function is used, this leakage is likely insufficient to recover the private key when P-256 is used in any well-known protocols.", "issued": "2025-02-06T16:54:10Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22866 https://bugzilla.redhat.com/show_bug.cgi?id=2344219 https://www.cve.org/CVERecord?id=CVE-2025-22866 https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://pkg.go.dev/vuln/GO-2025-3447 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22866.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "delve", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.1-2.el9_5", "arch_op": "pattern match" }, "oQ3Lediq93z2xbrIoJUi7Q==": { "id": "oQ3Lediq93z2xbrIoJUi7Q==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "oQ8YhXsWl1bwUCG1x+HzDQ==": { "id": "oQ8YhXsWl1bwUCG1x+HzDQ==", "updater": "rhel-vex", "name": "CVE-2023-24807", "description": "Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24807 https://bugzilla.redhat.com/show_bug.cgi?id=2172204 https://www.cve.org/CVERecord?id=CVE-2023-24807 https://nvd.nist.gov/vuln/detail/CVE-2023-24807 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24807.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "oUbBUuaPbKO68xR8hm0EKg==": { "id": "oUbBUuaPbKO68xR8hm0EKg==", "updater": "rhel-vex", "name": "CVE-2023-27538", "description": "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27538 https://bugzilla.redhat.com/show_bug.cgi?id=2179103 https://www.cve.org/CVERecord?id=CVE-2023-27538 https://nvd.nist.gov/vuln/detail/CVE-2023-27538 https://curl.se/docs/CVE-2023-27538.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27538.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "oVI7j6msaWseNIkn6m/3+A==": { "id": "oVI7j6msaWseNIkn6m/3+A==", "updater": "rhel-vex", "name": "CVE-2023-32611", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32611 https://bugzilla.redhat.com/show_bug.cgi?id=2211829 https://www.cve.org/CVERecord?id=CVE-2023-32611 https://nvd.nist.gov/vuln/detail/CVE-2023-32611 https://gitlab.gnome.org/GNOME/glib/-/issues/2797 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32611.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "oVgcRSL89qnSRkMXpV8N8A==": { "id": "oVgcRSL89qnSRkMXpV8N8A==", "updater": "rhel-vex", "name": "CVE-2022-2819", "description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "issued": "2022-08-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2819.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "oXbtPoAI0xd/D3jVRZ8E8Q==": { "id": "oXbtPoAI0xd/D3jVRZ8E8Q==", "updater": "rhel-vex", "name": "CVE-2023-23916", "description": "A flaw was found in the Curl package. A malicious server can insert an unlimited number of compression steps. This decompression chain could result in out-of-memory errors.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23916 https://bugzilla.redhat.com/show_bug.cgi?id=2167815 https://www.cve.org/CVERecord?id=CVE-2023-23916 https://nvd.nist.gov/vuln/detail/CVE-2023-23916 https://curl.se/docs/CVE-2023-23916.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23916.json https://access.redhat.com/errata/RHSA-2023:1701", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-19.el9_1.2", "arch_op": "pattern match" }, "oYEyIJ07SURdsg7rK6qrYw==": { "id": "oYEyIJ07SURdsg7rK6qrYw==", "updater": "osv/go", "name": "GO-2022-1037", "description": "Unbounded memory consumption when reading headers in archive/tar", "issued": "2022-10-06T16:26:05Z", "links": "https://go.dev/issue/54853 https://go.dev/cl/439355 https://groups.google.com/g/golang-announce/c/xtuG5faxtaU", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.7" }, "obSzOBXxlQxURPk04eb+8Q==": { "id": "obSzOBXxlQxURPk04eb+8Q==", "updater": "rhel-vex", "name": "CVE-2023-52356", "description": "A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.", "issued": "2023-11-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-52356 https://bugzilla.redhat.com/show_bug.cgi?id=2251344 https://www.cve.org/CVERecord?id=CVE-2023-52356 https://nvd.nist.gov/vuln/detail/CVE-2023-52356 https://gitlab.com/libtiff/libtiff/-/issues/622 https://gitlab.com/libtiff/libtiff/-/merge_requests/546 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52356.json https://access.redhat.com/errata/RHSA-2025:20801", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-15.el9", "arch_op": "pattern match" }, "obTTrP5oWTTgSGItpJqyKg==": { "id": "obTTrP5oWTTgSGItpJqyKg==", "updater": "rhel-vex", "name": "CVE-2022-30631", "description": "A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-30631 https://bugzilla.redhat.com/show_bug.cgi?id=2107342 https://www.cve.org/CVERecord?id=CVE-2022-30631 https://nvd.nist.gov/vuln/detail/CVE-2022-30631 https://go.dev/issue/53168 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-30631.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ohJ0B7EgOJ9MaxYsbvhjIA==": { "id": "ohJ0B7EgOJ9MaxYsbvhjIA==", "updater": "rhel-vex", "name": "CVE-2021-3826", "description": "A vulnerability was found in Libiberty. A heap and stack buffer overflow found in the dlang_lname function in d-demangle.c leads to a denial of service.", "issued": "2021-09-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3826 https://bugzilla.redhat.com/show_bug.cgi?id=2122627 https://www.cve.org/CVERecord?id=CVE-2021-3826 https://nvd.nist.gov/vuln/detail/CVE-2021-3826 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3826.json https://access.redhat.com/errata/RHSA-2023:6372", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gdb-gdbserver", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:10.2-11.el9", "arch_op": "pattern match" }, "okR1HNl+O4zCKuv8Joeqcg==": { "id": "okR1HNl+O4zCKuv8Joeqcg==", "updater": "rhel-vex", "name": "CVE-2025-14104", "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14104 https://bugzilla.redhat.com/show_bug.cgi?id=2419369 https://www.cve.org/CVERecord?id=CVE-2025-14104 https://nvd.nist.gov/vuln/detail/CVE-2025-14104 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14104.json https://access.redhat.com/errata/RHSA-2026:1913", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "util-linux", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.37.4-21.el9_7", "arch_op": "pattern match" }, "okRzJuZWda3BPI4wHU6OSg==": { "id": "okRzJuZWda3BPI4wHU6OSg==", "updater": "rhel-vex", "name": "CVE-2024-24784", "description": "A flaw was found in Go's net/mail standard library package. The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions made by programs using different parsers.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24784 https://bugzilla.redhat.com/show_bug.cgi?id=2268021 https://www.cve.org/CVERecord?id=CVE-2024-24784 https://nvd.nist.gov/vuln/detail/CVE-2024-24784 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24784.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "okW8xf+CinO7BWuM9dEk4Q==": { "id": "okW8xf+CinO7BWuM9dEk4Q==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "opnb226IH8+SU+iAVOx8hw==": { "id": "opnb226IH8+SU+iAVOx8hw==", "updater": "rhel-vex", "name": "CVE-2023-3138", "description": "A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.", "issued": "2023-06-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3138 https://bugzilla.redhat.com/show_bug.cgi?id=2213748 https://www.cve.org/CVERecord?id=CVE-2023-3138 https://nvd.nist.gov/vuln/detail/CVE-2023-3138 https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c https://lists.x.org/archives/xorg-announce/2023-June/003406.html https://lists.x.org/archives/xorg-announce/2023-June/003407.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3138.json https://access.redhat.com/errata/RHSA-2023:6497", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-xcb", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-8.el9", "arch_op": "pattern match" }, "oqSc7q4k6wTno/u9knscCQ==": { "id": "oqSc7q4k6wTno/u9knscCQ==", "updater": "rhel-vex", "name": "CVE-2024-9681", "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "issued": "2024-11-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-9681 https://bugzilla.redhat.com/show_bug.cgi?id=2322969 https://www.cve.org/CVERecord?id=CVE-2024-9681 https://nvd.nist.gov/vuln/detail/CVE-2024-9681 https://hackerone.com/reports/2764830 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9681.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "osxk1q2jE3TCrr5JCQRhNA==": { "id": "osxk1q2jE3TCrr5JCQRhNA==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "oucbqlkzMDMKcvhtL5s8bg==": { "id": "oucbqlkzMDMKcvhtL5s8bg==", "updater": "rhel-vex", "name": "CVE-2026-27140", "description": "A flaw was found in the Go programming language (golang) and its command-line tool (cmd/go). A remote attacker could exploit this during the build process by crafting malicious SWIG (Simplified Wrapper and Interface Generator) file names that contain \"cgo\" and specific payloads. This could lead to code smuggling and arbitrary code execution, bypassing trust mechanisms and allowing the attacker to run unauthorized code.", "issued": "2026-04-08T01:06:57Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27140 https://bugzilla.redhat.com/show_bug.cgi?id=2456341 https://www.cve.org/CVERecord?id=CVE-2026-27140 https://nvd.nist.gov/vuln/detail/CVE-2026-27140 https://go.dev/cl/763768 https://go.dev/issue/78335 https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU https://pkg.go.dev/vuln/GO-2026-4871 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27140.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "owALVsfUiwMtDqenpdt7Zg==": { "id": "owALVsfUiwMtDqenpdt7Zg==", "updater": "rhel-vex", "name": "CVE-2023-30581", "description": "A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require() can bypass the policy mechanism and require modules outside of the policy.json definition.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30581 https://bugzilla.redhat.com/show_bug.cgi?id=2219824 https://www.cve.org/CVERecord?id=CVE-2023-30581 https://nvd.nist.gov/vuln/detail/CVE-2023-30581 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30581.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.16.1-1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "oyvtOIVUDqm1ruQx8vhRhA==": { "id": "oyvtOIVUDqm1ruQx8vhRhA==", "updater": "rhel-vex", "name": "CVE-2024-22667", "description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "issued": "2024-02-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22667.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ozbcadljjD/zIm3hj6kVaw==": { "id": "ozbcadljjD/zIm3hj6kVaw==", "updater": "rhel-vex", "name": "CVE-2023-39615", "description": "A flaw was found in Libxml2, where it contains a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a denial of service (DoS) by supplying a crafted XML file.", "issued": "2023-08-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39615 https://bugzilla.redhat.com/show_bug.cgi?id=2235864 https://www.cve.org/CVERecord?id=CVE-2023-39615 https://nvd.nist.gov/vuln/detail/CVE-2023-39615 https://gitlab.gnome.org/GNOME/libxml2/-/issues/535 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39615.json https://access.redhat.com/errata/RHSA-2023:7747", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-5.el9_3", "arch_op": "pattern match" }, "p2+Y5XRhYt7mgZ7H+35S0w==": { "id": "p2+Y5XRhYt7mgZ7H+35S0w==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-File-Find", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.37-481.1.el9_6", "arch_op": "pattern match" }, "p2D36zAi5tbYfUPJhBVLhg==": { "id": "p2D36zAi5tbYfUPJhBVLhg==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "p4PSGpZ+FENmdQZ22vQ2FQ==": { "id": "p4PSGpZ+FENmdQZ22vQ2FQ==", "updater": "rhel-vex", "name": "CVE-2025-48385", "description": "A bundled uri handling flaw was found in Git. When cloning a repository, Git knows to optionally fetch a bundle advertised by the remote server, which allows the server side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection.", "issued": "2025-07-08T18:23:44Z", "links": "https://access.redhat.com/security/cve/CVE-2025-48385 https://bugzilla.redhat.com/show_bug.cgi?id=2378808 https://www.cve.org/CVERecord?id=CVE-2025-48385 https://nvd.nist.gov/vuln/detail/CVE-2025-48385 https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-48385.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "p5Ki7Z96ChbT07EZ4WnnKg==": { "id": "p5Ki7Z96ChbT07EZ4WnnKg==", "updater": "rhel-vex", "name": "CVE-2023-45289", "description": "A flaw was found in Go's net/http/cookiejar standard library package. When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45289 https://bugzilla.redhat.com/show_bug.cgi?id=2268018 https://www.cve.org/CVERecord?id=CVE-2023-45289 https://nvd.nist.gov/vuln/detail/CVE-2023-45289 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45289.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "p8XKlr7C/uFXLykQP2132Q==": { "id": "p8XKlr7C/uFXLykQP2132Q==", "updater": "rhel-vex", "name": "CVE-2023-25136", "description": "A flaw was found in the OpenSSH server (sshd), which introduced a double-free vulnerability during options.kex_algorithms handling. An unauthenticated attacker can trigger the double-free in the default configuration.", "issued": "2023-02-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25136 https://bugzilla.redhat.com/show_bug.cgi?id=2167636 https://www.cve.org/CVERecord?id=CVE-2023-25136 https://nvd.nist.gov/vuln/detail/CVE-2023-25136 https://bugzilla.mindrot.org/show_bug.cgi?id=3522 https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/017_sshd.patch.sig https://github.com/openssh/openssh-portable/commit/486c4dc3b83b4b67d663fb0fa62bc24138ec3946 https://www.openwall.com/lists/oss-security/2023/02/02/2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25136.json https://access.redhat.com/errata/RHSA-2023:2645", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-29.el9_2", "arch_op": "pattern match" }, "pBJCL45M2NleSRKXAGAPTw==": { "id": "pBJCL45M2NleSRKXAGAPTw==", "updater": "rhel-vex", "name": "CVE-2025-61143", "description": "A flaw was found in libtiff. This vulnerability, a NULL pointer dereference, occurs in the `tif_open.c` component. An attacker could exploit this by providing specially crafted input, leading to a Denial of Service (DoS) due to an application crash.", "issued": "2026-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61143 https://bugzilla.redhat.com/show_bug.cgi?id=2441978 https://www.cve.org/CVERecord?id=CVE-2025-61143 https://nvd.nist.gov/vuln/detail/CVE-2025-61143 https://gist.github.com/optionGo/9c024cd8e7b131463b84dc60af9bb0aa https://gitlab.com/libtiff/libtiff/-/issues/737 https://gitlab.com/libtiff/libtiff/-/merge_requests/755 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61143.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "pC9XVLaTUwErG9Rd01nABA==": { "id": "pC9XVLaTUwErG9Rd01nABA==", "updater": "rhel-vex", "name": "CVE-2025-47906", "description": "A path handling flaw has been discovered in the os/exec go package. If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", "issued": "2025-09-18T18:41:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47906 https://bugzilla.redhat.com/show_bug.cgi?id=2396546 https://www.cve.org/CVERecord?id=CVE-2025-47906 https://nvd.nist.gov/vuln/detail/CVE-2025-47906 https://go.dev/cl/691775 https://go.dev/issue/74466 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://pkg.go.dev/vuln/GO-2025-3956 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47906.json https://access.redhat.com/errata/RHSA-2025:22005", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "go-srpm-macros", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.6.0-12.el9_7", "arch_op": "pattern match" }, "pENgwsqn4gloGqUZSMstFA==": { "id": "pENgwsqn4gloGqUZSMstFA==", "updater": "osv/go", "name": "GO-2026-4864", "description": "TOCTOU permits root escape on Linux via Root.Chmod in os in internal/syscall/unix", "issued": "2026-04-07T22:53:49Z", "links": "https://go.dev/cl/763761 https://go.dev/issue/78293 https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.25.9" }, "pEwkPeffucbY50JSGQdERQ==": { "id": "pEwkPeffucbY50JSGQdERQ==", "updater": "rhel-vex", "name": "CVE-2022-3358", "description": "A flaw was found in OpenSSL, where it incorrectly handles legacy custom ciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions (as well as other similarly named encryption and decryption initialization functions). Instead of using the custom cipher directly, it incorrectly tries to fetch an equivalent cipher from the available providers. An equivalent cipher is found based on the NID passed to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a given cipher. However, it is possible for an application to incorrectly pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef is used this way, the OpenSSL encryption/decryption initialization function will match the NULL cipher as equivalent and fetch this from the available providers. This is successful if the default provider has been loaded (or if a third-party provider has been loaded that offers this cipher). Using the NULL cipher means that the plaintext is emitted as the ciphertext.", "issued": "2022-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3358 https://bugzilla.redhat.com/show_bug.cgi?id=2134740 https://www.cve.org/CVERecord?id=CVE-2022-3358 https://nvd.nist.gov/vuln/detail/CVE-2022-3358 https://www.openssl.org/news/secadv/20221011.txt https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3358.json https://access.redhat.com/errata/RHSA-2023:2523", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-6.el9_2", "arch_op": "pattern match" }, "pF95anl048AG1ftGU/lNnw==": { "id": "pF95anl048AG1ftGU/lNnw==", "updater": "rhel-vex", "name": "CVE-2026-21710", "description": "A flaw was found in Node.js. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request that includes a header named `__proto__`. When a Node.js application processes this request and attempts to access distinct headers, it encounters an unhandled error, leading to an application crash. This can result in a Denial of Service (DoS), making the affected service unavailable to users.", "issued": "2026-03-30T19:07:28Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21710 https://bugzilla.redhat.com/show_bug.cgi?id=2453151 https://www.cve.org/CVERecord?id=CVE-2026-21710 https://nvd.nist.gov/vuln/detail/CVE-2026-21710 https://nodejs.org/en/blog/vulnerability/march-2026-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21710.json https://access.redhat.com/errata/RHSA-2026:7896", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.20.2-1.module+el9.7.0+24193+41b7b572", "arch_op": "pattern match" }, "pFXK+S/0lzfxv0ToVY49hA==": { "id": "pFXK+S/0lzfxv0ToVY49hA==", "updater": "rhel-vex", "name": "CVE-2024-22018", "description": "A flaw was found in the Node.js package. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve stats from files they do not have explicit read access to.", "issued": "2024-07-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22018 https://bugzilla.redhat.com/show_bug.cgi?id=2296990 https://www.cve.org/CVERecord?id=CVE-2024-22018 https://nvd.nist.gov/vuln/detail/CVE-2024-22018 https://hackerone.com/reports/2145862 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22018.json https://access.redhat.com/errata/RHSA-2024:5815", "severity": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.16.0-1.module+el9.4.0+22197+9e60f127", "arch_op": "pattern match" }, "pGkOHCsusTyFHJ/G9JGXiA==": { "id": "pGkOHCsusTyFHJ/G9JGXiA==", "updater": "rhel-vex", "name": "CVE-2023-24807", "description": "Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24807 https://bugzilla.redhat.com/show_bug.cgi?id=2172204 https://www.cve.org/CVERecord?id=CVE-2023-24807 https://nvd.nist.gov/vuln/detail/CVE-2023-24807 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24807.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "pHq3XsQe5Y157BuUHMufyg==": { "id": "pHq3XsQe5Y157BuUHMufyg==", "updater": "rhel-vex", "name": "CVE-2023-24532", "description": "A flaw was found in the crypto/internal/nistec golang library. The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars, such as a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh.", "issued": "2023-03-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24532 https://bugzilla.redhat.com/show_bug.cgi?id=2223355 https://www.cve.org/CVERecord?id=CVE-2023-24532 https://nvd.nist.gov/vuln/detail/CVE-2023-24532 https://go.dev/cl/471255 https://go.dev/issue/58647 https://groups.google.com/g/golang-announce/c/3-TpUx48iQY https://pkg.go.dev/vuln/GO-2023-1621 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24532.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "pIJllB0DitFR4biXCLWlfQ==": { "id": "pIJllB0DitFR4biXCLWlfQ==", "updater": "rhel-vex", "name": "CVE-2024-24783", "description": "A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24783 https://bugzilla.redhat.com/show_bug.cgi?id=2268019 https://www.cve.org/CVERecord?id=CVE-2024-24783 https://nvd.nist.gov/vuln/detail/CVE-2024-24783 http://www.openwall.com/lists/oss-security/2024/03/08/4 https://github.com/advisories/GHSA-3q2c-pvp5-3cqp https://go.dev/cl/569339 https://go.dev/issue/65390 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://pkg.go.dev/vuln/GO-2024-2598 https://security.netapp.com/advisory/ntap-20240329-0005 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24783.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "pK26sxPUfpa6SjJQHK9XfQ==": { "id": "pK26sxPUfpa6SjJQHK9XfQ==", "updater": "rhel-vex", "name": "CVE-2026-21712", "description": "A flaw was found in Node.js. This vulnerability allows an attacker to cause a Denial of Service (DoS) by providing a malformed Internationalized Domain Name (IDN) to the `url.format()` function. When processed, this malformed input triggers an internal error, causing the Node.js application to crash. This can disrupt services and make them unavailable.", "issued": "2026-03-30T15:13:59Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21712 https://bugzilla.redhat.com/show_bug.cgi?id=2453037 https://www.cve.org/CVERecord?id=CVE-2026-21712 https://nvd.nist.gov/vuln/detail/CVE-2026-21712 https://hackerone.com/reports/3546390 https://nodejs.org/en/blog/vulnerability/march-2026-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21712.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "pLMgO5RHEs1yrujEkb226g==": { "id": "pLMgO5RHEs1yrujEkb226g==", "updater": "rhel-vex", "name": "CVE-2025-22870", "description": "A flaw was found in proxy host matching. This vulnerability allows improper bypassing of proxy settings via manipulating an IPv6 zone ID, causing unintended matches against the NO_PROXY environment variable.", "issued": "2025-03-12T18:27:59Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22870 https://bugzilla.redhat.com/show_bug.cgi?id=2351766 https://www.cve.org/CVERecord?id=CVE-2025-22870 https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://go.dev/cl/654697 https://go.dev/issue/71984 https://pkg.go.dev/vuln/GO-2025-3503 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22870.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "pN9L6/wRgu21CuY/FfnkIA==": { "id": "pN9L6/wRgu21CuY/FfnkIA==", "updater": "rhel-vex", "name": "CVE-2023-7008", "description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "issued": "2022-12-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:252-32.el9_4", "arch_op": "pattern match" }, "pNsmsBM6zioL8gqkR9CNUA==": { "id": "pNsmsBM6zioL8gqkR9CNUA==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "pT+67u2xHyxzA5Cl+Ui55Q==": { "id": "pT+67u2xHyxzA5Cl+Ui55Q==", "updater": "rhel-vex", "name": "CVE-2023-28321", "description": "A flaw was found in the Curl package. An incorrect International Domain Name (IDN) wildcard match may lead to improper certificate validation.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28321 https://bugzilla.redhat.com/show_bug.cgi?id=2196786 https://www.cve.org/CVERecord?id=CVE-2023-28321 https://nvd.nist.gov/vuln/detail/CVE-2023-28321 https://curl.se/docs/CVE-2023-28321.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28321.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "pTPOuY2Z9zqKtyr33n5ctw==": { "id": "pTPOuY2Z9zqKtyr33n5ctw==", "updater": "rhel-vex", "name": "CVE-2026-21637", "description": "A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when `pskCallback` or `ALPNCallback` are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths (tlsClientError and error), causing either immediate process termination or silent file descriptor leaks that eventually lead to denial of service. Because these callbacks process attacker-controlled input during the TLS handshake, a remote client can repeatedly trigger the issue. This vulnerability affects TLS servers using PSK or ALPN callbacks across Node.js versions where these callbacks throw without being safely wrapped.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21637 https://bugzilla.redhat.com/show_bug.cgi?id=2431340 https://www.cve.org/CVERecord?id=CVE-2026-21637 https://nvd.nist.gov/vuln/detail/CVE-2026-21637 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21637.json https://access.redhat.com/errata/RHSA-2026:2783", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.20.0-1.module+el9.7.0+23895+0637d423", "arch_op": "pattern match" }, "pTT7g2z3OsAYgdVqJMZOLQ==": { "id": "pTT7g2z3OsAYgdVqJMZOLQ==", "updater": "osv/go", "name": "GO-2022-0521", "description": "Stack exhaustion from deeply nested XML documents in encoding/xml", "issued": "2022-07-20T17:02:04Z", "links": "https://go.dev/cl/417062 https://go.googlesource.com/go/+/08c46ed43d80bbb67cb904944ea3417989be4af3 https://go.dev/issue/53614 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.4" }, "pWQV0Z8XQHYl5n7sHUZBqA==": { "id": "pWQV0Z8XQHYl5n7sHUZBqA==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1503", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.19.1-1.module+el9.3.0+21388+22892fb9", "arch_op": "pattern match" }, "pWmmw4ixBXV6KyYl3C9RWQ==": { "id": "pWmmw4ixBXV6KyYl3C9RWQ==", "updater": "rhel-vex", "name": "CVE-2025-68160", "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-68160 https://bugzilla.redhat.com/show_bug.cgi?id=2430380 https://www.cve.org/CVERecord?id=CVE-2025-68160 https://nvd.nist.gov/vuln/detail/CVE-2025-68160 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68160.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "pX9giWYBuTR0yK974RC2ng==": { "id": "pX9giWYBuTR0yK974RC2ng==", "updater": "rhel-vex", "name": "CVE-2023-7104", "description": "A vulnerability has been identified in SQLite3. This issue affects the sessionReadRecord function of the ext/session/sqlite3session.c function in the make alltest Handler component. Manipulation may cause a heap-based buffer overflow to occur.", "issued": "2023-12-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7104 https://bugzilla.redhat.com/show_bug.cgi?id=2256194 https://www.cve.org/CVERecord?id=CVE-2023-7104 https://nvd.nist.gov/vuln/detail/CVE-2023-7104 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7104.json https://access.redhat.com/errata/RHSA-2024:0465", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "sqlite-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-7.el9_3", "arch_op": "pattern match" }, "pd2B9G+4ekvOFTzso0NXCw==": { "id": "pd2B9G+4ekvOFTzso0NXCw==", "updater": "rhel-vex", "name": "CVE-2024-8088", "description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "issued": "2024-08-22T19:15:09Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:6163", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.5", "arch_op": "pattern match" }, "peMVLpnT962hXrm4IDBPqg==": { "id": "peMVLpnT962hXrm4IDBPqg==", "updater": "rhel-vex", "name": "CVE-2024-52005", "description": "A flaw was found in Git. When cloning, fetching, or pushing from a server, informational or error messages are transported from the remote Git process to the client via a sideband channel. These messages are prefixed with \"remote:\" and printed directly to the standard error output. Typically, this standard error output is connected to a terminal that understands ANSI escape sequences, which Git did not protect against. Most modern terminals support control sequences that can be used by a malicious actor to hide and misrepresent information or to mislead the user into executing untrusted scripts.", "issued": "2025-01-15T17:35:02Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52005 https://bugzilla.redhat.com/show_bug.cgi?id=2338289 https://www.cve.org/CVERecord?id=CVE-2024-52005 https://nvd.nist.gov/vuln/detail/CVE-2024-52005 https://github.com/git/git/security/advisories/GHSA-7jjc-gg6m-3329 https://lore.kernel.org/git/1M9FnZ-1taoNo1wwh-00ESSd@mail.gmx.net https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52005.json https://access.redhat.com/errata/RHSA-2025:7409", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.1-2.el9_6", "arch_op": "pattern match" }, "peuiWx2cfvlg0ej3db5p4Q==": { "id": "peuiWx2cfvlg0ej3db5p4Q==", "updater": "rhel-vex", "name": "CVE-2024-34155", "description": "A flaw was found in the go/parser package of the Golang standard library. Calling any Parse functions on Go source code containing deeply nested literals can cause a panic due to stack exhaustion.", "issued": "2024-09-06T21:15:11Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34155 https://bugzilla.redhat.com/show_bug.cgi?id=2310527 https://www.cve.org/CVERecord?id=CVE-2024-34155 https://nvd.nist.gov/vuln/detail/CVE-2024-34155 https://go.dev/cl/611238 https://go.dev/issue/69138 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3105 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34155.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "pfNYlxG8sY9hFt3528zJoA==": { "id": "pfNYlxG8sY9hFt3528zJoA==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "pfZcHRowGRRifIIMXAg+9w==": { "id": "pfZcHRowGRRifIIMXAg+9w==", "updater": "rhel-vex", "name": "CVE-2023-5678", "description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "issued": "2023-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "pg+SRV3v3Mv4Yg+0x76+jg==": { "id": "pg+SRV3v3Mv4Yg+0x76+jg==", "updater": "rhel-vex", "name": "CVE-2023-29469", "description": "A flaw was found in libxml2. This issue occurs when hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce inconsistent results, which may lead to various logic or memory errors, including double free errors.", "issued": "2023-04-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29469 https://bugzilla.redhat.com/show_bug.cgi?id=2185984 https://www.cve.org/CVERecord?id=CVE-2023-29469 https://nvd.nist.gov/vuln/detail/CVE-2023-29469 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29469.json https://access.redhat.com/errata/RHSA-2023:4349", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-3.el9_2.1", "arch_op": "pattern match" }, "piA8HykwHgm/u3haFYSPzw==": { "id": "piA8HykwHgm/u3haFYSPzw==", "updater": "rhel-vex", "name": "CVE-2023-2975", "description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "issued": "2023-07-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "pl0eAtev2igDstYhHd6sxw==": { "id": "pl0eAtev2igDstYhHd6sxw==", "updater": "rhel-vex", "name": "CVE-2022-25881", "description": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.", "issued": "2023-01-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25881 https://bugzilla.redhat.com/show_bug.cgi?id=2165824 https://www.cve.org/CVERecord?id=CVE-2022-25881 https://nvd.nist.gov/vuln/detail/CVE-2022-25881 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25881.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "plDQVm4QhCu9lfz3pQKBFw==": { "id": "plDQVm4QhCu9lfz3pQKBFw==", "updater": "rhel-vex", "name": "CVE-2026-21712", "description": "A flaw was found in Node.js. This vulnerability allows an attacker to cause a Denial of Service (DoS) by providing a malformed Internationalized Domain Name (IDN) to the `url.format()` function. When processed, this malformed input triggers an internal error, causing the Node.js application to crash. This can disrupt services and make them unavailable.", "issued": "2026-03-30T15:13:59Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21712 https://bugzilla.redhat.com/show_bug.cgi?id=2453037 https://www.cve.org/CVERecord?id=CVE-2026-21712 https://nvd.nist.gov/vuln/detail/CVE-2026-21712 https://hackerone.com/reports/3546390 https://nodejs.org/en/blog/vulnerability/march-2026-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21712.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "plTl3JV8fPj1sUiMh31FmQ==": { "id": "plTl3JV8fPj1sUiMh31FmQ==", "updater": "rhel-vex", "name": "CVE-2023-6597", "description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.1", "arch_op": "pattern match" }, "pmYCdyBPlSpsjaT+VrrmLg==": { "id": "pmYCdyBPlSpsjaT+VrrmLg==", "updater": "rhel-vex", "name": "CVE-2023-24807", "description": "Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24807 https://bugzilla.redhat.com/show_bug.cgi?id=2172204 https://www.cve.org/CVERecord?id=CVE-2023-24807 https://nvd.nist.gov/vuln/detail/CVE-2023-24807 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24807.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "pp3PQor2CpTCVnKZusQgwg==": { "id": "pp3PQor2CpTCVnKZusQgwg==", "updater": "rhel-vex", "name": "CVE-2024-21892", "description": "A flaw was found in Node.js. On Linux, Node.js ignores certain environment variables if an unprivileged user has set them while the process is running with elevated privileges, except for CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when other capabilities have been set. This flaw allows unprivileged users to inject code that inherits the process's elevated privileges.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21892 https://bugzilla.redhat.com/show_bug.cgi?id=2264582 https://www.cve.org/CVERecord?id=CVE-2024-21892 https://nvd.nist.gov/vuln/detail/CVE-2024-21892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21892.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "pqvnt6puEE8VbSe1ozlTfg==": { "id": "pqvnt6puEE8VbSe1ozlTfg==", "updater": "rhel-vex", "name": "CVE-2024-45336", "description": "A flaw was found in the net/http package of the Golang standard library. The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to `a.com/` containing an Authorization header redirected to `b.com/` will not send that header to `b.com`. However, the sensitive headers would be restored if the client received a subsequent same-domain redirect. For example, a chain of redirects from `a.com/`, to `b.com/1`, and finally to `b.com/2` would incorrectly send the Authorization header to `b.com/2`.", "issued": "2025-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/show_bug.cgi?id=2341751 https://www.cve.org/CVERecord?id=CVE-2024-45336 https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://github.com/golang/go/issues/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45336.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "pr6wo3A29JKUBSVK/BGExw==": { "id": "pr6wo3A29JKUBSVK/BGExw==", "updater": "rhel-vex", "name": "CVE-2024-32465", "description": "A flaw was found in Git in a full copy of a Git repository. A prerequisite for this vulnerability is for an unauthenticated attacker to place a specialized repository on their target's local system. If the victim were to clone this repository, it could result in arbitrary code execution.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32465 https://bugzilla.redhat.com/show_bug.cgi?id=2280446 https://www.cve.org/CVERecord?id=CVE-2024-32465 https://nvd.nist.gov/vuln/detail/CVE-2024-32465 https://github.com/git/git/security/advisories/GHSA-vm9j-46j9-qvq4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32465.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "psR1kVsSZz19yYKHsoaoNg==": { "id": "psR1kVsSZz19yYKHsoaoNg==", "updater": "rhel-vex", "name": "CVE-2023-23936", "description": "A flaw was found in the fetch API in Node.js that did not prevent CRLF injection in the 'host' header. This issue could allow HTTP response splitting and HTTP header injection.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23936 https://bugzilla.redhat.com/show_bug.cgi?id=2172190 https://www.cve.org/CVERecord?id=CVE-2023-23936 https://nvd.nist.gov/vuln/detail/CVE-2023-23936 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23936.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "psclC23VyV2exiVERqdTxQ==": { "id": "psclC23VyV2exiVERqdTxQ==", "updater": "rhel-vex", "name": "CVE-2025-69644", "description": "A flaw was found in binutils. A local attacker can exploit a logic flaw in the handling of DWARF (Debugging With Attributed Record Formats) location list headers within the objdump utility. By supplying a crafted binary with malformed debug information, the attacker can cause objdump to enter an unbounded loop, leading to excessive resource consumption and a Denial of Service (DoS).", "issued": "2026-03-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69644 https://bugzilla.redhat.com/show_bug.cgi?id=2445263 https://www.cve.org/CVERecord?id=CVE-2025-69644 https://nvd.nist.gov/vuln/detail/CVE-2025-69644 https://sourceware.org/bugzilla/show_bug.cgi?id=33639 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=455446bbdc8675f34808187de2bbad4682016ff7 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69644.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "psr6EfqmKkDu2s/af+27mw==": { "id": "psr6EfqmKkDu2s/af+27mw==", "updater": "rhel-vex", "name": "CVE-2023-30589", "description": "A vulnerability has been identified in the Node.js, where llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30589 https://bugzilla.redhat.com/show_bug.cgi?id=2219841 https://www.cve.org/CVERecord?id=CVE-2023-30589 https://nvd.nist.gov/vuln/detail/CVE-2023-30589 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30589.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.16.1-1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "pv5Nm8Lwfq3X5Sm3cuoD1g==": { "id": "pv5Nm8Lwfq3X5Sm3cuoD1g==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "pvm4gwkuqzgisbgZu1oTlQ==": { "id": "pvm4gwkuqzgisbgZu1oTlQ==", "updater": "osv/go", "name": "GO-2022-0527", "description": "Stack exhaustion in Glob on certain paths in io/fs", "issued": "2022-07-20T20:52:22Z", "links": "https://go.dev/cl/417065 https://go.googlesource.com/go/+/fa2d41d0ca736f3ad6b200b2a4e134364e9acc59 https://go.dev/issue/53415 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.4" }, "pvtiIO9KHqFscFbvNo86Dw==": { "id": "pvtiIO9KHqFscFbvNo86Dw==", "updater": "rhel-vex", "name": "CVE-2023-51385", "description": "A flaw was found in OpenSSH. In certain circumstances, a remote attacker may be able to execute arbitrary OS commands by using expansion tokens, such as %u or %h, with user names or host names that contain shell metacharacters.", "issued": "2023-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-51385 https://bugzilla.redhat.com/show_bug.cgi?id=2255271 https://www.cve.org/CVERecord?id=CVE-2023-51385 https://nvd.nist.gov/vuln/detail/CVE-2023-51385 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-51385.json https://access.redhat.com/errata/RHSA-2024:1130", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-34.el9_3.3", "arch_op": "pattern match" }, "pwFS1oPwyZIRVgVgtAgSPQ==": { "id": "pwFS1oPwyZIRVgVgtAgSPQ==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "pwNeC1oSJCRKeW3NQ1Zwmw==": { "id": "pwNeC1oSJCRKeW3NQ1Zwmw==", "updater": "rhel-vex", "name": "CVE-2023-46218", "description": "A flaw was found in curl that verifies a given cookie domain against the Public Suffix List. This issue could allow a malicious HTTP server to set \"super cookies\" in curl that are passed back to more origins than what is otherwise allowed or possible.", "issued": "2023-12-06T07:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46218 https://bugzilla.redhat.com/show_bug.cgi?id=2252030 https://www.cve.org/CVERecord?id=CVE-2023-46218 https://nvd.nist.gov/vuln/detail/CVE-2023-46218 https://curl.se/docs/CVE-2023-46218.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46218.json https://access.redhat.com/errata/RHSA-2024:1129", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.3", "arch_op": "pattern match" }, "pwSWzlcJAuR/J5zikGUxiw==": { "id": "pwSWzlcJAuR/J5zikGUxiw==", "updater": "rhel-vex", "name": "CVE-2024-34156", "description": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://www.cve.org/CVERecord?id=CVE-2024-34156 https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3106 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34156.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "pxuVFZsuUa8YFBkmcjpnxQ==": { "id": "pxuVFZsuUa8YFBkmcjpnxQ==", "updater": "rhel-vex", "name": "CVE-2022-43552", "description": "A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols, curl can use a heap-allocated struct after it has been freed and shut down the code path in its transfer.", "issued": "2022-12-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-43552 https://bugzilla.redhat.com/show_bug.cgi?id=2152652 https://www.cve.org/CVERecord?id=CVE-2022-43552 https://nvd.nist.gov/vuln/detail/CVE-2022-43552 https://curl.se/docs/CVE-2022-43552.html https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-43552.json https://access.redhat.com/errata/RHSA-2023:2478", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9", "arch_op": "pattern match" }, "pzONVbRfZmj1lkGaWtUucQ==": { "id": "pzONVbRfZmj1lkGaWtUucQ==", "updater": "rhel-vex", "name": "CVE-2026-22795", "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22795 https://bugzilla.redhat.com/show_bug.cgi?id=2430389 https://www.cve.org/CVERecord?id=CVE-2026-22795 https://nvd.nist.gov/vuln/detail/CVE-2026-22795 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22795.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "q29SxeDdhfgnRkudvf3mdA==": { "id": "q29SxeDdhfgnRkudvf3mdA==", "updater": "rhel-vex", "name": "CVE-2022-41724", "description": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41724 https://bugzilla.redhat.com/show_bug.cgi?id=2178492 https://www.cve.org/CVERecord?id=CVE-2022-41724 https://nvd.nist.gov/vuln/detail/CVE-2022-41724 https://go.dev/cl/468125 https://go.dev/issue/58001 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E https://pkg.go.dev/vuln/GO-2023-1570 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41724.json https://access.redhat.com/errata/RHBA-2023:2181", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.6-2.el9_2", "arch_op": "pattern match" }, "q4W6wpO2YbOLS87LUXPVBw==": { "id": "q4W6wpO2YbOLS87LUXPVBw==", "updater": "rhel-vex", "name": "CVE-2025-8851", "description": "A stack based buffer overflow flaw has been discovered in libTIFF. An attacker with local access may be able to craft input to the readSeparateStripsetoBuffer function in the file tools/tiffcrop.c that triggers this flaw. This issue could allow an attacker to achieve local code execution in the context of the affected process.", "issued": "2025-08-11T13:32:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8851 https://bugzilla.redhat.com/show_bug.cgi?id=2387618 https://www.cve.org/CVERecord?id=CVE-2025-8851 https://nvd.nist.gov/vuln/detail/CVE-2025-8851 http://www.libtiff.org/ https://gitlab.com/libtiff/libtiff/-/commit/8a7a48d7a645992ca83062b3a1873c951661e2b3 https://vuldb.com/?ctiid.319382 https://vuldb.com/?id.319382 https://vuldb.com/?submit.624604 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8851.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "q5joCCZ2cOTa0rXBUtiSpQ==": { "id": "q5joCCZ2cOTa0rXBUtiSpQ==", "updater": "rhel-vex", "name": "CVE-2025-11839", "description": "An uncheck return value flaw has been discovered in the GNU binutils program. This flaw exists in the `tg_tag_type` function of the file prdbg.c and exploitation of this flaw may lead to a program crash.", "issued": "2025-10-16T14:02:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11839 https://bugzilla.redhat.com/show_bug.cgi?id=2404439 https://www.cve.org/CVERecord?id=CVE-2025-11839 https://nvd.nist.gov/vuln/detail/CVE-2025-11839 https://sourceware.org/bugzilla/attachment.cgi?id=16344 https://sourceware.org/bugzilla/show_bug.cgi?id=33448 https://vuldb.com/?ctiid.328774 https://vuldb.com/?id.328774 https://vuldb.com/?submit.661279 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11839.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "q6x8gUSR0HLnQLHLmB4Htw==": { "id": "q6x8gUSR0HLnQLHLmB4Htw==", "updater": "rhel-vex", "name": "CVE-2023-0795", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractContigSamplesShifted16bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0795 https://bugzilla.redhat.com/show_bug.cgi?id=2170119 https://www.cve.org/CVERecord?id=CVE-2023-0795 https://nvd.nist.gov/vuln/detail/CVE-2023-0795 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0795.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "q7IyWv1MOsi/PXOLUGKElQ==": { "id": "q7IyWv1MOsi/PXOLUGKElQ==", "updater": "rhel-vex", "name": "CVE-2024-6409", "description": "A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server.", "issued": "2024-07-08T17:45:07Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6409 https://bugzilla.redhat.com/show_bug.cgi?id=2295085 https://www.cve.org/CVERecord?id=CVE-2024-6409 https://nvd.nist.gov/vuln/detail/CVE-2024-6409 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6409.json https://access.redhat.com/errata/RHSA-2024:4457", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-38.el9_4.4", "arch_op": "pattern match" }, "q9L+6bHSCCXbReRfXEPeTg==": { "id": "q9L+6bHSCCXbReRfXEPeTg==", "updater": "rhel-vex", "name": "CVE-2023-43787", "description": "A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43787 https://bugzilla.redhat.com/show_bug.cgi?id=2242254 https://www.cve.org/CVERecord?id=CVE-2023-43787 https://nvd.nist.gov/vuln/detail/CVE-2023-43787 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43787.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "qAjJcUd7scO8lHObIc+8TA==": { "id": "qAjJcUd7scO8lHObIc+8TA==", "updater": "rhel-vex", "name": "CVE-2025-61727", "description": "A flaw was found in the crypto/x509 package in the Go standard library. This vulnerability allows a certificate validation bypass via an excluded subdomain constraint in a certificated chain as it does not restrict the usage of wildcard SANs in the leaf certificate.", "issued": "2025-12-03T19:37:15Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61727 https://bugzilla.redhat.com/show_bug.cgi?id=2418677 https://www.cve.org/CVERecord?id=CVE-2025-61727 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://pkg.go.dev/vuln/GO-2025-4175 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61727.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qB1uVwi5ydv4et+JpGcenw==": { "id": "qB1uVwi5ydv4et+JpGcenw==", "updater": "rhel-vex", "name": "CVE-2023-36054", "description": "A vulnerability was found in the _xdr_kadm5_principal_ent_rec() function in lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (krb5). This issue occurs due to lack of validation in the relationship between n_key_data and the key_data array count, leading to the freeing of uninitialized pointers. This may allow a remote authenticated attacker to send a specially crafted request that causes the kadmind process to crash, resulting in a denial of service (DoS).", "issued": "2023-08-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-36054 https://bugzilla.redhat.com/show_bug.cgi?id=2230178 https://www.cve.org/CVERecord?id=CVE-2023-36054 https://nvd.nist.gov/vuln/detail/CVE-2023-36054 https://github.com/krb5/krb5/commit/ef08b09c9459551aabbe7924fb176f1583053cdd https://github.com/krb5/krb5/compare/krb5-1.20.1-final...krb5-1.20.2-final https://github.com/krb5/krb5/compare/krb5-1.21-final...krb5-1.21.1-final https://web.mit.edu/kerberos/www/advisories/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36054.json https://access.redhat.com/errata/RHSA-2023:6699", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-1.el9", "arch_op": "pattern match" }, "qEQEeZkI3fZm1RmMiKeYYg==": { "id": "qEQEeZkI3fZm1RmMiKeYYg==", "updater": "rhel-vex", "name": "CVE-2024-22020", "description": "A flaw was found in the Node.js package. By embedding non-network imports in data URLs, this flaw allows an attacker to execute arbitrary code, compromising system security.", "issued": "2024-07-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22020 https://bugzilla.redhat.com/show_bug.cgi?id=2296417 https://www.cve.org/CVERecord?id=CVE-2024-22020 https://nvd.nist.gov/vuln/detail/CVE-2024-22020 https://hackerone.com/reports/2092749 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22020.json https://access.redhat.com/errata/RHSA-2024:5815", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.16.0-1.module+el9.4.0+22197+9e60f127", "arch_op": "pattern match" }, "qEhRdzGH44SGjJIcqcIv/g==": { "id": "qEhRdzGH44SGjJIcqcIv/g==", "updater": "rhel-vex", "name": "CVE-2022-2344", "description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "issued": "2022-07-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2344.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qEoADqpvCc0dfHbPv1ykKQ==": { "id": "qEoADqpvCc0dfHbPv1ykKQ==", "updater": "rhel-vex", "name": "CVE-2025-59465", "description": "A denial of service flaw has been discovered in NodeJS. A malformed `HTTP/2 HEADERS` frame with oversized, invalid `HPACK` data can cause Node.js to crash by triggering an unhandled `TLSSocket` error `ECONNRESET`. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not attach explicit error handlers to secure sockets", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-59465 https://bugzilla.redhat.com/show_bug.cgi?id=2431349 https://www.cve.org/CVERecord?id=CVE-2025-59465 https://nvd.nist.gov/vuln/detail/CVE-2025-59465 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-59465.json https://access.redhat.com/errata/RHSA-2026:2781", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.13.0-1.module+el9.7.0+23894+c8377628", "arch_op": "pattern match" }, "qFIYjZJeFnLAVC7lR0n6oQ==": { "id": "qFIYjZJeFnLAVC7lR0n6oQ==", "updater": "rhel-vex", "name": "CVE-2026-0989", "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested \u003cinclude\u003e directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "issued": "2026-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0989 https://bugzilla.redhat.com/show_bug.cgi?id=2429933 https://www.cve.org/CVERecord?id=CVE-2026-0989 https://nvd.nist.gov/vuln/detail/CVE-2026-0989 https://gitlab.gnome.org/GNOME/libxml2/-/issues/998 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0989.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qFdiNhAK1CrksJV/dJy7OA==": { "id": "qFdiNhAK1CrksJV/dJy7OA==", "updater": "rhel-vex", "name": "CVE-2025-49794", "description": "A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the \u003csch:name path=\"...\"/\u003e schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.", "issued": "2025-06-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-49794 https://bugzilla.redhat.com/show_bug.cgi?id=2372373 https://www.cve.org/CVERecord?id=CVE-2025-49794 https://nvd.nist.gov/vuln/detail/CVE-2025-49794 https://gitlab.gnome.org/GNOME/libxml2/-/issues/931 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-49794.json https://access.redhat.com/errata/RHSA-2025:10699", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-10.el9_6", "arch_op": "pattern match" }, "qFhnV7djagzTbJn2rH4ndA==": { "id": "qFhnV7djagzTbJn2rH4ndA==", "updater": "rhel-vex", "name": "CVE-2024-32020", "description": "A vulnerability was found in Git. This flaw allows an unauthenticated attacker to place a specialized repository on their target's local system. For performance reasons, Git uses hardlinks when cloning a repository located on the same disk. However, if the repo being cloned is owned by a different user, this can introduce a security risk. At any time in the future, the original repo owner could rewrite the hardlinked files in the cloned user's repo.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32020 https://bugzilla.redhat.com/show_bug.cgi?id=2280466 https://www.cve.org/CVERecord?id=CVE-2024-32020 https://nvd.nist.gov/vuln/detail/CVE-2024-32020 https://github.com/git/git/security/advisories/GHSA-5rfh-556j-fhgj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32020.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "qI12E1AIG5PjZFUHEhSkgw==": { "id": "qI12E1AIG5PjZFUHEhSkgw==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "qIRy7/v51ILezECGLzLGBw==": { "id": "qIRy7/v51ILezECGLzLGBw==", "updater": "rhel-vex", "name": "CVE-2025-48384", "description": "A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return (CR) are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read, resulting in the submodule being checked out to an incorrect location.", "issued": "2025-07-08T18:23:48Z", "links": "https://access.redhat.com/security/cve/CVE-2025-48384 https://bugzilla.redhat.com/show_bug.cgi?id=2378806 https://www.cve.org/CVERecord?id=CVE-2025-48384 https://nvd.nist.gov/vuln/detail/CVE-2025-48384 https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384 https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89 https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9 https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-48384.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "qLHoaQ/4ax3G7SRd9aV2yg==": { "id": "qLHoaQ/4ax3G7SRd9aV2yg==", "updater": "rhel-vex", "name": "CVE-2023-30775", "description": "A vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c.", "issued": "2023-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30775 https://bugzilla.redhat.com/show_bug.cgi?id=2187141 https://www.cve.org/CVERecord?id=CVE-2023-30775 https://nvd.nist.gov/vuln/detail/CVE-2023-30775 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30775.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "qMBdcJlDiWOfl15fflzyow==": { "id": "qMBdcJlDiWOfl15fflzyow==", "updater": "rhel-vex", "name": "CVE-2025-61144", "description": "A denial of service flaw has been found in libtiff. This stack-based buffer overflow occurs in tiffcrop (part of libtiff) within the function readSeparateStripsIntoBuffer. When processing a malformed TIFF directory (e.g., improper tags/order, missing StripByteCounts), the function overflows a stack-allocated array (srcbuffs) by accessing one element beyond its boundary in combineSeparateSamplesBytes. This leads to an AddressSanitizer-detected buffer over-read and crash.", "issued": "2026-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61144 https://bugzilla.redhat.com/show_bug.cgi?id=2441977 https://www.cve.org/CVERecord?id=CVE-2025-61144 https://nvd.nist.gov/vuln/detail/CVE-2025-61144 https://gist.github.com/optionGo/5ad17e96a0a40f03578dd6c9f8645952 https://gitlab.com/libtiff/libtiff/-/commit/09f53a86cf26dfd961925227e59e180db617f26d https://gitlab.com/libtiff/libtiff/-/commit/88cf9dbb48f6e172629795ecffae35d5052f68aa https://gitlab.com/libtiff/libtiff/-/issues/740 https://gitlab.com/libtiff/libtiff/-/merge_requests/757 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61144.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qMnTnRnGw88RiTP1PFxynA==": { "id": "qMnTnRnGw88RiTP1PFxynA==", "updater": "rhel-vex", "name": "CVE-2024-2398", "description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "issued": "2024-03-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-29.el9_4.1", "arch_op": "pattern match" }, "qNhEJopIC+OWvXbrkilAfQ==": { "id": "qNhEJopIC+OWvXbrkilAfQ==", "updater": "rhel-vex", "name": "CVE-2024-4741", "description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "issued": "2024-05-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "qNquCdlCIf/n2ozJDLW9Rw==": { "id": "qNquCdlCIf/n2ozJDLW9Rw==", "updater": "rhel-vex", "name": "CVE-2021-38593", "description": "A vulnerability was found in Qt, where an out-of-bounds write in the QOutlineMapper::convertPath function can lead to a denial of service, a remote attacker could exploit this flaw by sending a specially crafted request, causing the application to crash.", "issued": "2021-07-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-38593 https://bugzilla.redhat.com/show_bug.cgi?id=1994719 https://www.cve.org/CVERecord?id=CVE-2021-38593 https://nvd.nist.gov/vuln/detail/CVE-2021-38593 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-38593.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "qt5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qOdN56IOMUot4YWCQPjPvA==": { "id": "qOdN56IOMUot4YWCQPjPvA==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "qPGxfT+FyuMifHo1C/aY6w==": { "id": "qPGxfT+FyuMifHo1C/aY6w==", "updater": "rhel-vex", "name": "CVE-2025-32414", "description": "A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.", "issued": "2025-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32414 https://bugzilla.redhat.com/show_bug.cgi?id=2358121 https://www.cve.org/CVERecord?id=CVE-2025-32414 https://nvd.nist.gov/vuln/detail/CVE-2025-32414 https://gitlab.gnome.org/GNOME/libxml2/-/issues/889 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32414.json https://access.redhat.com/errata/RHSA-2025:13428", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-12.el9_6", "arch_op": "pattern match" }, "qQxzRYdLEwZ+uwtq33H+Uw==": { "id": "qQxzRYdLEwZ+uwtq33H+Uw==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "qRLrD7xZAOZ93NjJgcm1Qw==": { "id": "qRLrD7xZAOZ93NjJgcm1Qw==", "updater": "rhel-vex", "name": "CVE-2025-47906", "description": "A path handling flaw has been discovered in the os/exec go package. If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", "issued": "2025-09-18T18:41:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47906 https://bugzilla.redhat.com/show_bug.cgi?id=2396546 https://www.cve.org/CVERecord?id=CVE-2025-47906 https://nvd.nist.gov/vuln/detail/CVE-2025-47906 https://go.dev/cl/691775 https://go.dev/issue/74466 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://pkg.go.dev/vuln/GO-2025-3956 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47906.json https://access.redhat.com/errata/RHSA-2025:13935", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.6-1.el9_6", "arch_op": "pattern match" }, "qSRGSB2uV6n5bH1pdu2LUQ==": { "id": "qSRGSB2uV6n5bH1pdu2LUQ==", "updater": "rhel-vex", "name": "CVE-2026-4424", "description": "A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction.", "issued": "2026-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4424 https://bugzilla.redhat.com/show_bug.cgi?id=2449006 https://www.cve.org/CVERecord?id=CVE-2026-4424 https://nvd.nist.gov/vuln/detail/CVE-2026-4424 https://github.com/libarchive/libarchive/pull/2898 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4424.json https://access.redhat.com/errata/RHSA-2026:8510", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "High", "package": { "id": "", "name": "bsdtar", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-9.el9_7", "arch_op": "pattern match" }, "qTcNeh3tg/7OmxGhGG7cNQ==": { "id": "qTcNeh3tg/7OmxGhGG7cNQ==", "updater": "rhel-vex", "name": "CVE-2026-21637", "description": "A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when `pskCallback` or `ALPNCallback` are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths (tlsClientError and error), causing either immediate process termination or silent file descriptor leaks that eventually lead to denial of service. Because these callbacks process attacker-controlled input during the TLS handshake, a remote client can repeatedly trigger the issue. This vulnerability affects TLS servers using PSK or ALPN callbacks across Node.js versions where these callbacks throw without being safely wrapped.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21637 https://bugzilla.redhat.com/show_bug.cgi?id=2431340 https://www.cve.org/CVERecord?id=CVE-2026-21637 https://nvd.nist.gov/vuln/detail/CVE-2026-21637 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21637.json https://access.redhat.com/errata/RHSA-2026:2781", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.13.0-1.module+el9.7.0+23894+c8377628", "arch_op": "pattern match" }, "qV/TxipuOJ9b9a/x4IT2cw==": { "id": "qV/TxipuOJ9b9a/x4IT2cw==", "updater": "rhel-vex", "name": "CVE-2024-11168", "description": "A flaw was found in Python. The `urllib.parse.urlsplit()` and `urlparse()` functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture compliant. This behavior was not conformant to RFC 3986 and was potentially vulnerable to server-side request forgery (SSRF) if a URL is processed by more than one URL parser.", "issued": "2024-11-12T21:22:23Z", "links": "https://access.redhat.com/security/cve/CVE-2024-11168 https://bugzilla.redhat.com/show_bug.cgi?id=2325776 https://www.cve.org/CVERecord?id=CVE-2024-11168 https://nvd.nist.gov/vuln/detail/CVE-2024-11168 https://github.com/python/cpython/commit/29f348e232e82938ba2165843c448c2b291504c5 https://github.com/python/cpython/commit/b2171a2fd41416cf68afd67460578631d755a550 https://github.com/python/cpython/issues/103848 https://github.com/python/cpython/pull/103849 https://mail.python.org/archives/list/security-announce@python.org/thread/XPWB6XVZ5G5KGEI63M4AWLIEUF5BPH4T/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-11168.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "qWK7H7gz7e8gS19GJSeIIg==": { "id": "qWK7H7gz7e8gS19GJSeIIg==", "updater": "rhel-vex", "name": "CVE-2022-2889", "description": "A use-after-free vulnerability was found in Vim in the find_var_also_in_script function in the evalvars.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "issued": "2022-08-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2889 https://bugzilla.redhat.com/show_bug.cgi?id=2119864 https://www.cve.org/CVERecord?id=CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2889.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qXBiVfXy4luW+BbyG9z9BQ==": { "id": "qXBiVfXy4luW+BbyG9z9BQ==", "updater": "rhel-vex", "name": "CVE-2023-3576", "description": "A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service.", "issued": "2023-03-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3576 https://bugzilla.redhat.com/show_bug.cgi?id=2219340 https://www.cve.org/CVERecord?id=CVE-2023-3576 https://nvd.nist.gov/vuln/detail/CVE-2023-3576 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3576.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "qYLCfB1EzRWGloOr+Ke8RA==": { "id": "qYLCfB1EzRWGloOr+Ke8RA==", "updater": "rhel-vex", "name": "CVE-2023-23920", "description": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23920 https://bugzilla.redhat.com/show_bug.cgi?id=2172217 https://www.cve.org/CVERecord?id=CVE-2023-23920 https://nvd.nist.gov/vuln/detail/CVE-2023-23920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23920.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "qYORp6v9x0Jy6S8OKerZvw==": { "id": "qYORp6v9x0Jy6S8OKerZvw==", "updater": "rhel-vex", "name": "CVE-2023-4738", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "issued": "2023-09-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4738.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qZtkd3o/RK7ypjgH80sV7A==": { "id": "qZtkd3o/RK7ypjgH80sV7A==", "updater": "rhel-vex", "name": "CVE-2025-55132", "description": "A file access flaw has been discovered in NodeJS. A file's access and modification timestamps to be changed via `futimes()` even when the process has only read permissions. Unlike `utimes()`, `futimes()` does not apply the expected write-permission checks, which means file metadata can be modified in read-only directories. This behavior could be used to alter timestamps in ways that obscure activity, reducing the reliability of logs.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-55132 https://bugzilla.redhat.com/show_bug.cgi?id=2431338 https://www.cve.org/CVERecord?id=CVE-2025-55132 https://nvd.nist.gov/vuln/detail/CVE-2025-55132 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-55132.json https://access.redhat.com/errata/RHSA-2026:2783", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.2-1.20.20.0.1.module+el9.7.0+23895+0637d423", "arch_op": "pattern match" }, "qaC6F9Z9j5kAaiDeRwL7nA==": { "id": "qaC6F9Z9j5kAaiDeRwL7nA==", "updater": "rhel-vex", "name": "CVE-2025-4330", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows bypassing of extraction filters, enabling symlink traversal outside the intended extraction directory and potential modification of file metadata via malicious tar archives using TarFile.extractall() or TarFile.extract() with the filter=\"data\" or filter=\"tar\" parameters. This issue leads to potentially overwriting or modifying system files and metadata.", "issued": "2025-06-03T12:58:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4330 https://bugzilla.redhat.com/show_bug.cgi?id=2370014 https://www.cve.org/CVERecord?id=CVE-2025-4330 https://nvd.nist.gov/vuln/detail/CVE-2025-4330 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4330.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "qb5Q/H2wcR/YimCQn+AUYw==": { "id": "qb5Q/H2wcR/YimCQn+AUYw==", "updater": "rhel-vex", "name": "CVE-2022-39260", "description": "Git is an open source, scalable, distributed revision control system. `git shell` is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an `int` to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to `execv()`, it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to `git shell` as a login shell in order to be vulnerable to this attack. This problem is patched in versions 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 and users are advised to upgrade to the latest version. Disabling `git shell` access via remote logins is a viable short-term workaround.", "issued": "2022-10-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-39260 https://bugzilla.redhat.com/show_bug.cgi?id=2137423 https://www.cve.org/CVERecord?id=CVE-2022-39260 https://nvd.nist.gov/vuln/detail/CVE-2022-39260 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-39260.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "qbsbXExNvRlblIMDPNkFzA==": { "id": "qbsbXExNvRlblIMDPNkFzA==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "qcGz8bluItM475eimPK89w==": { "id": "qcGz8bluItM475eimPK89w==", "updater": "rhel-vex", "name": "CVE-2025-22874", "description": "A flaw was found in Go's crypto/x509 package. This vulnerability allows improper certificate validation, bypassing policy constraints via using ExtKeyUsageAny in VerifyOptions.KeyUsages.", "issued": "2025-06-11T16:42:52Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22874 https://bugzilla.redhat.com/show_bug.cgi?id=2372320 https://www.cve.org/CVERecord?id=CVE-2025-22874 https://nvd.nist.gov/vuln/detail/CVE-2025-22874 https://go.dev/cl/670375 https://go.dev/issue/73612 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://pkg.go.dev/vuln/GO-2025-3749 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22874.json https://access.redhat.com/errata/RHSA-2025:10676", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.4-1.el9_6", "arch_op": "pattern match" }, "qdWe9wwJNQD9uM1J1li1Vg==": { "id": "qdWe9wwJNQD9uM1J1li1Vg==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgomp", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "qdXDrJ7D0lw6kIY2dy+1KQ==": { "id": "qdXDrJ7D0lw6kIY2dy+1KQ==", "updater": "rhel-vex", "name": "CVE-2025-9900", "description": "A flaw was found in Libtiff. This vulnerability is a \"write-what-where\" condition, triggered when the library processes a specially crafted TIFF image file.\n\nBy providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.", "issued": "2025-09-22T14:29:35Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9900 https://bugzilla.redhat.com/show_bug.cgi?id=2392784 https://www.cve.org/CVERecord?id=CVE-2025-9900 https://nvd.nist.gov/vuln/detail/CVE-2025-9900 https://github.com/SexyShoelessGodofWar/LibTiff-4.7.0-Write-What-Where?tab=readme-ov-file https://gitlab.com/libtiff/libtiff/-/issues/704 https://gitlab.com/libtiff/libtiff/-/merge_requests/732 https://libtiff.gitlab.io/libtiff/releases/v4.7.1.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9900.json https://access.redhat.com/errata/RHSA-2025:20956", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-15.el9_7.2", "arch_op": "pattern match" }, "qhSIFNwi876BQWyJqx7TXw==": { "id": "qhSIFNwi876BQWyJqx7TXw==", "updater": "rhel-vex", "name": "CVE-2024-55549", "description": "A flaw was found in libxslt. This vulnerability allows an attacker to trigger a use-after-free issue by excluding result prefixes.", "issued": "2025-03-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-55549 https://bugzilla.redhat.com/show_bug.cgi?id=2352484 https://www.cve.org/CVERecord?id=CVE-2024-55549 https://nvd.nist.gov/vuln/detail/CVE-2024-55549 https://gitlab.gnome.org/GNOME/libxslt/-/issues/127 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-55549.json https://access.redhat.com/errata/RHSA-2025:4025", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxslt-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.1.34-9.el9_5.2", "arch_op": "pattern match" }, "qhl/5MtAFFjdvINFEhyFsg==": { "id": "qhl/5MtAFFjdvINFEhyFsg==", "updater": "rhel-vex", "name": "CVE-2023-29409", "description": "A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.", "issued": "2023-08-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29409 https://bugzilla.redhat.com/show_bug.cgi?id=2228743 https://www.cve.org/CVERecord?id=CVE-2023-29409 https://nvd.nist.gov/vuln/detail/CVE-2023-29409 https://go.dev/cl/515257 https://go.dev/issue/61460 https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ https://pkg.go.dev/vuln/GO-2023-1987 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29409.json https://access.redhat.com/errata/RHSA-2023:5738", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.13-1.el9_2", "arch_op": "pattern match" }, "qnfP2y61ycFKlR/SBnZ5sw==": { "id": "qnfP2y61ycFKlR/SBnZ5sw==", "updater": "rhel-vex", "name": "CVE-2023-2602", "description": "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "issued": "2023-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2602 https://bugzilla.redhat.com/show_bug.cgi?id=2209114 https://www.cve.org/CVERecord?id=CVE-2023-2602 https://nvd.nist.gov/vuln/detail/CVE-2023-2602 https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2602.json https://access.redhat.com/errata/RHSA-2023:5071", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libcap", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.48-9.el9_2", "arch_op": "pattern match" }, "qpRD6NPbAOP7sG5S6hInXg==": { "id": "qpRD6NPbAOP7sG5S6hInXg==", "updater": "rhel-vex", "name": "CVE-2024-0397", "description": "A vulnerability was found in Python. A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time that certificates are loaded into the SSLContext, such as during the TLS handshake with a configured certificate directory.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0397 https://bugzilla.redhat.com/show_bug.cgi?id=2301891 https://www.cve.org/CVERecord?id=CVE-2024-0397 https://nvd.nist.gov/vuln/detail/CVE-2024-0397 https://mail.python.org/archives/list/security-announce@python.org/thread/BMAK5BCGKYWNJOACVUSLUF6SFGBIM4VP/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0397.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "qr6Jra3xQBxvbIQJAqILNQ==": { "id": "qr6Jra3xQBxvbIQJAqILNQ==", "updater": "rhel-vex", "name": "CVE-2025-31498", "description": "A flaw was found in c-ares. This vulnerability allows a remote or local attacker to cause a use-after-free, potentially leading to application-level denial of service or other unexpected behavior via manipulation of DNS responses or network conditions during query processing.", "issued": "2025-04-08T13:53:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-31498 https://bugzilla.redhat.com/show_bug.cgi?id=2358271 https://www.cve.org/CVERecord?id=CVE-2025-31498 https://nvd.nist.gov/vuln/detail/CVE-2025-31498 https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1 https://github.com/c-ares/c-ares/pull/821 https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-31498.json https://access.redhat.com/errata/RHSA-2025:7433", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.15.0-1.module+el9.6.0+23062+9e7801b9", "arch_op": "pattern match" }, "qsn7RE1KMH045/wAyIDw7A==": { "id": "qsn7RE1KMH045/wAyIDw7A==", "updater": "rhel-vex", "name": "CVE-2025-53905", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:48:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53905 https://bugzilla.redhat.com/show_bug.cgi?id=2380362 https://www.cve.org/CVERecord?id=CVE-2025-53905 https://nvd.nist.gov/vuln/detail/CVE-2025-53905 https://github.com/vim/vim/commit/87757c6b0a4b2c1f71c72ea8e1438b8fb116b239 https://github.com/vim/vim/security/advisories/GHSA-74v4-f3x9-ppvr https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53905.json https://access.redhat.com/errata/RHSA-2025:17742", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-22.el9_6.1", "arch_op": "pattern match" }, "qtpMNZ+V4szO/Tox+eT3Cg==": { "id": "qtpMNZ+V4szO/Tox+eT3Cg==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "4:5.32.1-481.1.el9_6", "arch_op": "pattern match" }, "quMgsZt2z8hlQ+HzwzaVJQ==": { "id": "quMgsZt2z8hlQ+HzwzaVJQ==", "updater": "rhel-vex", "name": "CVE-2023-0800", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted16bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0800 https://bugzilla.redhat.com/show_bug.cgi?id=2170167 https://www.cve.org/CVERecord?id=CVE-2023-0800 https://nvd.nist.gov/vuln/detail/CVE-2023-0800 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0800.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "qug1advw8m4TjVAUPEUPiA==": { "id": "qug1advw8m4TjVAUPEUPiA==", "updater": "rhel-vex", "name": "CVE-2023-4751", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "issued": "2023-09-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4751.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "quiQlBj9HjhLTEeBMkOGxA==": { "id": "quiQlBj9HjhLTEeBMkOGxA==", "updater": "rhel-vex", "name": "CVE-2025-66293", "description": "An out of bounds read vulnerability has been discovered in libpng. This vulnerability is in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management.", "issued": "2025-12-03T20:33:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-66293 https://bugzilla.redhat.com/show_bug.cgi?id=2418711 https://www.cve.org/CVERecord?id=CVE-2025-66293 https://nvd.nist.gov/vuln/detail/CVE-2025-66293 https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1 https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a https://github.com/pnggroup/libpng/issues/764 https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-66293.json https://access.redhat.com/errata/RHSA-2026:0238", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libpng", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:1.6.37-12.el9_7.1", "arch_op": "pattern match" }, "quxt3+YB7vB2VUonbp8+2g==": { "id": "quxt3+YB7vB2VUonbp8+2g==", "updater": "rhel-vex", "name": "CVE-2025-61728", "description": "A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.", "issued": "2026-01-28T19:30:31Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61728 https://bugzilla.redhat.com/show_bug.cgi?id=2434431 https://www.cve.org/CVERecord?id=CVE-2025-61728 https://nvd.nist.gov/vuln/detail/CVE-2025-61728 https://go.dev/cl/736713 https://go.dev/issue/77102 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://pkg.go.dev/vuln/GO-2026-4342 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61728.json https://access.redhat.com/errata/RHSA-2026:2709", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.25.7-1.el9_7", "arch_op": "pattern match" }, "qvQ7cHiYiYJv4aTIPVusXA==": { "id": "qvQ7cHiYiYJv4aTIPVusXA==", "updater": "rhel-vex", "name": "CVE-2026-35386", "description": "A flaw was found in OpenSSH. This vulnerability allows a remote attacker to achieve arbitrary command execution by injecting shell metacharacters into a username provided on the command line. Exploitation requires an untrusted username and a non-default configuration of the '%' character in `ssh_config`.", "issued": "2026-04-02T16:44:27Z", "links": "https://access.redhat.com/security/cve/CVE-2026-35386 https://bugzilla.redhat.com/show_bug.cgi?id=2454506 https://www.cve.org/CVERecord?id=CVE-2026-35386 https://nvd.nist.gov/vuln/detail/CVE-2026-35386 https://marc.info/?l=openssh-unix-dev\u0026m=177513443901484\u0026w=2 https://www.openssh.org/releasenotes.html#10.3p1 https://www.openwall.com/lists/oss-security/2026/04/02/3 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-35386.json https://access.redhat.com/errata/RHSA-2026:13381", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-49.el9_7", "arch_op": "pattern match" }, "qwmfWZM521TTUrM59mggiQ==": { "id": "qwmfWZM521TTUrM59mggiQ==", "updater": "rhel-vex", "name": "CVE-2026-3497", "description": "A flaw was found in the OpenSSH GSSAPI (Generic Security Service Application Program Interface) delta patches, as included in various Linux distributions. A remote attacker could exploit this by sending an unexpected GSSAPI message type during the key exchange process. This occurs because the `sshpkt_disconnect()` function, when called on an error, does not properly terminate the process, leading to the continued execution of the program with uninitialized connection variables. Accessing these uninitialized variables can lead to undefined behavior, potentially resulting in information disclosure or a denial of service.", "issued": "2026-03-12T18:27:44Z", "links": "https://access.redhat.com/security/cve/CVE-2026-3497 https://bugzilla.redhat.com/show_bug.cgi?id=2447085 https://www.cve.org/CVERecord?id=CVE-2026-3497 https://nvd.nist.gov/vuln/detail/CVE-2026-3497 https://ubuntu.com/security/CVE-2026-3497 https://www.openwall.com/lists/oss-security/2026/03/12/3 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3497.json https://access.redhat.com/errata/RHSA-2026:6462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-48.el9_7", "arch_op": "pattern match" }, "r+NuuQcHZ5hOWGRHanlG0w==": { "id": "r+NuuQcHZ5hOWGRHanlG0w==", "updater": "rhel-vex", "name": "CVE-2022-4904", "description": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.", "issued": "2022-12-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4904 https://bugzilla.redhat.com/show_bug.cgi?id=2168631 https://www.cve.org/CVERecord?id=CVE-2022-4904 https://nvd.nist.gov/vuln/detail/CVE-2022-4904 https://github.com/c-ares/c-ares/issues/496 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4904.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.3-1.16.19.1.1.el9_2", "arch_op": "pattern match" }, "r0yngP+sUJvKraMLgaaWww==": { "id": "r0yngP+sUJvKraMLgaaWww==", "updater": "osv/go", "name": "GO-2023-1702", "description": "Infinite loop in parsing in go/scanner", "issued": "2023-04-05T21:05:07Z", "links": "https://go.dev/issue/59180 https://go.dev/cl/482078 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.8" }, "r105o04EqvvFDoXWzu0UAQ==": { "id": "r105o04EqvvFDoXWzu0UAQ==", "updater": "rhel-vex", "name": "CVE-2025-10158", "description": "An out of bounds read flaw has been discovered in rsync. A malicious client acting as the receiver of an rsync file transfer can trigger an OOB read via a negative array index. The rsync client requires at least read access to the remote rsync module to trigger the issue.", "issued": "2025-11-18T14:24:19Z", "links": "https://access.redhat.com/security/cve/CVE-2025-10158 https://bugzilla.redhat.com/show_bug.cgi?id=2415637 https://www.cve.org/CVERecord?id=CVE-2025-10158 https://nvd.nist.gov/vuln/detail/CVE-2025-10158 https://attackerkb.com/assessments/fbacb2a6-d1cd-4011-bb3a-f06b1c8306b1 https://github.com/RsyncProject/rsync/commit/797e17fc4a6f15e3b1756538a9f812b63942686f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-10158.json https://access.redhat.com/errata/RHSA-2026:6390", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "rsync", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.2.5-3.el9_7.2", "arch_op": "pattern match" }, "r3RLKNYtYvKarBqnnrlrew==": { "id": "r3RLKNYtYvKarBqnnrlrew==", "updater": "rhel-vex", "name": "CVE-2022-0529", "description": "A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash.", "issued": "2022-01-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-0529 https://bugzilla.redhat.com/show_bug.cgi?id=2051402 https://www.cve.org/CVERecord?id=CVE-2022-0529 https://nvd.nist.gov/vuln/detail/CVE-2022-0529 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0529.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "unzip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "r3htJBqpa1VO27wdQgcGyw==": { "id": "r3htJBqpa1VO27wdQgcGyw==", "updater": "rhel-vex", "name": "CVE-2024-34156", "description": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://www.cve.org/CVERecord?id=CVE-2024-34156 https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3106 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34156.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "r3kgi4w3ZfbkZqbg7eV+tg==": { "id": "r3kgi4w3ZfbkZqbg7eV+tg==", "updater": "rhel-vex", "name": "CVE-2025-66293", "description": "An out of bounds read vulnerability has been discovered in libpng. This vulnerability is in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management.", "issued": "2025-12-03T20:33:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-66293 https://bugzilla.redhat.com/show_bug.cgi?id=2418711 https://www.cve.org/CVERecord?id=CVE-2025-66293 https://nvd.nist.gov/vuln/detail/CVE-2025-66293 https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1 https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a https://github.com/pnggroup/libpng/issues/764 https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-66293.json https://access.redhat.com/errata/RHSA-2026:0238", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libpng", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:1.6.37-12.el9_7.1", "arch_op": "pattern match" }, "r410Z5X0yojDsVg9YVcNqQ==": { "id": "r410Z5X0yojDsVg9YVcNqQ==", "updater": "rhel-vex", "name": "CVE-2022-2182", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "issued": "2022-06-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2182.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "r4Fu2fNYrl5cfm4zX5YpZQ==": { "id": "r4Fu2fNYrl5cfm4zX5YpZQ==", "updater": "rhel-vex", "name": "CVE-2025-69648", "description": "A flaw was found in binutils. Processing a specially crafted ELF binary file containing malformed DWARF .debug_rnglists data with the readelf program can trigger an infinite loop and result in a denial of service.", "issued": "2026-03-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69648 https://bugzilla.redhat.com/show_bug.cgi?id=2445774 https://www.cve.org/CVERecord?id=CVE-2025-69648 https://nvd.nist.gov/vuln/detail/CVE-2025-69648 https://sourceware.org/bugzilla/show_bug.cgi?id=33641 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=598704a00cbac5e85c2bedd363357b5bf6fcee33 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69648.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "r8kk8OjPGZXkalD/ogI9TQ==": { "id": "r8kk8OjPGZXkalD/ogI9TQ==", "updater": "rhel-vex", "name": "CVE-2023-24532", "description": "A flaw was found in the crypto/internal/nistec golang library. The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars, such as a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh.", "issued": "2023-03-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24532 https://bugzilla.redhat.com/show_bug.cgi?id=2223355 https://www.cve.org/CVERecord?id=CVE-2023-24532 https://nvd.nist.gov/vuln/detail/CVE-2023-24532 https://go.dev/cl/471255 https://go.dev/issue/58647 https://groups.google.com/g/golang-announce/c/3-TpUx48iQY https://pkg.go.dev/vuln/GO-2023-1621 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24532.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "r9W84DjqWVoSeRkzoMmOdA==": { "id": "r9W84DjqWVoSeRkzoMmOdA==", "updater": "rhel-vex", "name": "CVE-2023-39333", "description": "Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39333 https://bugzilla.redhat.com/show_bug.cgi?id=2244418 https://www.cve.org/CVERecord?id=CVE-2023-39333 https://nvd.nist.gov/vuln/detail/CVE-2023-39333 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39333.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "r9qwoudvbxrKUZqCmUc7NA==": { "id": "r9qwoudvbxrKUZqCmUc7NA==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1446", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.6-1.module+el9.5.0+22773+9a359385", "arch_op": "pattern match" }, "rBDj6tuhee896qgiVA2peA==": { "id": "rBDj6tuhee896qgiVA2peA==", "updater": "rhel-vex", "name": "CVE-2023-6237", "description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "issued": "2024-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "rDRtTk3Xuv5MlaUi1WKGpA==": { "id": "rDRtTk3Xuv5MlaUi1WKGpA==", "updater": "rhel-vex", "name": "CVE-2026-25679", "description": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.", "issued": "2026-03-06T21:28:14Z", "links": "https://access.redhat.com/security/cve/CVE-2026-25679 https://bugzilla.redhat.com/show_bug.cgi?id=2445356 https://www.cve.org/CVERecord?id=CVE-2026-25679 https://nvd.nist.gov/vuln/detail/CVE-2026-25679 https://go.dev/cl/752180 https://go.dev/issue/77578 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://pkg.go.dev/vuln/GO-2026-4601 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25679.json https://access.redhat.com/errata/RHSA-2026:5942", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.25.8-1.el9_7", "arch_op": "pattern match" }, "rDeZ9YqARbQ/8OcOA5Tn4g==": { "id": "rDeZ9YqARbQ/8OcOA5Tn4g==", "updater": "rhel-vex", "name": "CVE-2023-0465", "description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "rDx7RcnC1Ce961LxuRo53Q==": { "id": "rDx7RcnC1Ce961LxuRo53Q==", "updater": "rhel-vex", "name": "CVE-2023-29404", "description": "A flaw was found in golang. The go command may execute arbitrary code at build time when using cgo. This can occur when running \"go get\" on a malicious module, or when running any other command which builds untrusted code. This can be triggered by linker flags, specified via a \"#cgo LDFLAGS\" directive. The arguments for a number of flags which are non-optional are incorrectly considered optional, allowing disallowed flags to be smuggled through the LDFLAGS sanitization. This affects usage of both the gc and gccgo compilers.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29404 https://bugzilla.redhat.com/show_bug.cgi?id=2217565 https://www.cve.org/CVERecord?id=CVE-2023-29404 https://nvd.nist.gov/vuln/detail/CVE-2023-29404 https://go.dev/cl/501225 https://go.dev/issue/60305 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1841 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29404.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "rENFCyvqecBUcAR85/9PBQ==": { "id": "rENFCyvqecBUcAR85/9PBQ==", "updater": "rhel-vex", "name": "CVE-2025-59465", "description": "A denial of service flaw has been discovered in NodeJS. A malformed `HTTP/2 HEADERS` frame with oversized, invalid `HPACK` data can cause Node.js to crash by triggering an unhandled `TLSSocket` error `ECONNRESET`. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not attach explicit error handlers to secure sockets", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-59465 https://bugzilla.redhat.com/show_bug.cgi?id=2431349 https://www.cve.org/CVERecord?id=CVE-2025-59465 https://nvd.nist.gov/vuln/detail/CVE-2025-59465 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-59465.json https://access.redhat.com/errata/RHSA-2026:2783", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.2-1.20.20.0.1.module+el9.7.0+23895+0637d423", "arch_op": "pattern match" }, "rFWIZJAOzhCWoZKNelyFsQ==": { "id": "rFWIZJAOzhCWoZKNelyFsQ==", "updater": "rhel-vex", "name": "CVE-2023-23916", "description": "A flaw was found in the Curl package. A malicious server can insert an unlimited number of compression steps. This decompression chain could result in out-of-memory errors.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23916 https://bugzilla.redhat.com/show_bug.cgi?id=2167815 https://www.cve.org/CVERecord?id=CVE-2023-23916 https://nvd.nist.gov/vuln/detail/CVE-2023-23916 https://curl.se/docs/CVE-2023-23916.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23916.json https://access.redhat.com/errata/RHSA-2023:1701", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-19.el9_1.2", "arch_op": "pattern match" }, "rG5ADP3EQcz3Qvp36Lywxw==": { "id": "rG5ADP3EQcz3Qvp36Lywxw==", "updater": "rhel-vex", "name": "CVE-2026-24515", "description": "In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.", "issued": "2026-01-23T07:46:36Z", "links": "https://access.redhat.com/security/cve/CVE-2026-24515 https://bugzilla.redhat.com/show_bug.cgi?id=2432312 https://www.cve.org/CVERecord?id=CVE-2026-24515 https://nvd.nist.gov/vuln/detail/CVE-2026-24515 https://github.com/libexpat/libexpat/pull/1131 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-24515.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "rIk/NHa428tmc6oDgqypQw==": { "id": "rIk/NHa428tmc6oDgqypQw==", "updater": "rhel-vex", "name": "CVE-2022-48554", "description": "A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash.", "issued": "2022-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-48554 https://bugzilla.redhat.com/show_bug.cgi?id=2235714 https://www.cve.org/CVERecord?id=CVE-2022-48554 https://nvd.nist.gov/vuln/detail/CVE-2022-48554 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-48554.json https://access.redhat.com/errata/RHSA-2024:2512", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "file", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:5.39-16.el9", "arch_op": "pattern match" }, "rJHkC74NrobNudSijB/y4A==": { "id": "rJHkC74NrobNudSijB/y4A==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "rJljaCTiTdw1uI1lvfy+hw==": { "id": "rJljaCTiTdw1uI1lvfy+hw==", "updater": "rhel-vex", "name": "CVE-2023-1170", "description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "issued": "2023-03-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1170.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "rKpZxH2tXrNLthuse32FWg==": { "id": "rKpZxH2tXrNLthuse32FWg==", "updater": "rhel-vex", "name": "CVE-2023-25193", "description": "A vulnerability was found HarfBuzz. This flaw allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "issued": "2023-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25193 https://bugzilla.redhat.com/show_bug.cgi?id=2167254 https://www.cve.org/CVERecord?id=CVE-2023-25193 https://nvd.nist.gov/vuln/detail/CVE-2023-25193 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25193.json https://access.redhat.com/errata/RHSA-2024:2410", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "harfbuzz-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.7.4-10.el9", "arch_op": "pattern match" }, "rO5a9fYyaqaIZ4bH0M8fdA==": { "id": "rO5a9fYyaqaIZ4bH0M8fdA==", "updater": "rhel-vex", "name": "CVE-2022-2862", "description": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.", "issued": "2022-08-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2862 https://bugzilla.redhat.com/show_bug.cgi?id=2122139 https://www.cve.org/CVERecord?id=CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2862.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "rPECjFpzDOL0Nn2WUSH6yg==": { "id": "rPECjFpzDOL0Nn2WUSH6yg==", "updater": "rhel-vex", "name": "CVE-2026-32288", "description": "A flaw was found in Go's `archive/tar` package. A remote attacker could exploit this vulnerability by providing a maliciously-crafted archive file. When the `tar.Reader` processes an archive containing a large number of sparse regions in the \"old GNU sparse map\" format, it can lead to unbounded memory allocation. This can result in a Denial of Service (DoS) condition, making the affected application unresponsive.", "issued": "2026-04-08T01:06:57Z", "links": "https://access.redhat.com/security/cve/CVE-2026-32288 https://bugzilla.redhat.com/show_bug.cgi?id=2456332 https://www.cve.org/CVERecord?id=CVE-2026-32288 https://nvd.nist.gov/vuln/detail/CVE-2026-32288 https://go.dev/cl/763766 https://go.dev/issue/78301 https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU https://pkg.go.dev/vuln/GO-2026-4869 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32288.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "rPWZNH+en7vYfObneQGeUA==": { "id": "rPWZNH+en7vYfObneQGeUA==", "updater": "osv/go", "name": "GO-2025-4006", "description": "Excessive CPU consumption in ParseAddress in net/mail", "issued": "2025-10-29T21:48:35Z", "links": "https://go.dev/cl/709860 https://go.dev/issue/75680 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.8" }, "rPXe6sMC/46EZbom2R58Iw==": { "id": "rPXe6sMC/46EZbom2R58Iw==", "updater": "rhel-vex", "name": "CVE-2023-45285", "description": "A flaw was found in the Golang package cmd/go. This issue permits the fallback to insecure \"git://\" if trying to fetch a .git module that has no \"https://\" or \"git+ssh://\" available.", "issued": "2023-12-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45285 https://bugzilla.redhat.com/show_bug.cgi?id=2253323 https://www.cve.org/CVERecord?id=CVE-2023-45285 https://nvd.nist.gov/vuln/detail/CVE-2023-45285 https://pkg.go.dev/vuln/GO-2023-2383 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45285.json https://access.redhat.com/errata/RHSA-2024:1131", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-1.el9_3", "arch_op": "pattern match" }, "rR226S9SV4WbmIVotM0CsQ==": { "id": "rR226S9SV4WbmIVotM0CsQ==", "updater": "rhel-vex", "name": "CVE-2023-46246", "description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.", "issued": "2023-10-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46246.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "rRcUnpfkGlXrbtunwHjYyg==": { "id": "rRcUnpfkGlXrbtunwHjYyg==", "updater": "rhel-vex", "name": "CVE-2026-1528", "description": "A flaw was found in undici. A remote attacker could exploit this vulnerability by sending a specially crafted WebSocket frame with an extremely large 64-bit length. This causes undici's ByteParser to overflow its internal calculations, leading to an invalid state and a fatal TypeError. The primary consequence is a Denial of Service (DoS), which terminates the process.", "issued": "2026-03-12T20:21:57Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1528 https://bugzilla.redhat.com/show_bug.cgi?id=2447145 https://www.cve.org/CVERecord?id=CVE-2026-1528 https://nvd.nist.gov/vuln/detail/CVE-2026-1528 https://cna.openjsf.org/security-advisories.html https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj https://hackerone.com/reports/3537648 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1528.json https://access.redhat.com/errata/RHSA-2026:7302", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.22.2-1.module+el9.7.0+24157+8ddb2461", "arch_op": "pattern match" }, "rRfIMqTlNWlpWE9Bi6NGYw==": { "id": "rRfIMqTlNWlpWE9Bi6NGYw==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "rTV9bjfy2M3+eJBkP+611w==": { "id": "rTV9bjfy2M3+eJBkP+611w==", "updater": "rhel-vex", "name": "CVE-2023-32559", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding() can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding('spawn_sync') to run arbitrary code outside of the limits defined in a policy.json file.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32559 https://bugzilla.redhat.com/show_bug.cgi?id=2230956 https://www.cve.org/CVERecord?id=CVE-2023-32559 https://nvd.nist.gov/vuln/detail/CVE-2023-32559 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-processbinding-mediumcve-2023-32559 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32559.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "rUdPv86F0f314ayFTA1g0w==": { "id": "rUdPv86F0f314ayFTA1g0w==", "updater": "rhel-vex", "name": "CVE-2025-6395", "description": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", "issued": "2025-07-10T07:56:53Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6395 https://bugzilla.redhat.com/show_bug.cgi?id=2376755 https://www.cve.org/CVERecord?id=CVE-2025-6395 https://nvd.nist.gov/vuln/detail/CVE-2025-6395 https://gitlab.com/gnutls/gnutls/-/issues/1718 https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6395.json https://access.redhat.com/errata/RHSA-2025:16116", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-6.el9_6.2", "arch_op": "pattern match" }, "rV97UXmAqepOnnvJur9ybQ==": { "id": "rV97UXmAqepOnnvJur9ybQ==", "updater": "rhel-vex", "name": "CVE-2026-21637", "description": "A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when `pskCallback` or `ALPNCallback` are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths (tlsClientError and error), causing either immediate process termination or silent file descriptor leaks that eventually lead to denial of service. Because these callbacks process attacker-controlled input during the TLS handshake, a remote client can repeatedly trigger the issue. This vulnerability affects TLS servers using PSK or ALPN callbacks across Node.js versions where these callbacks throw without being safely wrapped.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21637 https://bugzilla.redhat.com/show_bug.cgi?id=2431340 https://www.cve.org/CVERecord?id=CVE-2026-21637 https://nvd.nist.gov/vuln/detail/CVE-2026-21637 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21637.json https://access.redhat.com/errata/RHSA-2026:2783", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.20.0-1.module+el9.7.0+23895+0637d423", "arch_op": "pattern match" }, "rWYn/Km2lN55sVL7Ui4zmQ==": { "id": "rWYn/Km2lN55sVL7Ui4zmQ==", "updater": "rhel-vex", "name": "CVE-2023-23920", "description": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23920 https://bugzilla.redhat.com/show_bug.cgi?id=2172217 https://www.cve.org/CVERecord?id=CVE-2023-23920 https://nvd.nist.gov/vuln/detail/CVE-2023-23920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23920.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.3-1.16.19.1.1.el9_2", "arch_op": "pattern match" }, "rXJvA1HAsx+E4rVQeqU3qQ==": { "id": "rXJvA1HAsx+E4rVQeqU3qQ==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1446", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385", "arch_op": "pattern match" }, "rY2PGGazDLFtrrL5h0HYLQ==": { "id": "rY2PGGazDLFtrrL5h0HYLQ==", "updater": "rhel-vex", "name": "CVE-2025-49796", "description": "A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.", "issued": "2025-06-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-49796 https://bugzilla.redhat.com/show_bug.cgi?id=2372385 https://www.cve.org/CVERecord?id=CVE-2025-49796 https://nvd.nist.gov/vuln/detail/CVE-2025-49796 https://gitlab.gnome.org/GNOME/libxml2/-/issues/933 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-49796.json https://access.redhat.com/errata/RHSA-2025:10699", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-10.el9_6", "arch_op": "pattern match" }, "ra+5M5K0yyS4TNorJBFVYw==": { "id": "ra+5M5K0yyS4TNorJBFVYw==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "rcUIg6JYVsZx379+fVhSVg==": { "id": "rcUIg6JYVsZx379+fVhSVg==", "updater": "rhel-vex", "name": "CVE-2023-38408", "description": "A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an attacker with control of the forwarded agent-socket on the server and the ability to write to the filesystem of the client host to execute arbitrary code with the privileges of the user running the ssh-agent.", "issued": "2023-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38408 https://bugzilla.redhat.com/show_bug.cgi?id=2224173 https://www.cve.org/CVERecord?id=CVE-2023-38408 https://nvd.nist.gov/vuln/detail/CVE-2023-38408 https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38408.json https://access.redhat.com/errata/RHSA-2023:4412", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-30.el9_2", "arch_op": "pattern match" }, "rct+rak3m0uMzU51NldQpg==": { "id": "rct+rak3m0uMzU51NldQpg==", "updater": "rhel-vex", "name": "CVE-2023-30581", "description": "A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require() can bypass the policy mechanism and require modules outside of the policy.json definition.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30581 https://bugzilla.redhat.com/show_bug.cgi?id=2219824 https://www.cve.org/CVERecord?id=CVE-2023-30581 https://nvd.nist.gov/vuln/detail/CVE-2023-30581 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30581.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.1-1.18.16.1.1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "rd7C8AD7IYUHYPSfAYtKrQ==": { "id": "rd7C8AD7IYUHYPSfAYtKrQ==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-if", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:0.60.800-481.el9", "arch_op": "pattern match" }, "rkpLgzhV90FRHYY3ESWHfw==": { "id": "rkpLgzhV90FRHYY3ESWHfw==", "updater": "rhel-vex", "name": "CVE-2021-35065", "description": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "issued": "2022-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35065 https://bugzilla.redhat.com/show_bug.cgi?id=2156324 https://www.cve.org/CVERecord?id=CVE-2021-35065 https://nvd.nist.gov/vuln/detail/CVE-2021-35065 https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35065.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "rm3fF4UjNztR1JpYwTPaVg==": { "id": "rm3fF4UjNztR1JpYwTPaVg==", "updater": "rhel-vex", "name": "CVE-2023-0796", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractContigSamplesShifted24bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0796 https://bugzilla.redhat.com/show_bug.cgi?id=2170146 https://www.cve.org/CVERecord?id=CVE-2023-0796 https://nvd.nist.gov/vuln/detail/CVE-2023-0796 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0796.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "rmKqD8ZR5vrHqnZkFulqdg==": { "id": "rmKqD8ZR5vrHqnZkFulqdg==", "updater": "rhel-vex", "name": "CVE-2025-64118", "description": "A flaw was found in node-tar, a Tar utility for Node.js. This vulnerability allows a local attacker to potentially disclose sensitive information. When the .t (or .list) function is used with { sync: true } to read tar entry contents, and the tar file is concurrently modified on disk to a smaller size, the function may return uninitialized memory contents. This could lead to the exposure of arbitrary data.", "issued": "2025-10-30T17:50:20Z", "links": "https://access.redhat.com/security/cve/CVE-2025-64118 https://bugzilla.redhat.com/show_bug.cgi?id=2407440 https://www.cve.org/CVERecord?id=CVE-2025-64118 https://nvd.nist.gov/vuln/detail/CVE-2025-64118 https://github.com/isaacs/node-tar/commit/5330eb04bc43014f216e5c271b40d5c00d45224d https://github.com/isaacs/node-tar/issues/445 https://github.com/isaacs/node-tar/pull/446 https://github.com/isaacs/node-tar/security/advisories/GHSA-29xp-372q-xqph https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-64118.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "roGA0nQUzXWg+M1vb3jr3g==": { "id": "roGA0nQUzXWg+M1vb3jr3g==", "updater": "rhel-vex", "name": "CVE-2023-31147", "description": "A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom() are unavailable, c-ares will use rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand(), so it will generate predictable output.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31147 https://bugzilla.redhat.com/show_bug.cgi?id=2209501 https://www.cve.org/CVERecord?id=CVE-2023-31147 https://nvd.nist.gov/vuln/detail/CVE-2023-31147 https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31147.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "rpqh6K+YqMAxf172QUbycQ==": { "id": "rpqh6K+YqMAxf172QUbycQ==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "rpwsfSDtxz8KgCjcE5LUgg==": { "id": "rpwsfSDtxz8KgCjcE5LUgg==", "updater": "rhel-vex", "name": "CVE-2023-29405", "description": "A flaw was found in golang. The go command may execute arbitrary code at build time when using cgo. This can occur when running \"go get\" on a malicious module, or when running any other command which builds untrusted code. This can be triggered by linker flags, specified via a \"#cgo LDFLAGS\" directive. Flags containing embedded spaces are mishandled, allowing disallowed flags to be smuggled through the LDFLAGS sanitization by including them in the argument of another flag. This only affects usage of the gccgo compiler.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29405 https://bugzilla.redhat.com/show_bug.cgi?id=2217569 https://www.cve.org/CVERecord?id=CVE-2023-29405 https://nvd.nist.gov/vuln/detail/CVE-2023-29405 https://go.dev/cl/501224 https://go.dev/issue/60306 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1842 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29405.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "rpzV0o5XSSiqAfiLvn+7sw==": { "id": "rpzV0o5XSSiqAfiLvn+7sw==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Errno", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.30-481.1.el9_6", "arch_op": "pattern match" }, "rr46XqayJxVyzdN89JIktA==": { "id": "rr46XqayJxVyzdN89JIktA==", "updater": "rhel-vex", "name": "CVE-2026-21717", "description": "A flaw was found in V8's string hashing mechanism within Node.js. A remote attacker can exploit this vulnerability by crafting requests containing integer-like strings. These specially crafted strings cause predictable hash collisions in V8's internal string table, particularly when processed by functions like JSON.parse() on attacker-controlled input. This can significantly degrade the performance of the Node.js process, leading to a Denial of Service (DoS) condition.", "issued": "2026-03-30T19:07:28Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21717 https://bugzilla.redhat.com/show_bug.cgi?id=2453162 https://www.cve.org/CVERecord?id=CVE-2026-21717 https://nvd.nist.gov/vuln/detail/CVE-2026-21717 https://nodejs.org/en/blog/vulnerability/march-2026-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21717.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "rtmfAClgZr+pMIYCffofpQ==": { "id": "rtmfAClgZr+pMIYCffofpQ==", "updater": "rhel-vex", "name": "CVE-2022-4285", "description": "An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.", "issued": "2022-10-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4285 https://bugzilla.redhat.com/show_bug.cgi?id=2150768 https://www.cve.org/CVERecord?id=CVE-2022-4285 https://nvd.nist.gov/vuln/detail/CVE-2022-4285 https://sourceware.org/bugzilla/show_bug.cgi?id=29699 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4285.json https://access.redhat.com/errata/RHSA-2023:6593", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils-gold", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.35.2-42.el9", "arch_op": "pattern match" }, "ruEPtR2s2d2PTSaLwtf04g==": { "id": "ruEPtR2s2d2PTSaLwtf04g==", "updater": "rhel-vex", "name": "CVE-2025-55131", "description": "A memory exposure flaw has been discovered in Node.js. A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the `vm` module with the timeout option. Under specific timing conditions, buffers allocated with `Buffer.alloc` and other `TypedArray` instances like `Uint8Array` may contain leftover data from previous operations, allowing in-process secrets like tokens or passwords to leak or causing data corruption.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-55131 https://bugzilla.redhat.com/show_bug.cgi?id=2431350 https://www.cve.org/CVERecord?id=CVE-2025-55131 https://nvd.nist.gov/vuln/detail/CVE-2025-55131 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-55131.json https://access.redhat.com/errata/RHSA-2026:2782", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.22.0-1.module+el9.7.0+23896+b5802de9", "arch_op": "pattern match" }, "ruok+KtL5TC6jhvqLAZEzw==": { "id": "ruok+KtL5TC6jhvqLAZEzw==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "rwC2lB0lflNzttbo5Agt3g==": { "id": "rwC2lB0lflNzttbo5Agt3g==", "updater": "rhel-vex", "name": "CVE-2026-6845", "description": "A flaw was found in binutils, specifically within the `readelf` utility. This vulnerability allows a local attacker to cause a Denial of Service (DoS) by tricking a user into processing a specially crafted Executable and Linkable Format (ELF) file. The exploitation of this flaw can lead to the system becoming unresponsive due to excessive resource consumption or a program crash.", "issued": "2026-04-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-6845 https://bugzilla.redhat.com/show_bug.cgi?id=2460012 https://www.cve.org/CVERecord?id=CVE-2026-6845 https://nvd.nist.gov/vuln/detail/CVE-2026-6845 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6845.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "rwX0WRiXvDcxdTv5pslgxw==": { "id": "rwX0WRiXvDcxdTv5pslgxw==", "updater": "rhel-vex", "name": "CVE-2025-58183", "description": "A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.", "issued": "2025-10-29T22:10:14Z", "links": "https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://www.cve.org/CVERecord?id=CVE-2025-58183 https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4014 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-58183.json https://access.redhat.com/errata/RHSA-2025:21815", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.25.3-1.el9_7", "arch_op": "pattern match" }, "ryPu/punYtMOzifbFWj3Xg==": { "id": "ryPu/punYtMOzifbFWj3Xg==", "updater": "rhel-vex", "name": "CVE-2023-1999", "description": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nA double-free in libwebp could have led to memory corruption and a potentially exploitable crash.", "issued": "2023-04-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1999 https://bugzilla.redhat.com/show_bug.cgi?id=2186102 https://www.cve.org/CVERecord?id=CVE-2023-1999 https://nvd.nist.gov/vuln/detail/CVE-2023-1999 https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-1999 https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-1999 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1999.json https://access.redhat.com/errata/RHSA-2023:2078", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libwebp", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.2.0-6.el9_1", "arch_op": "pattern match" }, "ryv0HUHLJe8DIxGNl9VAgQ==": { "id": "ryv0HUHLJe8DIxGNl9VAgQ==", "updater": "rhel-vex", "name": "CVE-2025-27363", "description": "A flaw was found in FreeType. In affected versions, an out-of-bounds write condition may be triggered when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value, causing it to wrap around and allocate a heap buffer that is too small. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This issue could result in arbitrary code execution or other undefined behavior.", "issued": "2025-03-11T13:28:31Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27363 https://bugzilla.redhat.com/show_bug.cgi?id=2351357 https://www.cve.org/CVERecord?id=CVE-2025-27363 https://nvd.nist.gov/vuln/detail/CVE-2025-27363 https://www.facebook.com/security/advisories/cve-2025-27363 https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27363.json https://access.redhat.com/errata/RHSA-2025:3407", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "freetype-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.10.4-10.el9_5", "arch_op": "pattern match" }, "rz/CPeG1fPitayrSa0BFxQ==": { "id": "rz/CPeG1fPitayrSa0BFxQ==", "updater": "rhel-vex", "name": "CVE-2025-9086", "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", "issued": "2025-09-12T05:10:03Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9086 https://bugzilla.redhat.com/show_bug.cgi?id=2394750 https://www.cve.org/CVERecord?id=CVE-2025-9086 https://nvd.nist.gov/vuln/detail/CVE-2025-9086 https://curl.se/docs/CVE-2025-9086.html https://curl.se/docs/CVE-2025-9086.json https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6 https://hackerone.com/reports/3294999 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9086.json https://access.redhat.com/errata/RHSA-2026:1350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-35.el9_7.3", "arch_op": "pattern match" }, "s+/PgMrbczH4dntN+Uku4A==": { "id": "s+/PgMrbczH4dntN+Uku4A==", "updater": "osv/go", "name": "GO-2023-1705", "description": "Excessive resource consumption in net/http, net/textproto and mime/multipart", "issued": "2023-04-05T21:04:39Z", "links": "https://go.dev/issue/59153 https://go.dev/cl/482076 https://go.dev/cl/482075 https://go.dev/cl/482077 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.8" }, "s/wLIAA4VDi9HrbyrnYgbg==": { "id": "s/wLIAA4VDi9HrbyrnYgbg==", "updater": "rhel-vex", "name": "CVE-2024-32465", "description": "A flaw was found in Git in a full copy of a Git repository. A prerequisite for this vulnerability is for an unauthenticated attacker to place a specialized repository on their target's local system. If the victim were to clone this repository, it could result in arbitrary code execution.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32465 https://bugzilla.redhat.com/show_bug.cgi?id=2280446 https://www.cve.org/CVERecord?id=CVE-2024-32465 https://nvd.nist.gov/vuln/detail/CVE-2024-32465 https://github.com/git/git/security/advisories/GHSA-vm9j-46j9-qvq4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32465.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "s0BW8R7FNYnFn+nWkJnUqQ==": { "id": "s0BW8R7FNYnFn+nWkJnUqQ==", "updater": "rhel-vex", "name": "CVE-2022-3358", "description": "A flaw was found in OpenSSL, where it incorrectly handles legacy custom ciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions (as well as other similarly named encryption and decryption initialization functions). Instead of using the custom cipher directly, it incorrectly tries to fetch an equivalent cipher from the available providers. An equivalent cipher is found based on the NID passed to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a given cipher. However, it is possible for an application to incorrectly pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef is used this way, the OpenSSL encryption/decryption initialization function will match the NULL cipher as equivalent and fetch this from the available providers. This is successful if the default provider has been loaded (or if a third-party provider has been loaded that offers this cipher). Using the NULL cipher means that the plaintext is emitted as the ciphertext.", "issued": "2022-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3358 https://bugzilla.redhat.com/show_bug.cgi?id=2134740 https://www.cve.org/CVERecord?id=CVE-2022-3358 https://nvd.nist.gov/vuln/detail/CVE-2022-3358 https://www.openssl.org/news/secadv/20221011.txt https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3358.json https://access.redhat.com/errata/RHSA-2023:2523", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-6.el9_2", "arch_op": "pattern match" }, "s0PUMgVnEtuqOkBdJNAqUA==": { "id": "s0PUMgVnEtuqOkBdJNAqUA==", "updater": "rhel-vex", "name": "CVE-2023-3899", "description": "A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.", "issued": "2023-08-22T14:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3899 https://bugzilla.redhat.com/show_bug.cgi?id=2225407 https://www.cve.org/CVERecord?id=CVE-2023-3899 https://nvd.nist.gov/vuln/detail/CVE-2023-3899 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3899.json https://access.redhat.com/errata/RHSA-2023:4708", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "python3-subscription-manager-rhsm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.29.33.1-2.el9_2", "arch_op": "pattern match" }, "s1XSou7D1y9Q5LYLnrc6kw==": { "id": "s1XSou7D1y9Q5LYLnrc6kw==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:11802", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.9.2-1.22.16.0.2.module+el9.6.0+23339+d3c8acfa", "arch_op": "pattern match" }, "s20Tn7zOYHvK/n/K8/hWrA==": { "id": "s20Tn7zOYHvK/n/K8/hWrA==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5838", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libnghttp2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.43.0-5.el9_2.1", "arch_op": "pattern match" }, "s2LBjGccKZbn8OaPObByXw==": { "id": "s2LBjGccKZbn8OaPObByXw==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:11992", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-8.el9_6", "arch_op": "pattern match" }, "s2uSNGuV+OyVW2eHDGWWKw==": { "id": "s2uSNGuV+OyVW2eHDGWWKw==", "updater": "rhel-vex", "name": "CVE-2025-29768", "description": "A flaw was found in Vim's zip.vim plugin. This vulnerability allows potential data loss via specially crafted zip files when a user views the archive in Vim and presses 'x' on an unusual filename.", "issued": "2025-03-13T17:04:56Z", "links": "https://access.redhat.com/security/cve/CVE-2025-29768 https://bugzilla.redhat.com/show_bug.cgi?id=2352418 https://www.cve.org/CVERecord?id=CVE-2025-29768 https://nvd.nist.gov/vuln/detail/CVE-2025-29768 https://github.com/vim/vim/commit/f209dcd3defb95bae21b2740910e6aa7bb940531 https://github.com/vim/vim/security/advisories/GHSA-693p-m996-3rmf https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-29768.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "s4mktw9S/tOEdbFRu8ZxjA==": { "id": "s4mktw9S/tOEdbFRu8ZxjA==", "updater": "rhel-vex", "name": "CVE-2024-0553", "description": "A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.", "issued": "2024-01-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0553 https://bugzilla.redhat.com/show_bug.cgi?id=2258412 https://www.cve.org/CVERecord?id=CVE-2024-0553 https://nvd.nist.gov/vuln/detail/CVE-2024-0553 https://gitlab.com/gnutls/gnutls/-/issues/1522 https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0553.json https://access.redhat.com/errata/RHSA-2024:0533", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-23.el9_3.3", "arch_op": "pattern match" }, "s6kt2DqKLHgzYSGciPtGtQ==": { "id": "s6kt2DqKLHgzYSGciPtGtQ==", "updater": "rhel-vex", "name": "CVE-2021-4166", "description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "issued": "2021-12-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-4166.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "s6zRbI6E6xMFwOoLRjlPfw==": { "id": "s6zRbI6E6xMFwOoLRjlPfw==", "updater": "rhel-vex", "name": "CVE-2024-26462", "description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "issued": "2024-02-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-26462.json https://access.redhat.com/errata/RHSA-2024:9331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-3.el9", "arch_op": "pattern match" }, "s7SQVHshgYWyJSuzXO9o6Q==": { "id": "s7SQVHshgYWyJSuzXO9o6Q==", "updater": "rhel-vex", "name": "CVE-2026-21637", "description": "A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when `pskCallback` or `ALPNCallback` are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths (tlsClientError and error), causing either immediate process termination or silent file descriptor leaks that eventually lead to denial of service. Because these callbacks process attacker-controlled input during the TLS handshake, a remote client can repeatedly trigger the issue. This vulnerability affects TLS servers using PSK or ALPN callbacks across Node.js versions where these callbacks throw without being safely wrapped.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21637 https://bugzilla.redhat.com/show_bug.cgi?id=2431340 https://www.cve.org/CVERecord?id=CVE-2026-21637 https://nvd.nist.gov/vuln/detail/CVE-2026-21637 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21637.json https://access.redhat.com/errata/RHSA-2026:2781", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.13.0-1.module+el9.7.0+23894+c8377628", "arch_op": "pattern match" }, "s9Fn1OI38EWrq2OqjoQ6KQ==": { "id": "s9Fn1OI38EWrq2OqjoQ6KQ==", "updater": "rhel-vex", "name": "CVE-2024-5642", "description": "A vulnerability was found in Python/CPython that does not disallow configuring an empty list (\"[]\") for SSLContext.set_npn_protocols(), which is an invalid value for the underlying OpenSSL API. This issue results in a buffer over-read when NPN is used. See CVE -2024-5535 for OpenSSL for more information.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-5642 https://bugzilla.redhat.com/show_bug.cgi?id=2294682 https://www.cve.org/CVERecord?id=CVE-2024-5642 https://nvd.nist.gov/vuln/detail/CVE-2024-5642 https://mail.python.org/archives/list/security-announce@python.org/thread/PLP2JI3PJY33YG6P5BZYSSNU66HASXBQ/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5642.json https://access.redhat.com/errata/RHSA-2025:23342", "severity": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.25-2.el9_7", "arch_op": "pattern match" }, "s9zla+0u22E+Nq1zlK4A0A==": { "id": "s9zla+0u22E+Nq1zlK4A0A==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "sAlO/t+jkkm59mLcdOgB9w==": { "id": "sAlO/t+jkkm59mLcdOgB9w==", "updater": "rhel-vex", "name": "CVE-2025-1151", "description": "A flaw was found in the ld linker utility of GNU Binutils. A specially-crafted payload may be able to trigger a memory leak, which can lead to an application crash or other undefined behavior.", "issued": "2025-02-10T17:00:10Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1151 https://bugzilla.redhat.com/show_bug.cgi?id=2344713 https://www.cve.org/CVERecord?id=CVE-2025-1151 https://nvd.nist.gov/vuln/detail/CVE-2025-1151 https://sourceware.org/bugzilla/attachment.cgi?id=15887 https://sourceware.org/bugzilla/show_bug.cgi?id=32576 https://vuldb.com/?ctiid.295055 https://vuldb.com/?id.295055 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1151.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sEXYrXIRghEOX+5cKfh4HA==": { "id": "sEXYrXIRghEOX+5cKfh4HA==", "updater": "osv/go", "name": "GO-2022-0524", "description": "Stack exhaustion when reading certain archives in compress/gzip", "issued": "2022-07-20T20:52:11Z", "links": "https://go.dev/cl/417067 https://go.googlesource.com/go/+/b2b8872c876201eac2d0707276c6999ff3eb185e https://go.dev/issue/53168 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.4" }, "sEY+u8JcXEvFyPiUDTNKow==": { "id": "sEY+u8JcXEvFyPiUDTNKow==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "sFUeaSTxmIP9ksmZtDFy/w==": { "id": "sFUeaSTxmIP9ksmZtDFy/w==", "updater": "rhel-vex", "name": "CVE-2025-9301", "description": "A reachable assertion flaw has been discovered in the Cmake build system. A local attacker who can construct crafted input could reach this assertion and cause a program crash.", "issued": "2025-08-21T13:32:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9301 https://bugzilla.redhat.com/show_bug.cgi?id=2390085 https://www.cve.org/CVERecord?id=CVE-2025-9301 https://nvd.nist.gov/vuln/detail/CVE-2025-9301 https://drive.google.com/file/d/1TerUqQB8_lzJTwIBCBmE94zn7n-gOz4f/view?usp=sharing https://gitlab.kitware.com/cmake/cmake/-/commit/37e27f71bc356d880c908040cd0cb68fa2c371b8 https://gitlab.kitware.com/cmake/cmake/-/issues/27135 https://gitlab.kitware.com/cmake/cmake/-/issues/27135#note_1691629 https://vuldb.com/?ctiid.320906 https://vuldb.com/?id.320906 https://vuldb.com/?submit.632369 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9301.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "cmake", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sGBviOATX07Y4438NYu+Aw==": { "id": "sGBviOATX07Y4438NYu+Aw==", "updater": "rhel-vex", "name": "CVE-2022-4904", "description": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.", "issued": "2022-12-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4904 https://bugzilla.redhat.com/show_bug.cgi?id=2168631 https://www.cve.org/CVERecord?id=CVE-2022-4904 https://nvd.nist.gov/vuln/detail/CVE-2022-4904 https://github.com/c-ares/c-ares/issues/496 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4904.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "sHu0Ihy6+HrKJvDoll9f5g==": { "id": "sHu0Ihy6+HrKJvDoll9f5g==", "updater": "rhel-vex", "name": "CVE-2024-22020", "description": "A flaw was found in the Node.js package. By embedding non-network imports in data URLs, this flaw allows an attacker to execute arbitrary code, compromising system security.", "issued": "2024-07-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22020 https://bugzilla.redhat.com/show_bug.cgi?id=2296417 https://www.cve.org/CVERecord?id=CVE-2024-22020 https://nvd.nist.gov/vuln/detail/CVE-2024-22020 https://hackerone.com/reports/2092749 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22020.json https://access.redhat.com/errata/RHSA-2024:6147", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.4-1.module+el9.4.0+22195+c221878e", "arch_op": "pattern match" }, "sHvGKpRovk0D6WznAeRDaw==": { "id": "sHvGKpRovk0D6WznAeRDaw==", "updater": "rhel-vex", "name": "CVE-2024-52533", "description": "A flaw was found in the Glib library. A buffer overflow condition can be triggered in certain conditions due to an off-by-one error in SOCKS4_CONN_MSG_LEN. This issue may lead to an application crash or other undefined behavior.", "issued": "2024-11-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52533 https://bugzilla.redhat.com/show_bug.cgi?id=2325340 https://www.cve.org/CVERecord?id=CVE-2024-52533 https://nvd.nist.gov/vuln/detail/CVE-2024-52533 https://gitlab.gnome.org/GNOME/glib/-/issues/3461 https://gitlab.gnome.org/GNOME/glib/-/releases/2.82.1 https://gitlab.gnome.org/Teams/Releng/security/-/wikis/home https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52533.json https://access.redhat.com/errata/RHSA-2025:11140", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-16.el9_6.2", "arch_op": "pattern match" }, "sJNoOKrtqJYf9M2tWcTlqg==": { "id": "sJNoOKrtqJYf9M2tWcTlqg==", "updater": "rhel-vex", "name": "CVE-2025-15281", "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "issued": "2026-01-20T13:22:46Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15281 https://bugzilla.redhat.com/show_bug.cgi?id=2431196 https://www.cve.org/CVERecord?id=CVE-2025-15281 https://nvd.nist.gov/vuln/detail/CVE-2025-15281 https://sourceware.org/bugzilla/show_bug.cgi?id=33814 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15281.json https://access.redhat.com/errata/RHSA-2026:2786", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-231.el9_7.10", "arch_op": "pattern match" }, "sJOXRbCL0QuUC1P4v8JTZA==": { "id": "sJOXRbCL0QuUC1P4v8JTZA==", "updater": "rhel-vex", "name": "CVE-2024-5535", "description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "sQrexr1vAx+h04KwvoON3w==": { "id": "sQrexr1vAx+h04KwvoON3w==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "sQzygdvKruRINz20KeXUpg==": { "id": "sQzygdvKruRINz20KeXUpg==", "updater": "rhel-vex", "name": "CVE-2023-45285", "description": "A flaw was found in the Golang package cmd/go. This issue permits the fallback to insecure \"git://\" if trying to fetch a .git module that has no \"https://\" or \"git+ssh://\" available.", "issued": "2023-12-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45285 https://bugzilla.redhat.com/show_bug.cgi?id=2253323 https://www.cve.org/CVERecord?id=CVE-2023-45285 https://nvd.nist.gov/vuln/detail/CVE-2023-45285 https://pkg.go.dev/vuln/GO-2023-2383 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45285.json https://access.redhat.com/errata/RHSA-2024:1131", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-1.el9_3", "arch_op": "pattern match" }, "sTJKOfHbxppSoExQl7mYpQ==": { "id": "sTJKOfHbxppSoExQl7mYpQ==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "sTWSbUm1UHqZR0zHxPPV1A==": { "id": "sTWSbUm1UHqZR0zHxPPV1A==", "updater": "rhel-vex", "name": "CVE-2023-6129", "description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "issued": "2024-01-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "sUwVQqIfYgZ7onTB1NPzvQ==": { "id": "sUwVQqIfYgZ7onTB1NPzvQ==", "updater": "rhel-vex", "name": "CVE-2025-68121", "description": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.", "issued": "2026-02-05T17:48:44Z", "links": "https://access.redhat.com/security/cve/CVE-2025-68121 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://www.cve.org/CVERecord?id=CVE-2025-68121 https://nvd.nist.gov/vuln/detail/CVE-2025-68121 https://go.dev/cl/737700 https://go.dev/issue/77217 https://groups.google.com/g/golang-announce/c/K09ubi9FQFk https://pkg.go.dev/vuln/GO-2026-4337 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68121.json https://access.redhat.com/errata/RHSA-2026:3842", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "delve", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.25.2-2.el9_7", "arch_op": "pattern match" }, "sVTwqtGyRA8GgZdyQgXnqw==": { "id": "sVTwqtGyRA8GgZdyQgXnqw==", "updater": "rhel-vex", "name": "CVE-2023-45288", "description": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45288 https://bugzilla.redhat.com/show_bug.cgi?id=2268273 https://www.cve.org/CVERecord?id=CVE-2023-45288 https://nvd.nist.gov/vuln/detail/CVE-2023-45288 https://nowotarski.info/http2-continuation-flood/ https://pkg.go.dev/vuln/GO-2024-2687 https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45288.json https://access.redhat.com/errata/RHSA-2024:1963", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-4.el9_3", "arch_op": "pattern match" }, "sWCyUi5vmFbqsTEOh1QQvQ==": { "id": "sWCyUi5vmFbqsTEOh1QQvQ==", "updater": "rhel-vex", "name": "CVE-2025-70873", "description": "A flaw was found in SQLite. This information disclosure vulnerability exists within the zipfile extension, specifically in the zipfileInflate function. A remote attacker could exploit this by providing a specially crafted ZIP file. Successful exploitation could lead to the disclosure of sensitive heap memory information.", "issued": "2026-03-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-70873 https://bugzilla.redhat.com/show_bug.cgi?id=2447086 https://www.cve.org/CVERecord?id=CVE-2025-70873 https://nvd.nist.gov/vuln/detail/CVE-2025-70873 https://gist.github.com/cnwangjihe/f496393f30f5ecec5b18c8f5ab072054 https://sqlite.org/forum/forumpost/761eac3c82 https://sqlite.org/src/info/3d459f1fb1bd1b5e https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-70873.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sWMKQZ65XKDEmnR/u8vkiw==": { "id": "sWMKQZ65XKDEmnR/u8vkiw==", "updater": "rhel-vex", "name": "CVE-2025-59466", "description": "A stack overflow flaw has been discovered in Node.js error handling where \"Maximum call stack size exceeded\" errors become uncatchable when `async_hooks.createHook()` is enabled. Instead of reaching `process.on('uncaughtException')`, the process terminates, making the crash unrecoverable. Applications that rely on `AsyncLocalStorage` (v22, v20) or `async_hooks.createHook()` (v24, v22, v20) become vulnerable to denial-of-service crashes triggered by deep recursion under specific conditions.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-59466 https://bugzilla.redhat.com/show_bug.cgi?id=2431343 https://www.cve.org/CVERecord?id=CVE-2025-59466 https://nvd.nist.gov/vuln/detail/CVE-2025-59466 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-59466.json https://access.redhat.com/errata/RHSA-2026:2783", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.2-1.20.20.0.1.module+el9.7.0+23895+0637d423", "arch_op": "pattern match" }, "sWPZolO+x42N83xPk/byrw==": { "id": "sWPZolO+x42N83xPk/byrw==", "updater": "rhel-vex", "name": "CVE-2023-45288", "description": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45288 https://bugzilla.redhat.com/show_bug.cgi?id=2268273 https://www.cve.org/CVERecord?id=CVE-2023-45288 https://nvd.nist.gov/vuln/detail/CVE-2023-45288 https://nowotarski.info/http2-continuation-flood/ https://pkg.go.dev/vuln/GO-2024-2687 https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45288.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "sXReFixXG4Bn4+eq/AJDBA==": { "id": "sXReFixXG4Bn4+eq/AJDBA==", "updater": "rhel-vex", "name": "CVE-2023-51385", "description": "A flaw was found in OpenSSH. In certain circumstances, a remote attacker may be able to execute arbitrary OS commands by using expansion tokens, such as %u or %h, with user names or host names that contain shell metacharacters.", "issued": "2023-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-51385 https://bugzilla.redhat.com/show_bug.cgi?id=2255271 https://www.cve.org/CVERecord?id=CVE-2023-51385 https://nvd.nist.gov/vuln/detail/CVE-2023-51385 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-51385.json https://access.redhat.com/errata/RHSA-2024:1130", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-34.el9_3.3", "arch_op": "pattern match" }, "sXnCRVNv4i/ZmrJ0YxWonw==": { "id": "sXnCRVNv4i/ZmrJ0YxWonw==", "updater": "rhel-vex", "name": "CVE-2023-30079", "description": "A flaw was found in the libeconf library. This issue occurs when parsing a specially crafted configuration file, causing a stack-based buffer overflow that results in a denial of service.", "issued": "2023-08-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30079 https://bugzilla.redhat.com/show_bug.cgi?id=2234595 https://www.cve.org/CVERecord?id=CVE-2023-30079 https://nvd.nist.gov/vuln/detail/CVE-2023-30079 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30079.json https://access.redhat.com/errata/RHSA-2023:4347", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libeconf", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:0.4.1-3.el9_2", "arch_op": "pattern match" }, "sa5mIA5TIgDDEs7v0PwTjQ==": { "id": "sa5mIA5TIgDDEs7v0PwTjQ==", "updater": "rhel-vex", "name": "CVE-2023-29405", "description": "A flaw was found in golang. The go command may execute arbitrary code at build time when using cgo. This can occur when running \"go get\" on a malicious module, or when running any other command which builds untrusted code. This can be triggered by linker flags, specified via a \"#cgo LDFLAGS\" directive. Flags containing embedded spaces are mishandled, allowing disallowed flags to be smuggled through the LDFLAGS sanitization by including them in the argument of another flag. This only affects usage of the gccgo compiler.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29405 https://bugzilla.redhat.com/show_bug.cgi?id=2217569 https://www.cve.org/CVERecord?id=CVE-2023-29405 https://nvd.nist.gov/vuln/detail/CVE-2023-29405 https://go.dev/cl/501224 https://go.dev/issue/60306 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1842 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29405.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "saK0Qxr6f3taAu0dVT0erg==": { "id": "saK0Qxr6f3taAu0dVT0erg==", "updater": "rhel-vex", "name": "CVE-2026-35177", "description": "A flaw was found in Vim's zip.vim plugin. A local user could be tricked into opening a specially crafted zip archive, which would allow a path traversal bypass. This vulnerability enables an attacker to overwrite arbitrary files on the system, potentially leading to data integrity issues or further system compromise.", "issued": "2026-04-06T17:54:42Z", "links": "https://access.redhat.com/security/cve/CVE-2026-35177 https://bugzilla.redhat.com/show_bug.cgi?id=2455542 https://www.cve.org/CVERecord?id=CVE-2026-35177 https://nvd.nist.gov/vuln/detail/CVE-2026-35177 https://github.com/vim/vim/security/advisories/GHSA-jc86-w7vm-8p24 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-35177.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "scmQI6T6oitCtZW5973ovw==": { "id": "scmQI6T6oitCtZW5973ovw==", "updater": "rhel-vex", "name": "CVE-2023-32002", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of Module._load() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2230948 https://www.cve.org/CVERecord?id=CVE-2023-32002 https://nvd.nist.gov/vuln/detail/CVE-2023-32002 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-module_load-highcve-2023-32002 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32002.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "sfZFr+txEQMBXhlDkKUnmw==": { "id": "sfZFr+txEQMBXhlDkKUnmw==", "updater": "rhel-vex", "name": "CVE-2025-61726", "description": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.", "issued": "2026-01-28T19:30:31Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61726 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://www.cve.org/CVERecord?id=CVE-2025-61726 https://nvd.nist.gov/vuln/detail/CVE-2025-61726 https://go.dev/cl/736712 https://go.dev/issue/77101 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://pkg.go.dev/vuln/GO-2026-4341 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61726.json https://access.redhat.com/errata/RHSA-2026:2709", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.25.7-1.el9_7", "arch_op": "pattern match" }, "sgKxepKQb+uxgfzzrcWS7w==": { "id": "sgKxepKQb+uxgfzzrcWS7w==", "updater": "rhel-vex", "name": "CVE-2023-43788", "description": "A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local attacker to trigger an out-of-bounds read error and read the contents of memory on the system.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43788 https://bugzilla.redhat.com/show_bug.cgi?id=2242248 https://www.cve.org/CVERecord?id=CVE-2023-43788 https://nvd.nist.gov/vuln/detail/CVE-2023-43788 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43788.json https://access.redhat.com/errata/RHSA-2024:2146", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libXpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.13-10.el9", "arch_op": "pattern match" }, "shLykdr8yp2VSWaBtoxh7Q==": { "id": "shLykdr8yp2VSWaBtoxh7Q==", "updater": "rhel-vex", "name": "CVE-2026-27904", "description": "A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and resulting in a Denial of Service (DoS).", "issued": "2026-02-26T01:07:42Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27904 https://bugzilla.redhat.com/show_bug.cgi?id=2442922 https://www.cve.org/CVERecord?id=CVE-2026-27904 https://nvd.nist.gov/vuln/detail/CVE-2026-27904 https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27904.json https://access.redhat.com/errata/RHSA-2026:7302", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461", "arch_op": "pattern match" }, "skjryijgaN9YVeVVq8xZmA==": { "id": "skjryijgaN9YVeVVq8xZmA==", "updater": "rhel-vex", "name": "CVE-2021-35938", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "smB1yCGhBb8gDhPAER7odg==": { "id": "smB1yCGhBb8gDhPAER7odg==", "updater": "rhel-vex", "name": "CVE-2025-14524", "description": "A flaw was found in curl. When an OAuth2 (Open Authorization) bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a different scheme like IMAP, LDAP, POP3, or SMTP, curl might incorrectly pass the bearer token to the new target host. This could lead to information disclosure, where sensitive authentication tokens are exposed to unintended recipients.", "issued": "2026-01-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14524 https://bugzilla.redhat.com/show_bug.cgi?id=2426407 https://www.cve.org/CVERecord?id=CVE-2025-14524 https://nvd.nist.gov/vuln/detail/CVE-2025-14524 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14524.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sna4IH0E1Ui1jpzpKgnFOg==": { "id": "sna4IH0E1Ui1jpzpKgnFOg==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgcc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "srkxdJQ82zHIMw9egdZc5w==": { "id": "srkxdJQ82zHIMw9egdZc5w==", "updater": "rhel-vex", "name": "CVE-2023-23918", "description": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23918 https://bugzilla.redhat.com/show_bug.cgi?id=2171935 https://www.cve.org/CVERecord?id=CVE-2023-23918 https://nvd.nist.gov/vuln/detail/CVE-2023-23918 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23918.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "ssYEt3aOFwnaqoufFlsCAw==": { "id": "ssYEt3aOFwnaqoufFlsCAw==", "updater": "rhel-vex", "name": "CVE-2021-35938", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "sv+609cXG/bmAhwCPRMNHg==": { "id": "sv+609cXG/bmAhwCPRMNHg==", "updater": "rhel-vex", "name": "CVE-2026-1527", "description": "A flaw was found in undici, a Node.js HTTP/1.1 client. This vulnerability allows a remote attacker to inject malicious data into HTTP headers or prematurely end HTTP requests by sending specially crafted input to the `upgrade` option of `client.request()`. This is possible because undici does not properly validate input for invalid header characters, which could lead to unauthorized information disclosure or bypassing of security controls.", "issued": "2026-03-12T20:17:18Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1527 https://bugzilla.redhat.com/show_bug.cgi?id=2447141 https://www.cve.org/CVERecord?id=CVE-2026-1527 https://nvd.nist.gov/vuln/detail/CVE-2026-1527 https://cna.openjsf.org/security-advisories.html https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq https://hackerone.com/reports/3487198 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1527.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "svCt47J2Zwa45xj8gn3U/w==": { "id": "svCt47J2Zwa45xj8gn3U/w==", "updater": "rhel-vex", "name": "CVE-2026-1485", "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1485 https://bugzilla.redhat.com/show_bug.cgi?id=2433325 https://www.cve.org/CVERecord?id=CVE-2026-1485 https://nvd.nist.gov/vuln/detail/CVE-2026-1485 https://gitlab.gnome.org/GNOME/glib/-/issues/3871 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1485.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "svdlbVzNwZE9P/M3GvQ7Xw==": { "id": "svdlbVzNwZE9P/M3GvQ7Xw==", "updater": "rhel-vex", "name": "CVE-2024-9355", "description": "A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum.  It is also possible to force a derived key to be all zeros instead of an unpredictable value.  This may have follow-on implications for the Go TLS stack.", "issued": "2024-09-30T20:53:42Z", "links": "https://access.redhat.com/security/cve/CVE-2024-9355 https://bugzilla.redhat.com/show_bug.cgi?id=2315719 https://www.cve.org/CVERecord?id=CVE-2024-9355 https://nvd.nist.gov/vuln/detail/CVE-2024-9355 https://github.com/golang-fips/openssl/pull/198 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9355.json https://access.redhat.com/errata/RHSA-2024:7550", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-4.el9_4", "arch_op": "pattern match" }, "swCufUgs8xGhLcR4oX101Q==": { "id": "swCufUgs8xGhLcR4oX101Q==", "updater": "rhel-vex", "name": "CVE-2025-69418", "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69418 https://bugzilla.redhat.com/show_bug.cgi?id=2430381 https://www.cve.org/CVERecord?id=CVE-2025-69418 https://nvd.nist.gov/vuln/detail/CVE-2025-69418 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69418.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "sx5ziSZauoyjmcMB827V/Q==": { "id": "sx5ziSZauoyjmcMB827V/Q==", "updater": "rhel-vex", "name": "CVE-2024-24791", "description": "A flaw was found in Go. The net/http module mishandles specific server responses from HTTP/1.1 client requests. This issue may render a connection invalid and cause a denial of service.", "issued": "2024-07-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24791 https://bugzilla.redhat.com/show_bug.cgi?id=2295310 https://www.cve.org/CVERecord?id=CVE-2024-24791 https://nvd.nist.gov/vuln/detail/CVE-2024-24791 https://go.dev/cl/591255 https://go.dev/issue/67555 https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24791.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "sxcy9NTxyeNn/j3K+DCTCQ==": { "id": "sxcy9NTxyeNn/j3K+DCTCQ==", "updater": "rhel-vex", "name": "CVE-2026-22036", "description": "A flaw was found in Undici, an HTTP/1.1 client for Node.js. A remote attacker could exploit this vulnerability by sending a specially crafted HTTP response with an unbounded number of links in the decompression chain. This could lead to high CPU usage and excessive memory allocation, resulting in a Denial of Service (DoS) for the affected system.", "issued": "2026-01-14T19:07:13Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22036 https://bugzilla.redhat.com/show_bug.cgi?id=2429741 https://www.cve.org/CVERecord?id=CVE-2026-22036 https://nvd.nist.gov/vuln/detail/CVE-2026-22036 https://github.com/nodejs/undici/commit/b04e3cbb569c1596f86c108e9b52c79d8475dcb3 https://github.com/nodejs/undici/security/advisories/GHSA-g9mf-h72j-4rw9 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22036.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sxxGu02J6Xp0UskX/yPO4w==": { "id": "sxxGu02J6Xp0UskX/yPO4w==", "updater": "rhel-vex", "name": "CVE-2021-35938", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "sykv+pGN4TXggZNIwL/H4g==": { "id": "sykv+pGN4TXggZNIwL/H4g==", "updater": "rhel-vex", "name": "CVE-2025-5915", "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5915 https://bugzilla.redhat.com/show_bug.cgi?id=2370865 https://www.cve.org/CVERecord?id=CVE-2025-5915 https://nvd.nist.gov/vuln/detail/CVE-2025-5915 https://github.com/libarchive/libarchive/pull/2599 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5915.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "szMAuHDpCq8KehOnG/58kg==": { "id": "szMAuHDpCq8KehOnG/58kg==", "updater": "rhel-vex", "name": "CVE-2022-25883", "description": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size, resulting in a denial of service.", "issued": "2023-06-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25883 https://bugzilla.redhat.com/show_bug.cgi?id=2216475 https://www.cve.org/CVERecord?id=CVE-2022-25883 https://nvd.nist.gov/vuln/detail/CVE-2022-25883 https://github.com/advisories/GHSA-c2qf-rxjj-qqgw https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25883.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.17.1-1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "t+vHm4kt0AB+tq2CG41TQQ==": { "id": "t+vHm4kt0AB+tq2CG41TQQ==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "t/e+iLCKcOMzXEuhRWry6g==": { "id": "t/e+iLCKcOMzXEuhRWry6g==", "updater": "rhel-vex", "name": "CVE-2026-22796", "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22796 https://bugzilla.redhat.com/show_bug.cgi?id=2430390 https://www.cve.org/CVERecord?id=CVE-2026-22796 https://nvd.nist.gov/vuln/detail/CVE-2026-22796 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22796.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "t0yM+3xw1ZQW3unHh4xTyA==": { "id": "t0yM+3xw1ZQW3unHh4xTyA==", "updater": "rhel-vex", "name": "CVE-2025-3198", "description": "A flaw was found in GNU Binutils. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally.", "issued": "2025-04-04T01:31:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3198 https://bugzilla.redhat.com/show_bug.cgi?id=2357358 https://www.cve.org/CVERecord?id=CVE-2025-3198 https://nvd.nist.gov/vuln/detail/CVE-2025-3198 https://sourceware.org/bugzilla/show_bug.cgi?id=32716 https://sourceware.org/bugzilla/show_bug.cgi?id=32716#c0 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ba6ad3a18cb26b79e0e3b84c39f707535bbc344d https://vuldb.com/?ctiid.303151 https://vuldb.com/?id.303151 https://vuldb.com/?submit.545773 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3198.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "t6Z7F4vRK3+khLx6GFFiJQ==": { "id": "t6Z7F4vRK3+khLx6GFFiJQ==", "updater": "rhel-vex", "name": "CVE-2025-15367", "description": "A flaw was found in the poplib module in the Python standard library. The poplib module does not reject control characters, such as newlines, in user-controlled input passed to POP3 commands. This issue allows an attacker to inject additional commands to be executed in the POP3 server.", "issued": "2026-01-20T21:47:09Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15367 https://bugzilla.redhat.com/show_bug.cgi?id=2431373 https://www.cve.org/CVERecord?id=CVE-2025-15367 https://nvd.nist.gov/vuln/detail/CVE-2025-15367 https://github.com/python/cpython/issues/143923 https://github.com/python/cpython/pull/143924 https://mail.python.org/archives/list/security-announce@python.org/thread/CBFBOWVGGUJFSGITQCCBZS4GEYYZ7ZNE/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15367.json https://access.redhat.com/errata/RHSA-2026:4168", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.25-3.el9_7.1", "arch_op": "pattern match" }, "tC2r7U8qVBEhU9NaT3fMVg==": { "id": "tC2r7U8qVBEhU9NaT3fMVg==", "updater": "rhel-vex", "name": "CVE-2019-12900", "description": "A data integrity error was found in the bzip2 (User-space package) functionality when decompressing. This issue occurs when a user decompresses a particular kind of .bz2 files. A local user could get unexpected results (or corrupted data) as result of decompressing these files.", "issued": "2024-11-15T10:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=2332075 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json https://access.redhat.com/errata/RHSA-2025:0925", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "bzip2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.0.8-10.el9_5", "arch_op": "pattern match" }, "tDVJVtVXjEp2hZmPcOFM9w==": { "id": "tDVJVtVXjEp2hZmPcOFM9w==", "updater": "rhel-vex", "name": "CVE-2024-0450", "description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.1", "arch_op": "pattern match" }, "tEG4S6zEddB/Fl32LgLV+A==": { "id": "tEG4S6zEddB/Fl32LgLV+A==", "updater": "rhel-vex", "name": "CVE-2022-3627", "description": "An out-of-bounds write flaw was found in the _TIFFmemcpy function in libtiff/tif_unix.c in the libtiff package. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could cause a denial of service condition.", "issued": "2022-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3627 https://bugzilla.redhat.com/show_bug.cgi?id=2142742 https://www.cve.org/CVERecord?id=CVE-2022-3627 https://nvd.nist.gov/vuln/detail/CVE-2022-3627 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3627.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "tIZr20KLFTaQt9OBw5SXsA==": { "id": "tIZr20KLFTaQt9OBw5SXsA==", "updater": "rhel-vex", "name": "CVE-2025-61729", "description": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.", "issued": "2025-12-02T18:54:10Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61729 https://bugzilla.redhat.com/show_bug.cgi?id=2418462 https://www.cve.org/CVERecord?id=CVE-2025-61729 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://pkg.go.dev/vuln/GO-2025-4155 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61729.json https://access.redhat.com/errata/RHSA-2026:0923", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.25.5-2.el9_7", "arch_op": "pattern match" }, "tJJUE3O+B2dj0YzqLSTtDA==": { "id": "tJJUE3O+B2dj0YzqLSTtDA==", "updater": "rhel-vex", "name": "CVE-2022-44638", "description": "A flaw was found in pixman. This issue causes an out-of-bounds write in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y. This can result in data corruption, a crash, or code execution.", "issued": "2022-11-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-44638 https://bugzilla.redhat.com/show_bug.cgi?id=2139988 https://www.cve.org/CVERecord?id=CVE-2022-44638 https://nvd.nist.gov/vuln/detail/CVE-2022-44638 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-44638.json https://access.redhat.com/errata/RHSA-2023:7754", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "pixman", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:0.40.0-6.el9_3", "arch_op": "pattern match" }, "tKVE3VH+DixxL49Cbeit6Q==": { "id": "tKVE3VH+DixxL49Cbeit6Q==", "updater": "rhel-vex", "name": "CVE-2022-49043", "description": "A flaw was found in libxml2 where improper handling of memory allocation failures in `libxml2` can lead to crashes, memory leaks, or inconsistent states. While an attacker cannot directly control allocation failures, they may trigger denial-of-service conditions under extreme system stress.", "issued": "2025-01-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-49043 https://bugzilla.redhat.com/show_bug.cgi?id=2342118 https://www.cve.org/CVERecord?id=CVE-2022-49043 https://nvd.nist.gov/vuln/detail/CVE-2022-49043 https://github.com/php/php-src/issues/17467 https://gitlab.gnome.org/GNOME/libxml2/-/commit/5a19e21605398cef6a8b1452477a8705cb41562b https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-49043.json https://access.redhat.com/errata/RHSA-2025:1350", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.1", "arch_op": "pattern match" }, "tLSR0X6hQ7hvyPbBXZslBQ==": { "id": "tLSR0X6hQ7hvyPbBXZslBQ==", "updater": "rhel-vex", "name": "CVE-2022-2126", "description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "issued": "2022-06-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2126.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "tLfvNXQJ1ryG1oIjuKoLPQ==": { "id": "tLfvNXQJ1ryG1oIjuKoLPQ==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "tNFH1YUHHwU3vwUWrO3mLQ==": { "id": "tNFH1YUHHwU3vwUWrO3mLQ==", "updater": "rhel-vex", "name": "CVE-2025-23167", "description": "A flaw was found in the HTTP parser of Node.js. This vulnerability allows attackers to perform request smuggling and bypass proxy-based access controls via improperly terminated HTTP/1 headers using \\r\\n\\rX instead of the standard \\r\\n\\r\\n.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23167 https://bugzilla.redhat.com/show_bug.cgi?id=2367167 https://www.cve.org/CVERecord?id=CVE-2025-23167 https://nvd.nist.gov/vuln/detail/CVE-2025-23167 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23167.json https://access.redhat.com/errata/RHSA-2025:8468", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.19.2-1.module+el9.6.0+23146+be9976bd", "arch_op": "pattern match" }, "tQmmf4j1ZMloac9gv7yd7w==": { "id": "tQmmf4j1ZMloac9gv7yd7w==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1446", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.6-1.module+el9.5.0+22773+9a359385", "arch_op": "pattern match" }, "tTdsNcqGarFD7KtMB1ag6Q==": { "id": "tTdsNcqGarFD7KtMB1ag6Q==", "updater": "rhel-vex", "name": "CVE-2023-27533", "description": "A vulnerability in input validation exists in curl \u003c8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27533 https://bugzilla.redhat.com/show_bug.cgi?id=2179062 https://www.cve.org/CVERecord?id=CVE-2023-27533 https://nvd.nist.gov/vuln/detail/CVE-2023-27533 https://curl.se/docs/CVE-2023-27533.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27533.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "tVO6+VLrPGQTVjdd/8MBTg==": { "id": "tVO6+VLrPGQTVjdd/8MBTg==", "updater": "rhel-vex", "name": "CVE-2026-2229", "description": "A flaw was found in the undici WebSocket client. A remote malicious server can exploit this vulnerability by sending a WebSocket frame with an invalid `server_max_window_bits` parameter within the permessage-deflate extension. This improper validation causes the client's Node.js process to terminate, leading to a denial-of-service (DoS) condition for the client.", "issued": "2026-03-12T20:27:05Z", "links": "https://access.redhat.com/security/cve/CVE-2026-2229 https://bugzilla.redhat.com/show_bug.cgi?id=2447143 https://www.cve.org/CVERecord?id=CVE-2026-2229 https://nvd.nist.gov/vuln/detail/CVE-2026-2229 https://cna.openjsf.org/security-advisories.html https://datatracker.ietf.org/doc/html/rfc7692 https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8 https://hackerone.com/reports/3487486 https://nodejs.org/api/zlib.html#class-zlibinflateraw https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2229.json https://access.redhat.com/errata/RHSA-2026:7302", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461", "arch_op": "pattern match" }, "tVQs2LJzOpi0sAtiX4H2oQ==": { "id": "tVQs2LJzOpi0sAtiX4H2oQ==", "updater": "rhel-vex", "name": "CVE-2026-26996", "description": "A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.", "issued": "2026-02-20T03:05:21Z", "links": "https://access.redhat.com/security/cve/CVE-2026-26996 https://bugzilla.redhat.com/show_bug.cgi?id=2441268 https://www.cve.org/CVERecord?id=CVE-2026-26996 https://nvd.nist.gov/vuln/detail/CVE-2026-26996 https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5 https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-26996.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "tVvgs8QNtuRqLgnWoPIWbw==": { "id": "tVvgs8QNtuRqLgnWoPIWbw==", "updater": "rhel-vex", "name": "CVE-2025-26465", "description": "A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.", "issued": "2025-02-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-26465 https://bugzilla.redhat.com/show_bug.cgi?id=2344780 https://www.cve.org/CVERecord?id=CVE-2025-26465 https://nvd.nist.gov/vuln/detail/CVE-2025-26465 https://access.redhat.com/solutions/7109879 https://seclists.org/oss-sec/2025/q1/144 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-26465.json https://access.redhat.com/errata/RHSA-2025:6993", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-45.el9", "arch_op": "pattern match" }, "tW4ew6Bpf68YpYbdwMyYGA==": { "id": "tW4ew6Bpf68YpYbdwMyYGA==", "updater": "rhel-vex", "name": "CVE-2023-43789", "description": "A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the system.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43789 https://bugzilla.redhat.com/show_bug.cgi?id=2242249 https://www.cve.org/CVERecord?id=CVE-2023-43789 https://nvd.nist.gov/vuln/detail/CVE-2023-43789 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43789.json https://access.redhat.com/errata/RHSA-2024:2146", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libXpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.13-10.el9", "arch_op": "pattern match" }, "tZCJ3EMmfQYEKmNY0R6pgg==": { "id": "tZCJ3EMmfQYEKmNY0R6pgg==", "updater": "rhel-vex", "name": "CVE-2024-0397", "description": "A vulnerability was found in Python. A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time that certificates are loaded into the SSLContext, such as during the TLS handshake with a configured certificate directory.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0397 https://bugzilla.redhat.com/show_bug.cgi?id=2301891 https://www.cve.org/CVERecord?id=CVE-2024-0397 https://nvd.nist.gov/vuln/detail/CVE-2024-0397 https://mail.python.org/archives/list/security-announce@python.org/thread/BMAK5BCGKYWNJOACVUSLUF6SFGBIM4VP/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0397.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "tZSfr7Q1QfQP2u7Sjxqmrw==": { "id": "tZSfr7Q1QfQP2u7Sjxqmrw==", "updater": "rhel-vex", "name": "CVE-2023-0465", "description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "taWP10HWuyQrPSEFSUjPPw==": { "id": "taWP10HWuyQrPSEFSUjPPw==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "tbhLz74i3ShwS72WbIsoOA==": { "id": "tbhLz74i3ShwS72WbIsoOA==", "updater": "rhel-vex", "name": "CVE-2023-50495", "description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "issued": "2023-12-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-50495.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "tbkEtEs3aa+p2/YQaD8BfQ==": { "id": "tbkEtEs3aa+p2/YQaD8BfQ==", "updater": "rhel-vex", "name": "CVE-2023-1972", "description": "A potential heap-based buffer overflow was found in binutils in the _bfd_elf_slurp_version_tables() function in bfd/elf.c. This issue may lead to a loss of availability.", "issued": "2023-04-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1972 https://bugzilla.redhat.com/show_bug.cgi?id=2185646 https://www.cve.org/CVERecord?id=CVE-2023-1972 https://nvd.nist.gov/vuln/detail/CVE-2023-1972 https://sourceware.org/bugzilla/show_bug.cgi?id=30285 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1972.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "tboTb+/fwz1O/l+3w5n9ew==": { "id": "tboTb+/fwz1O/l+3w5n9ew==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "tc3yI78GS4DzyIWUxAPWyg==": { "id": "tc3yI78GS4DzyIWUxAPWyg==", "updater": "rhel-vex", "name": "CVE-2025-65018", "description": "A buffer overflow flaw has been discovered in libpng. There is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds.", "issued": "2025-11-24T23:50:18Z", "links": "https://access.redhat.com/security/cve/CVE-2025-65018 https://bugzilla.redhat.com/show_bug.cgi?id=2416907 https://www.cve.org/CVERecord?id=CVE-2025-65018 https://nvd.nist.gov/vuln/detail/CVE-2025-65018 https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea https://github.com/pnggroup/libpng/issues/755 https://github.com/pnggroup/libpng/pull/757 https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-65018.json https://access.redhat.com/errata/RHSA-2026:0238", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libpng-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:1.6.37-12.el9_7.1", "arch_op": "pattern match" }, "te0mQBJAxCZ9Xzg2xrzQcg==": { "id": "te0mQBJAxCZ9Xzg2xrzQcg==", "updater": "rhel-vex", "name": "CVE-2024-45490", "description": "A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function.", "issued": "2024-08-30T03:15:03Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45490 https://bugzilla.redhat.com/show_bug.cgi?id=2308615 https://www.cve.org/CVERecord?id=CVE-2024-45490 https://nvd.nist.gov/vuln/detail/CVE-2024-45490 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/887 https://github.com/libexpat/libexpat/pull/890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45490.json https://access.redhat.com/errata/RHSA-2024:6754", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-2.el9_4.1", "arch_op": "pattern match" }, "teVzqeXKz5qAL9KrVUsKAA==": { "id": "teVzqeXKz5qAL9KrVUsKAA==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-overloading", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:0.02-481.el9", "arch_op": "pattern match" }, "tiE5Hgw3cKrNfJ9IvmRV7w==": { "id": "tiE5Hgw3cKrNfJ9IvmRV7w==", "updater": "rhel-vex", "name": "CVE-2026-2229", "description": "A flaw was found in the undici WebSocket client. A remote malicious server can exploit this vulnerability by sending a WebSocket frame with an invalid `server_max_window_bits` parameter within the permessage-deflate extension. This improper validation causes the client's Node.js process to terminate, leading to a denial-of-service (DoS) condition for the client.", "issued": "2026-03-12T20:27:05Z", "links": "https://access.redhat.com/security/cve/CVE-2026-2229 https://bugzilla.redhat.com/show_bug.cgi?id=2447143 https://www.cve.org/CVERecord?id=CVE-2026-2229 https://nvd.nist.gov/vuln/detail/CVE-2026-2229 https://cna.openjsf.org/security-advisories.html https://datatracker.ietf.org/doc/html/rfc7692 https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8 https://hackerone.com/reports/3487486 https://nodejs.org/api/zlib.html#class-zlibinflateraw https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2229.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "tjg7NtH3QatPaaScohSsZg==": { "id": "tjg7NtH3QatPaaScohSsZg==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "tk58DmpOzYRq2tA73Zt4KA==": { "id": "tk58DmpOzYRq2tA73Zt4KA==", "updater": "rhel-vex", "name": "CVE-2026-1528", "description": "A flaw was found in undici. A remote attacker could exploit this vulnerability by sending a specially crafted WebSocket frame with an extremely large 64-bit length. This causes undici's ByteParser to overflow its internal calculations, leading to an invalid state and a fatal TypeError. The primary consequence is a Denial of Service (DoS), which terminates the process.", "issued": "2026-03-12T20:21:57Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1528 https://bugzilla.redhat.com/show_bug.cgi?id=2447145 https://www.cve.org/CVERecord?id=CVE-2026-1528 https://nvd.nist.gov/vuln/detail/CVE-2026-1528 https://cna.openjsf.org/security-advisories.html https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj https://hackerone.com/reports/3537648 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1528.json https://access.redhat.com/errata/RHSA-2026:7302", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.22.2-1.module+el9.7.0+24157+8ddb2461", "arch_op": "pattern match" }, "tlbehmhIbT1WwXt6llfQYw==": { "id": "tlbehmhIbT1WwXt6llfQYw==", "updater": "osv/go", "name": "GO-2022-0515", "description": "Stack exhaustion due to deeply nested types in go/parser", "issued": "2022-07-20T17:01:45Z", "links": "https://go.dev/cl/417063 https://go.googlesource.com/go/+/695be961d57508da5a82217f7415200a11845879 https://go.dev/issue/53616 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.4" }, "toXp/ZwNqXAUsdXRb/4DVg==": { "id": "toXp/ZwNqXAUsdXRb/4DVg==", "updater": "rhel-vex", "name": "CVE-2024-22365", "description": "A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with ~/tmp mounted as a polyinstantiated dir can place a FIFO there, and a subsequent attempt to login as this user with `pam_namespace` configured will cause the `openat()` in `protect_dir()` to block the attempt, causing a local denial of service.", "issued": "2024-01-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22365 https://bugzilla.redhat.com/show_bug.cgi?id=2257722 https://www.cve.org/CVERecord?id=CVE-2024-22365 https://nvd.nist.gov/vuln/detail/CVE-2024-22365 https://www.openwall.com/lists/oss-security/2024/01/18/3 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22365.json https://access.redhat.com/errata/RHSA-2024:2438", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-19.el9", "arch_op": "pattern match" }, "todSxpG0ADSu6dX8ZW+q4A==": { "id": "todSxpG0ADSu6dX8ZW+q4A==", "updater": "rhel-vex", "name": "CVE-2023-43787", "description": "A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43787 https://bugzilla.redhat.com/show_bug.cgi?id=2242254 https://www.cve.org/CVERecord?id=CVE-2023-43787 https://nvd.nist.gov/vuln/detail/CVE-2023-43787 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43787.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "tvq/gvjGf6pzxLuMOglBaw==": { "id": "tvq/gvjGf6pzxLuMOglBaw==", "updater": "rhel-vex", "name": "CVE-2026-4775", "description": "A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations, potentially causing a denial of service (application crash) or arbitrary code execution.", "issued": "2026-03-24T14:33:35Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4775 https://bugzilla.redhat.com/show_bug.cgi?id=2450768 https://www.cve.org/CVERecord?id=CVE-2026-4775 https://nvd.nist.gov/vuln/detail/CVE-2026-4775 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4775.json https://access.redhat.com/errata/RHSA-2026:12271", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-15.el9_7.3", "arch_op": "pattern match" }, "u/b1G56mYgMO4E+lYxSxjA==": { "id": "u/b1G56mYgMO4E+lYxSxjA==", "updater": "rhel-vex", "name": "CVE-2023-31130", "description": "A vulnerability was found in c-ares. This issue occurs in the ares_inet_net_pton() function, which is vulnerable to a buffer underflow for certain ipv6 addresses. \"0::00:00:00/2\" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which would require an administrator to configure such an address via ares_set_sortlist().", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31130 https://bugzilla.redhat.com/show_bug.cgi?id=2209497 https://www.cve.org/CVERecord?id=CVE-2023-31130 https://nvd.nist.gov/vuln/detail/CVE-2023-31130 https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31130.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "u0MfT/CHY1AhIYRRjCtdhw==": { "id": "u0MfT/CHY1AhIYRRjCtdhw==", "updater": "rhel-vex", "name": "CVE-2025-23166", "description": "A flaw was found in Node.js, specifically in the C++ method SignTraits::DeriveBits(). This vulnerability can allow a remote attacker to crash the Node.js runtime via untrusted input, triggering an exception in a background thread.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23166 https://bugzilla.redhat.com/show_bug.cgi?id=2367163 https://www.cve.org/CVERecord?id=CVE-2025-23166 https://nvd.nist.gov/vuln/detail/CVE-2025-23166 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23166.json https://access.redhat.com/errata/RHSA-2025:8467", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.16.0-1.module+el9.6.0+23151+b1496e9d", "arch_op": "pattern match" }, "u0cs09LPRVEEfen4PHM6gA==": { "id": "u0cs09LPRVEEfen4PHM6gA==", "updater": "rhel-vex", "name": "CVE-2026-0990", "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "issued": "2026-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0990 https://bugzilla.redhat.com/show_bug.cgi?id=2429959 https://www.cve.org/CVERecord?id=CVE-2026-0990 https://nvd.nist.gov/vuln/detail/CVE-2026-0990 https://gitlab.gnome.org/GNOME/libxml2/-/issues/1018 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0990.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "u0i6Tc2zpzW8/pMdj7AH4w==": { "id": "u0i6Tc2zpzW8/pMdj7AH4w==", "updater": "rhel-vex", "name": "CVE-2025-46835", "description": "A vulnerability was found in the git GUI package. When a user clones an untrusted repository and edits a file located in a maliciously named directory, git GUI may end up creating or overwriting arbitrary files for the running user has written permission. This flaw allows an attacker to modify the content of target files without the affected user's intent, resulting in a data integrity issue.", "issued": "2025-07-10T15:09:42Z", "links": "https://access.redhat.com/security/cve/CVE-2025-46835 https://bugzilla.redhat.com/show_bug.cgi?id=2379326 https://www.cve.org/CVERecord?id=CVE-2025-46835 https://nvd.nist.gov/vuln/detail/CVE-2025-46835 https://github.com/j6t/git-gui/compare/dcda716dbc9c90bcac4611bd1076747671ee0906..a437f5bc93330a70b42a230e52f3bd036ca1b1da https://github.com/j6t/git-gui/security/advisories/GHSA-xfx7-68v4-v8fg https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-46835.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "u1EBYvwhn/Xoyt4PDy5M1A==": { "id": "u1EBYvwhn/Xoyt4PDy5M1A==", "updater": "rhel-vex", "name": "CVE-2024-45341", "description": "A flaw was found in the crypto/x509 package of the Golang standard library. A certificate with a URI, which has a IPv6 address with a zone ID, may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI; this issue only affects users of private PKIs that make use of URIs.", "issued": "2025-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/show_bug.cgi?id=2341750 https://www.cve.org/CVERecord?id=CVE-2024-45341 https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://github.com/golang/go/commit/2b2314e9f6103de322b2e247387c8b01fd0cd5a4 https://github.com/golang/go/issues/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45341.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "u1caIbS4Tk6y8c7sz8Hvhw==": { "id": "u1caIbS4Tk6y8c7sz8Hvhw==", "updater": "rhel-vex", "name": "CVE-2024-41957", "description": "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash.", "issued": "2024-08-01T20:41:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-41957 https://bugzilla.redhat.com/show_bug.cgi?id=2302418 https://www.cve.org/CVERecord?id=CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41957.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "u3VIQ3Bv2EdQNxxr10FAOQ==": { "id": "u3VIQ3Bv2EdQNxxr10FAOQ==", "updater": "rhel-vex", "name": "CVE-2023-23936", "description": "A flaw was found in the fetch API in Node.js that did not prevent CRLF injection in the 'host' header. This issue could allow HTTP response splitting and HTTP header injection.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23936 https://bugzilla.redhat.com/show_bug.cgi?id=2172190 https://www.cve.org/CVERecord?id=CVE-2023-23936 https://nvd.nist.gov/vuln/detail/CVE-2023-23936 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23936.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.3-1.16.19.1.1.el9_2", "arch_op": "pattern match" }, "u6PjuomLq+nVKrTw/0Jyeg==": { "id": "u6PjuomLq+nVKrTw/0Jyeg==", "updater": "rhel-vex", "name": "CVE-2022-28805", "description": "A heap buffer-overflow vulnerability was found in Lua. The flaw occurs due to vulnerable code present in the lparser.c function of Lua that allows the execution of untrusted Lua code into a system, resulting in malicious activity.", "issued": "2022-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-28805 https://bugzilla.redhat.com/show_bug.cgi?id=2073884 https://www.cve.org/CVERecord?id=CVE-2022-28805 https://nvd.nist.gov/vuln/detail/CVE-2022-28805 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-28805.json https://access.redhat.com/errata/RHSA-2023:2582", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "lua-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:5.4.4-3.el9", "arch_op": "pattern match" }, "u6YfnQt98V+kYlUqAP+rFg==": { "id": "u6YfnQt98V+kYlUqAP+rFg==", "updater": "osv/go", "name": "GO-2026-4601", "description": "Incorrect parsing of IPv6 host literals in net/url", "issued": "2026-03-06T21:03:42Z", "links": "https://go.dev/cl/752180 https://go.dev/issue/77578 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.25.8" }, "u71+866Ffd2deSVdosxvJw==": { "id": "u71+866Ffd2deSVdosxvJw==", "updater": "rhel-vex", "name": "CVE-2025-59466", "description": "A stack overflow flaw has been discovered in Node.js error handling where \"Maximum call stack size exceeded\" errors become uncatchable when `async_hooks.createHook()` is enabled. Instead of reaching `process.on('uncaughtException')`, the process terminates, making the crash unrecoverable. Applications that rely on `AsyncLocalStorage` (v22, v20) or `async_hooks.createHook()` (v24, v22, v20) become vulnerable to denial-of-service crashes triggered by deep recursion under specific conditions.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-59466 https://bugzilla.redhat.com/show_bug.cgi?id=2431343 https://www.cve.org/CVERecord?id=CVE-2025-59466 https://nvd.nist.gov/vuln/detail/CVE-2025-59466 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-59466.json https://access.redhat.com/errata/RHSA-2026:2783", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.20.0-1.module+el9.7.0+23895+0637d423", "arch_op": "pattern match" }, "u90uEyQ6vxfKeIQvjGNTHQ==": { "id": "u90uEyQ6vxfKeIQvjGNTHQ==", "updater": "rhel-vex", "name": "CVE-2026-22796", "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22796 https://bugzilla.redhat.com/show_bug.cgi?id=2430390 https://www.cve.org/CVERecord?id=CVE-2026-22796 https://nvd.nist.gov/vuln/detail/CVE-2026-22796 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22796.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "uDUK/vmP915z5uyCv2VhVg==": { "id": "uDUK/vmP915z5uyCv2VhVg==", "updater": "rhel-vex", "name": "CVE-2023-40217", "description": "Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are authenticated only by a TLS certificate. No breach of confidentiality is possible.", "issued": "2023-08-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-40217 https://bugzilla.redhat.com/show_bug.cgi?id=2235789 https://www.cve.org/CVERecord?id=CVE-2023-40217 https://nvd.nist.gov/vuln/detail/CVE-2023-40217 https://github.com/python/cpython/issues/108310 https://github.com/python/cpython/pull/108315 https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-40217.json https://access.redhat.com/errata/RHSA-2023:5462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.16-1.el9_2.2", "arch_op": "pattern match" }, "uDfc8ZaPfrhTGcFwVaIvAA==": { "id": "uDfc8ZaPfrhTGcFwVaIvAA==", "updater": "rhel-vex", "name": "CVE-2023-48706", "description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "issued": "2023-11-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48706.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uEn9qA67O/SoYHOtH/EL2w==": { "id": "uEn9qA67O/SoYHOtH/EL2w==", "updater": "rhel-vex", "name": "CVE-2025-1150", "description": "A flaw was found in the ld linker utility of GNU Binutils. A specially-crafted payload may be able to trigger a memory leak, which can lead to an application crash or other undefined behavior.", "issued": "2025-02-10T16:31:07Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1150 https://bugzilla.redhat.com/show_bug.cgi?id=2344681 https://www.cve.org/CVERecord?id=CVE-2025-1150 https://nvd.nist.gov/vuln/detail/CVE-2025-1150 https://sourceware.org/bugzilla/attachment.cgi?id=15887 https://sourceware.org/bugzilla/show_bug.cgi?id=32576 https://vuldb.com/?ctiid.295054 https://vuldb.com/?id.295054 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1150.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uFR2NXYHCgkD0jUkHBTh3g==": { "id": "uFR2NXYHCgkD0jUkHBTh3g==", "updater": "rhel-vex", "name": "CVE-2025-7425", "description": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.", "issued": "2025-07-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-7425 https://bugzilla.redhat.com/show_bug.cgi?id=2379274 https://www.cve.org/CVERecord?id=CVE-2025-7425 https://nvd.nist.gov/vuln/detail/CVE-2025-7425 https://gitlab.gnome.org/GNOME/libxslt/-/issues/140 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-7425.json https://access.redhat.com/errata/RHSA-2025:12447", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-11.el9_6", "arch_op": "pattern match" }, "uFRb2siFSROrNSaSMqsvqQ==": { "id": "uFRb2siFSROrNSaSMqsvqQ==", "updater": "rhel-vex", "name": "CVE-2023-39323", "description": "A flaw was found in the golang cmd/go standard library. A line directive (\"//line\") can be used to bypass the restrictions on \"//go:cgo_\" directives, allowing blocked linker and compiler flags to pass during compilation. This can result in the unexpected execution of arbitrary code when running \"go build\". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.", "issued": "2023-10-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39323 https://bugzilla.redhat.com/show_bug.cgi?id=2242544 https://www.cve.org/CVERecord?id=CVE-2023-39323 https://nvd.nist.gov/vuln/detail/CVE-2023-39323 https://go.dev/cl/533215 https://go.dev/issue/63211 https://groups.google.com/g/golang-announce/c/XBa1oHDevAo https://vuln.go.dev/ID/GO-2023-2095.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39323.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uFXEnN9gepJ4+HtQWdLrOg==": { "id": "uFXEnN9gepJ4+HtQWdLrOg==", "updater": "rhel-vex", "name": "CVE-2023-25433", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to a heap-based buffer overflow in the processCropSelections function in tools/tiffcrop.c, resulting in a denial of service.", "issued": "2023-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25433 https://bugzilla.redhat.com/show_bug.cgi?id=2218744 https://www.cve.org/CVERecord?id=CVE-2023-25433 https://nvd.nist.gov/vuln/detail/CVE-2023-25433 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25433.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uGPuYR0b3uiHdpdRa97mfw==": { "id": "uGPuYR0b3uiHdpdRa97mfw==", "updater": "rhel-vex", "name": "CVE-2024-22017", "description": "A flaw was found in Node.js, where the setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid(). This issue allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid().", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22017 https://bugzilla.redhat.com/show_bug.cgi?id=2265727 https://www.cve.org/CVERecord?id=CVE-2024-22017 https://nvd.nist.gov/vuln/detail/CVE-2024-22017 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22017.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "uGxAJHfmN99PtsQCJqV/nQ==": { "id": "uGxAJHfmN99PtsQCJqV/nQ==", "updater": "rhel-vex", "name": "CVE-2022-36227", "description": "A flaw was found in libarchive. A missing check of the return value of the calloc function can cause a NULL pointer dereference in an out-of-memory condition or when a memory allocation limit is reached, resulting in the program linked with libarchive to crash.", "issued": "2022-07-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-36227 https://bugzilla.redhat.com/show_bug.cgi?id=2144972 https://www.cve.org/CVERecord?id=CVE-2022-36227 https://nvd.nist.gov/vuln/detail/CVE-2022-36227 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-36227.json https://access.redhat.com/errata/RHSA-2023:2532", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "bsdtar", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-4.el9", "arch_op": "pattern match" }, "uHGQ4u2cwHgRGK+9r/8n+w==": { "id": "uHGQ4u2cwHgRGK+9r/8n+w==", "updater": "rhel-vex", "name": "CVE-2025-55130", "description": "A flaw in Node.js’s Permissions model allows attackers to bypass `--allow-fs-read` and `--allow-fs-write` restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files. This breaks the expected isolation guarantees and enables arbitrary file read/write.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-55130 https://bugzilla.redhat.com/show_bug.cgi?id=2431352 https://www.cve.org/CVERecord?id=CVE-2025-55130 https://nvd.nist.gov/vuln/detail/CVE-2025-55130 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-55130.json https://access.redhat.com/errata/RHSA-2026:2782", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.22.0-1.module+el9.7.0+23896+b5802de9", "arch_op": "pattern match" }, "uILMvGS6obqeMj18FLYSbg==": { "id": "uILMvGS6obqeMj18FLYSbg==", "updater": "rhel-vex", "name": "CVE-2023-25815", "description": "A vulnerability was found in Git. This security flaw occurs when Git compiles with runtime prefix support and runs without translated messages, and it still uses the gettext machinery to display messages, which subsequently looks for translated messages in unexpected places. This flaw allows the malicious placement of crafted messages.", "issued": "2023-04-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25815 https://bugzilla.redhat.com/show_bug.cgi?id=2188337 https://www.cve.org/CVERecord?id=CVE-2023-25815 https://nvd.nist.gov/vuln/detail/CVE-2023-25815 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25815.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "uJDCv1FWYpz7eywFMZ5WnA==": { "id": "uJDCv1FWYpz7eywFMZ5WnA==", "updater": "rhel-vex", "name": "CVE-2024-21892", "description": "A flaw was found in Node.js. On Linux, Node.js ignores certain environment variables if an unprivileged user has set them while the process is running with elevated privileges, except for CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when other capabilities have been set. This flaw allows unprivileged users to inject code that inherits the process's elevated privileges.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21892 https://bugzilla.redhat.com/show_bug.cgi?id=2264582 https://www.cve.org/CVERecord?id=CVE-2024-21892 https://nvd.nist.gov/vuln/detail/CVE-2024-21892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21892.json https://access.redhat.com/errata/RHSA-2024:1503", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.19.1-1.module+el9.3.0+21388+22892fb9", "arch_op": "pattern match" }, "uJpX1i+k36BH7BSmiGPDBQ==": { "id": "uJpX1i+k36BH7BSmiGPDBQ==", "updater": "rhel-vex", "name": "CVE-2026-32282", "description": "A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.", "issued": "2026-04-08T01:06:55Z", "links": "https://access.redhat.com/security/cve/CVE-2026-32282 https://bugzilla.redhat.com/show_bug.cgi?id=2456336 https://www.cve.org/CVERecord?id=CVE-2026-32282 https://nvd.nist.gov/vuln/detail/CVE-2026-32282 https://go.dev/cl/763761 https://go.dev/issue/78293 https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU https://pkg.go.dev/vuln/GO-2026-4864 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32282.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uLJc9xWoMs4KcjASTFLV/A==": { "id": "uLJc9xWoMs4KcjASTFLV/A==", "updater": "rhel-vex", "name": "CVE-2026-3497", "description": "A flaw was found in the OpenSSH GSSAPI (Generic Security Service Application Program Interface) delta patches, as included in various Linux distributions. A remote attacker could exploit this by sending an unexpected GSSAPI message type during the key exchange process. This occurs because the `sshpkt_disconnect()` function, when called on an error, does not properly terminate the process, leading to the continued execution of the program with uninitialized connection variables. Accessing these uninitialized variables can lead to undefined behavior, potentially resulting in information disclosure or a denial of service.", "issued": "2026-03-12T18:27:44Z", "links": "https://access.redhat.com/security/cve/CVE-2026-3497 https://bugzilla.redhat.com/show_bug.cgi?id=2447085 https://www.cve.org/CVERecord?id=CVE-2026-3497 https://nvd.nist.gov/vuln/detail/CVE-2026-3497 https://ubuntu.com/security/CVE-2026-3497 https://www.openwall.com/lists/oss-security/2026/03/12/3 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3497.json https://access.redhat.com/errata/RHSA-2026:6462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-48.el9_7", "arch_op": "pattern match" }, "uO3OOEY6W3k9QH/tNVK0LQ==": { "id": "uO3OOEY6W3k9QH/tNVK0LQ==", "updater": "rhel-vex", "name": "CVE-2025-1152", "description": "A flaw was found in the ld linker utility of GNU Binutils. A specially-crafted payload may be able to trigger a memory leak, which can lead to an application crash or other undefined behavior.", "issued": "2025-02-10T18:00:09Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1152 https://bugzilla.redhat.com/show_bug.cgi?id=2344723 https://www.cve.org/CVERecord?id=CVE-2025-1152 https://nvd.nist.gov/vuln/detail/CVE-2025-1152 https://sourceware.org/bugzilla/attachment.cgi?id=15887 https://sourceware.org/bugzilla/show_bug.cgi?id=32576 https://vuldb.com/?ctiid.295056 https://vuldb.com/?id.295056 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1152.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uOeAKP5ZyZtLLU7CjOuFcw==": { "id": "uOeAKP5ZyZtLLU7CjOuFcw==", "updater": "rhel-vex", "name": "CVE-2023-30581", "description": "A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require() can bypass the policy mechanism and require modules outside of the policy.json definition.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30581 https://bugzilla.redhat.com/show_bug.cgi?id=2219824 https://www.cve.org/CVERecord?id=CVE-2023-30581 https://nvd.nist.gov/vuln/detail/CVE-2023-30581 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30581.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "uPUYRQErrH0+5XWkYAjsjw==": { "id": "uPUYRQErrH0+5XWkYAjsjw==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "uPUnbuUJlh23l0km8iQ2tA==": { "id": "uPUnbuUJlh23l0km8iQ2tA==", "updater": "rhel-vex", "name": "CVE-2025-69649", "description": "A flaw was found in binutils. Processing a specially crafted ELF binary file containing malformed header fields with the readelf program can trigger a NULL pointer dereference, causing a crash and resulting in a denial of service.", "issued": "2026-03-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69649 https://bugzilla.redhat.com/show_bug.cgi?id=2445298 https://www.cve.org/CVERecord?id=CVE-2025-69649 https://nvd.nist.gov/vuln/detail/CVE-2025-69649 https://sourceware.org/bugzilla/show_bug.cgi?id=33697 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=66a3492ce68e1ae45b2489bd9a815c39ea5d7f66 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69649.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uRGTeRjJyz2NEeH/TpkK8Q==": { "id": "uRGTeRjJyz2NEeH/TpkK8Q==", "updater": "rhel-vex", "name": "CVE-2025-4435", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows unauthorized file extraction via crafted tar archives when TarFile.errorlevel=0, bypassing expected filtering mechanisms.", "issued": "2025-06-03T12:59:06Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4435 https://bugzilla.redhat.com/show_bug.cgi?id=2370010 https://www.cve.org/CVERecord?id=CVE-2025-4435 https://nvd.nist.gov/vuln/detail/CVE-2025-4435 https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4435.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "uTyk3o8xjznk0cEQXm/ouw==": { "id": "uTyk3o8xjznk0cEQXm/ouw==", "updater": "rhel-vex", "name": "CVE-2026-25547", "description": "A flaw was found in the brace-expansion component. This denial of service (DoS) vulnerability allows a remote attacker to provide specially crafted input containing repeated numeric brace ranges. This input causes the library to attempt an unbounded expansion, consuming excessive CPU and memory resources. This can lead to a system crash, impacting the availability of the service.", "issued": "2026-02-04T21:51:17Z", "links": "https://access.redhat.com/security/cve/CVE-2026-25547 https://bugzilla.redhat.com/show_bug.cgi?id=2436942 https://www.cve.org/CVERecord?id=CVE-2026-25547 https://nvd.nist.gov/vuln/detail/CVE-2026-25547 https://github.com/isaacs/brace-expansion/security/advisories/GHSA-7h2j-956f-4vf2 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25547.json https://access.redhat.com/errata/RHSA-2026:7302", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.22.2-1.module+el9.7.0+24157+8ddb2461", "arch_op": "pattern match" }, "uW/TgHSIKlO53BnXG1YZSA==": { "id": "uW/TgHSIKlO53BnXG1YZSA==", "updater": "rhel-vex", "name": "CVE-2025-32414", "description": "A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.", "issued": "2025-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32414 https://bugzilla.redhat.com/show_bug.cgi?id=2358121 https://www.cve.org/CVERecord?id=CVE-2025-32414 https://nvd.nist.gov/vuln/detail/CVE-2025-32414 https://gitlab.gnome.org/GNOME/libxml2/-/issues/889 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32414.json https://access.redhat.com/errata/RHSA-2025:13428", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-12.el9_6", "arch_op": "pattern match" }, "uWnN7JCvikoCVXMugnDhoA==": { "id": "uWnN7JCvikoCVXMugnDhoA==", "updater": "rhel-vex", "name": "CVE-2026-25749", "description": "A flaw was found in Vim, an open source, command line text editor. This heap buffer overflow vulnerability exists in the tag file resolution logic when processing the 'helpfile' option. A local user could exploit this by providing a specially crafted 'helpfile' option value, leading to a heap buffer overflow. This could result in arbitrary code execution or a denial of service.", "issued": "2026-02-06T22:43:38Z", "links": "https://access.redhat.com/security/cve/CVE-2026-25749 https://bugzilla.redhat.com/show_bug.cgi?id=2437843 https://www.cve.org/CVERecord?id=CVE-2026-25749 https://nvd.nist.gov/vuln/detail/CVE-2026-25749 https://github.com/vim/vim/commit/0714b15940b245108e6e9d7aa2260dd849a26fa9 https://github.com/vim/vim/releases/tag/v9.1.2132 https://github.com/vim/vim/security/advisories/GHSA-5w93-4g67-mm43 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25749.json https://access.redhat.com/errata/RHSA-2026:5602", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-23.el9_7.1", "arch_op": "pattern match" }, "uWvHibmfs86jbjyb5h+qpg==": { "id": "uWvHibmfs86jbjyb5h+qpg==", "updater": "rhel-vex", "name": "CVE-2023-25136", "description": "A flaw was found in the OpenSSH server (sshd), which introduced a double-free vulnerability during options.kex_algorithms handling. An unauthenticated attacker can trigger the double-free in the default configuration.", "issued": "2023-02-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25136 https://bugzilla.redhat.com/show_bug.cgi?id=2167636 https://www.cve.org/CVERecord?id=CVE-2023-25136 https://nvd.nist.gov/vuln/detail/CVE-2023-25136 https://bugzilla.mindrot.org/show_bug.cgi?id=3522 https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/017_sshd.patch.sig https://github.com/openssh/openssh-portable/commit/486c4dc3b83b4b67d663fb0fa62bc24138ec3946 https://www.openwall.com/lists/oss-security/2023/02/02/2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25136.json https://access.redhat.com/errata/RHSA-2023:2645", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-29.el9_2", "arch_op": "pattern match" }, "uWz4SaM79VpO4EPAy+0C8g==": { "id": "uWz4SaM79VpO4EPAy+0C8g==", "updater": "rhel-vex", "name": "CVE-2026-5435", "description": "A flaw was found in glibc, the GNU C Library. Specifically, deprecated functions responsible for printing TSIG (Transaction Signature) records fail to properly manage memory buffers. This oversight can lead to an out-of-bounds write when processing specially crafted TSIG records. An attacker could exploit this to cause a denial of service or potentially execute arbitrary code.", "issued": "2026-04-28T11:58:54Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5435 https://bugzilla.redhat.com/show_bug.cgi?id=2463465 https://www.cve.org/CVERecord?id=CVE-2026-5435 https://nvd.nist.gov/vuln/detail/CVE-2026-5435 https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u https://sourceware.org/bugzilla/show_bug.cgi?id=34033 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5435.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uXRgwaipa8s2OMXjAf1Thg==": { "id": "uXRgwaipa8s2OMXjAf1Thg==", "updater": "rhel-vex", "name": "CVE-2023-6129", "description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "issued": "2024-01-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "ua1shFLPCkFCKWCRwaqUDQ==": { "id": "ua1shFLPCkFCKWCRwaqUDQ==", "updater": "rhel-vex", "name": "CVE-2025-12084", "description": "A flaw was found in cpython. This vulnerability allows impacted availability via a quadratic algorithm in `xml.dom.minidom` methods, such as `appendChild()`, when building excessively nested documents due to a dependency on `_clear_id_cache()`", "issued": "2025-12-03T18:55:32Z", "links": "https://access.redhat.com/security/cve/CVE-2025-12084 https://bugzilla.redhat.com/show_bug.cgi?id=2418655 https://www.cve.org/CVERecord?id=CVE-2025-12084 https://nvd.nist.gov/vuln/detail/CVE-2025-12084 https://github.com/python/cpython/issues/142145 https://github.com/python/cpython/pull/142146 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-12084.json https://access.redhat.com/errata/RHSA-2026:1478", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.25-3.el9_7", "arch_op": "pattern match" }, "uaetuJImncB6wudykQLpEA==": { "id": "uaetuJImncB6wudykQLpEA==", "updater": "rhel-vex", "name": "CVE-2025-1632", "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior. This bug does not compromise the integrity or availability of the base system.", "issued": "2025-02-24T13:31:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1632 https://bugzilla.redhat.com/show_bug.cgi?id=2347309 https://www.cve.org/CVERecord?id=CVE-2025-1632 https://nvd.nist.gov/vuln/detail/CVE-2025-1632 https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc https://vuldb.com/?ctiid.296619 https://vuldb.com/?id.296619 https://vuldb.com/?submit.496460 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1632.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ueWEd2PE6kwBx153FL1eIA==": { "id": "ueWEd2PE6kwBx153FL1eIA==", "updater": "rhel-vex", "name": "CVE-2023-0465", "description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "ug2Mk8LI1eIN0hRNT0s8JQ==": { "id": "ug2Mk8LI1eIN0hRNT0s8JQ==", "updater": "rhel-vex", "name": "CVE-2022-3599", "description": "An out-of-bounds read flaw was found in the writeSingleSection function in tools/tiffcrop.c in the libtiff package. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could cause a denial of service condition.", "issued": "2022-02-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3599 https://bugzilla.redhat.com/show_bug.cgi?id=2142740 https://www.cve.org/CVERecord?id=CVE-2022-3599 https://nvd.nist.gov/vuln/detail/CVE-2022-3599 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3599.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "ugAB401UYtKGrqztlPOlZA==": { "id": "ugAB401UYtKGrqztlPOlZA==", "updater": "rhel-vex", "name": "CVE-2023-25193", "description": "A vulnerability was found HarfBuzz. This flaw allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "issued": "2023-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25193 https://bugzilla.redhat.com/show_bug.cgi?id=2167254 https://www.cve.org/CVERecord?id=CVE-2023-25193 https://nvd.nist.gov/vuln/detail/CVE-2023-25193 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25193.json https://access.redhat.com/errata/RHSA-2024:2410", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "harfbuzz", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.7.4-10.el9", "arch_op": "pattern match" }, "ugk8bc5JAs//Hgj923HTXA==": { "id": "ugk8bc5JAs//Hgj923HTXA==", "updater": "rhel-vex", "name": "CVE-2023-43785", "description": "A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43785 https://bugzilla.redhat.com/show_bug.cgi?id=2242252 https://www.cve.org/CVERecord?id=CVE-2023-43785 https://nvd.nist.gov/vuln/detail/CVE-2023-43785 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43785.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "uglqkYqbcsDd4SCu9NI2Ww==": { "id": "uglqkYqbcsDd4SCu9NI2Ww==", "updater": "rhel-vex", "name": "CVE-2023-25435", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to a heap-based buffer overflow in the extractContigSamplesShifted8bits function in tools/tiffcrop.c, resulting in a denial of service.", "issued": "2023-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25435 https://bugzilla.redhat.com/show_bug.cgi?id=2216614 https://www.cve.org/CVERecord?id=CVE-2023-25435 https://nvd.nist.gov/vuln/detail/CVE-2023-25435 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25435.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uhGUZtCY1OXgM1L55/upYA==": { "id": "uhGUZtCY1OXgM1L55/upYA==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "ujzNJ5kQVFINisRmEnkrzA==": { "id": "ujzNJ5kQVFINisRmEnkrzA==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "ul9JS7YMI1n2sVUWOX6Hbw==": { "id": "ul9JS7YMI1n2sVUWOX6Hbw==", "updater": "rhel-vex", "name": "CVE-2026-6100", "description": "A flaw was found in Python's decompression modules, including `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile`. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is experiencing high memory usage. Exploitation of this flaw could potentially allow an attacker to execute arbitrary code or access sensitive data. The vulnerability is only present if the program re-uses decompressor instances across multiple decompression calls even after a `MemoryError` is raised during decompression. Using the helper functions to one-shot decompress data such as `lzma.decompress()`, `bz2.decompress()`, `gzip.decompress()`, and `zlib.decompress()` are not affected as a new decompressor instance is used per call. If the decompressor instance is not re-used after an error condition, this usage is similarly not vulnerable.", "issued": "2026-04-13T17:15:47Z", "links": "https://access.redhat.com/security/cve/CVE-2026-6100 https://bugzilla.redhat.com/show_bug.cgi?id=2457932 https://www.cve.org/CVERecord?id=CVE-2026-6100 https://nvd.nist.gov/vuln/detail/CVE-2026-6100 https://github.com/python/cpython/commit/6a5f79c8d7bbf22b083b240910c7a8781a59437d https://github.com/python/cpython/commit/8fc66aef6d7b3ae58f43f5c66f9366cc8cbbfcd2 https://github.com/python/cpython/commit/c3cf71c3366fe49acb776a639405c0eea6169c20 https://github.com/python/cpython/issues/148395 https://github.com/python/cpython/pull/148396 https://mail.python.org/archives/list/security-announce@python.org/thread/HTWB2Z6KT5QQX4RYEZAFININDHNOSIF3/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6100.json https://access.redhat.com/errata/RHSA-2026:10949", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.25-3.el9_7.3", "arch_op": "pattern match" }, "ulsMCA3bm5VANCxYIf54Zw==": { "id": "ulsMCA3bm5VANCxYIf54Zw==", "updater": "rhel-vex", "name": "CVE-2021-35938", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "urOIF+inUTTF1gL7DeWkzg==": { "id": "urOIF+inUTTF1gL7DeWkzg==", "updater": "rhel-vex", "name": "CVE-2023-28322", "description": "A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28322 https://bugzilla.redhat.com/show_bug.cgi?id=2196793 https://www.cve.org/CVERecord?id=CVE-2023-28322 https://nvd.nist.gov/vuln/detail/CVE-2023-28322 https://curl.se/docs/CVE-2023-28322.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28322.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "uu3d3lIlYVCZwOjqoNec3g==": { "id": "uu3d3lIlYVCZwOjqoNec3g==", "updater": "rhel-vex", "name": "CVE-2025-14104", "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14104 https://bugzilla.redhat.com/show_bug.cgi?id=2419369 https://www.cve.org/CVERecord?id=CVE-2025-14104 https://nvd.nist.gov/vuln/detail/CVE-2025-14104 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14104.json https://access.redhat.com/errata/RHSA-2026:1913", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libblkid", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.37.4-21.el9_7", "arch_op": "pattern match" }, "uvaZxZFE7cKBjyjVQ/t6lg==": { "id": "uvaZxZFE7cKBjyjVQ/t6lg==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "v+VZolEvt4HU4yiZTpFx+Q==": { "id": "v+VZolEvt4HU4yiZTpFx+Q==", "updater": "osv/go", "name": "GO-2024-2687", "description": "HTTP/2 CONTINUATION flood in net/http", "issued": "2024-04-03T21:12:01Z", "links": "https://go.dev/issue/65051 https://go.dev/cl/576155 https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.21.9" }, "v+qPraJNH1peMhjiTk1OgA==": { "id": "v+qPraJNH1peMhjiTk1OgA==", "updater": "rhel-vex", "name": "CVE-2024-55549", "description": "A flaw was found in libxslt. This vulnerability allows an attacker to trigger a use-after-free issue by excluding result prefixes.", "issued": "2025-03-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-55549 https://bugzilla.redhat.com/show_bug.cgi?id=2352484 https://www.cve.org/CVERecord?id=CVE-2024-55549 https://nvd.nist.gov/vuln/detail/CVE-2024-55549 https://gitlab.gnome.org/GNOME/libxslt/-/issues/127 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-55549.json https://access.redhat.com/errata/RHSA-2025:4025", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxslt", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.1.34-9.el9_5.2", "arch_op": "pattern match" }, "v/fIHXRO37U49Wniv4Yhsg==": { "id": "v/fIHXRO37U49Wniv4Yhsg==", "updater": "rhel-vex", "name": "CVE-2024-8176", "description": "A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.", "issued": "2025-03-13T13:51:54Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8176 https://bugzilla.redhat.com/show_bug.cgi?id=2310137 https://www.cve.org/CVERecord?id=CVE-2024-8176 https://nvd.nist.gov/vuln/detail/CVE-2024-8176 https://github.com/libexpat/libexpat/issues/893 https://github.com/libexpat/libexpat/pull/973 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8176.json https://access.redhat.com/errata/RHSA-2025:7444", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-5.el9_6", "arch_op": "pattern match" }, "v5GtOUp47xYv9Rr0sFi4PQ==": { "id": "v5GtOUp47xYv9Rr0sFi4PQ==", "updater": "rhel-vex", "name": "CVE-2024-12797", "description": "A flaw was found in OpenSSL's RFC7250 Raw Public Key (RPK) authentication. This vulnerability allows man-in-the-middle (MITM) attacks via failure to abort TLS/DTLS handshakes when the server's RPK does not match the expected key despite the SSL_VERIFY_PEER verification mode being set.", "issued": "2025-02-11T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12797 https://bugzilla.redhat.com/show_bug.cgi?id=2342757 https://www.cve.org/CVERecord?id=CVE-2024-12797 https://nvd.nist.gov/vuln/detail/CVE-2024-12797 https://openssl-library.org/news/secadv/20250211.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12797.json https://access.redhat.com/errata/RHSA-2025:1330", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5.1", "arch_op": "pattern match" }, "v6t7qJCF3xL8IO0nPwJX1g==": { "id": "v6t7qJCF3xL8IO0nPwJX1g==", "updater": "rhel-vex", "name": "CVE-2023-24537", "description": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an infinite loop due to integer overflow when calling any of the Parse functions. By sending a specially crafted input, a remote attacker can cause a denial of service.", "issued": "2023-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24537 https://bugzilla.redhat.com/show_bug.cgi?id=2184484 https://www.cve.org/CVERecord?id=CVE-2023-24537 https://nvd.nist.gov/vuln/detail/CVE-2023-24537 https://github.com/golang/go/issues/59180 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24537.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "v9nWDWoVTUzEu77hVCL+xw==": { "id": "v9nWDWoVTUzEu77hVCL+xw==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "v9qMLnWqPbLz+WC1hPhb9g==": { "id": "v9qMLnWqPbLz+WC1hPhb9g==", "updater": "rhel-vex", "name": "CVE-2025-64506", "description": "A buffer over read flaw has been discovered in libpng. A heap buffer over-read vulnerability exists in libpng's png_write_image_8bit function when processing 8-bit images through the simplified write API with convert_to_8bit enabled. The vulnerability affects 8-bit grayscale+alpha, RGB/RGBA, and images with incomplete row data. A conditional guard incorrectly allows 8-bit input to enter code expecting 16-bit input, causing reads up to 2 bytes beyond allocated buffer boundaries.", "issued": "2025-11-24T23:41:09Z", "links": "https://access.redhat.com/security/cve/CVE-2025-64506 https://bugzilla.redhat.com/show_bug.cgi?id=2416906 https://www.cve.org/CVERecord?id=CVE-2025-64506 https://nvd.nist.gov/vuln/detail/CVE-2025-64506 https://github.com/pnggroup/libpng/commit/2bd84c019c300b78e811743fbcddb67c9d9bf821 https://github.com/pnggroup/libpng/pull/749 https://github.com/pnggroup/libpng/security/advisories/GHSA-qpr4-xm66-hww6 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-64506.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libpng", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "vA4lSE/GSHGX0yBPiE7RSQ==": { "id": "vA4lSE/GSHGX0yBPiE7RSQ==", "updater": "rhel-vex", "name": "CVE-2025-11187", "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11187 https://bugzilla.redhat.com/show_bug.cgi?id=2430375 https://www.cve.org/CVERecord?id=CVE-2025-11187 https://nvd.nist.gov/vuln/detail/CVE-2025-11187 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11187.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "vAAzy4RBfYsNO+V3LlPJ7A==": { "id": "vAAzy4RBfYsNO+V3LlPJ7A==", "updater": "rhel-vex", "name": "CVE-2024-7006", "description": "A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash, eventually leading to a denial of service.", "issued": "2024-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7006 https://bugzilla.redhat.com/show_bug.cgi?id=2302996 https://www.cve.org/CVERecord?id=CVE-2024-7006 https://nvd.nist.gov/vuln/detail/CVE-2024-7006 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7006.json https://access.redhat.com/errata/RHSA-2024:8914", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9_4.1", "arch_op": "pattern match" }, "vBXrhxnu9HxQSmN5xWhZaQ==": { "id": "vBXrhxnu9HxQSmN5xWhZaQ==", "updater": "rhel-vex", "name": "CVE-2025-23166", "description": "A flaw was found in Node.js, specifically in the C++ method SignTraits::DeriveBits(). This vulnerability can allow a remote attacker to crash the Node.js runtime via untrusted input, triggering an exception in a background thread.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23166 https://bugzilla.redhat.com/show_bug.cgi?id=2367163 https://www.cve.org/CVERecord?id=CVE-2025-23166 https://nvd.nist.gov/vuln/detail/CVE-2025-23166 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23166.json https://access.redhat.com/errata/RHSA-2025:8468", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.19.2-1.module+el9.6.0+23146+be9976bd", "arch_op": "pattern match" }, "vHIEJpBGkCNiUPmahPyLqQ==": { "id": "vHIEJpBGkCNiUPmahPyLqQ==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "vJceii8mKrpQPBtlAKleGQ==": { "id": "vJceii8mKrpQPBtlAKleGQ==", "updater": "rhel-vex", "name": "CVE-2023-34969", "description": "An assertion failure vulnerability was found in D-Bus. This issue occurs when a privileged monitoring connection (dbus-monitor, busctl monitor, gdbus monitor, or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to \u003cdeny\u003e rules or outgoing message quota. If a privileged user with control over the dbus-daemon is monitoring the message bus traffic using the Monitoring clients like the dbus-monitor or busctl monitor interfaces, then an unprivileged local user with the ability to connect to the same dbus-daemon could send specially crafted request, causing a dbus-daemon to crash, resulting in a denial of service under some circumstances.", "issued": "2023-06-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-34969 https://bugzilla.redhat.com/show_bug.cgi?id=2213166 https://www.cve.org/CVERecord?id=CVE-2023-34969 https://nvd.nist.gov/vuln/detail/CVE-2023-34969 https://gitlab.freedesktop.org/dbus/dbus/-/issues/457 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-34969.json https://access.redhat.com/errata/RHSA-2023:4569", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "dbus-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:1.12.20-7.el9_2.1", "arch_op": "pattern match" }, "vLDNpmPSXi+t8ebIQHILIw==": { "id": "vLDNpmPSXi+t8ebIQHILIw==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "vLLr24Ej4L78gTG08XYkRg==": { "id": "vLLr24Ej4L78gTG08XYkRg==", "updater": "rhel-vex", "name": "CVE-2023-2975", "description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "issued": "2023-07-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "vLgELeoIueNM9KX5ZIMtjg==": { "id": "vLgELeoIueNM9KX5ZIMtjg==", "updater": "rhel-vex", "name": "CVE-2021-35937", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "vM/BpQVYTLnKgFVNAeaxvA==": { "id": "vM/BpQVYTLnKgFVNAeaxvA==", "updater": "rhel-vex", "name": "CVE-2026-4786", "description": "A flaw was found in the Python webbrowser.open() API. If a specially crafted URL containing \"%action\" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution.", "issued": "2026-04-13T21:52:19Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4786 https://bugzilla.redhat.com/show_bug.cgi?id=2458049 https://www.cve.org/CVERecord?id=CVE-2026-4786 https://nvd.nist.gov/vuln/detail/CVE-2026-4786 https://github.com/python/cpython/issues/148169 https://github.com/python/cpython/pull/148170 https://mail.python.org/archives/list/security-announce@python.org/thread/JQDUNJVB4AQNTJECSUKOBDU3XCJIPSE5/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4786.json https://access.redhat.com/errata/RHSA-2026:10949", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.25-3.el9_7.3", "arch_op": "pattern match" }, "vPDXRcEg4abq9PCqTBFkAg==": { "id": "vPDXRcEg4abq9PCqTBFkAg==", "updater": "rhel-vex", "name": "CVE-2023-25652", "description": "A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch.", "issued": "2023-04-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25652 https://bugzilla.redhat.com/show_bug.cgi?id=2188333 https://www.cve.org/CVERecord?id=CVE-2023-25652 https://nvd.nist.gov/vuln/detail/CVE-2023-25652 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25652.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "vQedZoMzqBElfCAKIwQo5w==": { "id": "vQedZoMzqBElfCAKIwQo5w==", "updater": "rhel-vex", "name": "CVE-2023-32006", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32006 https://bugzilla.redhat.com/show_bug.cgi?id=2230955 https://www.cve.org/CVERecord?id=CVE-2023-32006 https://nvd.nist.gov/vuln/detail/CVE-2023-32006 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-impersonate-other-modules-in-using-moduleconstructorcreaterequire-mediumcve-2023-32006 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32006.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "vSLFgRYoehmDve19rxyjcw==": { "id": "vSLFgRYoehmDve19rxyjcw==", "updater": "rhel-vex", "name": "CVE-2026-27171", "description": "A flaw was found in zlib. An attacker providing specially crafted input to the `crc32_combine64` or `crc32_combine_gen64` functions could trigger an infinite loop within the `x2nmodp` function. This leads to excessive CPU consumption, which can result in a Denial of Service (DoS) for the affected system.", "issued": "2026-02-18T02:36:19Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27171 https://bugzilla.redhat.com/show_bug.cgi?id=2440530 https://www.cve.org/CVERecord?id=CVE-2026-27171 https://nvd.nist.gov/vuln/detail/CVE-2026-27171 https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/ https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf https://github.com/madler/zlib/issues/904 https://github.com/madler/zlib/releases/tag/v1.3.2 https://ostif.org/zlib-audit-complete/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27171.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "rsync", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "vTajNh0ysqaO8NuTMU//uw==": { "id": "vTajNh0ysqaO8NuTMU//uw==", "updater": "rhel-vex", "name": "CVE-2022-2845", "description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.", "issued": "2022-08-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2845.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "vWwpCPVTGndMb9IraxXgGg==": { "id": "vWwpCPVTGndMb9IraxXgGg==", "updater": "rhel-vex", "name": "CVE-2023-6228", "description": "An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash.", "issued": "2023-09-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6228 https://bugzilla.redhat.com/show_bug.cgi?id=2240995 https://www.cve.org/CVERecord?id=CVE-2023-6228 https://nvd.nist.gov/vuln/detail/CVE-2023-6228 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6228.json https://access.redhat.com/errata/RHSA-2024:2289", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9", "arch_op": "pattern match" }, "vY8p4yRfnET5EfrovUfwkQ==": { "id": "vY8p4yRfnET5EfrovUfwkQ==", "updater": "rhel-vex", "name": "CVE-2025-32988", "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\n\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", "issued": "2025-07-10T07:55:14Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32988 https://bugzilla.redhat.com/show_bug.cgi?id=2359622 https://www.cve.org/CVERecord?id=CVE-2025-32988 https://nvd.nist.gov/vuln/detail/CVE-2025-32988 https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32988.json https://access.redhat.com/errata/RHSA-2025:16116", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-6.el9_6.2", "arch_op": "pattern match" }, "vZIHu7rsNO8R8If5mjyTiw==": { "id": "vZIHu7rsNO8R8If5mjyTiw==", "updater": "rhel-vex", "name": "CVE-2025-69644", "description": "A flaw was found in binutils. A local attacker can exploit a logic flaw in the handling of DWARF (Debugging With Attributed Record Formats) location list headers within the objdump utility. By supplying a crafted binary with malformed debug information, the attacker can cause objdump to enter an unbounded loop, leading to excessive resource consumption and a Denial of Service (DoS).", "issued": "2026-03-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69644 https://bugzilla.redhat.com/show_bug.cgi?id=2445263 https://www.cve.org/CVERecord?id=CVE-2025-69644 https://nvd.nist.gov/vuln/detail/CVE-2025-69644 https://sourceware.org/bugzilla/show_bug.cgi?id=33639 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=455446bbdc8675f34808187de2bbad4682016ff7 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69644.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "vZf5q9QE5SuB3bMw/VXbtQ==": { "id": "vZf5q9QE5SuB3bMw/VXbtQ==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://nodejs.org/pt/blog/vulnerability/january-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.13.1-1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "vZzq+XzhXQpcGK6x6C81SQ==": { "id": "vZzq+XzhXQpcGK6x6C81SQ==", "updater": "rhel-vex", "name": "CVE-2023-23918", "description": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23918 https://bugzilla.redhat.com/show_bug.cgi?id=2171935 https://www.cve.org/CVERecord?id=CVE-2023-23918 https://nvd.nist.gov/vuln/detail/CVE-2023-23918 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23918.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "vagSYtfX2ayPhseLZe8kAA==": { "id": "vagSYtfX2ayPhseLZe8kAA==", "updater": "rhel-vex", "name": "CVE-2023-46809", "description": "A flaw was found in Node.js. The privateDecrypt() API of the crypto library may allow a covert timing side-channel during PKCS#1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decrypt captured RSA ciphertexts or forge signatures, especially in scenarios involving API endpoints processing JSON Web Encryption messages.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46809 https://bugzilla.redhat.com/show_bug.cgi?id=2264569 https://www.cve.org/CVERecord?id=CVE-2023-46809 https://nvd.nist.gov/vuln/detail/CVE-2023-46809 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46809.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "vayO6Zpv5fCNARnrSOYfGg==": { "id": "vayO6Zpv5fCNARnrSOYfGg==", "updater": "rhel-vex", "name": "CVE-2025-6021", "description": "A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.", "issued": "2025-06-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6021 https://bugzilla.redhat.com/show_bug.cgi?id=2372406 https://www.cve.org/CVERecord?id=CVE-2025-6021 https://nvd.nist.gov/vuln/detail/CVE-2025-6021 https://gitlab.gnome.org/GNOME/libxml2/-/issues/926 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6021.json https://access.redhat.com/errata/RHSA-2025:10699", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-10.el9_6", "arch_op": "pattern match" }, "vb7DdaxZjPV5NEcCqN9EkQ==": { "id": "vb7DdaxZjPV5NEcCqN9EkQ==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-File-stat", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.09-481.1.el9_6", "arch_op": "pattern match" }, "vbUGycVGGL83rd1I5CfHuQ==": { "id": "vbUGycVGGL83rd1I5CfHuQ==", "updater": "rhel-vex", "name": "CVE-2022-49043", "description": "A flaw was found in libxml2 where improper handling of memory allocation failures in `libxml2` can lead to crashes, memory leaks, or inconsistent states. While an attacker cannot directly control allocation failures, they may trigger denial-of-service conditions under extreme system stress.", "issued": "2025-01-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-49043 https://bugzilla.redhat.com/show_bug.cgi?id=2342118 https://www.cve.org/CVERecord?id=CVE-2022-49043 https://nvd.nist.gov/vuln/detail/CVE-2022-49043 https://github.com/php/php-src/issues/17467 https://gitlab.gnome.org/GNOME/libxml2/-/commit/5a19e21605398cef6a8b1452477a8705cb41562b https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-49043.json https://access.redhat.com/errata/RHSA-2025:1350", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.1", "arch_op": "pattern match" }, "vc3i6DfzTVpLFX6x0zKE4A==": { "id": "vc3i6DfzTVpLFX6x0zKE4A==", "updater": "rhel-vex", "name": "CVE-2023-3138", "description": "A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.", "issued": "2023-06-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3138 https://bugzilla.redhat.com/show_bug.cgi?id=2213748 https://www.cve.org/CVERecord?id=CVE-2023-3138 https://nvd.nist.gov/vuln/detail/CVE-2023-3138 https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c https://lists.x.org/archives/xorg-announce/2023-June/003406.html https://lists.x.org/archives/xorg-announce/2023-June/003407.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3138.json https://access.redhat.com/errata/RHSA-2023:6497", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-8.el9", "arch_op": "pattern match" }, "vdokiHWKHEv0aYbydeDs5Q==": { "id": "vdokiHWKHEv0aYbydeDs5Q==", "updater": "rhel-vex", "name": "CVE-2023-43785", "description": "A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43785 https://bugzilla.redhat.com/show_bug.cgi?id=2242252 https://www.cve.org/CVERecord?id=CVE-2023-43785 https://nvd.nist.gov/vuln/detail/CVE-2023-43785 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43785.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-xcb", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "ve8kNOScD+vxLjbMehgbRA==": { "id": "ve8kNOScD+vxLjbMehgbRA==", "updater": "rhel-vex", "name": "CVE-2023-32002", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of Module._load() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2230948 https://www.cve.org/CVERecord?id=CVE-2023-32002 https://nvd.nist.gov/vuln/detail/CVE-2023-32002 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-module_load-highcve-2023-32002 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32002.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.2.1.el9_2", "arch_op": "pattern match" }, "vekzBecfH1YN/Zd4MHsZmA==": { "id": "vekzBecfH1YN/Zd4MHsZmA==", "updater": "rhel-vex", "name": "CVE-2023-30630", "description": "A vulnerability was found in dmidecode, which allows -dump-bin to overwrite a local file. This issue may lead to the execution of dmidecode via Sudo.", "issued": "2023-04-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30630 https://bugzilla.redhat.com/show_bug.cgi?id=2186669 https://www.cve.org/CVERecord?id=CVE-2023-30630 https://nvd.nist.gov/vuln/detail/CVE-2023-30630 https://github.com/adamreiser/dmiwrite https://github.com/advisories/GHSA-9r2p-xmm5-5ppg https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30630.json https://access.redhat.com/errata/RHSA-2023:5061", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "dmidecode", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.3-7.el9_2.1", "arch_op": "pattern match" }, "ves1GfNCYjdCXJceNwT2Lw==": { "id": "ves1GfNCYjdCXJceNwT2Lw==", "updater": "rhel-vex", "name": "CVE-2023-39326", "description": "A flaw was found in the Golang net/http/internal package. This issue may allow a malicious user to send an HTTP request and cause the receiver to read more bytes from network than are in the body (up to 1GiB), causing the receiver to fail reading the response, possibly leading to a Denial of Service (DoS).", "issued": "2023-12-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39326 https://bugzilla.redhat.com/show_bug.cgi?id=2253330 https://www.cve.org/CVERecord?id=CVE-2023-39326 https://nvd.nist.gov/vuln/detail/CVE-2023-39326 https://pkg.go.dev/vuln/GO-2023-2382 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39326.json https://access.redhat.com/errata/RHSA-2024:1131", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-1.el9_3", "arch_op": "pattern match" }, "vfap0EiPsFnTW4GzZ53hcA==": { "id": "vfap0EiPsFnTW4GzZ53hcA==", "updater": "rhel-vex", "name": "CVE-2026-27144", "description": "A flaw was found in the cmd/compile package in the Go standard library. A no-op interface conversion prevented the compiler from correctly identifying non-overlapping memory moves. As a result, the compiler allows unsafe memory move operations to occur at runtime, potentially causing data corruption, memory corruption or unexpected application behavior.", "issued": "2026-04-08T01:06:56Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27144 https://bugzilla.redhat.com/show_bug.cgi?id=2456340 https://www.cve.org/CVERecord?id=CVE-2026-27144 https://nvd.nist.gov/vuln/detail/CVE-2026-27144 https://go.dev/cl/763764 https://go.dev/issue/78371 https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU https://pkg.go.dev/vuln/GO-2026-4867 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27144.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "vgP3FAR9tXjiqUc0mFlRrg==": { "id": "vgP3FAR9tXjiqUc0mFlRrg==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Symbol", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.08-481.1.el9_6", "arch_op": "pattern match" }, "vhM+rFefbZb+2rYFLcy2+w==": { "id": "vhM+rFefbZb+2rYFLcy2+w==", "updater": "rhel-vex", "name": "CVE-2026-27135", "description": "A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service (DoS).", "issued": "2026-03-18T17:59:02Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27135 https://bugzilla.redhat.com/show_bug.cgi?id=2448754 https://www.cve.org/CVERecord?id=CVE-2026-27135 https://nvd.nist.gov/vuln/detail/CVE-2026-27135 https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27135.json https://access.redhat.com/errata/RHSA-2026:7302", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.22.2-1.module+el9.7.0+24157+8ddb2461", "arch_op": "pattern match" }, "viJWUTYaczSUI8knrOEDyQ==": { "id": "viJWUTYaczSUI8knrOEDyQ==", "updater": "rhel-vex", "name": "CVE-2025-3277", "description": "A flaw was found in SQLite’s `concat_ws()` function, where an integer overflow can be triggered. The resulting truncated integer can allocate a buffer. When SQLite writes the resulting string to the buffer, it uses the original, untruncated size, and a wild heap buffer overflow size of around 4GB can occur. This issue can result in arbitrary code execution.", "issued": "2025-04-14T16:50:48Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3277 https://bugzilla.redhat.com/show_bug.cgi?id=2359553 https://www.cve.org/CVERecord?id=CVE-2025-3277 https://nvd.nist.gov/vuln/detail/CVE-2025-3277 https://sqlite.org/src/info/498e3f1cf57f164f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3277.json https://access.redhat.com/errata/RHSA-2025:7433", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.15.0-1.module+el9.6.0+23062+9e7801b9", "arch_op": "pattern match" }, "vkypiN/HZjIiT/S9k2qxvA==": { "id": "vkypiN/HZjIiT/S9k2qxvA==", "updater": "rhel-vex", "name": "CVE-2026-35385", "description": "A flaw was found in OpenSSH. When the `scp` command is used by a root user to download a file with the legacy protocol option (`-O`) and without preserving original file permissions (`-p`), the downloaded file can be installed with elevated privileges (setuid or setgid). This unexpected behavior could allow a malicious file to execute with higher permissions than intended, posing a security risk through potential privilege escalation.", "issued": "2026-04-02T16:30:59Z", "links": "https://access.redhat.com/security/cve/CVE-2026-35385 https://bugzilla.redhat.com/show_bug.cgi?id=2454469 https://www.cve.org/CVERecord?id=CVE-2026-35385 https://nvd.nist.gov/vuln/detail/CVE-2026-35385 https://marc.info/?l=openssh-unix-dev\u0026m=177513443901484\u0026w=2 https://www.openssh.org/releasenotes.html#10.3p1 https://www.openwall.com/lists/oss-security/2026/04/02/3 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-35385.json https://access.redhat.com/errata/RHSA-2026:13381", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-49.el9_7", "arch_op": "pattern match" }, "vljECkHLXvnkFYEiPVK0gQ==": { "id": "vljECkHLXvnkFYEiPVK0gQ==", "updater": "rhel-vex", "name": "CVE-2026-33845", "description": "A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.", "issued": "2026-04-30T17:28:41Z", "links": "https://access.redhat.com/security/cve/CVE-2026-33845 https://bugzilla.redhat.com/show_bug.cgi?id=2450624 https://www.cve.org/CVERecord?id=CVE-2026-33845 https://nvd.nist.gov/vuln/detail/CVE-2026-33845 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33845.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "gnutls", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "vn/18J5TIuzcd8MxdMgYlw==": { "id": "vn/18J5TIuzcd8MxdMgYlw==", "updater": "rhel-vex", "name": "CVE-2023-45285", "description": "A flaw was found in the Golang package cmd/go. This issue permits the fallback to insecure \"git://\" if trying to fetch a .git module that has no \"https://\" or \"git+ssh://\" available.", "issued": "2023-12-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45285 https://bugzilla.redhat.com/show_bug.cgi?id=2253323 https://www.cve.org/CVERecord?id=CVE-2023-45285 https://nvd.nist.gov/vuln/detail/CVE-2023-45285 https://pkg.go.dev/vuln/GO-2023-2383 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45285.json https://access.redhat.com/errata/RHSA-2024:1131", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-1.el9_3", "arch_op": "pattern match" }, "vnBlYA/0lXrfCSSYxgwhSQ==": { "id": "vnBlYA/0lXrfCSSYxgwhSQ==", "updater": "rhel-vex", "name": "CVE-2021-35065", "description": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "issued": "2022-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35065 https://bugzilla.redhat.com/show_bug.cgi?id=2156324 https://www.cve.org/CVERecord?id=CVE-2021-35065 https://nvd.nist.gov/vuln/detail/CVE-2021-35065 https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35065.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "vnI8VBZMnSK/Spr6qFIUOA==": { "id": "vnI8VBZMnSK/Spr6qFIUOA==", "updater": "rhel-vex", "name": "CVE-2026-4873", "description": "A flaw was found in curl. A remote attacker could exploit this by initiating an unencrypted connection (via IMAP, SMTP, or POP3) and then making a subsequent request to the same host that requires Transport Layer Security (TLS). Due to incorrect connection reuse, the subsequent request would bypass the TLS requirement, leading to the transmission of sensitive information in cleartext. This vulnerability, categorized as Cleartext Transmission of Sensitive Information (CWE-319), results in information disclosure.", "issued": "2026-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4873 https://bugzilla.redhat.com/show_bug.cgi?id=2461200 https://www.cve.org/CVERecord?id=CVE-2026-4873 https://nvd.nist.gov/vuln/detail/CVE-2026-4873 https://curl.se/docs/CVE-2026-4873.html https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4873.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "vnQE6sVVricZrrWA9Xv5RQ==": { "id": "vnQE6sVVricZrrWA9Xv5RQ==", "updater": "rhel-vex", "name": "CVE-2025-48384", "description": "A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return (CR) are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read, resulting in the submodule being checked out to an incorrect location.", "issued": "2025-07-08T18:23:48Z", "links": "https://access.redhat.com/security/cve/CVE-2025-48384 https://bugzilla.redhat.com/show_bug.cgi?id=2378806 https://www.cve.org/CVERecord?id=CVE-2025-48384 https://nvd.nist.gov/vuln/detail/CVE-2025-48384 https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384 https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89 https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9 https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-48384.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "vpkqaxRDIkUCRIT3f2sk6Q==": { "id": "vpkqaxRDIkUCRIT3f2sk6Q==", "updater": "osv/go", "name": "GO-2024-2598", "description": "Verify panics on certificates with an unknown public key algorithm in crypto/x509", "issued": "2024-03-05T22:14:58Z", "links": "https://go.dev/issue/65390 https://go.dev/cl/569339 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.21.8" }, "vrR+k40GTfXC5FT0h86jIA==": { "id": "vrR+k40GTfXC5FT0h86jIA==", "updater": "rhel-vex", "name": "CVE-2025-15366", "description": "A flaw was found in the imaplib module in the Python standard library. The imaplib module does not reject control characters, such as newlines, in user-controlled input passed to IMAP commands. This issue allows an attacker to inject additional commands to be executed in the IMAP server.", "issued": "2026-01-20T21:40:24Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15366 https://bugzilla.redhat.com/show_bug.cgi?id=2431368 https://www.cve.org/CVERecord?id=CVE-2025-15366 https://nvd.nist.gov/vuln/detail/CVE-2025-15366 https://github.com/python/cpython/issues/143921 https://github.com/python/cpython/pull/143922 https://mail.python.org/archives/list/security-announce@python.org/thread/DD7C7JZJYTBXMDOWKCEIEBJLBRU64OMR/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15366.json https://access.redhat.com/errata/RHSA-2026:4168", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.25-3.el9_7.1", "arch_op": "pattern match" }, "vtpIIEEoAREfzDi0+K26Fg==": { "id": "vtpIIEEoAREfzDi0+K26Fg==", "updater": "rhel-vex", "name": "CVE-2026-4424", "description": "A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction.", "issued": "2026-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4424 https://bugzilla.redhat.com/show_bug.cgi?id=2449006 https://www.cve.org/CVERecord?id=CVE-2026-4424 https://nvd.nist.gov/vuln/detail/CVE-2026-4424 https://github.com/libarchive/libarchive/pull/2898 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4424.json https://access.redhat.com/errata/RHSA-2026:8510", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "High", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-9.el9_7", "arch_op": "pattern match" }, "vu4nws6mMs6GJYT1BNu9DQ==": { "id": "vu4nws6mMs6GJYT1BNu9DQ==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "vwUe6Dpe5Fb7V8GdyGEhjA==": { "id": "vwUe6Dpe5Fb7V8GdyGEhjA==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "vwdkC2aeXSkn642Di7lXbw==": { "id": "vwdkC2aeXSkn642Di7lXbw==", "updater": "rhel-vex", "name": "CVE-2023-39615", "description": "A flaw was found in Libxml2, where it contains a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a denial of service (DoS) by supplying a crafted XML file.", "issued": "2023-08-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39615 https://bugzilla.redhat.com/show_bug.cgi?id=2235864 https://www.cve.org/CVERecord?id=CVE-2023-39615 https://nvd.nist.gov/vuln/detail/CVE-2023-39615 https://gitlab.gnome.org/GNOME/libxml2/-/issues/535 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39615.json https://access.redhat.com/errata/RHSA-2023:7747", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-5.el9_3", "arch_op": "pattern match" }, "vy6yzxdusLc9vaaiu2HI2w==": { "id": "vy6yzxdusLc9vaaiu2HI2w==", "updater": "rhel-vex", "name": "CVE-2023-7104", "description": "A vulnerability has been identified in SQLite3. This issue affects the sessionReadRecord function of the ext/session/sqlite3session.c function in the make alltest Handler component. Manipulation may cause a heap-based buffer overflow to occur.", "issued": "2023-12-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7104 https://bugzilla.redhat.com/show_bug.cgi?id=2256194 https://www.cve.org/CVERecord?id=CVE-2023-7104 https://nvd.nist.gov/vuln/detail/CVE-2023-7104 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7104.json https://access.redhat.com/errata/RHSA-2024:0465", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "sqlite", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-7.el9_3", "arch_op": "pattern match" }, "vyA1wlYQO8dho14dAhrP+g==": { "id": "vyA1wlYQO8dho14dAhrP+g==", "updater": "rhel-vex", "name": "CVE-2025-6176", "description": "Scrapy are vulnerable to a denial of service (DoS) attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occurs because brotli can achieve extremely high compression ratios for zero-filled data, leading to excessive memory consumption during decompression.", "issued": "2025-10-31T00:00:21Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6176 https://bugzilla.redhat.com/show_bug.cgi?id=2408762 https://www.cve.org/CVERecord?id=CVE-2025-6176 https://nvd.nist.gov/vuln/detail/CVE-2025-6176 https://huntr.com/bounties/2c26a886-5984-47ee-a421-0d5fe1344eb0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6176.json https://access.redhat.com/errata/RHSA-2026:2042", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "brotli-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.0.9-9.el9_7", "arch_op": "pattern match" }, "vz18/+7m2wxxY2NMQUQ6Yg==": { "id": "vz18/+7m2wxxY2NMQUQ6Yg==", "updater": "rhel-vex", "name": "CVE-2022-3597", "description": "An out-of-bounds write flaw was found in the _TIFFmemcpy function in libtiff/tif_unix.c in the libtiff package. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could cause a denial of service condition.", "issued": "2022-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3597 https://bugzilla.redhat.com/show_bug.cgi?id=2142736 https://www.cve.org/CVERecord?id=CVE-2022-3597 https://nvd.nist.gov/vuln/detail/CVE-2022-3597 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3597.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "w/NMuS0o9hChTkNvZhIOtg==": { "id": "w/NMuS0o9hChTkNvZhIOtg==", "updater": "rhel-vex", "name": "CVE-2023-38552", "description": "When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to node's policy implementation, thus effectively disabling the integrity check.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38552 https://bugzilla.redhat.com/show_bug.cgi?id=2244415 https://www.cve.org/CVERecord?id=CVE-2023-38552 https://nvd.nist.gov/vuln/detail/CVE-2023-38552 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38552.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "w/qPRfgu7T1MbY4EuhkWZw==": { "id": "w/qPRfgu7T1MbY4EuhkWZw==", "updater": "osv/go", "name": "GO-2022-0531", "description": "Session tickets lack random ticket_age_add in crypto/tls", "issued": "2022-07-28T17:24:57Z", "links": "https://go.dev/cl/405994 https://go.googlesource.com/go/+/fe4de36198794c447fbd9d7cc2d7199a506c76a5 https://go.dev/issue/52814 https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.3" }, "w1094TrprBpG+5TZJus6FA==": { "id": "w1094TrprBpG+5TZJus6FA==", "updater": "rhel-vex", "name": "CVE-2022-1674", "description": "A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.", "issued": "2022-05-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-1674 https://bugzilla.redhat.com/show_bug.cgi?id=2085393 https://www.cve.org/CVERecord?id=CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-1674.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "w8af/LTYrBLWhYkZBSi2Lg==": { "id": "w8af/LTYrBLWhYkZBSi2Lg==", "updater": "rhel-vex", "name": "CVE-2022-4141", "description": "A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4141 https://bugzilla.redhat.com/show_bug.cgi?id=2148991 https://www.cve.org/CVERecord?id=CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4141.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "w8vuCHS+4au/MfXahCBARA==": { "id": "w8vuCHS+4au/MfXahCBARA==", "updater": "rhel-vex", "name": "CVE-2025-13601", "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "issued": "2025-11-24T13:00:15Z", "links": "https://access.redhat.com/security/cve/CVE-2025-13601 https://bugzilla.redhat.com/show_bug.cgi?id=2416741 https://www.cve.org/CVERecord?id=CVE-2025-13601 https://nvd.nist.gov/vuln/detail/CVE-2025-13601 https://gitlab.gnome.org/GNOME/glib/-/issues/3827 https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-13601.json https://access.redhat.com/errata/RHSA-2026:0936", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-18.el9_7.1", "arch_op": "pattern match" }, "w93rRV74Y3Xaae9j4uy2iQ==": { "id": "w93rRV74Y3Xaae9j4uy2iQ==", "updater": "rhel-vex", "name": "CVE-2023-0801", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the _TIFFmemcpy function in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0801 https://bugzilla.redhat.com/show_bug.cgi?id=2170172 https://www.cve.org/CVERecord?id=CVE-2023-0801 https://nvd.nist.gov/vuln/detail/CVE-2023-0801 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0801.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "wBC264S906jsJ9EHip/24A==": { "id": "wBC264S906jsJ9EHip/24A==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "wCSSFNSA2T9dnpBY58W6Yg==": { "id": "wCSSFNSA2T9dnpBY58W6Yg==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://inbox.sourceware.org/libc-announce/3ac997b0-28a5-4129-af53-675efe4c2dec@redhat.com/T/#u https://sourceware.org/bugzilla/show_bug.cgi?id=32976 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "wCl622H8UElXM4AFHot1bA==": { "id": "wCl622H8UElXM4AFHot1bA==", "updater": "rhel-vex", "name": "CVE-2023-46218", "description": "A flaw was found in curl that verifies a given cookie domain against the Public Suffix List. This issue could allow a malicious HTTP server to set \"super cookies\" in curl that are passed back to more origins than what is otherwise allowed or possible.", "issued": "2023-12-06T07:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46218 https://bugzilla.redhat.com/show_bug.cgi?id=2252030 https://www.cve.org/CVERecord?id=CVE-2023-46218 https://nvd.nist.gov/vuln/detail/CVE-2023-46218 https://curl.se/docs/CVE-2023-46218.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46218.json https://access.redhat.com/errata/RHSA-2024:1129", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.3", "arch_op": "pattern match" }, "wEVnFZ6M5zpBHSw+nqU0rg==": { "id": "wEVnFZ6M5zpBHSw+nqU0rg==", "updater": "rhel-vex", "name": "CVE-2023-3618", "description": "A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.", "issued": "2023-02-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3618 https://bugzilla.redhat.com/show_bug.cgi?id=2215865 https://www.cve.org/CVERecord?id=CVE-2023-3618 https://nvd.nist.gov/vuln/detail/CVE-2023-3618 https://gitlab.com/libtiff/libtiff/-/issues/529 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3618.json https://access.redhat.com/errata/RHSA-2024:2289", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9", "arch_op": "pattern match" }, "wEZLQNUZyYD6Rz0ucz5fzQ==": { "id": "wEZLQNUZyYD6Rz0ucz5fzQ==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-lib", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:0.65-481.1.el9_6", "arch_op": "pattern match" }, "wG1iwTc5HBr1VKWUstaeHw==": { "id": "wG1iwTc5HBr1VKWUstaeHw==", "updater": "rhel-vex", "name": "CVE-2023-5678", "description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "issued": "2023-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "wL88v46Y3XlOQ8xtlmBugA==": { "id": "wL88v46Y3XlOQ8xtlmBugA==", "updater": "rhel-vex", "name": "CVE-2024-28834", "description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:1879", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-23.el9_3.4", "arch_op": "pattern match" }, "wMpTUDltgKPDv4b44/0Spg==": { "id": "wMpTUDltgKPDv4b44/0Spg==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "wN+C2Zg1myHVbcMR/36bqA==": { "id": "wN+C2Zg1myHVbcMR/36bqA==", "updater": "rhel-vex", "name": "CVE-2023-30588", "description": "A vulnerability has been identified in the Node.js, where an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30588 https://bugzilla.redhat.com/show_bug.cgi?id=2219838 https://www.cve.org/CVERecord?id=CVE-2023-30588 https://nvd.nist.gov/vuln/detail/CVE-2023-30588 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30588.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "wO2dcFx5JhDjz2K4QDYydw==": { "id": "wO2dcFx5JhDjz2K4QDYydw==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "wQvupTbd1tnTVAWewQzJMw==": { "id": "wQvupTbd1tnTVAWewQzJMw==", "updater": "rhel-vex", "name": "CVE-2026-33412", "description": "A flaw was found in Vim. By including a newline character in a pattern passed to Vim's glob() function, an attacker may be able to execute arbitrary shell commands. This command injection vulnerability allows for arbitrary code execution, depending on the user's shell settings.", "issued": "2026-03-24T19:43:07Z", "links": "https://access.redhat.com/security/cve/CVE-2026-33412 https://bugzilla.redhat.com/show_bug.cgi?id=2450907 https://www.cve.org/CVERecord?id=CVE-2026-33412 https://nvd.nist.gov/vuln/detail/CVE-2026-33412 https://github.com/vim/vim/commit/645ed6597d1ea896c712cd7ddbb6edee79577e9a https://github.com/vim/vim/releases/tag/v9.2.0202 https://github.com/vim/vim/security/advisories/GHSA-w5jw-f54h-x46c https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33412.json https://access.redhat.com/errata/RHSA-2026:8259", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-23.el9_7.2", "arch_op": "pattern match" }, "wT8kuZRd+rqr4JY0ByO9Eg==": { "id": "wT8kuZRd+rqr4JY0ByO9Eg==", "updater": "rhel-vex", "name": "CVE-2026-4519", "description": "A flaw was found in Python. The `webbrowser.open()` API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options, which could lead to unexpected behavior, information disclosure, or potentially arbitrary code execution, impacting the integrity of the system.", "issued": "2026-03-20T15:08:32Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4519 https://bugzilla.redhat.com/show_bug.cgi?id=2449649 https://www.cve.org/CVERecord?id=CVE-2026-4519 https://nvd.nist.gov/vuln/detail/CVE-2026-4519 https://github.com/python/cpython/issues/143930 https://github.com/python/cpython/pull/143931 https://mail.python.org/archives/list/security-announce@python.org/thread/AY5NDSS433JK56Q7Q5IS7B37QFZVVOUS/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4519.json https://access.redhat.com/errata/RHSA-2026:6766", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.25-3.el9_7.2", "arch_op": "pattern match" }, "wTqPXpGv5suIYx7xVHwxzw==": { "id": "wTqPXpGv5suIYx7xVHwxzw==", "updater": "rhel-vex", "name": "CVE-2024-45491", "description": "An issue was found in libexpat’s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "issued": "2024-08-30T03:15:03Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45491 https://bugzilla.redhat.com/show_bug.cgi?id=2308616 https://www.cve.org/CVERecord?id=CVE-2024-45491 https://nvd.nist.gov/vuln/detail/CVE-2024-45491 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/888 https://github.com/libexpat/libexpat/pull/891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45491.json https://access.redhat.com/errata/RHSA-2024:6754", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-2.el9_4.1", "arch_op": "pattern match" }, "wVu6Drfzxh1KT5UxKndpTQ==": { "id": "wVu6Drfzxh1KT5UxKndpTQ==", "updater": "rhel-vex", "name": "CVE-2022-41725", "description": "A flaw was found in Go, where it is vulnerable to a denial of service caused by an excessive resource consumption flaw in the net/http and mime/multipart packages. By sending a specially-crafted request, a remote attacker can cause a denial of service.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41725 https://bugzilla.redhat.com/show_bug.cgi?id=2178488 https://www.cve.org/CVERecord?id=CVE-2022-41725 https://nvd.nist.gov/vuln/detail/CVE-2022-41725 https://go.dev/cl/468124 https://go.dev/issue/58006 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E https://pkg.go.dev/vuln/GO-2023-1569 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41725.json https://access.redhat.com/errata/RHBA-2023:2181", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.6-2.el9_2", "arch_op": "pattern match" }, "walyEMfvPvVh3KXxCNA/pQ==": { "id": "walyEMfvPvVh3KXxCNA/pQ==", "updater": "osv/go", "name": "GO-2023-1751", "description": "Improper sanitization of CSS values in html/template", "issued": "2023-05-05T21:10:20Z", "links": "https://go.dev/issue/59720 https://go.dev/cl/491615 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.9" }, "wbgbZuReVn7DfcAmqe3XZA==": { "id": "wbgbZuReVn7DfcAmqe3XZA==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "wc5lIWGg0A45t1Tgl/aghw==": { "id": "wc5lIWGg0A45t1Tgl/aghw==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.13.1-1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "wed5fBK5xYyUEx1EpoQtEg==": { "id": "wed5fBK5xYyUEx1EpoQtEg==", "updater": "rhel-vex", "name": "CVE-2025-23083", "description": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.", "issued": "2025-01-22T01:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23083 https://bugzilla.redhat.com/show_bug.cgi?id=2339392 https://www.cve.org/CVERecord?id=CVE-2025-23083 https://nvd.nist.gov/vuln/detail/CVE-2025-23083 https://nodejs.org/en/blog/vulnerability/january-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23083.json https://access.redhat.com/errata/RHSA-2025:1443", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198", "arch_op": "pattern match" }, "wfyGNkRP1AKTpRqTPf0oQQ==": { "id": "wfyGNkRP1AKTpRqTPf0oQQ==", "updater": "rhel-vex", "name": "CVE-2023-32559", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding() can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding('spawn_sync') to run arbitrary code outside of the limits defined in a policy.json file.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32559 https://bugzilla.redhat.com/show_bug.cgi?id=2230956 https://www.cve.org/CVERecord?id=CVE-2023-32559 https://nvd.nist.gov/vuln/detail/CVE-2023-32559 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-processbinding-mediumcve-2023-32559 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32559.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "wgjZroGG2ECX8FlIRRqZmw==": { "id": "wgjZroGG2ECX8FlIRRqZmw==", "updater": "rhel-vex", "name": "CVE-2022-4904", "description": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.", "issued": "2022-12-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4904 https://bugzilla.redhat.com/show_bug.cgi?id=2168631 https://www.cve.org/CVERecord?id=CVE-2022-4904 https://nvd.nist.gov/vuln/detail/CVE-2022-4904 https://github.com/c-ares/c-ares/issues/496 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4904.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "wh2k+ZZKZUi/oRaog5dfGQ==": { "id": "wh2k+ZZKZUi/oRaog5dfGQ==", "updater": "rhel-vex", "name": "CVE-2025-11083", "description": "A head based buffer overflow flaw has been discovered in GNU bin utilities. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally.", "issued": "2025-09-27T23:02:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11083 https://bugzilla.redhat.com/show_bug.cgi?id=2399948 https://www.cve.org/CVERecord?id=CVE-2025-11083 https://nvd.nist.gov/vuln/detail/CVE-2025-11083 https://sourceware.org/bugzilla/attachment.cgi?id=16353 https://sourceware.org/bugzilla/show_bug.cgi?id=33457 https://sourceware.org/bugzilla/show_bug.cgi?id=33457#c1 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=9ca499644a21ceb3f946d1c179c38a83be084490 https://vuldb.com/?ctiid.326124 https://vuldb.com/?id.326124 https://vuldb.com/?submit.661277 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11083.json https://access.redhat.com/errata/RHSA-2025:23343", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.35.2-67.el9_7.1", "arch_op": "pattern match" }, "wh8UL6jE02MHJgululn0nA==": { "id": "wh8UL6jE02MHJgululn0nA==", "updater": "rhel-vex", "name": "CVE-2023-2650", "description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "issued": "2023-05-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2650.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "whMVc0u5Lzujkr6AuzQzMw==": { "id": "whMVc0u5Lzujkr6AuzQzMw==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "whliDdpxFuOM5SHWXrizNQ==": { "id": "whliDdpxFuOM5SHWXrizNQ==", "updater": "rhel-vex", "name": "CVE-2025-6075", "description": "A vulnerability in Python’s os.path.expandvars() function that can cause performance degradation. When processing specially crafted, user-controlled input with nested environment variable patterns, the function exhibits quadratic time complexity, potentially leading to excessive CPU usage and denial of service (DoS) conditions. No code execution or data exposure occurs, so the impact is limited to performance slowdown.", "issued": "2025-10-31T16:41:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6075 https://bugzilla.redhat.com/show_bug.cgi?id=2408891 https://www.cve.org/CVERecord?id=CVE-2025-6075 https://nvd.nist.gov/vuln/detail/CVE-2025-6075 https://github.com/python/cpython/issues/136065 https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6075.json https://access.redhat.com/errata/RHSA-2025:23342", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.25-2.el9_7", "arch_op": "pattern match" }, "wj5w4kQEe9iH2tb9jj1wEA==": { "id": "wj5w4kQEe9iH2tb9jj1wEA==", "updater": "rhel-vex", "name": "CVE-2023-39975", "description": "A vulnerability was found in MIT krb5, where an authenticated attacker can cause a KDC to free the same pointer twice if it can induce a failure in authorization data handling.", "issued": "2023-08-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39975 https://bugzilla.redhat.com/show_bug.cgi?id=2232682 https://www.cve.org/CVERecord?id=CVE-2023-39975 https://nvd.nist.gov/vuln/detail/CVE-2023-39975 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39975.json https://access.redhat.com/errata/RHSA-2023:6699", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-1.el9", "arch_op": "pattern match" }, "wjPVtpb8yNf3j3pc1wfy6A==": { "id": "wjPVtpb8yNf3j3pc1wfy6A==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "wlPwpwE94ExdZ/N5EaE3ow==": { "id": "wlPwpwE94ExdZ/N5EaE3ow==", "updater": "rhel-vex", "name": "CVE-2023-2491", "description": "A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the \"org-babel-execute:latex\" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.", "issued": "2023-05-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2491 https://bugzilla.redhat.com/show_bug.cgi?id=2192873 https://www.cve.org/CVERecord?id=CVE-2023-2491 https://nvd.nist.gov/vuln/detail/CVE-2023-2491 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2491.json https://access.redhat.com/errata/RHSA-2023:2626", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-8.el9_2.1", "arch_op": "pattern match" }, "wn4STzMt4ytbVHyERUyNoA==": { "id": "wn4STzMt4ytbVHyERUyNoA==", "updater": "rhel-vex", "name": "CVE-2021-3903", "description": "vim is vulnerable to Heap-based Buffer Overflow", "issued": "2021-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3903.json https://access.redhat.com/errata/RHSA-2024:9405", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-21.el9", "arch_op": "pattern match" }, "wnOnIN4ZSytFGVwoTjBa6w==": { "id": "wnOnIN4ZSytFGVwoTjBa6w==", "updater": "rhel-vex", "name": "CVE-2026-21715", "description": "A flaw was found in Node.js. The Node.js Permission Model, intended to restrict filesystem access, does not properly enforce read permission checks for the `fs.realpathSync.native()` function. This vulnerability allows code operating under `--permission` with restricted `--allow-fs-read` flags to bypass security controls. Consequently, an attacker can use `fs.realpathSync.native()` to determine file existence, resolve symbolic link targets, and enumerate filesystem paths outside of permitted directories, leading to information disclosure.", "issued": "2026-03-30T19:07:28Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21715 https://bugzilla.redhat.com/show_bug.cgi?id=2453152 https://www.cve.org/CVERecord?id=CVE-2026-21715 https://nvd.nist.gov/vuln/detail/CVE-2026-21715 https://nodejs.org/en/blog/vulnerability/march-2026-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21715.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "wnyL15XgdZxOsCINsou4IQ==": { "id": "wnyL15XgdZxOsCINsou4IQ==", "updater": "rhel-vex", "name": "CVE-2026-2229", "description": "A flaw was found in the undici WebSocket client. A remote malicious server can exploit this vulnerability by sending a WebSocket frame with an invalid `server_max_window_bits` parameter within the permessage-deflate extension. This improper validation causes the client's Node.js process to terminate, leading to a denial-of-service (DoS) condition for the client.", "issued": "2026-03-12T20:27:05Z", "links": "https://access.redhat.com/security/cve/CVE-2026-2229 https://bugzilla.redhat.com/show_bug.cgi?id=2447143 https://www.cve.org/CVERecord?id=CVE-2026-2229 https://nvd.nist.gov/vuln/detail/CVE-2026-2229 https://cna.openjsf.org/security-advisories.html https://datatracker.ietf.org/doc/html/rfc7692 https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8 https://hackerone.com/reports/3487486 https://nodejs.org/api/zlib.html#class-zlibinflateraw https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2229.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "wqIGHEm21/U4VCTr0VeLVw==": { "id": "wqIGHEm21/U4VCTr0VeLVw==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "ws+M5wSfZVeN7hPLThggdg==": { "id": "ws+M5wSfZVeN7hPLThggdg==", "updater": "rhel-vex", "name": "CVE-2024-12133", "description": "A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.", "issued": "2025-02-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12133 https://bugzilla.redhat.com/show_bug.cgi?id=2344611 https://www.cve.org/CVERecord?id=CVE-2024-12133 https://nvd.nist.gov/vuln/detail/CVE-2024-12133 https://gitlab.com/gnutls/libtasn1/-/blob/master/doc/security/CVE-2024-12133.md https://gitlab.com/gnutls/libtasn1/-/issues/52 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12133.json https://access.redhat.com/errata/RHSA-2025:7077", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libtasn1", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.0-9.el9", "arch_op": "pattern match" }, "wzbm6jMqKBEu1w4HpECY6A==": { "id": "wzbm6jMqKBEu1w4HpECY6A==", "updater": "rhel-vex", "name": "CVE-2022-29458", "description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "issued": "2022-04-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-29458.json https://access.redhat.com/errata/RHSA-2025:12876", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses-base", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9_6.2", "arch_op": "pattern match" }, "x+9X6oSMihxrE4Tni3a4Zw==": { "id": "x+9X6oSMihxrE4Tni3a4Zw==", "updater": "rhel-vex", "name": "CVE-2024-24785", "description": "A flaw was found in Go's html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into templates.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24785 https://bugzilla.redhat.com/show_bug.cgi?id=2268022 https://www.cve.org/CVERecord?id=CVE-2024-24785 https://nvd.nist.gov/vuln/detail/CVE-2024-24785 https://go.dev/cl/564196 https://go.dev/issue/65697 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://vuln.go.dev/ID/GO-2024-2610.json https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24785.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "x+E+r7arkKvVcXf/ay8rdg==": { "id": "x+E+r7arkKvVcXf/ay8rdg==", "updater": "rhel-vex", "name": "CVE-2023-32665", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32665 https://bugzilla.redhat.com/show_bug.cgi?id=2211827 https://www.cve.org/CVERecord?id=CVE-2023-32665 https://nvd.nist.gov/vuln/detail/CVE-2023-32665 https://gitlab.gnome.org/GNOME/glib/-/issues/2121 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32665.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "x0tnd8GOUfHQCdr5bXMpHA==": { "id": "x0tnd8GOUfHQCdr5bXMpHA==", "updater": "rhel-vex", "name": "CVE-2024-32487", "description": "An OS command injection flaw was found in Less. Since quoting is mishandled in filename.c, opening files with attacker-controlled file names can lead to OS command execution. Exploitation requires the LESSOPEN environment variable, which is set by default in many common cases.", "issued": "2024-04-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32487 https://bugzilla.redhat.com/show_bug.cgi?id=2274980 https://www.cve.org/CVERecord?id=CVE-2024-32487 https://nvd.nist.gov/vuln/detail/CVE-2024-32487 https://www.openwall.com/lists/oss-security/2024/04/12/5 https://www.openwall.com/lists/oss-security/2024/04/13/2 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32487.json https://access.redhat.com/errata/RHSA-2024:3513", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "less", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:590-4.el9_4", "arch_op": "pattern match" }, "x4dqDafgKW8Zo/is+xcVZQ==": { "id": "x4dqDafgKW8Zo/is+xcVZQ==", "updater": "rhel-vex", "name": "CVE-2025-22866", "description": "A flaw was found in the Golang crypto/internal/nistec package. Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Considering how this function is used, this leakage is likely insufficient to recover the private key when P-256 is used in any well-known protocols.", "issued": "2025-02-06T16:54:10Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22866 https://bugzilla.redhat.com/show_bug.cgi?id=2344219 https://www.cve.org/CVERecord?id=CVE-2025-22866 https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://pkg.go.dev/vuln/GO-2025-3447 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22866.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "x4y353xwTKkgu0582Qh5wg==": { "id": "x4y353xwTKkgu0582Qh5wg==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-File-Basename", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.85-481.el9", "arch_op": "pattern match" }, "x5MnAXJPkWBC+zd+i08Svw==": { "id": "x5MnAXJPkWBC+zd+i08Svw==", "updater": "rhel-vex", "name": "CVE-2023-43786", "description": "A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43786 https://bugzilla.redhat.com/show_bug.cgi?id=2242253 https://www.cve.org/CVERecord?id=CVE-2023-43786 https://nvd.nist.gov/vuln/detail/CVE-2023-43786 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43786.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-xcb", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "x80ydqeeoahPQLNiV1VXvQ==": { "id": "x80ydqeeoahPQLNiV1VXvQ==", "updater": "osv/go", "name": "GO-2025-4014", "description": "Unbounded allocation when parsing GNU sparse map in archive/tar", "issued": "2025-10-29T21:51:04Z", "links": "https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.8" }, "xDXpto7iDgv1dyFWeDEVcQ==": { "id": "xDXpto7iDgv1dyFWeDEVcQ==", "updater": "rhel-vex", "name": "CVE-2023-31130", "description": "A vulnerability was found in c-ares. This issue occurs in the ares_inet_net_pton() function, which is vulnerable to a buffer underflow for certain ipv6 addresses. \"0::00:00:00/2\" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which would require an administrator to configure such an address via ares_set_sortlist().", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31130 https://bugzilla.redhat.com/show_bug.cgi?id=2209497 https://www.cve.org/CVERecord?id=CVE-2023-31130 https://nvd.nist.gov/vuln/detail/CVE-2023-31130 https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31130.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "xDgXz/CGonIMAByh5y71UA==": { "id": "xDgXz/CGonIMAByh5y71UA==", "updater": "rhel-vex", "name": "CVE-2026-21713", "description": "A flaw was found in Node.js. The HMAC (Hash-based Message Authentication Code) verification process uses a comparison method that does not take a constant amount of time. This non-constant-time comparison can leak timing information, which, under specific conditions where precise timing measurements are possible, could be exploited by a remote attacker. This allows the attacker to infer sensitive HMAC values, leading to information disclosure.", "issued": "2026-03-30T19:07:28Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21713 https://bugzilla.redhat.com/show_bug.cgi?id=2453160 https://www.cve.org/CVERecord?id=CVE-2026-21713 https://nvd.nist.gov/vuln/detail/CVE-2026-21713 https://nodejs.org/en/blog/vulnerability/march-2026-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21713.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "xEtBJoALTqnQBn0TOsRe9w==": { "id": "xEtBJoALTqnQBn0TOsRe9w==", "updater": "rhel-vex", "name": "CVE-2023-45288", "description": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45288 https://bugzilla.redhat.com/show_bug.cgi?id=2268273 https://www.cve.org/CVERecord?id=CVE-2023-45288 https://nvd.nist.gov/vuln/detail/CVE-2023-45288 https://nowotarski.info/http2-continuation-flood/ https://pkg.go.dev/vuln/GO-2024-2687 https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45288.json https://access.redhat.com/errata/RHSA-2024:1963", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-4.el9_3", "arch_op": "pattern match" }, "xF20fK5dvutyLkWcMLVDPw==": { "id": "xF20fK5dvutyLkWcMLVDPw==", "updater": "rhel-vex", "name": "CVE-2024-6232", "description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "issued": "2024-09-03T13:15:05Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:9468", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.19-8.el9_5.1", "arch_op": "pattern match" }, "xIqTu52elcgV5FuN0Fuj4Q==": { "id": "xIqTu52elcgV5FuN0Fuj4Q==", "updater": "rhel-vex", "name": "CVE-2023-3817", "description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "xKgvhqTYvQwR5QWUkRuf6Q==": { "id": "xKgvhqTYvQwR5QWUkRuf6Q==", "updater": "osv/go", "name": "GO-2022-0526", "description": "Stack exhaustion when decoding certain messages in encoding/gob", "issued": "2022-07-20T20:52:17Z", "links": "https://go.dev/cl/417064 https://go.googlesource.com/go/+/6fa37e98ea4382bf881428ee0c150ce591500eb7 https://go.dev/issue/53615 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.4" }, "xNJWUdryH0nBQB/93HRNuw==": { "id": "xNJWUdryH0nBQB/93HRNuw==", "updater": "rhel-vex", "name": "CVE-2019-12900", "description": "A data integrity error was found in the bzip2 (User-space package) functionality when decompressing. This issue occurs when a user decompresses a particular kind of .bz2 files. A local user could get unexpected results (or corrupted data) as result of decompressing these files.", "issued": "2024-11-15T10:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=2332075 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json https://access.redhat.com/errata/RHSA-2025:0925", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "bzip2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.0.8-10.el9_5", "arch_op": "pattern match" }, "xNOfe6PszfMbCxNEPk4FCg==": { "id": "xNOfe6PszfMbCxNEPk4FCg==", "updater": "rhel-vex", "name": "CVE-2025-49794", "description": "A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the \u003csch:name path=\"...\"/\u003e schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.", "issued": "2025-06-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-49794 https://bugzilla.redhat.com/show_bug.cgi?id=2372373 https://www.cve.org/CVERecord?id=CVE-2025-49794 https://nvd.nist.gov/vuln/detail/CVE-2025-49794 https://gitlab.gnome.org/GNOME/libxml2/-/issues/931 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-49794.json https://access.redhat.com/errata/RHSA-2025:10699", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-10.el9_6", "arch_op": "pattern match" }, "xP/kV8YDeJxssrXaMcjXUg==": { "id": "xP/kV8YDeJxssrXaMcjXUg==", "updater": "osv/go", "name": "GO-2023-2375", "description": "Before Go 1.20, the RSA based key exchange methods in crypto/tls may exhibit a timing side channel", "issued": "2023-12-05T16:16:44Z", "links": "https://go.dev/issue/20654 https://go.dev/cl/326012/26 https://groups.google.com/g/golang-announce/c/QMK8IQALDvA https://people.redhat.com/~hkario/marvin/", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.20.0" }, "xP0q7+9N5MKgQQUq9keq4A==": { "id": "xP0q7+9N5MKgQQUq9keq4A==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://nodejs.org/pt/blog/vulnerability/january-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1446", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.6-1.module+el9.5.0+22773+9a359385", "arch_op": "pattern match" }, "xQ6R88+x8IssPvOAavmZXw==": { "id": "xQ6R88+x8IssPvOAavmZXw==", "updater": "rhel-vex", "name": "CVE-2022-0530", "description": "A flaw was found in Unzip. The vulnerability occurs during the conversion of a UTF-8 string to a local string that leads to a segmentation fault. This flaw allows an attacker to input a specially crafted zip file, leading to a crash.", "issued": "2022-01-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-0530 https://bugzilla.redhat.com/show_bug.cgi?id=2051395 https://www.cve.org/CVERecord?id=CVE-2022-0530 https://nvd.nist.gov/vuln/detail/CVE-2022-0530 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0530.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "unzip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "xU5h/ccSMUFpzLZ+ILu+rg==": { "id": "xU5h/ccSMUFpzLZ+ILu+rg==", "updater": "rhel-vex", "name": "CVE-2025-55131", "description": "A memory exposure flaw has been discovered in Node.js. A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the `vm` module with the timeout option. Under specific timing conditions, buffers allocated with `Buffer.alloc` and other `TypedArray` instances like `Uint8Array` may contain leftover data from previous operations, allowing in-process secrets like tokens or passwords to leak or causing data corruption.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-55131 https://bugzilla.redhat.com/show_bug.cgi?id=2431350 https://www.cve.org/CVERecord?id=CVE-2025-55131 https://nvd.nist.gov/vuln/detail/CVE-2025-55131 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-55131.json https://access.redhat.com/errata/RHSA-2026:2783", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.20.0-1.module+el9.7.0+23895+0637d423", "arch_op": "pattern match" }, "xUBSdDBs0fiKOh6BCZPXOA==": { "id": "xUBSdDBs0fiKOh6BCZPXOA==", "updater": "rhel-vex", "name": "CVE-2024-4032", "description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.3", "arch_op": "pattern match" }, "xVnM1Y5F9hIYQN1//jfY7Q==": { "id": "xVnM1Y5F9hIYQN1//jfY7Q==", "updater": "rhel-vex", "name": "CVE-2024-22017", "description": "A flaw was found in Node.js, where the setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid(). This issue allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid().", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22017 https://bugzilla.redhat.com/show_bug.cgi?id=2265727 https://www.cve.org/CVERecord?id=CVE-2024-22017 https://nvd.nist.gov/vuln/detail/CVE-2024-22017 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22017.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "xWQ3VSY/nFJP/yijxRUoxA==": { "id": "xWQ3VSY/nFJP/yijxRUoxA==", "updater": "rhel-vex", "name": "CVE-2026-0865", "description": "Missing newline filtering has been discovered in Python. User-controlled header names and values containing newlines can allow injecting HTTP headers.", "issued": "2026-01-20T21:26:15Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0865 https://bugzilla.redhat.com/show_bug.cgi?id=2431367 https://www.cve.org/CVERecord?id=CVE-2026-0865 https://nvd.nist.gov/vuln/detail/CVE-2026-0865 https://github.com/python/cpython/issues/143916 https://github.com/python/cpython/pull/143917 https://mail.python.org/archives/list/security-announce@python.org/thread/BJ6QPHNSHJTS3A7CFV6IBMCAP2DWRVNT/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0865.json https://access.redhat.com/errata/RHSA-2026:4168", "severity": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.25-3.el9_7.1", "arch_op": "pattern match" }, "xYZxVBz2xY/aoDQPqi4nCQ==": { "id": "xYZxVBz2xY/aoDQPqi4nCQ==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "xZsh7Q9v1lEcCIn4GeJadw==": { "id": "xZsh7Q9v1lEcCIn4GeJadw==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:11802", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.16.0-2.module+el9.6.0+23339+d3c8acfa", "arch_op": "pattern match" }, "xcQReVPnPEIim0iMTZWDwA==": { "id": "xcQReVPnPEIim0iMTZWDwA==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "xek4X2TrLxrtYM1HALbG5g==": { "id": "xek4X2TrLxrtYM1HALbG5g==", "updater": "rhel-vex", "name": "CVE-2026-1525", "description": "A flaw was found in undici, a Node.js HTTP/1.1 client. A remote attacker could exploit this vulnerability by sending HTTP/1.1 requests that include duplicate Content-Length headers with different casing (e.g., \"Content-Length\" and \"content-length\"). This can lead to HTTP Request Smuggling, a technique where an attacker sends an ambiguous request that is interpreted differently by a proxy and a backend server. Successful exploitation could result in unauthorized access, cache poisoning, or credential hijacking. It may also cause a Denial of Service (DoS) if strict HTTP parsers reject the malformed requests.", "issued": "2026-03-12T19:56:55Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1525 https://bugzilla.redhat.com/show_bug.cgi?id=2447144 https://www.cve.org/CVERecord?id=CVE-2026-1525 https://nvd.nist.gov/vuln/detail/CVE-2026-1525 https://cna.openjsf.org/security-advisories.html https://cwe.mitre.org/data/definitions/444.html https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm https://hackerone.com/reports/3556037 https://www.rfc-editor.org/rfc/rfc9110.html#section-8.6 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1525.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "xgLvjf6I20G6RWphhI+SWg==": { "id": "xgLvjf6I20G6RWphhI+SWg==", "updater": "rhel-vex", "name": "CVE-2026-29111", "description": "A flaw was found in systemd, a system and service manager. An unprivileged user can exploit this vulnerability by making an Inter-Process Communication (IPC) API call with spurious data. In older versions (v249 and earlier), this can lead to stack overwriting with attacker-controlled content, potentially enabling arbitrary code execution or privilege escalation. In newer versions (v250 and later), the flaw causes systemd to assert and freeze, resulting in a Denial of Service (DoS).", "issued": "2026-03-23T21:03:56Z", "links": "https://access.redhat.com/security/cve/CVE-2026-29111 https://bugzilla.redhat.com/show_bug.cgi?id=2450505 https://www.cve.org/CVERecord?id=CVE-2026-29111 https://nvd.nist.gov/vuln/detail/CVE-2026-29111 https://github.com/systemd/systemd/commit/1d22f706bd04f45f8422e17fbde3f56ece17758a https://github.com/systemd/systemd/commit/20021e7686426052e3a7505425d7e12085feb2a6 https://github.com/systemd/systemd/commit/21167006574d6b83813c7596759b474f56562412 https://github.com/systemd/systemd/commit/3cee294fe8cf4fa0eff933ab21416d099942cabd https://github.com/systemd/systemd/commit/42aee39107fbdd7db1ccd402a2151822b2805e9f https://github.com/systemd/systemd/commit/54588d2dedff54bfb6036670820650e4ea74628f https://github.com/systemd/systemd/commit/7ac3220213690e8a8d6d2a6e81e43bd1dce01d69 https://github.com/systemd/systemd/commit/80acea4ef80a4bb78560ed970c34952299b890d6 https://github.com/systemd/systemd/commit/b5fd14693057e5f2c9b4a49603be64ec3608ff6c https://github.com/systemd/systemd/commit/efa6ba2ab625aaa160ac435a09e6482fc63bdbe8 https://github.com/systemd/systemd/security/advisories/GHSA-gx6q-6f99-m764 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-29111.json https://access.redhat.com/errata/RHSA-2026:13677", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd-rpm-macros", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:252-55.el9_7.9", "arch_op": "pattern match" }, "xh8zszQflFXgahc/vYUUWQ==": { "id": "xh8zszQflFXgahc/vYUUWQ==", "updater": "rhel-vex", "name": "CVE-2026-32777", "description": "A flaw was found in libexpat. A remote attacker could exploit this vulnerability by providing specially crafted Document Type Definition (DTD) content. This could lead to an infinite loop during parsing, resulting in a Denial of Service (DoS) for the application using libexpat.", "issued": "2026-03-16T06:58:06Z", "links": "https://access.redhat.com/security/cve/CVE-2026-32777 https://bugzilla.redhat.com/show_bug.cgi?id=2447890 https://www.cve.org/CVERecord?id=CVE-2026-32777 https://nvd.nist.gov/vuln/detail/CVE-2026-32777 https://github.com/libexpat/libexpat/issues/1161 https://github.com/libexpat/libexpat/pull/1159 https://github.com/libexpat/libexpat/pull/1162 https://issues.oss-fuzz.com/issues/486993411 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32777.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "xhnxsdmWc6+n3gUj6yqBpw==": { "id": "xhnxsdmWc6+n3gUj6yqBpw==", "updater": "rhel-vex", "name": "CVE-2023-29491", "description": "A vulnerability was found in ncurses and occurs when used by a setuid application. This flaw allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "issued": "2023-04-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29491 https://bugzilla.redhat.com/show_bug.cgi?id=2191704 https://www.cve.org/CVERecord?id=CVE-2023-29491 https://nvd.nist.gov/vuln/detail/CVE-2023-29491 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29491.json https://access.redhat.com/errata/RHSA-2023:6698", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "ncurses", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9", "arch_op": "pattern match" }, "xjE2Ua1GOmdwVi+xIIGVeQ==": { "id": "xjE2Ua1GOmdwVi+xIIGVeQ==", "updater": "rhel-vex", "name": "CVE-2023-0798", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractContigSamplesShifted8bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0798 https://bugzilla.redhat.com/show_bug.cgi?id=2170157 https://www.cve.org/CVERecord?id=CVE-2023-0798 https://nvd.nist.gov/vuln/detail/CVE-2023-0798 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0798.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "xmhlBgW9Qhx+a2k3SdfUzA==": { "id": "xmhlBgW9Qhx+a2k3SdfUzA==", "updater": "rhel-vex", "name": "CVE-2023-36054", "description": "A vulnerability was found in the _xdr_kadm5_principal_ent_rec() function in lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (krb5). This issue occurs due to lack of validation in the relationship between n_key_data and the key_data array count, leading to the freeing of uninitialized pointers. This may allow a remote authenticated attacker to send a specially crafted request that causes the kadmind process to crash, resulting in a denial of service (DoS).", "issued": "2023-08-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-36054 https://bugzilla.redhat.com/show_bug.cgi?id=2230178 https://www.cve.org/CVERecord?id=CVE-2023-36054 https://nvd.nist.gov/vuln/detail/CVE-2023-36054 https://github.com/krb5/krb5/commit/ef08b09c9459551aabbe7924fb176f1583053cdd https://github.com/krb5/krb5/compare/krb5-1.20.1-final...krb5-1.20.2-final https://github.com/krb5/krb5/compare/krb5-1.21-final...krb5-1.21.1-final https://web.mit.edu/kerberos/www/advisories/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36054.json https://access.redhat.com/errata/RHSA-2023:6699", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-1.el9", "arch_op": "pattern match" }, "xmjtcASNDmlJFcM3cVQlVg==": { "id": "xmjtcASNDmlJFcM3cVQlVg==", "updater": "rhel-vex", "name": "CVE-2025-55130", "description": "A flaw in Node.js’s Permissions model allows attackers to bypass `--allow-fs-read` and `--allow-fs-write` restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files. This breaks the expected isolation guarantees and enables arbitrary file read/write.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-55130 https://bugzilla.redhat.com/show_bug.cgi?id=2431352 https://www.cve.org/CVERecord?id=CVE-2025-55130 https://nvd.nist.gov/vuln/detail/CVE-2025-55130 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-55130.json https://access.redhat.com/errata/RHSA-2026:2781", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.13.0-1.module+el9.7.0+23894+c8377628", "arch_op": "pattern match" }, "xoMyxEWbrnIOZWHnwVuShQ==": { "id": "xoMyxEWbrnIOZWHnwVuShQ==", "updater": "rhel-vex", "name": "CVE-2023-28484", "description": "A NULL pointer dereference vulnerability was found in libxml2. This issue occurs when parsing (invalid) XML schemas.", "issued": "2023-04-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28484 https://bugzilla.redhat.com/show_bug.cgi?id=2185994 https://www.cve.org/CVERecord?id=CVE-2023-28484 https://nvd.nist.gov/vuln/detail/CVE-2023-28484 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28484.json https://access.redhat.com/errata/RHSA-2023:4349", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-3.el9_2.1", "arch_op": "pattern match" }, "xqLSmaq+0/3ps+9zoCEL9g==": { "id": "xqLSmaq+0/3ps+9zoCEL9g==", "updater": "rhel-vex", "name": "CVE-2024-34155", "description": "A flaw was found in the go/parser package of the Golang standard library. Calling any Parse functions on Go source code containing deeply nested literals can cause a panic due to stack exhaustion.", "issued": "2024-09-06T21:15:11Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34155 https://bugzilla.redhat.com/show_bug.cgi?id=2310527 https://www.cve.org/CVERecord?id=CVE-2024-34155 https://nvd.nist.gov/vuln/detail/CVE-2024-34155 https://go.dev/cl/611238 https://go.dev/issue/69138 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3105 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34155.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "xsP7BCzVmEb3+qivw8mFIQ==": { "id": "xsP7BCzVmEb3+qivw8mFIQ==", "updater": "rhel-vex", "name": "CVE-2024-2511", "description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv1.3 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "issued": "2024-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "xsiKeHcIwwzMLDEPFdNSFQ==": { "id": "xsiKeHcIwwzMLDEPFdNSFQ==", "updater": "rhel-vex", "name": "CVE-2020-28362", "description": "A flaw was found in the math/big package of Go's standard library that causes a denial of service. Applications written in Go that use math/big via cryptographic packages, including crypto/rsa and crypto/x509, are vulnerable and can potentially cause panic via a crafted certificate chain. The highest threat from this vulnerability is to system availability.", "issued": "2020-11-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-28362 https://bugzilla.redhat.com/show_bug.cgi?id=1897635 https://www.cve.org/CVERecord?id=CVE-2020-28362 https://nvd.nist.gov/vuln/detail/CVE-2020-28362 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-28362.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "xvZ+aaak6OxbCE7Nu46XhA==": { "id": "xvZ+aaak6OxbCE7Nu46XhA==", "updater": "rhel-vex", "name": "CVE-2025-31498", "description": "A flaw was found in c-ares. This vulnerability allows a remote or local attacker to cause a use-after-free, potentially leading to application-level denial of service or other unexpected behavior via manipulation of DNS responses or network conditions during query processing.", "issued": "2025-04-08T13:53:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-31498 https://bugzilla.redhat.com/show_bug.cgi?id=2358271 https://www.cve.org/CVERecord?id=CVE-2025-31498 https://nvd.nist.gov/vuln/detail/CVE-2025-31498 https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1 https://github.com/c-ares/c-ares/pull/821 https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-31498.json https://access.redhat.com/errata/RHSA-2025:7433", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.15.0-1.module+el9.6.0+23062+9e7801b9", "arch_op": "pattern match" }, "xxrOMZzPk7ETmnvrIjBo0A==": { "id": "xxrOMZzPk7ETmnvrIjBo0A==", "updater": "rhel-vex", "name": "CVE-2025-60753", "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "issued": "2025-11-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-60753 https://bugzilla.redhat.com/show_bug.cgi?id=2412648 https://www.cve.org/CVERecord?id=CVE-2025-60753 https://nvd.nist.gov/vuln/detail/CVE-2025-60753 https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753 https://github.com/libarchive/libarchive/issues/2725 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-60753.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "xxrk6qwvf/BkNdal8rz/jA==": { "id": "xxrk6qwvf/BkNdal8rz/jA==", "updater": "rhel-vex", "name": "CVE-2023-45289", "description": "A flaw was found in Go's net/http/cookiejar standard library package. When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45289 https://bugzilla.redhat.com/show_bug.cgi?id=2268018 https://www.cve.org/CVERecord?id=CVE-2023-45289 https://nvd.nist.gov/vuln/detail/CVE-2023-45289 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45289.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "xzz0v3ajpuFhN3HDJCDDYg==": { "id": "xzz0v3ajpuFhN3HDJCDDYg==", "updater": "rhel-vex", "name": "CVE-2023-2650", "description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "issued": "2023-05-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2650.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "y+qe2Ltr+Zxrpu9HCascIQ==": { "id": "y+qe2Ltr+Zxrpu9HCascIQ==", "updater": "rhel-vex", "name": "CVE-2025-6020", "description": "A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.", "issued": "2025-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6020 https://bugzilla.redhat.com/show_bug.cgi?id=2372512 https://www.cve.org/CVERecord?id=CVE-2025-6020 https://nvd.nist.gov/vuln/detail/CVE-2025-6020 https://github.com/linux-pam/linux-pam/security/advisories/GHSA-f9p8-gjr4-j9gx https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6020.json https://access.redhat.com/errata/RHSA-2025:9526", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-25.el9_6", "arch_op": "pattern match" }, "y/3qWQj3xOUQpm2CUr+ftg==": { "id": "y/3qWQj3xOUQpm2CUr+ftg==", "updater": "rhel-vex", "name": "CVE-2025-9820", "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "issued": "2025-11-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9820 https://bugzilla.redhat.com/show_bug.cgi?id=2392528 https://www.cve.org/CVERecord?id=CVE-2025-9820 https://nvd.nist.gov/vuln/detail/CVE-2025-9820 https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5 https://gitlab.com/gnutls/gnutls/-/issues/1732 https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9820.json https://access.redhat.com/errata/RHSA-2026:4188", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-10.el9_7", "arch_op": "pattern match" }, "y/vNaOETNDNWhjGaBLNhRA==": { "id": "y/vNaOETNDNWhjGaBLNhRA==", "updater": "rhel-vex", "name": "CVE-2026-1502", "description": "A flaw was found in Python. This vulnerability allows for the injection of extra information into HTTP communication. Specifically, the system does not properly prevent special characters (carriage return and line feed) from being included in HTTP client proxy tunnel headers or host fields.", "issued": "2026-04-10T17:54:44Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1502 https://bugzilla.redhat.com/show_bug.cgi?id=2457409 https://www.cve.org/CVERecord?id=CVE-2026-1502 https://nvd.nist.gov/vuln/detail/CVE-2026-1502 https://github.com/python/cpython/commit/05ed7ce7ae9e17c23a04085b2539fe6d6d3cef69 https://github.com/python/cpython/issues/146211 https://github.com/python/cpython/pull/146212 https://mail.python.org/archives/list/security-announce@python.org/thread/2IVPAEQWUJBCTQZEJEVTYCIKSMQPGRZ3/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1502.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3.9", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "y0c8SsIbu7kpkqoaDhf8/A==": { "id": "y0c8SsIbu7kpkqoaDhf8/A==", "updater": "rhel-vex", "name": "CVE-2025-4517", "description": "A flaw was found in the CPython tarfile module. This vulnerability allows arbitrary filesystem writes outside the extraction directory via extracting untrusted tar archives using the TarFile.extractall() or TarFile.extract() methods with the extraction filter parameter set to \"data\" or \"tar\".", "issued": "2025-06-03T12:58:50Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4517 https://bugzilla.redhat.com/show_bug.cgi?id=2370016 https://www.cve.org/CVERecord?id=CVE-2025-4517 https://nvd.nist.gov/vuln/detail/CVE-2025-4517 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4517.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "y1VRnBNNx34t1XvqjEl7IQ==": { "id": "y1VRnBNNx34t1XvqjEl7IQ==", "updater": "rhel-vex", "name": "CVE-2024-26461", "description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "issued": "2024-02-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-26461.json https://access.redhat.com/errata/RHSA-2024:9331", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-3.el9", "arch_op": "pattern match" }, "y2mXLQnvQEY7S/5iFBq5VQ==": { "id": "y2mXLQnvQEY7S/5iFBq5VQ==", "updater": "rhel-vex", "name": "CVE-2024-45341", "description": "A flaw was found in the crypto/x509 package of the Golang standard library. A certificate with a URI, which has a IPv6 address with a zone ID, may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI; this issue only affects users of private PKIs that make use of URIs.", "issued": "2025-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/show_bug.cgi?id=2341750 https://www.cve.org/CVERecord?id=CVE-2024-45341 https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://github.com/golang/go/commit/2b2314e9f6103de322b2e247387c8b01fd0cd5a4 https://github.com/golang/go/issues/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45341.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "y5N73UEFT/BHwjJkVAx22A==": { "id": "y5N73UEFT/BHwjJkVAx22A==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "y7I268PAr74OoToX85XE8w==": { "id": "y7I268PAr74OoToX85XE8w==", "updater": "rhel-vex", "name": "CVE-2026-22795", "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22795 https://bugzilla.redhat.com/show_bug.cgi?id=2430389 https://www.cve.org/CVERecord?id=CVE-2026-22795 https://nvd.nist.gov/vuln/detail/CVE-2026-22795 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22795.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "y9E+Lh5SpPDKe0DW19HLjA==": { "id": "y9E+Lh5SpPDKe0DW19HLjA==", "updater": "rhel-vex", "name": "CVE-2023-4752", "description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "issued": "2023-09-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4752.json https://access.redhat.com/errata/RHSA-2025:7440", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-22.el9_6", "arch_op": "pattern match" }, "yCrfh+WfD/7UJatf+Ek6jA==": { "id": "yCrfh+WfD/7UJatf+Ek6jA==", "updater": "rhel-vex", "name": "CVE-2023-39333", "description": "Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39333 https://bugzilla.redhat.com/show_bug.cgi?id=2244418 https://www.cve.org/CVERecord?id=CVE-2023-39333 https://nvd.nist.gov/vuln/detail/CVE-2023-39333 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39333.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "yF/CyvOlKzDmpBu26JCuEg==": { "id": "yF/CyvOlKzDmpBu26JCuEg==", "updater": "rhel-vex", "name": "CVE-2025-23166", "description": "A flaw was found in Node.js, specifically in the C++ method SignTraits::DeriveBits(). This vulnerability can allow a remote attacker to crash the Node.js runtime via untrusted input, triggering an exception in a background thread.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23166 https://bugzilla.redhat.com/show_bug.cgi?id=2367163 https://www.cve.org/CVERecord?id=CVE-2025-23166 https://nvd.nist.gov/vuln/detail/CVE-2025-23166 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23166.json https://access.redhat.com/errata/RHSA-2025:8467", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.9.2-1.22.16.0.1.module+el9.6.0+23151+b1496e9d", "arch_op": "pattern match" }, "yIgeDQgyoDXR+INQbK5bbA==": { "id": "yIgeDQgyoDXR+INQbK5bbA==", "updater": "rhel-vex", "name": "CVE-2022-43548", "description": "A flaw was found in NodeJS. The issue occurs in the Node.js rebinding protector for --inspect that still allows invalid IP addresses, specifically, the octal format. This flaw allows an attacker to perform DNS rebinding and execute arbitrary code.", "issued": "2022-11-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-43548 https://bugzilla.redhat.com/show_bug.cgi?id=2140911 https://www.cve.org/CVERecord?id=CVE-2022-43548 https://nvd.nist.gov/vuln/detail/CVE-2022-43548 https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-octal-ip-address-medium-cve-2022-43548 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-43548.json https://access.redhat.com/errata/RHSA-2022:8832", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.12.1-1.module+el9.1.0.z+17326+318294bb", "arch_op": "pattern match" }, "yK3vcSC4PlKQSa9IQKCw1w==": { "id": "yK3vcSC4PlKQSa9IQKCw1w==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "yKRKMYSzkiSZ6c90bTl6iA==": { "id": "yKRKMYSzkiSZ6c90bTl6iA==", "updater": "rhel-vex", "name": "CVE-2026-35387", "description": "A flaw was found in OpenSSH. This vulnerability allows the system to use unintended Elliptic Curve Digital Signature Algorithm (ECDSA) algorithms. This occurs because the configuration for accepted public key algorithms is misinterpreted, leading to the use of weaker cryptographic methods than intended. This could potentially allow an attacker to compromise the confidentiality of data.", "issued": "2026-04-02T16:52:53Z", "links": "https://access.redhat.com/security/cve/CVE-2026-35387 https://bugzilla.redhat.com/show_bug.cgi?id=2454494 https://www.cve.org/CVERecord?id=CVE-2026-35387 https://nvd.nist.gov/vuln/detail/CVE-2026-35387 https://marc.info/?l=openssh-unix-dev\u0026m=177513443901484\u0026w=2 https://www.openssh.org/releasenotes.html#10.3p1 https://www.openwall.com/lists/oss-security/2026/04/02/3 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-35387.json https://access.redhat.com/errata/RHSA-2026:13381", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-49.el9_7", "arch_op": "pattern match" }, "yNIngFjcdt+ETIv0YvW+4Q==": { "id": "yNIngFjcdt+ETIv0YvW+4Q==", "updater": "rhel-vex", "name": "CVE-2022-49043", "description": "A flaw was found in libxml2 where improper handling of memory allocation failures in `libxml2` can lead to crashes, memory leaks, or inconsistent states. While an attacker cannot directly control allocation failures, they may trigger denial-of-service conditions under extreme system stress.", "issued": "2025-01-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-49043 https://bugzilla.redhat.com/show_bug.cgi?id=2342118 https://www.cve.org/CVERecord?id=CVE-2022-49043 https://nvd.nist.gov/vuln/detail/CVE-2022-49043 https://github.com/php/php-src/issues/17467 https://gitlab.gnome.org/GNOME/libxml2/-/commit/5a19e21605398cef6a8b1452477a8705cb41562b https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-49043.json https://access.redhat.com/errata/RHSA-2025:1350", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.1", "arch_op": "pattern match" }, "yOFL3ef2F8Ux3GMySAVXxg==": { "id": "yOFL3ef2F8Ux3GMySAVXxg==", "updater": "rhel-vex", "name": "CVE-2025-58183", "description": "A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.", "issued": "2025-10-29T22:10:14Z", "links": "https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://www.cve.org/CVERecord?id=CVE-2025-58183 https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4014 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-58183.json https://access.redhat.com/errata/RHSA-2025:21815", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.25.3-1.el9_7", "arch_op": "pattern match" }, "yOUu4ImaYusi101ZTf86nw==": { "id": "yOUu4ImaYusi101ZTf86nw==", "updater": "rhel-vex", "name": "CVE-2026-27135", "description": "A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service (DoS).", "issued": "2026-03-18T17:59:02Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27135 https://bugzilla.redhat.com/show_bug.cgi?id=2448754 https://www.cve.org/CVERecord?id=CVE-2026-27135 https://nvd.nist.gov/vuln/detail/CVE-2026-27135 https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27135.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "yR8yQT8vjjYwY0t0RI5P5A==": { "id": "yR8yQT8vjjYwY0t0RI5P5A==", "updater": "rhel-vex", "name": "CVE-2026-22695", "description": "A flaw was found in libpng, a reference library for processing PNG (Portable Network Graphics) image files. A local attacker could exploit a heap buffer over-read vulnerability in the `png_image_finish_read` function by tricking a user into processing a specially crafted interlaced 16-bit PNG file with an 8-bit output format and non-minimal row stride. This could lead to a denial of service (DoS) and potentially information disclosure.", "issued": "2026-01-12T22:55:40Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22695 https://bugzilla.redhat.com/show_bug.cgi?id=2428825 https://www.cve.org/CVERecord?id=CVE-2026-22695 https://nvd.nist.gov/vuln/detail/CVE-2026-22695 https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea https://github.com/pnggroup/libpng/commit/e4f7ad4ea2 https://github.com/pnggroup/libpng/issues/778 https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22695.json https://access.redhat.com/errata/RHSA-2026:3405", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libpng-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:1.6.37-12.el9_7.2", "arch_op": "pattern match" }, "yUucg71orzE08FiDgaKBPQ==": { "id": "yUucg71orzE08FiDgaKBPQ==", "updater": "rhel-vex", "name": "CVE-2025-9230", "description": "A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).", "issued": "2025-09-30T23:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9230 https://bugzilla.redhat.com/show_bug.cgi?id=2396054 https://www.cve.org/CVERecord?id=CVE-2025-9230 https://nvd.nist.gov/vuln/detail/CVE-2025-9230 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9230.json https://access.redhat.com/errata/RHSA-2025:21255", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-4.el9_7", "arch_op": "pattern match" }, "yV3QixxBrXQjuo0c4OIL/w==": { "id": "yV3QixxBrXQjuo0c4OIL/w==", "updater": "rhel-vex", "name": "CVE-2023-27534", "description": "A path traversal vulnerability exists in curl \u003c8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27534.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "yVSbDx471AjTjlaUBaOQ5g==": { "id": "yVSbDx471AjTjlaUBaOQ5g==", "updater": "rhel-vex", "name": "CVE-2026-4786", "description": "A flaw was found in the Python webbrowser.open() API. If a specially crafted URL containing \"%action\" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution.", "issued": "2026-04-13T21:52:19Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4786 https://bugzilla.redhat.com/show_bug.cgi?id=2458049 https://www.cve.org/CVERecord?id=CVE-2026-4786 https://nvd.nist.gov/vuln/detail/CVE-2026-4786 https://github.com/python/cpython/issues/148169 https://github.com/python/cpython/pull/148170 https://mail.python.org/archives/list/security-announce@python.org/thread/JQDUNJVB4AQNTJECSUKOBDU3XCJIPSE5/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4786.json https://access.redhat.com/errata/RHSA-2026:10949", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.25-3.el9_7.3", "arch_op": "pattern match" }, "yXjhPZPggtyVHOPFjmeHOg==": { "id": "yXjhPZPggtyVHOPFjmeHOg==", "updater": "rhel-vex", "name": "CVE-2026-29111", "description": "A flaw was found in systemd, a system and service manager. An unprivileged user can exploit this vulnerability by making an Inter-Process Communication (IPC) API call with spurious data. In older versions (v249 and earlier), this can lead to stack overwriting with attacker-controlled content, potentially enabling arbitrary code execution or privilege escalation. In newer versions (v250 and later), the flaw causes systemd to assert and freeze, resulting in a Denial of Service (DoS).", "issued": "2026-03-23T21:03:56Z", "links": "https://access.redhat.com/security/cve/CVE-2026-29111 https://bugzilla.redhat.com/show_bug.cgi?id=2450505 https://www.cve.org/CVERecord?id=CVE-2026-29111 https://nvd.nist.gov/vuln/detail/CVE-2026-29111 https://github.com/systemd/systemd/commit/1d22f706bd04f45f8422e17fbde3f56ece17758a https://github.com/systemd/systemd/commit/20021e7686426052e3a7505425d7e12085feb2a6 https://github.com/systemd/systemd/commit/21167006574d6b83813c7596759b474f56562412 https://github.com/systemd/systemd/commit/3cee294fe8cf4fa0eff933ab21416d099942cabd https://github.com/systemd/systemd/commit/42aee39107fbdd7db1ccd402a2151822b2805e9f https://github.com/systemd/systemd/commit/54588d2dedff54bfb6036670820650e4ea74628f https://github.com/systemd/systemd/commit/7ac3220213690e8a8d6d2a6e81e43bd1dce01d69 https://github.com/systemd/systemd/commit/80acea4ef80a4bb78560ed970c34952299b890d6 https://github.com/systemd/systemd/commit/b5fd14693057e5f2c9b4a49603be64ec3608ff6c https://github.com/systemd/systemd/commit/efa6ba2ab625aaa160ac435a09e6482fc63bdbe8 https://github.com/systemd/systemd/security/advisories/GHSA-gx6q-6f99-m764 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-29111.json https://access.redhat.com/errata/RHSA-2026:13677", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd-rpm-macros", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:252-55.el9_7.9", "arch_op": "pattern match" }, "ybQbHANLbpeKvvvpnEOh2Q==": { "id": "ybQbHANLbpeKvvvpnEOh2Q==", "updater": "rhel-vex", "name": "CVE-2023-30581", "description": "A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require() can bypass the policy mechanism and require modules outside of the policy.json definition.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30581 https://bugzilla.redhat.com/show_bug.cgi?id=2219824 https://www.cve.org/CVERecord?id=CVE-2023-30581 https://nvd.nist.gov/vuln/detail/CVE-2023-30581 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30581.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.16.1-1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "ycihN0043OihPtrAPlFZyA==": { "id": "ycihN0043OihPtrAPlFZyA==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-SelectSaver", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.02-481.1.el9_6", "arch_op": "pattern match" }, "ydg80VAiaAwfrueUhGEKNA==": { "id": "ydg80VAiaAwfrueUhGEKNA==", "updater": "rhel-vex", "name": "CVE-2024-10041", "description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "issued": "2024-10-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json https://access.redhat.com/errata/RHSA-2024:11250", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-21.el9_5", "arch_op": "pattern match" }, "ygPqOnRCEHz9NjTVM+wIZA==": { "id": "ygPqOnRCEHz9NjTVM+wIZA==", "updater": "rhel-vex", "name": "CVE-2022-29187", "description": "A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This issue allows the owner of the repository to cause arbitrary commands to be executed by other users who access the repository.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-29187 https://bugzilla.redhat.com/show_bug.cgi?id=2107439 https://www.cve.org/CVERecord?id=CVE-2022-29187 https://nvd.nist.gov/vuln/detail/CVE-2022-29187 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-29187.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "yiivq+72Eny8jduuFDoDEQ==": { "id": "yiivq+72Eny8jduuFDoDEQ==", "updater": "rhel-vex", "name": "CVE-2025-6069", "description": "A denial-of-service (DoS) vulnerability has been discovered in Python's html.parser.HTMLParser class. When processing specially malformed HTML input, the parsing runtime can become quadratic with respect to the input size. This significantly increased processing time can lead to excessive resource consumption, ultimately causing a denial-of-service condition in applications that rely on this parser.", "issued": "2025-06-17T13:39:46Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6069 https://bugzilla.redhat.com/show_bug.cgi?id=2373234 https://www.cve.org/CVERecord?id=CVE-2025-6069 https://nvd.nist.gov/vuln/detail/CVE-2025-6069 https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949 https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41 https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b https://github.com/python/cpython/issues/135462 https://github.com/python/cpython/pull/135464 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6069.json https://access.redhat.com/errata/RHSA-2025:23342", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.25-2.el9_7", "arch_op": "pattern match" }, "ylg3k+AtgUcIl3hJiXNMlw==": { "id": "ylg3k+AtgUcIl3hJiXNMlw==", "updater": "rhel-vex", "name": "CVE-2022-2946", "description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "issued": "2022-08-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2946.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ymKqobod4xPivmLT/iq9oQ==": { "id": "ymKqobod4xPivmLT/iq9oQ==", "updater": "rhel-vex", "name": "CVE-2026-41990", "description": "A flaw was found in Libgcrypt. During Dilithium signing operations, the library fails to perform a bounds check when writing to a static array. While the data involved is not directly controlled by an attacker, this vulnerability could lead to memory corruption, potentially resulting in a denial of service (DoS) or affecting data integrity.", "issued": "2026-04-23T04:39:04Z", "links": "https://access.redhat.com/security/cve/CVE-2026-41990 https://bugzilla.redhat.com/show_bug.cgi?id=2461068 https://www.cve.org/CVERecord?id=CVE-2026-41990 https://nvd.nist.gov/vuln/detail/CVE-2026-41990 https://dev.gnupg.org/T8208 https://lists.gnupg.org/pipermail/gnupg-announce/2026q2/000503.html https://www.openwall.com/lists/oss-security/2026/04/21/1 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-41990.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libgcrypt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ynnULh1l7jTnQPnMak7suQ==": { "id": "ynnULh1l7jTnQPnMak7suQ==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "yq06et41/lBQ0nsMvLOG/A==": { "id": "yq06et41/lBQ0nsMvLOG/A==", "updater": "rhel-vex", "name": "CVE-2023-3138", "description": "A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.", "issued": "2023-06-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3138 https://bugzilla.redhat.com/show_bug.cgi?id=2213748 https://www.cve.org/CVERecord?id=CVE-2023-3138 https://nvd.nist.gov/vuln/detail/CVE-2023-3138 https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c https://lists.x.org/archives/xorg-announce/2023-June/003406.html https://lists.x.org/archives/xorg-announce/2023-June/003407.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3138.json https://access.redhat.com/errata/RHSA-2023:6497", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-8.el9", "arch_op": "pattern match" }, "yqjwgy5aE2uj+E3fW5VIUQ==": { "id": "yqjwgy5aE2uj+E3fW5VIUQ==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:20936", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-9.el9_7", "arch_op": "pattern match" }, "yrD0ecVnK2Y23POHVpCwiA==": { "id": "yrD0ecVnK2Y23POHVpCwiA==", "updater": "rhel-vex", "name": "CVE-2022-48554", "description": "A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash.", "issued": "2022-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-48554 https://bugzilla.redhat.com/show_bug.cgi?id=2235714 https://www.cve.org/CVERecord?id=CVE-2022-48554 https://nvd.nist.gov/vuln/detail/CVE-2022-48554 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-48554.json https://access.redhat.com/errata/RHSA-2024:2512", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "file-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:5.39-16.el9", "arch_op": "pattern match" }, "yrkfySEOvQHtbEYpAUNs0Q==": { "id": "yrkfySEOvQHtbEYpAUNs0Q==", "updater": "rhel-vex", "name": "CVE-2024-6923", "description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "issued": "2024-08-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.5", "arch_op": "pattern match" }, "yubezWiwTBzlJyfKBBah5A==": { "id": "yubezWiwTBzlJyfKBBah5A==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "ywuC+FbT7FV6PIDV8mhosw==": { "id": "ywuC+FbT7FV6PIDV8mhosw==", "updater": "rhel-vex", "name": "CVE-2026-1527", "description": "A flaw was found in undici, a Node.js HTTP/1.1 client. This vulnerability allows a remote attacker to inject malicious data into HTTP headers or prematurely end HTTP requests by sending specially crafted input to the `upgrade` option of `client.request()`. This is possible because undici does not properly validate input for invalid header characters, which could lead to unauthorized information disclosure or bypassing of security controls.", "issued": "2026-03-12T20:17:18Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1527 https://bugzilla.redhat.com/show_bug.cgi?id=2447141 https://www.cve.org/CVERecord?id=CVE-2026-1527 https://nvd.nist.gov/vuln/detail/CVE-2026-1527 https://cna.openjsf.org/security-advisories.html https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq https://hackerone.com/reports/3487198 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1527.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "yycUgbk2YE6jCbX68FtPLA==": { "id": "yycUgbk2YE6jCbX68FtPLA==", "updater": "rhel-vex", "name": "CVE-2025-55130", "description": "A flaw in Node.js’s Permissions model allows attackers to bypass `--allow-fs-read` and `--allow-fs-write` restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files. This breaks the expected isolation guarantees and enables arbitrary file read/write.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-55130 https://bugzilla.redhat.com/show_bug.cgi?id=2431352 https://www.cve.org/CVERecord?id=CVE-2025-55130 https://nvd.nist.gov/vuln/detail/CVE-2025-55130 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-55130.json https://access.redhat.com/errata/RHSA-2026:2782", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.22.0-1.module+el9.7.0+23896+b5802de9", "arch_op": "pattern match" }, "yz/zQzn72boszb6Cab3Y9w==": { "id": "yz/zQzn72boszb6Cab3Y9w==", "updater": "rhel-vex", "name": "CVE-2023-0796", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractContigSamplesShifted24bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0796 https://bugzilla.redhat.com/show_bug.cgi?id=2170146 https://www.cve.org/CVERecord?id=CVE-2023-0796 https://nvd.nist.gov/vuln/detail/CVE-2023-0796 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0796.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "yzANls12pwNNRyqxmDGy4g==": { "id": "yzANls12pwNNRyqxmDGy4g==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:20936", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-9.el9_7", "arch_op": "pattern match" }, "yzZzF1vLZmeTiLJMgY7W0Q==": { "id": "yzZzF1vLZmeTiLJMgY7W0Q==", "updater": "rhel-vex", "name": "CVE-2025-7039", "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "issued": "2025-07-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-7039 https://bugzilla.redhat.com/show_bug.cgi?id=2392423 https://www.cve.org/CVERecord?id=CVE-2025-7039 https://nvd.nist.gov/vuln/detail/CVE-2025-7039 https://gitlab.gnome.org/GNOME/glib/-/issues/3716 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-7039.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "yzaTkDwqkUqRGFQFgsnIAA==": { "id": "yzaTkDwqkUqRGFQFgsnIAA==", "updater": "rhel-vex", "name": "CVE-2025-59466", "description": "A stack overflow flaw has been discovered in Node.js error handling where \"Maximum call stack size exceeded\" errors become uncatchable when `async_hooks.createHook()` is enabled. Instead of reaching `process.on('uncaughtException')`, the process terminates, making the crash unrecoverable. Applications that rely on `AsyncLocalStorage` (v22, v20) or `async_hooks.createHook()` (v24, v22, v20) become vulnerable to denial-of-service crashes triggered by deep recursion under specific conditions.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-59466 https://bugzilla.redhat.com/show_bug.cgi?id=2431343 https://www.cve.org/CVERecord?id=CVE-2025-59466 https://nvd.nist.gov/vuln/detail/CVE-2025-59466 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-59466.json https://access.redhat.com/errata/RHSA-2026:2781", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.13.0-1.module+el9.7.0+23894+c8377628", "arch_op": "pattern match" }, "yzs4f0vIG+ordPdSm2meFQ==": { "id": "yzs4f0vIG+ordPdSm2meFQ==", "updater": "rhel-vex", "name": "CVE-2025-6069", "description": "A denial-of-service (DoS) vulnerability has been discovered in Python's html.parser.HTMLParser class. When processing specially malformed HTML input, the parsing runtime can become quadratic with respect to the input size. This significantly increased processing time can lead to excessive resource consumption, ultimately causing a denial-of-service condition in applications that rely on this parser.", "issued": "2025-06-17T13:39:46Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6069 https://bugzilla.redhat.com/show_bug.cgi?id=2373234 https://www.cve.org/CVERecord?id=CVE-2025-6069 https://nvd.nist.gov/vuln/detail/CVE-2025-6069 https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949 https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41 https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b https://github.com/python/cpython/issues/135462 https://github.com/python/cpython/pull/135464 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6069.json https://access.redhat.com/errata/RHSA-2025:23342", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.25-2.el9_7", "arch_op": "pattern match" }, "z+NiHm13dFQpx3ZynhKpIQ==": { "id": "z+NiHm13dFQpx3ZynhKpIQ==", "updater": "rhel-vex", "name": "CVE-2025-68121", "description": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.", "issued": "2026-02-05T17:48:44Z", "links": "https://access.redhat.com/security/cve/CVE-2025-68121 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://www.cve.org/CVERecord?id=CVE-2025-68121 https://nvd.nist.gov/vuln/detail/CVE-2025-68121 https://go.dev/cl/737700 https://go.dev/issue/77217 https://groups.google.com/g/golang-announce/c/K09ubi9FQFk https://pkg.go.dev/vuln/GO-2026-4337 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68121.json https://access.redhat.com/errata/RHSA-2026:2709", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.25.7-1.el9_7", "arch_op": "pattern match" }, "z+rEPA1G209OEh34yG1aVQ==": { "id": "z+rEPA1G209OEh34yG1aVQ==", "updater": "rhel-vex", "name": "CVE-2026-21714", "description": "A flaw was found in Node.js. A remote attacker can exploit this vulnerability in Node.js HTTP/2 servers by sending specially crafted WINDOW_UPDATE frames on stream 0 (connection-level). These frames can cause the flow control window to exceed its maximum value, leading to a memory leak as Http2Session objects are not properly cleaned up. This can result in resource exhaustion and a Denial of Service (DoS) condition for the server.", "issued": "2026-03-30T19:07:28Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21714 https://bugzilla.redhat.com/show_bug.cgi?id=2453161 https://www.cve.org/CVERecord?id=CVE-2026-21714 https://nvd.nist.gov/vuln/detail/CVE-2026-21714 https://nodejs.org/en/blog/vulnerability/march-2026-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21714.json https://access.redhat.com/errata/RHSA-2026:7350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.14.1-2.module+el9.7.0+24166+51c9666b", "arch_op": "pattern match" }, "z/LMTnJeia+du5LSYhMD2w==": { "id": "z/LMTnJeia+du5LSYhMD2w==", "updater": "rhel-vex", "name": "CVE-2023-22745", "description": "A flaw was found in tpm2-tss, which is an open source software implementation of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2 Software Stack (TSS2). In affected versions, `Tss2_RC_SetHandler` and `Tss2_RC_Decode` index into the `layer_handler` with an 8-bit layer number, but the array only has `TPM2_ERROR_TSS2_RC_LAYER_COUNT` entries. Trying to add a handler for higher-numbered layers or to decode a response code with a layer number, reads/writes past the end of the buffer. This buffer overrun could result in arbitrary code execution. An example attack is a man-in-the-middle (MiTM) bus attack that returns 0xFFFFFFFFFF for the RC. Given the common use case of TPM modules, an attacker must have local access to the target machine with local system privileges, which allows access to the TPM system. Usually, TPM access requires administrative privileges.", "issued": "2023-01-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-22745 https://bugzilla.redhat.com/show_bug.cgi?id=2162610 https://www.cve.org/CVERecord?id=CVE-2023-22745 https://nvd.nist.gov/vuln/detail/CVE-2023-22745 https://github.com/tpm2-software/tpm2-tss/security/advisories/GHSA-4j3v-fh23-vx67 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-22745.json https://access.redhat.com/errata/RHSA-2023:6685", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "tpm2-tss", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.2.2-2.el9", "arch_op": "pattern match" }, "z/beWyrkyrQJfgGCkMIsWg==": { "id": "z/beWyrkyrQJfgGCkMIsWg==", "updater": "rhel-vex", "name": "CVE-2025-14104", "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14104 https://bugzilla.redhat.com/show_bug.cgi?id=2419369 https://www.cve.org/CVERecord?id=CVE-2025-14104 https://nvd.nist.gov/vuln/detail/CVE-2025-14104 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14104.json https://access.redhat.com/errata/RHSA-2026:1913", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libsmartcols", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.37.4-21.el9_7", "arch_op": "pattern match" }, "z12tQXXi14IQVfwzjztF5Q==": { "id": "z12tQXXi14IQVfwzjztF5Q==", "updater": "rhel-vex", "name": "CVE-2025-32990", "description": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.", "issued": "2025-07-09T07:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32990 https://bugzilla.redhat.com/show_bug.cgi?id=2359620 https://www.cve.org/CVERecord?id=CVE-2025-32990 https://nvd.nist.gov/vuln/detail/CVE-2025-32990 https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32990.json https://access.redhat.com/errata/RHSA-2025:16116", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-6.el9_6.2", "arch_op": "pattern match" }, "z1fiDjJjV7T+4MZClzquUA==": { "id": "z1fiDjJjV7T+4MZClzquUA==", "updater": "rhel-vex", "name": "CVE-2023-5678", "description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "issued": "2023-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "z1wZ8EsA73QQBAtKsHeNNA==": { "id": "z1wZ8EsA73QQBAtKsHeNNA==", "updater": "rhel-vex", "name": "CVE-2023-25193", "description": "A vulnerability was found HarfBuzz. This flaw allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "issued": "2023-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25193 https://bugzilla.redhat.com/show_bug.cgi?id=2167254 https://www.cve.org/CVERecord?id=CVE-2023-25193 https://nvd.nist.gov/vuln/detail/CVE-2023-25193 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25193.json https://access.redhat.com/errata/RHSA-2024:2410", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "harfbuzz-icu", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.7.4-10.el9", "arch_op": "pattern match" }, "z52r/0OKaWAkLWR5L4SEkQ==": { "id": "z52r/0OKaWAkLWR5L4SEkQ==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "z6u9MfxJ5450gPIBXVMBZg==": { "id": "z6u9MfxJ5450gPIBXVMBZg==", "updater": "rhel-vex", "name": "CVE-2025-23167", "description": "A flaw was found in the HTTP parser of Node.js. This vulnerability allows attackers to perform request smuggling and bypass proxy-based access controls via improperly terminated HTTP/1 headers using \\r\\n\\rX instead of the standard \\r\\n\\r\\n.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23167 https://bugzilla.redhat.com/show_bug.cgi?id=2367167 https://www.cve.org/CVERecord?id=CVE-2025-23167 https://nvd.nist.gov/vuln/detail/CVE-2025-23167 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23167.json https://access.redhat.com/errata/RHSA-2025:8468", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.19.2-1.module+el9.6.0+23146+be9976bd", "arch_op": "pattern match" }, "zAQhwfD+1kpXY0CwZC6HxA==": { "id": "zAQhwfD+1kpXY0CwZC6HxA==", "updater": "rhel-vex", "name": "CVE-2025-24014", "description": "A flaw was found in Vim. In silent Ex mode (-s -e), Vim typically doesn't show a screen and operates silently in batch mode, however, it is possible to trigger the function that handles the scrolling of a GUI version of Vim via binary characters. The function that handles the scrolling may trigger a redraw, which will access the ScreenLines pointer and can cause a segmentation fault condition. This may lead to an application crash or other undefined behavior.", "issued": "2025-01-20T22:53:14Z", "links": "https://access.redhat.com/security/cve/CVE-2025-24014 https://bugzilla.redhat.com/show_bug.cgi?id=2339074 https://www.cve.org/CVERecord?id=CVE-2025-24014 https://nvd.nist.gov/vuln/detail/CVE-2025-24014 https://github.com/vim/vim/commit/9d1bed5eccdbb46a26b8a484f5e9163c40e63919 https://github.com/vim/vim/security/advisories/GHSA-j3g9-wg22-v955 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-24014.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "zBagx41pcIC7Z4HwA6qQbQ==": { "id": "zBagx41pcIC7Z4HwA6qQbQ==", "updater": "rhel-vex", "name": "CVE-2026-21637", "description": "A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when `pskCallback` or `ALPNCallback` are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths (tlsClientError and error), causing either immediate process termination or silent file descriptor leaks that eventually lead to denial of service. Because these callbacks process attacker-controlled input during the TLS handshake, a remote client can repeatedly trigger the issue. This vulnerability affects TLS servers using PSK or ALPN callbacks across Node.js versions where these callbacks throw without being safely wrapped.", "issued": "2026-01-20T20:41:55Z", "links": "https://access.redhat.com/security/cve/CVE-2026-21637 https://bugzilla.redhat.com/show_bug.cgi?id=2431340 https://www.cve.org/CVERecord?id=CVE-2026-21637 https://nvd.nist.gov/vuln/detail/CVE-2026-21637 https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21637.json https://access.redhat.com/errata/RHSA-2026:2781", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:24.13.0-1.module+el9.7.0+23894+c8377628", "arch_op": "pattern match" }, "zBm31RctqcDF3ITqeA/9oA==": { "id": "zBm31RctqcDF3ITqeA/9oA==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "zDmU3WG0c3AQYw7NFebUCQ==": { "id": "zDmU3WG0c3AQYw7NFebUCQ==", "updater": "rhel-vex", "name": "CVE-2022-3234", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "issued": "2022-09-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3234.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "zE3cPdw4Ma9jQQUVeE/hdg==": { "id": "zE3cPdw4Ma9jQQUVeE/hdg==", "updater": "rhel-vex", "name": "CVE-2026-35414", "description": "A flaw was found in OpenSSH. This vulnerability arises from the incorrect handling of the authorized_keys principals option in uncommon scenarios. Specifically, when a principals list is used with a Certificate Authority that includes comma characters, OpenSSH may misinterpret the input. This could lead to security bypasses, potentially allowing unintended access or information disclosure in specific authentication contexts.", "issued": "2026-04-02T17:08:15Z", "links": "https://access.redhat.com/security/cve/CVE-2026-35414 https://bugzilla.redhat.com/show_bug.cgi?id=2454490 https://www.cve.org/CVERecord?id=CVE-2026-35414 https://nvd.nist.gov/vuln/detail/CVE-2026-35414 https://marc.info/?l=openssh-unix-dev\u0026m=177513443901484\u0026w=2 https://www.openssh.org/releasenotes.html#10.3p1 https://www.openwall.com/lists/oss-security/2026/04/02/3 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-35414.json https://access.redhat.com/errata/RHSA-2026:13381", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-49.el9_7", "arch_op": "pattern match" }, "zEKtVLhCQn3xgvKNhFo2bg==": { "id": "zEKtVLhCQn3xgvKNhFo2bg==", "updater": "rhel-vex", "name": "CVE-2021-3115", "description": "A flaw was found in golang: cmd/go, in which Go can execute arbitrary commands at build time when cgo is in use on Windows OS. On Linux/Unix, only users who have \".\" listed explicitly in their PATH variable are affected. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-01-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3115 https://bugzilla.redhat.com/show_bug.cgi?id=1918761 https://www.cve.org/CVERecord?id=CVE-2021-3115 https://nvd.nist.gov/vuln/detail/CVE-2021-3115 https://groups.google.com/g/golang-announce/c/mperVMGa98w https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3115.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "zFG8iDklz8FcuYliYZGkqA==": { "id": "zFG8iDklz8FcuYliYZGkqA==", "updater": "rhel-vex", "name": "CVE-2023-27533", "description": "A vulnerability in input validation exists in curl \u003c8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27533 https://bugzilla.redhat.com/show_bug.cgi?id=2179062 https://www.cve.org/CVERecord?id=CVE-2023-27533 https://nvd.nist.gov/vuln/detail/CVE-2023-27533 https://curl.se/docs/CVE-2023-27533.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27533.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "zFZE1hLph4hR8T7aNvRt0w==": { "id": "zFZE1hLph4hR8T7aNvRt0w==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-B", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.80-481.1.el9_6", "arch_op": "pattern match" }, "zH/R3mCgsX+vslxcP7p4cg==": { "id": "zH/R3mCgsX+vslxcP7p4cg==", "updater": "rhel-vex", "name": "CVE-2024-6387", "description": "A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.", "issued": "2024-07-01T08:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6387 https://bugzilla.redhat.com/show_bug.cgi?id=2294604 https://www.cve.org/CVERecord?id=CVE-2024-6387 https://nvd.nist.gov/vuln/detail/CVE-2024-6387 https://santandersecurityresearch.github.io/blog/sshing_the_masses.html https://www.openssh.com/txt/release-9.8 https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6387.json https://access.redhat.com/errata/RHSA-2024:4312", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-38.el9_4.1", "arch_op": "pattern match" }, "zLUPO/DSeItPLWNqYd2DSQ==": { "id": "zLUPO/DSeItPLWNqYd2DSQ==", "updater": "rhel-vex", "name": "CVE-2024-0727", "description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "issued": "2024-01-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "zNwhU1to6ohdg5Ws/JmM/Q==": { "id": "zNwhU1to6ohdg5Ws/JmM/Q==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "zRaIctSo0IHgkpOD2xBvHw==": { "id": "zRaIctSo0IHgkpOD2xBvHw==", "updater": "rhel-vex", "name": "CVE-2025-47907", "description": "A flaw was found in database/sql. Concurrent queries can produce unexpected results when a query is cancelled during a Scan method call on returned Rows, creating a race condition. This vulnerability allows an attacker who can initiate and cancel queries to trigger this condition, possibly leading to inconsistent data being returned to the application.", "issued": "2025-08-07T15:25:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47907 https://bugzilla.redhat.com/show_bug.cgi?id=2387083 https://www.cve.org/CVERecord?id=CVE-2025-47907 https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://pkg.go.dev/vuln/GO-2025-3849 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47907.json https://access.redhat.com/errata/RHSA-2025:13935", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.6-1.el9_6", "arch_op": "pattern match" }, "zYJDi0K0bIQE0iPOdJilbQ==": { "id": "zYJDi0K0bIQE0iPOdJilbQ==", "updater": "rhel-vex", "name": "CVE-2026-27137", "description": "A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.", "issued": "2026-03-06T21:28:13Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27137 https://bugzilla.redhat.com/show_bug.cgi?id=2445345 https://www.cve.org/CVERecord?id=CVE-2026-27137 https://nvd.nist.gov/vuln/detail/CVE-2026-27137 https://go.dev/cl/752182 https://go.dev/issue/77952 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://pkg.go.dev/vuln/GO-2026-4599 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27137.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "zYQmqjwBNORHvvIZjBy6jg==": { "id": "zYQmqjwBNORHvvIZjBy6jg==", "updater": "rhel-vex", "name": "CVE-2026-25679", "description": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.", "issued": "2026-03-06T21:28:14Z", "links": "https://access.redhat.com/security/cve/CVE-2026-25679 https://bugzilla.redhat.com/show_bug.cgi?id=2445356 https://www.cve.org/CVERecord?id=CVE-2026-25679 https://nvd.nist.gov/vuln/detail/CVE-2026-25679 https://go.dev/cl/752180 https://go.dev/issue/77578 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://pkg.go.dev/vuln/GO-2026-4601 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25679.json https://access.redhat.com/errata/RHSA-2026:8841", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "go-srpm-macros", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.6.0-14.el9_7", "arch_op": "pattern match" }, "zdrK/Mitm8rUuLp2HwWnmQ==": { "id": "zdrK/Mitm8rUuLp2HwWnmQ==", "updater": "rhel-vex", "name": "CVE-2025-31498", "description": "A flaw was found in c-ares. This vulnerability allows a remote or local attacker to cause a use-after-free, potentially leading to application-level denial of service or other unexpected behavior via manipulation of DNS responses or network conditions during query processing.", "issued": "2025-04-08T13:53:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-31498 https://bugzilla.redhat.com/show_bug.cgi?id=2358271 https://www.cve.org/CVERecord?id=CVE-2025-31498 https://nvd.nist.gov/vuln/detail/CVE-2025-31498 https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1 https://github.com/c-ares/c-ares/pull/821 https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-31498.json https://access.redhat.com/errata/RHSA-2025:7426", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.2-1.20.19.1.1.module+el9.6.0+23053+4195b0b2", "arch_op": "pattern match" }, "zec/1Gm7Idd0fQLOCpU8jA==": { "id": "zec/1Gm7Idd0fQLOCpU8jA==", "updater": "rhel-vex", "name": "CVE-2025-15367", "description": "A flaw was found in the poplib module in the Python standard library. The poplib module does not reject control characters, such as newlines, in user-controlled input passed to POP3 commands. This issue allows an attacker to inject additional commands to be executed in the POP3 server.", "issued": "2026-01-20T21:47:09Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15367 https://bugzilla.redhat.com/show_bug.cgi?id=2431373 https://www.cve.org/CVERecord?id=CVE-2025-15367 https://nvd.nist.gov/vuln/detail/CVE-2025-15367 https://github.com/python/cpython/issues/143923 https://github.com/python/cpython/pull/143924 https://mail.python.org/archives/list/security-announce@python.org/thread/CBFBOWVGGUJFSGITQCCBZS4GEYYZ7ZNE/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15367.json https://access.redhat.com/errata/RHSA-2026:4168", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.25-3.el9_7.1", "arch_op": "pattern match" }, "zi+zTCtHwI+xWITxpaOJBw==": { "id": "zi+zTCtHwI+xWITxpaOJBw==", "updater": "rhel-vex", "name": "CVE-2023-3817", "description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "zidvm9MkkP4S62Ofl4+xSQ==": { "id": "zidvm9MkkP4S62Ofl4+xSQ==", "updater": "rhel-vex", "name": "CVE-2025-31498", "description": "A flaw was found in c-ares. This vulnerability allows a remote or local attacker to cause a use-after-free, potentially leading to application-level denial of service or other unexpected behavior via manipulation of DNS responses or network conditions during query processing.", "issued": "2025-04-08T13:53:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-31498 https://bugzilla.redhat.com/show_bug.cgi?id=2358271 https://www.cve.org/CVERecord?id=CVE-2025-31498 https://nvd.nist.gov/vuln/detail/CVE-2025-31498 https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1 https://github.com/c-ares/c-ares/pull/821 https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-31498.json https://access.redhat.com/errata/RHSA-2025:7433", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.9.2-1.22.15.0.1.module+el9.6.0+23062+9e7801b9", "arch_op": "pattern match" }, "zj6YFnKGohJeDG/BPBNZLQ==": { "id": "zj6YFnKGohJeDG/BPBNZLQ==", "updater": "rhel-vex", "name": "CVE-2026-25547", "description": "A flaw was found in the brace-expansion component. This denial of service (DoS) vulnerability allows a remote attacker to provide specially crafted input containing repeated numeric brace ranges. This input causes the library to attempt an unbounded expansion, consuming excessive CPU and memory resources. This can lead to a system crash, impacting the availability of the service.", "issued": "2026-02-04T21:51:17Z", "links": "https://access.redhat.com/security/cve/CVE-2026-25547 https://bugzilla.redhat.com/show_bug.cgi?id=2436942 https://www.cve.org/CVERecord?id=CVE-2026-25547 https://nvd.nist.gov/vuln/detail/CVE-2026-25547 https://github.com/isaacs/brace-expansion/security/advisories/GHSA-7h2j-956f-4vf2 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25547.json https://access.redhat.com/errata/RHSA-2026:7302", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.22.2-1.module+el9.7.0+24157+8ddb2461", "arch_op": "pattern match" }, "zjZHjKf2l5+qY9/XYdFMQQ==": { "id": "zjZHjKf2l5+qY9/XYdFMQQ==", "updater": "rhel-vex", "name": "CVE-2023-39322", "description": "A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39322 https://bugzilla.redhat.com/show_bug.cgi?id=2237778 https://www.cve.org/CVERecord?id=CVE-2023-39322 https://nvd.nist.gov/vuln/detail/CVE-2023-39322 https://go.dev/cl/523039 https://go.dev/issue/62266 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2045.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39322.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "zmNQpHydwXFAJmLcFFYiyQ==": { "id": "zmNQpHydwXFAJmLcFFYiyQ==", "updater": "rhel-vex", "name": "CVE-2025-14104", "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14104 https://bugzilla.redhat.com/show_bug.cgi?id=2419369 https://www.cve.org/CVERecord?id=CVE-2025-14104 https://nvd.nist.gov/vuln/detail/CVE-2025-14104 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14104.json https://access.redhat.com/errata/RHSA-2026:1913", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libuuid", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.37.4-21.el9_7", "arch_op": "pattern match" }, "znnZtQrOfSxqGV/OZKzI5g==": { "id": "znnZtQrOfSxqGV/OZKzI5g==", "updater": "rhel-vex", "name": "CVE-2026-4111", "description": "A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.", "issued": "2026-03-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4111 https://bugzilla.redhat.com/show_bug.cgi?id=2446453 https://www.cve.org/CVERecord?id=CVE-2026-4111 https://nvd.nist.gov/vuln/detail/CVE-2026-4111 https://github.com/libarchive/libarchive/pull/2877 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4111.json https://access.redhat.com/errata/RHSA-2026:5080", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-7.el9_7", "arch_op": "pattern match" }, "zqGJegkbTlVqcHBa6HtRTQ==": { "id": "zqGJegkbTlVqcHBa6HtRTQ==", "updater": "rhel-vex", "name": "CVE-2025-14017", "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "issued": "2026-01-08T10:07:05Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14017 https://bugzilla.redhat.com/show_bug.cgi?id=2427870 https://www.cve.org/CVERecord?id=CVE-2025-14017 https://nvd.nist.gov/vuln/detail/CVE-2025-14017 https://curl.se/docs/CVE-2025-14017.html https://curl.se/docs/CVE-2025-14017.json https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14017.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ztlVnn1P+W74ZN9vh2BisQ==": { "id": "ztlVnn1P+W74ZN9vh2BisQ==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "zwpNi+NBoVUfQ5Ed4vkNug==": { "id": "zwpNi+NBoVUfQ5Ed4vkNug==", "updater": "rhel-vex", "name": "CVE-2025-9900", "description": "A flaw was found in Libtiff. This vulnerability is a \"write-what-where\" condition, triggered when the library processes a specially crafted TIFF image file.\n\nBy providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.", "issued": "2025-09-22T14:29:35Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9900 https://bugzilla.redhat.com/show_bug.cgi?id=2392784 https://www.cve.org/CVERecord?id=CVE-2025-9900 https://nvd.nist.gov/vuln/detail/CVE-2025-9900 https://github.com/SexyShoelessGodofWar/LibTiff-4.7.0-Write-What-Where?tab=readme-ov-file https://gitlab.com/libtiff/libtiff/-/issues/704 https://gitlab.com/libtiff/libtiff/-/merge_requests/732 https://libtiff.gitlab.io/libtiff/releases/v4.7.1.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9900.json https://access.redhat.com/errata/RHSA-2025:19113", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-13.el9_6.2", "arch_op": "pattern match" }, "zx97OaxgXH8j+mFWesQySQ==": { "id": "zx97OaxgXH8j+mFWesQySQ==", "updater": "rhel-vex", "name": "CVE-2022-1620", "description": "A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.", "issued": "2022-05-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-1620 https://bugzilla.redhat.com/show_bug.cgi?id=2083029 https://www.cve.org/CVERecord?id=CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-1620.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" } }, "package_vulnerabilities": { "++K+RsmgWfVk2mj1+hzWKA==": [ "1npmxgSnoYj2MyAhQMaE7g==" ], "+LQ46YAn9giMKDZRMCUpfg==": [ "wEZLQNUZyYD6Rz0ucz5fzQ==", "ZAUFPHu5UQZ+B2n+SrWIqQ==" ], "+Mkqc/Y23wK8i6e0RDbi0w==": [ "FKu6EFoCfpksmq+M7pL02Q==", "XPUXyp+BOEJyEGOgXafi8Q==", "eDxAdI0cgddAZnBSd4FI0Q==" ], "+yIdH2Pb8SGFuXnry3uK/A==": [ "FpA1FaTnKUwdPkl0KHAbaw==", "IfJyKZ52fwKruf/mbOKmYg==", "NCiKXZEXo4Jw5tEf8LgPhA==", "+56lxqiE6H3D8IED88OxVw==", "0YTTGmYE/9YKV7yhSG2wCw==", "ah5gJjq6ntKGHe05l2QLEA==", "mQgdyTODJZ/UTHC5haonAg==", "psclC23VyV2exiVERqdTxQ==", "/ik4PFVpoYSF6+jKJPGHoA==", "flk8YBa9lwv0ud+syzocqA==", "TszqopCoskBv4coMA3/peg==", "0K8l/WAiKh6VWmmuYinJBA==", "n6coP572PTpURrDz8Q2egA==", "RxwFiIUPJYMo6r5lfv+sdQ==", "FCO2B+o+asJ7qjlQcg/SPw==", "/ZDgobr+usix01fmflBpYg==", "NWzlm1dQzX7pu+Y8xKgSEw==", "XWaBdbEJiHpYXT1f1eBk1Q==", "BbM0NZsMsZnNUi1ybIzssw==", "IJSMEZBpGJDyClVadkCLsA==", "OLjLMRdWldBjSuTKpYjduw==", "G7l0N6DSTPJhrn3beR4QLg==", "X1UyeDYfkBXcgz2M5KA5LQ==", "LyQcB6aDtcDf3FmzBVHSKQ==", "F/boCR7kXAGa4+GAELD7Tg==", "IvL651FnAzrxSYOiOuXMlw==", "eFT7gARF6nhlfhMNp4LgNA==", "t0yM+3xw1ZQW3unHh4xTyA==", "5LfrNnR/sOzaqKXS35YFOw==", "55t0Oo9c3cgFDjqyaNS70A==", "CPaw49wKw01O8KSP+trXbw==", "7+zZLUPhCOA3BFrcusoKFg==", "1uk6R7fJdNFj2gxMFc6jOA==", "by+PAyhAcd2LS2O/tZxbRQ==", "LJERbH00ig5nWiqOMKw/Xg==", "nmCFeE95EAFeqYx2GUkIrQ==", "Lc5MrJdT06D8uHMkpa1+Og==", "g0XDRtU68aJjKkBv7OKREA==", "V4GddSO/lMB9AeE2VC0gSA==", "i1aZclSgDVfSpq3wWatknQ==" ], "/FMjm+UzO0PTaS3Td0lhkw==": [ "j7yoSCks+i8LevHtgFwCwQ==" ], "/L1kFEoHZTukrNTCQLypFQ==": [ "aOUfuyvyyWEe7Z1IZT+fGw==" ], "/t0e+LuglIbDcO/k67Hr2A==": [ "XW4X9/W6MfETfE/VICA4Jw==", "fSeU4QTAs+fY+ihLpgdM9A==", "R1x4adkbkgVhxc9hzgUZcA==", "n39YhRffL6tFFAy/S18A8Q==" ], "/th8aUKrkgR3Sw9KSBM+CA==": [ "s0PUMgVnEtuqOkBdJNAqUA==" ], "0N0D43vK8KV4kQOq2LQn7g==": [ "bKE3ov27WR5dMz8a/M+jUA==", "whMVc0u5Lzujkr6AuzQzMw==", "QY4aLgQQjP1oPPp38ArMrQ==", "uhGUZtCY1OXgM1L55/upYA==", "xYZxVBz2xY/aoDQPqi4nCQ==", "PT2kHv2z8lzB78apv1Gy+A==", "LcEYljn+QTWUC36NwQCf7w==", "7CqLd0zk1hiFU3yrvTTdyg==", "IfZDrkeHpfXHfjHzETuKbw==", "cUH9U4T8Wpzm/UIIektEAQ==", "DCflC/lDsmgt9IFXJM3PyA==", "SjbW0rogoRJo0my37ozMDg==", "2DPl1NLEsHotw7kYOPR/8A==", "2432H9ZBrMWDJ7HhyQT63A==", "pwFS1oPwyZIRVgVgtAgSPQ==", "59oEBlU3jh6EL6gtZDUaug==", "icr9XD5DN3YDWvP3naYL+g==", "MT27FBW6q+x91HBvTyGVKQ==", "uWz4SaM79VpO4EPAy+0C8g==", "9bjl4H6CMWLL3h1g5y6i9Q==", "ija3h8P09PxwjEuLSUS2HA==", "Q2+f0ITzWPp+YCesnwp1Ng==", "O0QnjS+0zUH+vff5xaIpCw==", "eMVMlNYLRzjk+Xt/peAYqg==", "AJcMDco3zISLrE/7+42hGA==", "Rf7m+dbWxZxBNm1A9nfdqg==", "wCSSFNSA2T9dnpBY58W6Yg==", "ihcyIiYlnktNuXSrEgrQjg==", "G77a8vVkDX/8Yt/v29MOhA==", "glwEUWfaBwNPBrXUJo34tg==", "GEDO3j20WMwIj0JMNMq5Iw==", "0UWL07sxLog3CGNaaYYQxQ==", "G/dmoDOpwh0GrsMovfySVw==", "CSv4lPWUxMcEgRRI/WkPaA==", "aQ/ax84rpyWNveVTm/MQww==", "eOOfcRLf3CHL5spaYEPovQ==" ], "0Yvc2+M8FAry625wuL4S5A==": [ "x0tnd8GOUfHQCdr5bXMpHA==", "HjJnWaqrr4SaFPjzu8hVkg==", "8utuZQ/Ix8fDNAmmSZivvQ==" ], "0wIoN0pFyBSc9eVtRdIOWA==": [ "Y7j+Hhv6OMvu2cmEQkev4Q==", "IsqBfnAxrh9UbW8oQaSR7w==", "SU1MGh9+Zg3Zuy+khiN0Og==", "tDVJVtVXjEp2hZmPcOFM9w==", "J6GavUf0zh8+C0zHHTDYfw==", "4JIGhO7+fAz+LPTFEuBHUg==", "WALxwIFXDH8ZvKesDKBFiQ==", "U61IeOaU1v6bOHJxSPbCCw==", "tZCJ3EMmfQYEKmNY0R6pgg==", "eNUwUuL3W5wSpnxJfClXhg==", "zec/1Gm7Idd0fQLOCpU8jA==", "wT8kuZRd+rqr4JY0ByO9Eg==", "XhkP3BSjbvvRVX8X7UztjA==", "FUR7T9AnekkZ5hPUz2WP6Q==", "SRL0fsSEDtOf7vYyf/BewQ==", "O+NG96g+kK1DtaJEFTfwuA==", "XhhNgYgTJmDdYc90YuE8vw==", "bpM7BDVV04atOPduc9mI8Q==", "241S2RmgJzaFxfQcayo1Pw==", "9EdIuoneTMp3CNIfY+O6eQ==", "PHRlWl/iCYco+xAVn6SmKQ==", "JQe3P/odATa/OKbzn309dw==", "yVSbDx471AjTjlaUBaOQ5g==", "ny9UQzoPVAr0qIXyPr3Zuw==", "XL+Z1BeLmN8Pi7RZ6D6z/w==", "Qp7j7oFs4UbVUHVGblDM1w==", "yzs4f0vIG+ordPdSm2meFQ==", "LLwLKTruTLedHaSTZAzh/g==", "EzveB8rJWscHHRZtJKOdRA==", "bgGUNdBAEokCVaY0TKwk/w==", "kRj1Frl5pmWWgd5LR0IPyw==", "3wnJ6TxCGJITikNK4m6q+g==", "jbS9IFs59O0uPYg9IZeksQ==", "ggWNBGsBWwx10iidOhjYcw==", "Ds5dBDqvRggZONNskvuAwg==", "m/cpX9gyFETv4B87S/qRxw==", "lCc1jyHfsFJK2HfULjN8pA==", "d9oy2JiAKtie2N1lu2J6ew==", "fuOmX+MQWgJjrWZ2kXbtlQ==", "V8tjixCGBsaAWvQP5Hvn+A==", "GW37uYQxwwgJBIDtA/dT2g==", "V2/vsNJeH5BxrzuVis91/A==", "EFXoHkta9v8NXWXURLTCBw==", "OaLF1hM9BwMPMfYWn9kNEA==", "mZC3gBcn6x1aC7q9hXUpKg==", "4Ir8FDWM4WPrO3dybbfnYQ==", "y/vNaOETNDNWhjGaBLNhRA==", "RxiYxX3H5lL8cc7k0ac/mQ==", "XoUEjlwE1Uyl1H7Seu8qUw==", "0Gq5wAUiCXaH50wxZYx9MQ==", "/+t6edjy50ibBAIw8q+CWg==", "S2g7delheJOLf2DxVbw0Hg==", "L04cc8NCPjDZYnxYDnO5+A==", "8BMA6LbX8vjrr4aUcmHB5w==", "mUXGZjQ6odB/7zYNoJjJRA==", "yrkfySEOvQHtbEYpAUNs0Q==", "qpRD6NPbAOP7sG5S6hInXg==", "fMQ6kctftYthbGvZli2/sg==", "dWyG19OuEG5lNCJXvpjTag==", "NDhUfh7yf3tRc0CV3znIIg==", "YJjb6TqEvdj0lSF4MHg4+w==", "y0c8SsIbu7kpkqoaDhf8/A==", "nNzRt87EkCVymyYuDyEW2w==", "M9nh4Ryt6GwPUlLoItHqnA==", "hECLdfUszFQo2UbzQI3BMQ==", "lJah2RfNfRF+vEQdCucT7w==", "ul9JS7YMI1n2sVUWOX6Hbw==", "3DJmtryLboz5D1RmZn6WTw==", "pd2B9G+4ekvOFTzso0NXCw==", "FgTFx5g45j7WzA+bfAHPzQ==", "VMHGA3jL56ecJElCiIU9nQ==", "a5xKL7Qrgq3D0d3zE8x4RQ==", "vrR+k40GTfXC5FT0h86jIA==", "Y3PSsgfYVK7+nWpNGBO9lQ==", "yiivq+72Eny8jduuFDoDEQ==", "xWQ3VSY/nFJP/yijxRUoxA==", "hHQvhYHv8KxCCQMiFpmyWg==", "whliDdpxFuOM5SHWXrizNQ==", "84g+WJ21VVZ5YgyE9krInA==", "Bzc4r1UXMoCf7blNLHkQGw==", "4K1RYkumn7qw6Pk7lwpfbA==", "mQwmpMs9V7B+YNSY3NMExw==" ], "13/XvLtRK2RDQlcsZc1BtQ==": [ "FpA1FaTnKUwdPkl0KHAbaw==", "IfJyKZ52fwKruf/mbOKmYg==", "NCiKXZEXo4Jw5tEf8LgPhA==", "+56lxqiE6H3D8IED88OxVw==", "0YTTGmYE/9YKV7yhSG2wCw==", "ah5gJjq6ntKGHe05l2QLEA==", "mQgdyTODJZ/UTHC5haonAg==", "psclC23VyV2exiVERqdTxQ==", "/ik4PFVpoYSF6+jKJPGHoA==", "flk8YBa9lwv0ud+syzocqA==", "TszqopCoskBv4coMA3/peg==", "0K8l/WAiKh6VWmmuYinJBA==", "n6coP572PTpURrDz8Q2egA==", "RxwFiIUPJYMo6r5lfv+sdQ==", "FCO2B+o+asJ7qjlQcg/SPw==", "/ZDgobr+usix01fmflBpYg==", "NWzlm1dQzX7pu+Y8xKgSEw==", "XWaBdbEJiHpYXT1f1eBk1Q==", "BbM0NZsMsZnNUi1ybIzssw==", "IJSMEZBpGJDyClVadkCLsA==", "OLjLMRdWldBjSuTKpYjduw==", "G7l0N6DSTPJhrn3beR4QLg==", "X1UyeDYfkBXcgz2M5KA5LQ==", "LyQcB6aDtcDf3FmzBVHSKQ==", "F/boCR7kXAGa4+GAELD7Tg==", "IvL651FnAzrxSYOiOuXMlw==", "eFT7gARF6nhlfhMNp4LgNA==", "t0yM+3xw1ZQW3unHh4xTyA==", "5LfrNnR/sOzaqKXS35YFOw==", "55t0Oo9c3cgFDjqyaNS70A==", "CPaw49wKw01O8KSP+trXbw==", "7+zZLUPhCOA3BFrcusoKFg==", "1uk6R7fJdNFj2gxMFc6jOA==", "by+PAyhAcd2LS2O/tZxbRQ==", "LJERbH00ig5nWiqOMKw/Xg==", "nmCFeE95EAFeqYx2GUkIrQ==", "Lc5MrJdT06D8uHMkpa1+Og==", "g0XDRtU68aJjKkBv7OKREA==", "V4GddSO/lMB9AeE2VC0gSA==", "ohJ0B7EgOJ9MaxYsbvhjIA==" ], "13i0QoQ6Q4yBI5RUf20lXA==": [ "h7m1EaKKCwaqq30R6Q/BlQ==", "Uy8P+1ImBLgh4EjZYlMO1Q==", "7NIMWPjl58dCiuwwIe4bGg==" ], "1GZ5tdSeZY3Wi3x9/AVQ2Q==": [ "eiMh0pZiJlWSr3FHHfVKhg==", "rtmfAClgZr+pMIYCffofpQ==", "MMLwOzBcCET4jaa3dPuTwQ==", "hUC86VV8kD262xFcev0ZiA==", "RoQvxPrgcpXyTej834bT2Q==", "5C8DQrs9fwpmV8rRYlvfCQ==", "uPUnbuUJlh23l0km8iQ2tA==", "4wegIDtvEZ75QrQWM65auQ==", "lWdVDKK0NI1ECjrQyrQZhA==", "MS7UYZB0gpv9XnBQo9QJdA==", "CQPV/OxtJ+DwYc6C4gniNQ==", "vZIHu7rsNO8R8If5mjyTiw==", "guG+lyS5JQIDSZS6MEfIow==", "lJ8RTw7m+AgAnWW6upSntA==", "q5joCCZ2cOTa0rXBUtiSpQ==", "4LZWGm07jnOHHBGX2FzAwg==", "QaKFgrY/cUPl6Ls/xAwlFQ==", "1w+glHHFE32ql3XJuIAYWQ==", "gNGv6C2nj/tHk2ntVJUOWw==", "4WgtH2AC4w3jDaPCHFqEaw==", "knUP7wXG3O435cJDvu9Thw==", "MIaYLvbJRWXm7UR3+CJ1PA==", "IeTK1HBLKpS1+gfVSPrpvg==", "sAlO/t+jkkm59mLcdOgB9w==", "I3+uP7bb+nPtzRYHH2UUgw==", "cly/G/AvUZQM2J1YMymkpQ==", "r4Fu2fNYrl5cfm4zX5YpZQ==", "uEn9qA67O/SoYHOtH/EL2w==", "Bu9dxnhmsLXDd3x0oRPHfA==", "e/bnYsWq3UNe4TO8qzzb8A==", "1CCABRgs/s9xxQcDgxw00A==", "ElE6r7xQZAfd5MScs95BXQ==", "rwC2lB0lflNzttbo5Agt3g==", "oGhsPyoyEtiEHT7/0qF+CQ==", "k9jtJIr2beiO7DTwypDNWw==", "RRtBD+EuTLmzasgAaBJyZw==", "uO3OOEY6W3k9QH/tNVK0LQ==", "dcH4AHY4X+K0bO3O9nqJrQ==", "/MgFHW097IAGIZkNc/Fltw==", "tbkEtEs3aa+p2/YQaD8BfQ==", "i2CsObRdsFCFCIvnyVzw5g==", "Kr2KcyJfYQ8J1RDorzTofQ==", "8XLKalkulxeAh8qfecmGlA==", "mmFI4mA7exd6BfbwTUwJfQ==", "FroZeKbNhNx69+bj8o0OqQ==", "PqOWZHQu7W9hh0UlnMkHAQ==", "oIBUxFCAPk4vRXBwpcmtFw==", "BHd7IxntWhEzC1s7XOworQ==", "eT0Z6G4b2zSUUUSLlyL8Tg==" ], "1XXuvf69/0I2dNHaU2UndQ==": [ "/wfob5jHHezdiyugtfPWjg==" ], "1dO83wB64hDLki3A4eA/Pg==": [ "bugTfOdgCaATW4vTnuXTSQ==", "HxI42iSjURjRki+uV6q/9w==", "G4J4D/HzBef3xun2GfNS3g==", "DhF8bifcikVpxEkzi7eo9A==", "vy6yzxdusLc9vaaiu2HI2w==", "hcytdCNWQ/uK0EA5aDrWOQ==", "yzANls12pwNNRyqxmDGy4g==", "H4boG/V+MB7stA7jG8O6Tw==" ], "1h9uHE0QiXBO/zpJrT0VjA==": [ "1lRtJofWFCTkQi0dreTmvg==", "wzbm6jMqKBEu1w4HpECY6A==", "tbhLz74i3ShwS72WbIsoOA==", "lKniGV6mBq1xFWJ6V0QVvA==", "/Hu/RwrxQwmMU70Y0Ls1DA==" ], "1iUaGpv40BOJQUks5I0iYg==": [ "27u7kvLvlu7kh99wyuxQrg==", "Ag/7bmjihl8O9dsSQf/ivg==" ], "2REYKadw7TKFiuC+OnoHmA==": [ "CH/8kg0DShdiNjzv6+DZnA==", "ijNNBHI8o+gObvRZ97LRdA==", "L3Sq7FQbQmRq1R8Dn0eFww==", "2UhjmcPUkGmILpYJPZEiNQ==", "JegoLVJD+r1CNqau++1Vlw==", "UWR5dcXlfiNMz/BIfTGvfQ==" ], "2fg1ZRYCSPKKOgCxCcA36w==": [ "Jo0GiPh7MZcVuLsVDbp7qg==", "CMGu0bZesU9cyPAc2vK34g==" ], "3688bXyK/nwHthXLLVH24g==": [ "IWplUWF011EXddGnkU5Png==", "teVzqeXKz5qAL9KrVUsKAA==" ], "3DTA/XNFCCDFf6sfX96bGg==": [ "rpzV0o5XSSiqAfiLvn+7sw==", "CQY3y5mGXL6FhNg/bhr8Rw==" ], "3RQKCmep11B4hkfn96QJTA==": [ "QNeXj0/uAU3vww6deBbkrw==", "WxO9le6q4ACTs4KnSuckDw==" ], "3iIPR0bjuCPQ2+48pSdeHg==": [ "4gO4ls/gy0nmsC3NeXvyVQ==", "+WB02bbxvRVZgJj5gYjJ7w==" ], "4Aph2Qer6+KdCecFsU0TXg==": [ "HT4k6+0VwtXXrNi4IFV2ug==", "yXjhPZPggtyVHOPFjmeHOg==", "AILk1bhdEUQriiNdRe9Buw==", "QskDoDnTSvrQeDXklM4YOw==", "0u9BhQlRGnXqmFj5VxmVgw==", "xgLvjf6I20G6RWphhI+SWg==", "UCWDKxZlG+RSFVukTFuFFw==" ], "4DM2GB9KLL7/xWypPdz7vA==": [ "8QRmG/+fMsQQzP2maaxOag==", "5z9ZOzxJREYn5oM+HAm6dA==", "VGewdTS02tdqYoORYHK7Rg==", "VgaIsJDFBatjqT1h+RQLFQ==", "1oKL9ZSv1M4CmxUhNFjpmg==", "iSsTR9jTS/494HfIgB9pGQ==", "WIbunUW6+W30QKZc5Tmqzw==", "JTwzSHX5xKxgTtyprecVew==", "2k/PqFfUaKNy33VkAbVD6g==", "S2Vz+b7SfKEl74LFjj2t7Q==", "m77LjZYd/4k9LSozG2S2mA==", "3FdyvSRS+ECfT74KYiCcLA==", "2vidY7qxU0KDMpAzTaXQCw==", "KJGsgMArislsisVXSZHY4A==", "qIRy7/v51ILezECGLzLGBw==", "2VowcBblBj36IfwmFRwcwg==", "E90jB6HCh1KjzQXtmHMUUg==", "pr6wo3A29JKUBSVK/BGExw==", "V9lyeZvue30g1R6RiITjAw==", "peMVLpnT962hXrm4IDBPqg==", "9b3CWaJsQwdqnuBJDBMt8g==", "9UTiJlsfYxfa60iynbYgLg==", "0PMktbRk+B4fdwvvP1VWUg==" ], "4ImdKzJ7uZoaviIayzuoUg==": [ "/GSEB7NuV5IOBsMvXs0hOw==", "c95Jb/MAeM4/Wnq2jSIopg==", "ghVsimzHhtfG91QJVkK8Jg==", "Aet749oXCwhRnnY9gEGYGw==", "sWCyUi5vmFbqsTEOh1QQvQ==", "dNHj9TUgbfnbgJUCEellCw==", "A3ZYVQ8Z63tDAx8FSltQHw==", "JVuTqfPwohmj6ucokgM2sQ==", "GDAkupnsjiTl71rwzH5RJg==", "VEE7ccbKf4EH2dNVXOf2uA==", "7jE4UN8ZNzWXfNDZ8BZq3Q==", "DUP5ugYJi+iUbcfFxoSiig==", "T8IbBnTK2Iv5YVT88l9ngQ==", "J1cvee8xy6oZDEdA21dqEg==", "8TL7OmwuwkB+6m9uO5u62g==", "sxcy9NTxyeNn/j3K+DCTCQ==", "k6D6o9qP1X41yPQlNQ8aww==", "X4CDljJQJsftQ2RA57ftuw==", "gFgnmTqhW1tr7jmOrXQQQQ==", "XsxaedsaFYv/ys7GTRoUVw==", "Ji6OY1u39nJByKzCNwfpIw==", "1I7VtxkB33ashDX0kB4Teg==", "+doAGgTwsE0iptDdCED/aA==", "791CRjnt/pj2GXzRz2PiHg==", "gx7w+mYZCEGlSNGIkO6bLQ==", "3skSbDjTQ02+eNiFJz716g==", "J6JEqF6+PkBwS7J9B0Lefw==", "JvC/rVWSiuNeMXzeTDRZHQ==", "nuFsbkH7VzW6LS3WLhSszA==", "e1tWGyUIVU1QafO75am9CA==", "lWxwCNVjYSW4SdS9h9uKvg==", "GR80zW702W+xho6dTSNlyw==", "MEP8FBVAfPt6fwJRFfcI5w==", "+govv3Zh4UHQ+P7JiRlanw==", "HJRWtVFOp4GhofsLDJveWg==", "7XOAm91CGfyc8WKL2gtbrA==", "A2AnBV79RO3+WE0eMQnW8Q==", "0O2I0zrYDyiCiU68WyBLvw==", "lG2c0hNx+Fgq8Zf8B1rJyw==", "2j4vw/Ef1McLxa/C6FEQvA==", "YIgEtVnwIF6/C/aQPFqKxg==", "GJ6//hGiIsio2zBFuudd/Q==", "jyRfRwiUvNWAyNlZmv3MkQ==", "K9Y5KUp7F1q2lsyaUxy23A==", "AzHq3xNdZjrdl02cKyAV8A==", "C/qQQwNpHdvLBRbvV/RD1Q==", "Ira5htRPGofy9veGMRD7Vg==", "xU5h/ccSMUFpzLZ+ILu+rg==", "8T8GNMb/g1PeB57LD09kow==", "fZr2KjiaLrxmLBepxX+epw==", "TQEoFglRNgkSreqoAySz5A==", "9NxQaPp619Bd0qky1dvzZg==", "MVGmB/UrNlB0PqdbI1X5iA==", "ANxFBq/yNQoElX4dsXb0wA==", "562erF6ddCIyzi5oV/IzHQ==", "uJDCv1FWYpz7eywFMZ5WnA==", "VZxWbc2wJwiwTLhillEtpA==", "bytYw82gsP7fmiiqIEcGNw==", "O4VudlVyChnCKHP9qhS59g==", "/i0rPUB7nJcIUQuikyWxeQ==", "e67z2nzRKHIRzFxg25zTcA==", "qEoADqpvCc0dfHbPv1ykKQ==", "JZIEpU7UdEXuAMj6emkt5A==", "nKGJQ32gv73mgVLbPDD8Qg==", "dhk9SR7XgMlUT1SwbOzs0A==", "ybQbHANLbpeKvvvpnEOh2Q==", "YwefEcZX3L6SA4VOQcDTlg==", "rkpLgzhV90FRHYY3ESWHfw==", "MrRavbeiISRcJtBRJ3ZRsA==", "YPJKJ4DYdTXL0BJCCS9pgA==", "eh73UwgswuQUUBPGmZNxLg==", "bmNjdpodhrAjmmeNv8j2ZA==", "OOCO13z2+atrfqEfCsJ3/w==", "UH1xPpnVOud+f1gKl26ATQ==", "WNRX1UWo4fDLFOhq9mcbIA==", "NplyvjxiuekBB/5QKoOJbw==", "cv/HKlhaI7EJMBLIaTimwg==", "0LvlxzvH25js4ffWzvLRTQ==", "/U86DUGeHRSAL0GvmlifyA==", "u71+866Ffd2deSVdosxvJw==", "e+z5vuxLZ95xajn1dSffxw==", "mTjHmpUEF29L0I107JlM3Q==", "H5vm/YCKZciOb4TXZmGZlg==", "VQ+eWJsUMBep4PD4xfj8Vw==", "TI1OyePXauC23iR42z7HKg==", "o6arI4B+lOjvgV6k7kauyw==", "4ZTG400o6y5du1mo17bLtg==", "FsYbwBEvKH6FW81JU3KSvw==", "m2sL00H9lvJ4xs2UqwHxiQ==", "fezwmAwUNAjVNYh+YY0Wrw==", "EBopL1hbi9GBQGXZUVNCAA==", "WLri8p9NfgX8reKybIYziw==", "3wP/Eggf7Bu35MpzNr1Fog==", "ToyZiPOtBFPiNJOZ8QaYng==", "VcgFEXPgpzLsj5tOjILVtw==", "kBdyi87P4B1cTF5hLS7ByA==", "71rWwrWl22424P8D9sWBZg==", "VdMk4kWMgrdK/5+i3n6XhA==", "fUkL/QrHEZtoCydnxvHQYQ==", "bb9X6domCAmA+m40PgE/jg==", "iUURXijANkMZIH/VbXWyYQ==", "vZzq+XzhXQpcGK6x6C81SQ==", "bnbyK7dxlE/oYVQQzP4AfQ==", "k9Yjqv3ifDP4XwsJSZ8XiQ==", "7TWJhc3cfFgph89dsQ0nBA==", "dgwlwyboh6/BQfJsyoE8Eg==", "UhBP4F/rEtGjZG3U8Wvp2Q==", "49jEi4xCgfg8T8qzhNobIA==", "8wGYNPE2+g59IfMX+q95UQ==", "YXzXrFNVRnn1xbJjvqeq+w==", "ifl87FYu8EGpCz9Lakl+qg==", "cm3OVRYaWfpGnoqokxyhvA==", "iL/VOECJBzyFgTCwWDppVw==", "ITIiuf1dzb05+JHj8h65fg==", "gCKIolAPxKn/MwnZqQ5viA==", "r9W84DjqWVoSeRkzoMmOdA==", "XfjE+J06ONMJAg7vkQ3tbQ==", "esWNnTXfVcQMP31EwLadpw==", "osxk1q2jE3TCrr5JCQRhNA==", "L9hbhq3wsZ5QkKEIo/fhYQ==", "iE+bfILM7uszXcxvEd6gYA==", "N0YFziBj+5bn5JQnjfumWQ==", "wnyL15XgdZxOsCINsou4IQ==", "z+rEPA1G209OEh34yG1aVQ==", "uTyk3o8xjznk0cEQXm/ouw==", "XqfFkzS9GKZn0SPxJdTgfA==", "keMF1HAI1OIF8MvJtPZQ+g==", "EXi8j2JWeu5xYuWml6Ellg==", "iguNGuUCiP6eJSJt14Jo4g==", "WXqvm+7SM0p2PgR8h/gpvg==", "X+rjva7ecn1JedeVO9IX9w==", "7B4LUCjMkCM+NcHtyQXyFA==", "NfOajNNzWnotxhFpYD5Nfg==", "ISgjA2mi+Q9vbdNEhDKXOA==", "3a2lYBlaR2GDen/lmTlCyg==", "hzkoKs3QdYyXJMnifzGbxA==", "LkG+n79mbPHrPl1sC2ee1w==", "pK26sxPUfpa6SjJQHK9XfQ==", "jZq7+x+5y+AXKvl07ivVBg==", "xek4X2TrLxrtYM1HALbG5g==", "9z2MVdoreqGVJcUFUz72OA==", "am8Nu2Xz4xTgOxf+V74bZg==", "pTPOuY2Z9zqKtyr33n5ctw==", "Oqoxq5RsXkX9ZEI9ETDo/w==", "qTcNeh3tg/7OmxGhGG7cNQ==", "hizVOzI9X9GcBBCKZH/AIg==", "IRgMJoQA4x1xizY2hEw96w==", "9ia70lNV6NYvmzB7WlbYQw==", "xZsh7Q9v1lEcCIn4GeJadw==", "fBicZck0jWBRn2U4JNy52w==", "vhM+rFefbZb+2rYFLcy2+w==", "Srb0jwMVUQlaoxewBgoI7A==", "5ZJ6PuXfgRMCarpNow00ew==", "hMwTXtuK2CPZup51st8vag==", "xP0q7+9N5MKgQQUq9keq4A==", "iTrL6dXRPICy+0Wmi1qlPw==", "vZf5q9QE5SuB3bMw/VXbtQ==", "nhTPOqyx5Hjq5RaQThVb3A==", "1SDdOQM609JpOnF4Vx/qwQ==", "GVXQ1XPPQkuhZ4SIFGoF+w==", "1QnQnbNEHorQXFc0WpMmGQ==", "4buHU7VwQZ104Kjv/TKwDg==", "CBFMybHyX4sHIYPIO6U5nw==", "iMwaCmNtKHrK2+scb+hkxw==", "LMcwA00QGnxriAXkZQIhHw==", "tjg7NtH3QatPaaScohSsZg==", "YpjyzhR3jAhlzb479lBoJw==", "ND8tA1FahvMc/ZIGpyoj3g==", "78Ya60ppwS4OL6ZK9P90Qw==", "ZCWnPSXILcJ9aE646DCmag==", "Z064OaMrPYngYTdOmYFpOw==", "RCa1Bj2enE6hnHOgI0Hpsw==", "3yaDBYST3GIWj+F89QlkNw==", "ZELKWqL7/eOb/qnydXpFAg==", "+3z2iqfNC+87k0NgFEkCCg==", "KCYwWkMQ7jeCsX2dnrw/9w==" ], "5JeNH+bHiuiK9wwBZqH10A==": [ "sXnCRVNv4i/ZmrJ0YxWonw==", "Uh6QIejNBmYSJ+kLmnZWzw==" ], "5NZNFErDrBiBoorV+igTjg==": [ "pBJCL45M2NleSRKXAGAPTw==", "6J86dffyd+kQEKbjTTbD2Q==", "q4W6wpO2YbOLS87LUXPVBw==", "TNb7OrRxFn2Bis7zp2oi8A==", "uFXEnN9gepJ4+HtQWdLrOg==", "qMBdcJlDiWOfl15fflzyow==", "abYhvv2PIAbu240JiMWauA==", "GuM8+Ku1VtBzfPk3/FCgzw==", "0u2Zo3eZYFAXhVSIZh+vXQ==", "KC4H6WRPkYrWvXb9OC+odg==", "Ihq7mkhGM9sf/8QM05o7gw==", "Ub9JoNToSyT09hD5MOIlGA==", "uglqkYqbcsDd4SCu9NI2Ww==", "+o9j0Llb6+ISl2S6vmkRkQ==", "FAgeMhGaGcH9QOhQHw5rhQ==", "70HU3efHkL/3G4Y44qZmGA==", "12PmpsYpKqbguwokcjBXqw==", "wEVnFZ6M5zpBHSw+nqU0rg==", "9uaveyIiSEcdU4MrDHbJ2Q==", "hv1o+8ALinWTDa5cH4j3rA==", "q6x8gUSR0HLnQLHLmB4Htw==", "AQa/gDZ0IemFxWbJIsU4yQ==", "5vR/2ZAfb0swnLBKDl3Bzg==", "w93rRV74Y3Xaae9j4uy2iQ==", "quMgsZt2z8hlQ+HzwzaVJQ==", "qXBiVfXy4luW+BbyG9z9BQ==", "nD4gdXb8ND61ypX9fYklTQ==", "GolUr/klMsQNQ9QFMdcAmw==", "O41Bejc6em2i0QjOrjliKQ==", "QvPHR+YbqNjRrCZl0Ui1yQ==", "Geg0mw2hzdsfDbJ9adcmWg==", "ZeLcisCXFaeQKOi8dej/BQ==", "1PYvw1fdwe6hM2UBdw4Itw==", "qdXDrJ7D0lw6kIY2dy+1KQ==", "1QQmDcMkRqvOte/bR8QEuQ==", "ug2Mk8LI1eIN0hRNT0s8JQ==", "X9na4KYJ5u50u+KLDr2iTQ==", "ZZj+FChMvULXnT4QSAEvQQ==", "N6xCmSIsupN7OsJaYpsl6Q==", "ETcQXJZrA6IUPRr4MXFUIw==", "4K7cGcsZltSw5Ayu8+A5rA==", "RReWBnQmCp2XJDUh6xioRQ==", "fUlz8/rwVV2PbflGdFYCdw==", "LXj+7NB7elh/3U/gcE77cw==", "tvq/gvjGf6pzxLuMOglBaw==", "c3eMx85yv79gfxNsxZXPHQ==", "K0/KdAmlvzyf53kjXgfoRA==", "VJAm4vMolMmA2ytzFknQUA==", "vAAzy4RBfYsNO+V3LlPJ7A==", "XHSXqyF2rScxnK03VnME5Q==", "QZQvSq0tzcJY8GfiU/aXpg==", "qLHoaQ/4ax3G7SRd9aV2yg==", "yz/zQzn72boszb6Cab3Y9w==", "9M1meEoYiMYlmYR7kKfweg==", "Oaw7/z6QEDwwzKvMQmdriQ==", "jY7qsjEMOfcaNJkgI4dijw==" ], "6COiLlB/V7UlOwfuFJy77w==": [ "r3RLKNYtYvKarBqnnrlrew==", "Z0bbSkX8e3OUKdJa86CbBw==", "xQ6R88+x8IssPvOAavmZXw==" ], "6G4wapu2zP6UYfTP+Ip2pA==": [ "FpA1FaTnKUwdPkl0KHAbaw==", "IfJyKZ52fwKruf/mbOKmYg==", "NCiKXZEXo4Jw5tEf8LgPhA==", "+56lxqiE6H3D8IED88OxVw==", "0YTTGmYE/9YKV7yhSG2wCw==", "ah5gJjq6ntKGHe05l2QLEA==", "mQgdyTODJZ/UTHC5haonAg==", "psclC23VyV2exiVERqdTxQ==", "/ik4PFVpoYSF6+jKJPGHoA==", "flk8YBa9lwv0ud+syzocqA==", "TszqopCoskBv4coMA3/peg==", "0K8l/WAiKh6VWmmuYinJBA==", "n6coP572PTpURrDz8Q2egA==", "RxwFiIUPJYMo6r5lfv+sdQ==", "FCO2B+o+asJ7qjlQcg/SPw==", "/ZDgobr+usix01fmflBpYg==", "NWzlm1dQzX7pu+Y8xKgSEw==", "XWaBdbEJiHpYXT1f1eBk1Q==", "BbM0NZsMsZnNUi1ybIzssw==", "IJSMEZBpGJDyClVadkCLsA==", "OLjLMRdWldBjSuTKpYjduw==", "G7l0N6DSTPJhrn3beR4QLg==", "X1UyeDYfkBXcgz2M5KA5LQ==", "LyQcB6aDtcDf3FmzBVHSKQ==", "F/boCR7kXAGa4+GAELD7Tg==", "IvL651FnAzrxSYOiOuXMlw==", "eFT7gARF6nhlfhMNp4LgNA==", "t0yM+3xw1ZQW3unHh4xTyA==", "5LfrNnR/sOzaqKXS35YFOw==", "55t0Oo9c3cgFDjqyaNS70A==", "CPaw49wKw01O8KSP+trXbw==", "7+zZLUPhCOA3BFrcusoKFg==", "1uk6R7fJdNFj2gxMFc6jOA==", "by+PAyhAcd2LS2O/tZxbRQ==", "LJERbH00ig5nWiqOMKw/Xg==", "nmCFeE95EAFeqYx2GUkIrQ==", "Lc5MrJdT06D8uHMkpa1+Og==", "g0XDRtU68aJjKkBv7OKREA==", "V4GddSO/lMB9AeE2VC0gSA==", "RUDcnDBVSmf+/LWMe4Tqgw==" ], "6LVRZKaAJH97OKCXsJMDDw==": [ "JSxIEGIOCwboUDoJZgS9fA==" ], "6VAQWTpZhN9PW7YCmVhxsw==": [ "51jf2IrfzMdepCjAvXkPMw==", "1/PWApRfYh/rLEOR0JZLsw==", "2bOVXniSdlE0fZB1iot4yQ==", "wbgbZuReVn7DfcAmqe3XZA==", "8gQtKtb/Xr3aGfsLtKyetA==", "b7Ve+kRpf1f/Y0XXi0L2vA==", "qI12E1AIG5PjZFUHEhSkgw==", "eqZVUGTs5pHRR/tV2jQA/Q==", "YnyGgq68v/XTMEk0yU1qsA==", "vLDNpmPSXi+t8ebIQHILIw==", "sTJKOfHbxppSoExQl7mYpQ==", "kJ/PUfmUBn2Ep03yRLItuQ==", "0P/5eKFuPPXM3bHgeAHWxw==", "JfmoxvDj+qKmecssvuGVyA==", "bqEGDVpuXY3j7Kr18B5E4w==", "59oEBlU3jh6EL6gtZDUaug==", "icr9XD5DN3YDWvP3naYL+g==", "MT27FBW6q+x91HBvTyGVKQ==", "uWz4SaM79VpO4EPAy+0C8g==", "9bjl4H6CMWLL3h1g5y6i9Q==", "ija3h8P09PxwjEuLSUS2HA==", "830L36AKCoBHnXPHE6R6uQ==", "knD9e5c9mhfEteHg6iIbAQ==", "taWP10HWuyQrPSEFSUjPPw==", "BfJzk+M/zKnbrBHcCrvIlA==", "EfJCfNem+1eUwnsxx2dNOg==", "cC3lPQDv1QQiffpXJ4JvcQ==", "ljT4JJv6XdYorFfJ6zbfog==", "lO89yYeT5Xt1E5KBgR1OXw==", "UuV6vmv/pMSyQBUW2Wn3bA==", "f5rDGDIgGLk7iLvtlKjm1w==", "S3c04CkV3MUFBzUssTpBSg==", "4Uca8szOo7gGoVgv+DjeUA==", "fcJXnA1/CqZDeUcxpMPyzg==", "n5bOb2nwIXCE6i6WEpGlzA==", "ktNuCXztDAtRpUWlUtIWUg==" ], "7JHS+mBQfJeJoy73lvm4lw==": [ "/GSEB7NuV5IOBsMvXs0hOw==", "c95Jb/MAeM4/Wnq2jSIopg==", "ghVsimzHhtfG91QJVkK8Jg==", "Aet749oXCwhRnnY9gEGYGw==", "sWCyUi5vmFbqsTEOh1QQvQ==", "dNHj9TUgbfnbgJUCEellCw==", "A3ZYVQ8Z63tDAx8FSltQHw==", "JVuTqfPwohmj6ucokgM2sQ==", "GDAkupnsjiTl71rwzH5RJg==", "VEE7ccbKf4EH2dNVXOf2uA==", "7jE4UN8ZNzWXfNDZ8BZq3Q==", "DUP5ugYJi+iUbcfFxoSiig==", "T8IbBnTK2Iv5YVT88l9ngQ==", "J1cvee8xy6oZDEdA21dqEg==", "8TL7OmwuwkB+6m9uO5u62g==", "sxcy9NTxyeNn/j3K+DCTCQ==", "k6D6o9qP1X41yPQlNQ8aww==", "X4CDljJQJsftQ2RA57ftuw==", "gFgnmTqhW1tr7jmOrXQQQQ==", "XsxaedsaFYv/ys7GTRoUVw==", "Ji6OY1u39nJByKzCNwfpIw==", "1I7VtxkB33ashDX0kB4Teg==", "+doAGgTwsE0iptDdCED/aA==", "791CRjnt/pj2GXzRz2PiHg==", "gx7w+mYZCEGlSNGIkO6bLQ==", "3skSbDjTQ02+eNiFJz716g==", "J6JEqF6+PkBwS7J9B0Lefw==", "JvC/rVWSiuNeMXzeTDRZHQ==", "nuFsbkH7VzW6LS3WLhSszA==", "e1tWGyUIVU1QafO75am9CA==", "lWxwCNVjYSW4SdS9h9uKvg==", "GR80zW702W+xho6dTSNlyw==", "MEP8FBVAfPt6fwJRFfcI5w==", "+govv3Zh4UHQ+P7JiRlanw==", "5SopsIUut+H2XaFPAa5Sig==", "UsE9/aKvx7HhPwZe6KY1zw==", "1LTKa378StuY8O3o3G26jw==", "XXaDpMG90Mb3fV4QxoLqXA==", "H7H9wMobv6DOqzUUAdOqGA==", "JZouihQMnG3T6XSUXqYbkA==", "fJ9ZvBhuvQVNdsen0XKxfw==", "YoJO5p1sMUFmCt+7OiX0ow==", "hx3c9WG+Xum3pwxo0+FyRQ==", "d0TdbMsURHlCTk8d2vGLjQ==", "6qxVoatDqIolfyN1PZUKnw==", "WnkMM/SD0E+7EEac0/vMVg==", "tboTb+/fwz1O/l+3w5n9ew==", "FMzc9QFitxthf16XR1P0QA==", "McBbvTJIAPyP1aOW8M+hzw==", "7ZyXE8z7uZKjHitrjhSWQQ==", "NXkuwjwxMseOUUaLQCgnuQ==", "/bIhvJWw2AYMGyJtBaoH6A==", "cNsQU/uNFf7PsCWqaKxjAQ==", "98vR1ByhE/Y9cvB+lRN3LA==", "rENFCyvqecBUcAR85/9PBQ==", "nyAi61ve961xOEKhhdNTkg==", "T2rcJ7DPtdiGNP7r4L5R2g==", "pmYCdyBPlSpsjaT+VrrmLg==", "LUlesLbzv1yf48cLqYDxTg==", "rct+rak3m0uMzU51NldQpg==", "QX1bQ/CZA5mRbcqjpTc9aA==", "IV554NtP1F9KO4IyBit26g==", "A2YTvJXiGwe7aOSqWlEZhQ==", "W08Ska67/8hV/b3GYflglQ==", "9C6WGntg4UmJkjiylWVxnw==", "7tWeNpgpS6TZ4aQUo8g9NQ==", "u3VIQ3Bv2EdQNxxr10FAOQ==", "psR1kVsSZz19yYKHsoaoNg==", "rWYn/Km2lN55sVL7Ui4zmQ==", "QqNagWxBuciWgmqsaHDwZw==", "0ZGrJGNNqDLH/sZXsRkfvA==", "VyeYHICkBiXwLbWKsz4//A==", "sWMKQZ65XKDEmnR/u8vkiw==", "5RkTDL6DiLROYOUsuY5wGA==", "eh1RT9v3ol1cjACTvuohFQ==", "SnI5fUbXuT/Xt+VkGvddww==", "9lOT/bRPy9mu1knhwrLw8Q==", "/WghVlKV6eiRYf2iGmk9sQ==", "r+NuuQcHZ5hOWGRHanlG0w==", "RU6xHn/9SV8lotyX3JW1ZQ==", "o2RzBkbyaO/aJUexQwQheA==", "kVJhm1LYIfhvn92InJZLDQ==", "zdrK/Mitm8rUuLp2HwWnmQ==", "zidvm9MkkP4S62Ofl4+xSQ==", "kXL26w3j4LcAqSQ9tOuWMA==", "fVstMFtDcM3yfjjb8mKxrg==", "qOdN56IOMUot4YWCQPjPvA==", "2wnmmIxGcmTTQ7kdV4Q55Q==", "wed5fBK5xYyUEx1EpoQtEg==", "+pWnGgJUL0jrC1yhwq+kNw==", "6bZ4UNaa9jRLVZoZHQgYtQ==", "oBl0IuwDdaD9PwMwSDcQpg==", "srkxdJQ82zHIMw9egdZc5w==", "9PE6ZiUdIaAWtCsUgesEZA==", "eejojwYHRaSarkdAMLD2OA==", "j7HjBQaZ5PNpv7JydPZ8OQ==", "yF/CyvOlKzDmpBu26JCuEg==", "6fJcYsi1gPQNv5g1ujEPdA==", "qZtkd3o/RK7ypjgH80sV7A==", "8CpdPmXa4Bke5riHaKWhcQ==", "7uj4PEKyThSRh2msjDtceg==", "s9zla+0u22E+Nq1zlK4A0A==", "1aPjlkabj3eUY8WGb+gz+g==", "D1jz5P28B8rwvnVaChXHiw==", "CW81Lp11K0nBc+3dYegY/g==", "hlV8M1lvezTjDMlaNPSTvg==", "OqWPbZZgGqlPCMzbmClfHA==", "UV2MuUVVyu0L6wfdUc0Qpg==", "QwkBpizF3mo2JpevPMDeaw==", "tVO6+VLrPGQTVjdd/8MBTg==", "STluRm8qQBZc5ygxny9Znw==", "M4/opsM/3qe/3m0zjGkItQ==", "Y7ypeGdtYfJMJApDHYX9tg==", "bELtRRWF07YgwEcu9KD6Jg==", "k5LjlV1zmKau2rAIOnay6g==", "edf9qrl//4hhbTQ8nlVN7g==", "ktZZSLvjrHrh7DYZ23sMhw==", "rXJvA1HAsx+E4rVQeqU3qQ==", "BsGuSaqfP6qrCK8KTTY4qw==", "4eh40PtMaL3JhPlCzb+8jA==", "7Q0Bus9RTfFy/UrxkfH2sQ==", "Sgu/tfTuRDchfvDOoiuHSw==", "ve8kNOScD+vxLjbMehgbRA==", "o+oNdKG9C3ouEb/OQo1GOQ==", "c3NVrHAJ0F90wrDIEwTmUw==", "h4AMnuZWsySyrebCjsjhxA==", "ZAKrc32qORy4LwsxMQgfrw==", "jh1Mqm3BaTYV6MdA+4D74g==", "s1XSou7D1y9Q5LYLnrc6kw==", "/crHce0F0k12Ag9tTWXgCA==", "4XOA2zoAqaqRnsk9Cc57Xw==", "0TUqdQNGOvjHNFjkDen1Sg==", "63po8QED6nDungBQEqHIyA==", "W5AFCpfA9GqOU4nKI8CYwQ==", "TRC0h0EsXNyoIhQGny9CvA==", "V0Rkaf0QFhuzPUd+sx60Og==", "9gB7mQN0y1Zy9EiaXIHFew==", "jecTmyeay6DKd/7zioYjow==", "xVnM1Y5F9hIYQN1//jfY7Q==", "injDY40WUdFqTiXseelJog==", "cS/0ymtIhJJUkn3i2OVYww==", "JXQAkdur2asBQ4qeq789Ew==", "pNsmsBM6zioL8gqkR9CNUA==", "bjkXZ4ZTp29EFzF+wMw4xw==", "c4b8AyMPp1ls7ClKiTCbAg==", "ftPQfiVA8qRKJwxT2xcXRw==", "/G3xQo8kmNMyu7hycZYF/A==", "06GjiUkv66Ek9Iq8u3SFSA==", "Seg9bNv2Tp+fFcixDR+uTQ==", "shLykdr8yp2VSWaBtoxh7Q==", "5dsQlAsI3nHmxcFSn4q9Fw==", "88J81+RFP5n56+M0nMV4iQ==" ], "7ZWYFE98hi9HyU5Q68Jgsw==": [ "cbNKZbfbJhPfPLHi6va27w==", "TEg+H5IUFEuL8/4VudXtEg==", "/E8Khm0ZXy1gRiDom4c+aw==", "29Fo/GOP7MILPepOrnMgjA==", "q9L+6bHSCCXbReRfXEPeTg==", "yq06et41/lBQ0nsMvLOG/A==" ], "7qAMBOvJ2FYxpK9n05pI7Q==": [ "v9qMLnWqPbLz+WC1hPhb9g==", "3AbYXrLwWtddQg0NqJQudw==", "4os+HU28VQ7buZvoEKQ/kg==", "W4i+1AnMm5l6mD/A/2lJnQ==", "SSReN3l+Qu29CQbqRghmtA==", "Xms/F5NRiyBcCNuPxw8aoA==", "a8lEoliaJpwjl9bCwQSdLA==", "GMnASWjZHihDlhJdlv57Iw==", "CDo6xcGHS8cRMMAj5ptO4w==", "Vwf+9XwzpTrnxfhej9q9cg==", "kjz43GS3cPffEnOhzwtYDQ==", "r3kgi4w3ZfbkZqbg7eV+tg==", "W1tMz8vPaPxg0wpYqAjagA==", "ZEQbZFnaRO71DxSveNx3og==", "A0davrN208bKuUZqpayi4g==", "MjFiN4irFT7ilUN8ogYBww==", "LvLSBTmw++OZNe7y3SPjew==", "quiQlBj9HjhLTEeBMkOGxA==", "8I+OMKXto/vUm6tBBR6EYQ==", "1xlP6pB26ufMu9nE2My5Iw==" ], "84WodsWNE9m9GIrBiKl02g==": [ "XctMW4QJZO0RsDAv/VoABQ==" ], "8Ky53YwzOPM2pkEIVuuuBg==": [ "B1gQIzGtgKR02WiRgVPUgQ==", "F2QVfam7Idr3v4Y7g3wf/Q==", "GoHsuuxRgbGb3lm852rQmg==", "ynnULh1l7jTnQPnMak7suQ==", "mL/QvlBQrld+4EwXWLYTNQ==", "Jvht/v3kohSHL0Dt4OmS+g==", "n+8zHdzpUdNYaOfjqM+rvQ==", "uPUYRQErrH0+5XWkYAjsjw==", "v9nWDWoVTUzEu77hVCL+xw==", "c/+IhJOZwrUFnxH/AA8NiA==", "YJkc0fG7G+dwREiIQihS/A==", "QireWdVPs8MzNOJ1scQvdA==", "T9nCb/lA5TdipGMhtb6HJA==", "FnsKxnhjNS+E4Y6hrazjUQ==", "TUvm6koxiDQRc/8CJ4TCOA==", "59oEBlU3jh6EL6gtZDUaug==", "icr9XD5DN3YDWvP3naYL+g==", "MT27FBW6q+x91HBvTyGVKQ==", "uWz4SaM79VpO4EPAy+0C8g==", "9bjl4H6CMWLL3h1g5y6i9Q==", "ija3h8P09PxwjEuLSUS2HA==", "V9f8Tc0z/tWsm1egJDudPA==", "nLbsKQgcqXqFJTjqeQs6Vg==", "t+vHm4kt0AB+tq2CG41TQQ==", "CXlZx/1BY/yqrUCuQlON2w==", "ixlSuy1zsWjDOO7lFuUNAQ==", "SsDTRy6ZHTEEM+UFVh6QDQ==", "ENoYJ+9TEzYG+jTQB5meaw==", "JtCpNcg8egZjbdozD9CAJQ==", "IzDqrZ8Ru35rI4iCSSk/pw==", "HxiMqPnG14UzA9oHqqI6Ng==", "rRfIMqTlNWlpWE9Bi6NGYw==", "vu4nws6mMs6GJYT1BNu9DQ==", "FlgtpglQEkjGT66EnFUHMg==", "n6Vm6uSXhVeVnZmJCVL4pw==", "+rCn8yfwQj/rMH9c7+J0ww==" ], "8Q+4qMpgUhvMDCe2QUBIuQ==": [ "Fi7GXCkkqJvYQw6Co8Nk7A==", "QsR+n6O0ULfYayvahAaltg==" ], "9WzsXAqqRoLidXM4HaB8/w==": [ "oNps3pS/KBKadK++zlgktA==", "VnqYDU7XWi+aYnVQJuYtxQ==", "sUwVQqIfYgZ7onTB1NPzvQ==", "G33a+jVnMZNg6liymp9Lyg==", "I4HPpXHWYdmlm5nIZYX2Zw==", "7U+8ffRP7ahu1ot4Zj5Zlw==" ], "9hWn3VgLVkzmMJln7S0UCQ==": [ "oUbBUuaPbKO68xR8hm0EKg==", "QjS6b4li9vRMvS2l49iyfw==", "pwNeC1oSJCRKeW3NQ1Zwmw==", "EZo12eG9Obl1kmhRKBmcvA==", "76ytKtBeQe8L2T7nxeVp/g==", "4PXcy6CSX2EaPwYEdLkfbw==", "DQIgoLb/8+6+HRbr8B6wHw==", "6WQjHZdyTC+aVOSwNc3+BQ==", "pxuVFZsuUa8YFBkmcjpnxQ==", "dXgWtIQra5a7FOM/lmTQMQ==", "IGsR1pj6qXRBH+0hYVXsew==", "J5i8I5ZRQGDUXQI4WkC0FQ==", "rFWIZJAOzhCWoZKNelyFsQ==", "AI5OCFigX+y57buhAMK1UA==", "Jq9s0m8iiaLnslijc1N/kw==", "l1pK1ezh6e0g8I+Dp2iK7w==", "a7WPDd2/UqA1rqbo6pjM9Q==", "H1wshPoazj8pmzsnWAztZA==", "6rEIsdyQtCC456AuGwgsDQ==", "X4Ym25zfqcH7/samBN+yPw==", "Pza9Y2xtH9MChVMkZwgw2A==", "3UNcgW64Eji4iyY2ZDB1cg==", "X7DmUVoCri5i6vdYVBBgXg==", "zqGJegkbTlVqcHBa6HtRTQ==", "vnI8VBZMnSK/Spr6qFIUOA==", "IFUwSX5dX69QHRHfvOeQDg==", "oqSc7q4k6wTno/u9knscCQ==", "l6IrI73Pg+lrisEtcgX+0Q==", "FQwXyPZ+oHyxQZ9RBQXbpw==", "YIlv6HIDfGqvZL/MDTWWpg==", "d0nPfXoEZybRuV9TMDY3YQ==", "8MfvwX+dRI6Qt2H+x71rZg==", "+TrS27bZKgEeir9pISurnQ==", "a9FllBAJiFi5FeYl0KG4aQ==", "smB1yCGhBb8gDhPAER7odg==", "/+enDTB16pRyR8XOMcf3ug==", "J1SK5zSFZI94azX3jybBbw==", "wCl622H8UElXM4AFHot1bA==", "oAa5rQ+ettvHgaEihiWA9A==", "sQrexr1vAx+h04KwvoON3w==", "748UmdVwB73z0xvCImrQmA==", "Ewdn+P1XzA/h+WRvejvm/Q==", "4RaJ63cwUpp+QWj0IKysEw==", "WVkwWFZlIInzrX99VsKBBQ==", "Cbqd4MLPHY6FcToWh7U3IA==", "ItuvzyMGym4CNyVuxWwH3w==", "DrL6S4TbqHyLJh/Go9vALA==", "oXbtPoAI0xd/D3jVRZ8E8Q==", "24Paca4PaySz9eM+VJu4ew==", "tTdsNcqGarFD7KtMB1ag6Q==", "rz/CPeG1fPitayrSa0BFxQ==", "M5aJiMv2/MaWINKfor0BrQ==" ], "AOquy/6bQ9axg0KRp6hMjg==": [ "b+WKHvVRvScXQjTpsI/dQA==", "U6XBHhWp5n1+o2ZlJ9FraQ==" ], "ARxZCHzD7KB2Pu4aHl7POw==": [ "YXlS56JkLiuXwjbDNwkvdw==", "N6/VXIOitxRZPgnZMgm+4A==", "ZMp4FVCkBvOUuQnhgF/KRQ==", "W9Pcn9xdPg78KgFAK5oOyQ==", "Lw4KgrwWujzRmDjtibR3+Q==", "3BY1OD4rYtX6LEFO6X+/Yw==", "a7PsXEXsbw8aTCMWFxM9mg==", "2M5CwoqtCrF9ix+6ghISOg==", "ntPgpTaOsf+PmS8l/Ba/Gw==", "GbZa+XIQtfFHtHWs5gm0wg==", "4TbG63vud59mo+N/aCOqpg==", "4H2TsDPy1XcHidTqNqeZpg==", "TT6ujth4uzblGI4VcnKBOw==", "Gn9qNy1ITVhOKz+nUviaSg==", "plTl3JV8fPj1sUiMh31FmQ==", "MvPzfqdptyOBxzxR1iCL3g==", "OoUkTYhn9kcAyWK8OpWEvg==", "xF20fK5dvutyLkWcMLVDPw==", "ZhTLRTlcbZumWmiritxOAw==", "aqmerajri2owkCLHieW70w==", "72/cPQH5mNLd1/e3j2Vn+Q==", "2QjZksAOTEJVwk59l2QYOQ==", "SfJy5i/9nh3s5fpZxZDQCg==", "Lr5d+BjmGHyC+AWnFQJRTA==", "B+E5cjNC599y+nmprS3J2Q==", "JLdsQ9mzV76+v5Ttq5j2hA==", "Fw+ArhlgBhD30C7D93vYhg==", "/eHyvb2Yvu/vFkWHODEbfw==", "f9AAdWBkmOO1/+acrJji3Q==", "VwRZMkFc1pqkTIff/cjZtQ==", "uRGTeRjJyz2NEeH/TpkK8Q==", "qaC6F9Z9j5kAaiDeRwL7nA==", "HmZXdUV/ycFcRK+m71pC+w==", "2Yo5V5wVVXhJ0VU+H57P9g==", "Ds5dBDqvRggZONNskvuAwg==", "m/cpX9gyFETv4B87S/qRxw==", "lCc1jyHfsFJK2HfULjN8pA==", "d9oy2JiAKtie2N1lu2J6ew==", "fuOmX+MQWgJjrWZ2kXbtlQ==", "V8tjixCGBsaAWvQP5Hvn+A==", "GW37uYQxwwgJBIDtA/dT2g==", "V2/vsNJeH5BxrzuVis91/A==", "EFXoHkta9v8NXWXURLTCBw==", "OaLF1hM9BwMPMfYWn9kNEA==", "mZC3gBcn6x1aC7q9hXUpKg==", "4Ir8FDWM4WPrO3dybbfnYQ==", "y/vNaOETNDNWhjGaBLNhRA==", "RxiYxX3H5lL8cc7k0ac/mQ==", "s9Fn1OI38EWrq2OqjoQ6KQ==", "3CUrg7YVjtx0L5aX+iMRxA==", "6miUB07ljV2HaYX/rZ1yjg==", "kVjUyjaMJ0bXnwb03Ksw3A==", "uDUK/vmP915z5uyCv2VhVg==", "9fvqDo3ARbJLIgwR1oX6QQ==", "VDdxJUjxgL4zXvGWC/1xnw==", "9oQBIjmHHZP7ZEjuqVHO7Q==", "MrpKafmPiKoIdSrqC/r3Sg==", "WCZXmTnbo+2lbMuZdpH8NA==", "t6Z7F4vRK3+khLx6GFFiJQ==", "Gs2+AgmYyHSIFlXrCWZVZQ==", "ua1shFLPCkFCKWCRwaqUDQ==", "bOMmd0jIpY2e7Cl4owS24g==", "Wv5rERdynoJ/gHM2CtgXiw==", "Q9syyD8a/4l/mc50UAvBnQ==", "JiPLnE3IM4/yPxZ8earXLg==", "U31VkPC5v6K7XIsRFDo19w==", "dgb3Uq6TqRF91f0NcIu0Uw==", "/+Tfrcve2y5Ca3irhvwHVA==", "+do0gu6vrF3ZT5my5V6+CQ==", "+Q1v3N9+IP1xQOJnmQWDyQ==", "vM/BpQVYTLnKgFVNAeaxvA==", "MqCQLlgAJiW3Q42ssHKybw==", "+sWeYS6ySa1XLsRNuvvO3Q==", "xUBSdDBs0fiKOh6BCZPXOA==", "cHe6S9cCUDaq9usM0j2CnQ==", "l91ZStS7zd83ItxB5JiNAw==", "6q1zANz+NJU+U0TPL1Xa2g==", "7XSgHUx9G277ukge5cFkHw==", "DZWopkvTJiWmVsAADTNOUw==", "gZKcOjx7BKTLxDMH6ZvfGw==", "qV/TxipuOJ9b9a/x4IT2cw==", "ZyINijq7IMSOcH4xz5eNoQ==" ], "AdRs6lk9yzTM3HvjeEThKA==": [ "QskDoDnTSvrQeDXklM4YOw==", "4JsZIRvQ+13IMgBIUPH0jA==", "dZ7ryQ0b1w50+eNxXX/Jcg==", "bZGx+ktPNqzyr9hXBoIOTA==", "P2LAyAbSFxWVwlNB9c/A2g==", "djVJ3xutTQUXY8g8Nh3rxg==", "+JeSB99qGv/68TsolLxJ1A==" ], "AnHvlYoTKSxzg0JMVMiJkg==": [ "d/522T+B/ARMNSG+3QfAWA==" ], "AxTxyAHzdLVnUL9t8+ZYmg==": [ "kkBeA26IUhnokem2LDfx1A==", "7T9qiwKBE1swIXuW9Zvewg==", "RPlldG/r8WWd2UCSZ1vzsg==", "QHS4gwmQURKolJEnj/ZMHw==", "p2D36zAi5tbYfUPJhBVLhg==", "urOIF+inUTTF1gL7DeWkzg==", "L2l/2cM7p8mbRx8/RerNPg==", "uvaZxZFE7cKBjyjVQ/t6lg==", "WGccGAwrqbQSNjycPuaPsA==", "aR+DKIj7GETMsDtNSfYXNA==", "fEW9HCDGh5vauL1jhvKpFQ==", "pT+67u2xHyxzA5Cl+Ui55Q==", "3D/COcmVFbxgINNliqKHgw==", "HfjDJmml2JYJ9YjdaPe+zQ==", "HS96brYtpBiaYpW7OxT5Wg==", "Lhc4n2a9ma6eRDB/RCRmLQ==", "M1Z06nydk707qbRpFiKmaA==", "H1wshPoazj8pmzsnWAztZA==", "6rEIsdyQtCC456AuGwgsDQ==", "X4Ym25zfqcH7/samBN+yPw==", "Pza9Y2xtH9MChVMkZwgw2A==", "3UNcgW64Eji4iyY2ZDB1cg==", "X7DmUVoCri5i6vdYVBBgXg==", "zqGJegkbTlVqcHBa6HtRTQ==", "vnI8VBZMnSK/Spr6qFIUOA==", "IFUwSX5dX69QHRHfvOeQDg==", "oqSc7q4k6wTno/u9knscCQ==", "l6IrI73Pg+lrisEtcgX+0Q==", "FQwXyPZ+oHyxQZ9RBQXbpw==", "YIlv6HIDfGqvZL/MDTWWpg==", "d0nPfXoEZybRuV9TMDY3YQ==", "8MfvwX+dRI6Qt2H+x71rZg==", "+TrS27bZKgEeir9pISurnQ==", "a9FllBAJiFi5FeYl0KG4aQ==", "smB1yCGhBb8gDhPAER7odg==", "EYkM0DDu8tbFKzGysEiO0Q==", "KXzUsn7IGL3ZRMjBL3QOng==", "PdGhfwK5tePs8ngzFuopoA==", "++J1c+9mFiyHFShlJEQFeA==", "H+x0VPepDcitQiESaSwIwQ==", "ETjF+btf4DIblmTTbHaZSA==", "1nX4t0Z3G1H45fqJox3f4Q==", "67Q/SCDsFWutXyKWQ9JQdQ==", "NNyvMdW5UTPp1jGH161XDQ==", "be+F+Fkt9wYh4z6YwfNqdw==", "gR+h15dyWueqbKII4cPOWg==", "0LMSjLLjEqlpe4LAE1rWJA==", "ff3woW6bpDBZXooXnBPlNQ==", "qMnTnRnGw88RiTP1PFxynA==", "dqYoyBWLAQszVE/IX85oqg==", "N7otM4CJgwQwy0Mz0UA3Vw==", "NJhwMDbt0IMvlSLLB4cUVA==" ], "C3QbGupU53FFTX0pkfNLrA==": [ "e0/Fzu8wfMZp9zX32i9rMQ==", "+4boUUXSpak/++mwJDcv/A==", "okR1HNl+O4zCKuv8Joeqcg==" ], "C7VGVckK0YZj4RiVmStEsA==": [ "LElGnvRnV9StufJdr+3D9g==", "g6ZHihkpvpkr3oZoVOs05w==", "Mgu68G03r/7Tj/zMomkJZw==", "bugTfOdgCaATW4vTnuXTSQ==", "HxI42iSjURjRki+uV6q/9w==", "s2LBjGccKZbn8OaPObByXw==", "LeWRqc+lggRL8KnG53e6CA==", "8Efa1m3XsyOFY5vSd2fHNQ==" ], "CjFzfz4zBZj7fcwIrVHCRA==": [ "FjB9AnugxBHu7Kwf86C67w==", "GtECMHzRoeZKh1TLvpCt+A==" ], "CpC5etTxiNuDvBGQesJNDg==": [ "TccjTp2Y8sTyWrjrm24IKA==", "e0/Fzu8wfMZp9zX32i9rMQ==", "BheYJlsY7UG2Ru8eF1IU4g==" ], "Ct/46Ed7Asmqt98kLc0FLw==": [ "vgP3FAR9tXjiqUc0mFlRrg==", "kQq8hvN2yLWiupMaLbRduA==" ], "D/XNnExpupd1bO9ZIJIE9w==": [ "JsF5ac8+OAOWxsV80iUiIw==", "0W0/E/g2cPvxNF42LmIwRg==" ], "D0GGDit/UxegO+/A5R03SA==": [ "XW4X9/W6MfETfE/VICA4Jw==", "fSeU4QTAs+fY+ihLpgdM9A==", "R1x4adkbkgVhxc9hzgUZcA==", "n39YhRffL6tFFAy/S18A8Q==" ], "E2+Fh4utKcr7Wyiwzh2bYw==": [ "ae3lHA7MmabWs4AIbhandQ==", "k2PJBnbhSab9fWak/vBKbQ==", "66LeUA2b+ILx/Qsv0eSJ5w==", "vljECkHLXvnkFYEiPVK0gQ==", "PMaPI3hRDt0vFaerryvY/g==", "vY8p4yRfnET5EfrovUfwkQ==", "wL88v46Y3XlOQ8xtlmBugA==", "15uVNLTcXPHEO0XVoOOwZw==", "EE23Ay78OLUGxmoM3vXPbA==", "DGdHlHvCVlJgbLPDhdwSoA==", "f6oGdnhZomBa/bs3snB3kA==", "V+7K8Rg1uux3xnVmyH12/A==", "OxOc7/P4x7mjEZNhGnABDA==", "W3qe9/KhW5BUF2s+kXxVcA==", "z12tQXXi14IQVfwzjztF5Q==", "s4mktw9S/tOEdbFRu8ZxjA==", "POcCjok8El2qPlKNKRD9WQ==", "y/3qWQj3xOUQpm2CUr+ftg==", "jtuaBa5xeKFbUsOxJOGtDQ==", "O0ZHj1wCkn8EgvHd15dYqA==", "TA2J/BLShfgMiVMvb2bFmA==", "mpDlR2Lk6PsJrTVRdAvAng==", "+ieGB56AL1fLbXEZaHIRig==", "HnNhAdInEg3yPEHYo7Hl+Q==", "7UXEplX43qBZDj2wJI621A==", "XdzUGUJMTsfPfs79OXKU4Q==", "nRYrn2tFn8hdV0x+2YRPYQ==", "5j7D/WXFLHsZYUeUrskpMA==", "hazOAbpBSQ6ZcoEMkq6UhQ==", "I2RIq/DddjMUlHYGWhmsEQ==", "R6drGbgnzqKGDiX/RNUdqw==", "Ldf0SBs4F44XtkmDr6o4kQ==", "1/8/Mjb4nleg0SsOivHAww==", "rUdPv86F0f314ayFTA1g0w==" ], "E7ikPxWehuEw+6yIZODYlQ==": [ "Tz9Z9WUqfvL0BrLTJjlG5g==", "13Dkon5caDMIMuKn79Qskg==", "jujfK7kvNttCHbG9Y1cEjw==", "+QQwOZo/9naGhbYAyaOr+w==", "OSUAY4vX1mm91uqYY2QyKA==", "mjI/WzMYY52AQdc1No8ugQ==", "ZZYlhV9nOBPxmh+lN8Wzlg==", "WGwIYJUrzsJ4/8TTyxMGGQ==", "3UFdmogC8LxBJ8vh97CLKg==", "4ZcrBE+d85+98j2eHMpVTQ==", "C+zOyZD8CwAZei0FDIvlTA==", "qAjJcUd7scO8lHObIc+8TA==", "pLMgO5RHEs1yrujEkb226g==", "/w1B4Q4YhRhn+C15Pv2Mlg==", "Xo53LSQ1UPT3k4c2guU75Q==", "4PIM0/eLiUwExdFACTKEEw==", "zEKtVLhCQn3xgvKNhFo2bg==", "WlLXHoXR9O8Ph+uSZ6aDCg==", "LTObsRKzbMcDf7ZCch9lsA==", "CfhyOTUZXzyZ1gBqX8Jz5Q==", "ab/GKLlj0s6Lkn9DyDnUUQ==", "3A/kVsDzDDwZXdM+JpfWlA==", "uFRb2siFSROrNSaSMqsvqQ==", "2/tA0uwDqjzRb7JZP+f4Mw==", "QMVQFQxQO9E+szLpK5nZ9w==", "2usQa32fSqIDVo0qKM7RFA==", "x4dqDafgKW8Zo/is+xcVZQ==", "ves1GfNCYjdCXJceNwT2Lw==", "6VA82zmenvpHf3qd7c6BQg==", "IERk9xwccKWSGr20Hb5U6g==", "zjZHjKf2l5+qY9/XYdFMQQ==", "N6yyVyHeduwThpSSvA2dVQ==", "Us6zMNu9gwaRC0UH2SSoQw==", "n2MoI6iOOGKJg6CiwpZkxg==", "UPjX59r3QHIaBVa54cqtzA==", "mypK4Oz3YEbjmcF//Lb3ug==", "JrT9jqBaZlLgPCS0RLnpPQ==", "b/JoMKSdjTg9hoFgyAsYGg==", "QBD2bakyMRLlWNUWb7c8Ng==", "FtF7hWwlQYu4clVsrpBd0Q==", "1ICypZP/7UrDVdoDevopUA==", "5dIAtetRd+EnRw+FudplXw==", "6MrPfKc4s7QjoixYMvK5aQ==", "SS38Q6SbT7pMry4emWgqdg==", "WOmMgxwwjpbn/RLQX8HPBg==", "9HK6XfbtFUbx1tNKJlBYeg==", "pIJllB0DitFR4biXCLWlfQ==", "nqEvJfkqmt5u+8eh9j8mMA==", "LyEH4RIrJnMwmS9bxL322w==", "vn/18J5TIuzcd8MxdMgYlw==", "tIZr20KLFTaQt9OBw5SXsA==", "3w8o+aWAdmG4VgeVZcWXSQ==", "09S7nCU8PMWz5tWquOFCaQ==", "SIPkCsjtWsrsJnfVRjxnKA==", "Mhh/p16eoRFTSGC5EJRZEw==", "BzOgc4nzX2HHoodQY6X6vQ==", "2/I3PyWTnfJdMedKAemp8Q==", "rpwsfSDtxz8KgCjcE5LUgg==", "lVjWozUTbgE/Ed14ZW1okw==", "mk/9oG3VlXeyR83vbnlC7g==", "KBpYoBBh5AFRsvma/sImeA==", "PAVfrfQyg9ezKUDPbI/Nmw==", "0kDaqIpbO93XpnbaK6KFUg==", "wVu6Drfzxh1KT5UxKndpTQ==", "0MVVcjDKfdLbs80csEfrOw==", "NpKL2jmktUTvYJUFA1mjww==", "2y2LXrQ+Jdr+fioSazFF4w==", "r8kk8OjPGZXkalD/ogI9TQ==", "HeemEcWe2JVMYkjGWbuiFA==", "+Q9jA+OXah1xDhJvsj+1OQ==", "X9G3TF69Pz3xUY5yIPno7w==", "6K5O0xmJnJtZcGmUaZ+P/w==", "qhl/5MtAFFjdvINFEhyFsg==", "RA9ILX3H27ou2ro1GzHq8Q==", "miA8N3aOifbt6s11v8VS/A==", "SjRIPS8zwG2cWHBok+S2aw==", "QDYJ95dZNazClKtqoRJQeQ==", "l5Fb8T5ynp1oelRWVY+EaQ==", "UdpGJo841LNQDU8fdaEoEQ==", "svdlbVzNwZE9P/M3GvQ7Xw==", "SsNZleqCp7tmOqFZQ6ZaBA==", "pwSWzlcJAuR/J5zikGUxiw==", "29JfppZedoclZHW2coehcQ==", "q29SxeDdhfgnRkudvf3mdA==", "GwJvkFMzYrKrZEvvNMbc6A==", "OuZBWnWNFHYdTgntdOB15Q==" ], "EgjLGZKjPtqIaFVLlFAAPg==": [ "hK/f5zoJDHjYWcidbJwYsg==", "j3PAipb/hCxnbdoUmJvkNQ==", "vkypiN/HZjIiT/S9k2qxvA==", "j8SFSR8BZ09zBKgRkzC7Jg==", "D17rv5OxhiqZrK+otc1Xcg==", "87p97+dH2sU2JVQ8vQ+Xuw==", "zE3cPdw4Ma9jQQUVeE/hdg==", "7QBYsSaCu8T87GZR3WHxyw==", "tVvgs8QNtuRqLgnWoPIWbw==", "BBNgt41sCJ+dkDLhh8RM2Q==", "NrNei+pIM0R36v4Js8XxAg==", "FInGJTEa3gToUzpaoDNNQw==", "gchW+O287jwZk0Cnma5sKw==", "YKgthSAonF3epY42eqsMRw==", "p8XKlr7C/uFXLykQP2132Q==", "bf41zTvm6HAv6xdiXpwGWQ==", "bpwdCug2xQZhmaazCqwIew==", "ikYp9FVR/trdSFxeYpqAcA==", "/mkayEGPyxm+Oz1uU7VxhQ==", "LKchwuMyQH4TU0LwtP5Jcg==", "N7PASlSPc3vUrDZEkY1NrA==", "KQxTPw9E6zvhoYRhRJNsGA==", "MOUExK9O9qzIs9ukHaS2ew==", "UAhBHfztlbXF0z40Y/JYoA==", "8ZrkaQ6B1f36PC2cIg9i6A==", "khaGOQZwNAF+Kql1EAlBfw==", "T5/Q0DOZypWV6o3x9ziKqw==", "yKRKMYSzkiSZ6c90bTl6iA==", "fZosNTVXWxoMJAWhA315xQ==", "0wh4c9Z6sNxM5NAXtzaMNg==", "qwmfWZM521TTUrM59mggiQ==", "BceQQXlChHEbiy2YYN7FvA==" ], "EuqqL3yIFMd5VRAfuufJgg==": [ "EEsEsfQRh24NPMdhg4HPHw==", "B+xaJOiguNTw6xGmTB+mZw==", "1KxLqY5vPHnDfUxdviejiw==", "DFOoWHynQeFD6fZDvPyKMg==", "7SutUCP3yRd4o5ryN/dDZA==", "QrDxAdiYzNE7ZZrkfYGiQQ==", "oDGZCaWnkiaSQdz+QhIr5Q==", "DtCtyEFA0WRhx44S/aRChA==", "o1V8hGX+jv19u/R1lSOgXA==", "m4A081U6rE2WLJ4u/pMkqg==", "7Q4dYBj4wFa2768mWculSQ==", "DE3GDsNl2faTwlhxzYBbYw==", "CBxUpiwpFiagAj3ihqf+vQ==", "tLfvNXQJ1ryG1oIjuKoLPQ==", "6JXvoql3pzMfkGQb7H+Jqg==", "59oEBlU3jh6EL6gtZDUaug==", "icr9XD5DN3YDWvP3naYL+g==", "MT27FBW6q+x91HBvTyGVKQ==", "uWz4SaM79VpO4EPAy+0C8g==", "9bjl4H6CMWLL3h1g5y6i9Q==", "ija3h8P09PxwjEuLSUS2HA==", "bmyf3V3WjS7kQmiAcGoBiQ==", "YjXf6yY9feRqNoLqPt5iEQ==", "ruok+KtL5TC6jhvqLAZEzw==", "4QiWtYafAt/cFOvYpyJONw==", "kgCv9K1pgDK48LdFtpFN9Q==", "ml41hyZPGVbTkzvmMyY3Yg==", "yK3vcSC4PlKQSa9IQKCw1w==", "z52r/0OKaWAkLWR5L4SEkQ==", "Cxqp3OmZ1TuIow2bpolrUA==", "oQ3Lediq93z2xbrIoJUi7Q==", "Lex02lwAwiaMkFn9DV9FuA==", "YZq+CTlAXva/aUDDEFdZNQ==", "P8ATyyToJgziJaUXIjyPvA==", "ecYseAb1rFmqPx4kHRWeQQ==", "4CRDu/yV+Tfg3mSUobPIUg==" ], "FMrR4PbDeEhmMEh2juuVnw==": [ "g8hJlpBfWMarbfdU+OkQdw==", "89XrIFUuuXy08LkDR6XMOw==", "SaWdJL5a+HL0ZieRiKpgNA==" ], "FVL6ljas6Mq4jYoOr1b6Hw==": [ "iSzOvPxPGZr2PfJTBTQBCQ==", "z/LMTnJeia+du5LSYhMD2w==" ], "Fy3bplraTnRnJlV5RewauA==": [ "Q1F3DVZZ3gpMNQT3yhbiSg==", "C7VuSVoDHe6g3ERpzwYLFg==", "Bh96oSV9q0619slTJCaM0Q==", "qhSIFNwi876BQWyJqx7TXw==", "Sfn7NNniMfKKkrbS2KIlnA==", "aJcuD8I2FFtYOQG27x05WQ==" ], "GVmxmNcJqT3ovg+RwjJg1A==": [ "/GSEB7NuV5IOBsMvXs0hOw==", "c95Jb/MAeM4/Wnq2jSIopg==", "ghVsimzHhtfG91QJVkK8Jg==", "Aet749oXCwhRnnY9gEGYGw==", "sWCyUi5vmFbqsTEOh1QQvQ==", "dNHj9TUgbfnbgJUCEellCw==", "A3ZYVQ8Z63tDAx8FSltQHw==", "JVuTqfPwohmj6ucokgM2sQ==", "GDAkupnsjiTl71rwzH5RJg==", "VEE7ccbKf4EH2dNVXOf2uA==", "7jE4UN8ZNzWXfNDZ8BZq3Q==", "DUP5ugYJi+iUbcfFxoSiig==", "T8IbBnTK2Iv5YVT88l9ngQ==", "J1cvee8xy6oZDEdA21dqEg==", "8TL7OmwuwkB+6m9uO5u62g==", "sxcy9NTxyeNn/j3K+DCTCQ==", "k6D6o9qP1X41yPQlNQ8aww==", "X4CDljJQJsftQ2RA57ftuw==", "gFgnmTqhW1tr7jmOrXQQQQ==", "XsxaedsaFYv/ys7GTRoUVw==", "Ji6OY1u39nJByKzCNwfpIw==", "1I7VtxkB33ashDX0kB4Teg==", "+doAGgTwsE0iptDdCED/aA==", "791CRjnt/pj2GXzRz2PiHg==", "gx7w+mYZCEGlSNGIkO6bLQ==", "3skSbDjTQ02+eNiFJz716g==", "J6JEqF6+PkBwS7J9B0Lefw==", "JvC/rVWSiuNeMXzeTDRZHQ==", "nuFsbkH7VzW6LS3WLhSszA==", "e1tWGyUIVU1QafO75am9CA==", "lWxwCNVjYSW4SdS9h9uKvg==", "GR80zW702W+xho6dTSNlyw==", "MEP8FBVAfPt6fwJRFfcI5w==", "+govv3Zh4UHQ+P7JiRlanw==", "rRcUnpfkGlXrbtunwHjYyg==", "9hzf7VYOdcRePOTqOS2DHA==", "Lv181AfOrKwIP+rlrdVs2A==", "guovo7cvog/lYbVq887U/w==", "1eXmoeT5Qd9M0GiSJ3z2mg==", "szMAuHDpCq8KehOnG/58kg==", "xDgXz/CGonIMAByh5y71UA==", "PEaU9hApxjdZ1D4R2OUZpw==", "95p6rGNUFNsCWfXMBirOLg==", "pF95anl048AG1ftGU/lNnw==", "i8zmTjiP3YXXew6ZKB2Ogg==", "NtbylJEfQzKWA6OUFA9HFg==", "S01BJ2Ht59Iq71LsHWKLzg==", "6/J2BNJ50P9dbLT32gy3eA==", "AyZ2Ys1oI8T5ntmwQE0+Qg==", "c3PMMUG7qpg+sSIEQy9R+g==", "Hk/EnuFgs+4rtDh2D0OPZg==", "FPJOQAbsBSaId8RmD/1j8g==", "F54ap+bUe0qceQi67ZX30w==", "vQedZoMzqBElfCAKIwQo5w==", "c+walK0V+dA1g3qnPME4Ow==", "8kPW6EH9br7BQBK1DHvQsA==", "pp3PQor2CpTCVnKZusQgwg==", "dpCbBO9jgzvekz9nKJpSRA==", "70+Z8jFk8NJbHxPCoxDRng==", "1aeaK9IMMvYHnuzRhdxEbA==", "1V7JwcA/poy4b6C9OdWTZg==", "0dpAE7ovD7NaRYwnkw3w3Q==", "SBAWrxfXaQ2Ka48xajW62A==", "Bp4O+K+hM5aEmCc59xUWdA==", "Mx7K+5VJ9q5MSCq5wzzrvA==", "hIP4iOnrw2sfStgfnTKJKw==", "DWR1BhA44yRQDLUOFXdOpw==", "6Qa2KBduT2HgJC4kctpUnw==", "vnBlYA/0lXrfCSSYxgwhSQ==", "b3gcqhWrOMtSFjkTMyyWQw==", "AJgpOdbNJblqS+xC52p8RA==", "03WJApqdfWbzHtZHpqBt1Q==", "d2mdhZ97rWRfD+pslcl6uw==", "0gEzVf04N4WWI36MnLXr1w==", "SFiwTqc+C9HkxslIGbfU0g==", "RLGDcCcECNxfaKqTkhDvew==", "5BXX9+pRVay9wrZAORfhhQ==", "sHu0Ihy6+HrKJvDoll9f5g==", "ThUekCEizKQbaM9qGtWShw==", "RTmPkhx0MCxt8vC1skZm/A==", "aF8KHEW+yeGrdIo+G60sLA==", "NMbdymzW3TQXZ7vpBZQsTA==", "pFXK+S/0lzfxv0ToVY49hA==", "ANawluW+m7SrGs8Q9Odgow==", "5lHEu4ueMJgetLv/GfKHtg==", "vagSYtfX2ayPhseLZe8kAA==", "gH8HDGn0WlFpVq75mRFmZA==", "+63s7h05SP1xmH1EyLoL/Q==", "sGBviOATX07Y4438NYu+Aw==", "KtIlAO0V0/KiMbIbmHHMGw==", "TK/tQUH9MhuStrQUTQS1ZQ==", "PB44uTo7NGwmA/fjSEQPBA==", "5TfU8//dfsOlT82byi0lug==", "tNFH1YUHHwU3vwUWrO3mLQ==", "GjK0gO1QmNQJ/ZsCakqCdA==", "jYmxPZjDM/CNw9uJ4rnMHQ==", "Ox1tNe9huq3q2onFJsX0QA==", "9Ck8qx7KCeVOhknvjhQwsA==", "B0ZJnlI3io/AXTPjqyoADA==", "TN9ZqAQo2vEW/Tx62EpRcg==", "mfYVQsCdSPyqR1UobqhEIw==", "NGHtfO55iqBhbAmqujAqHA==", "wnOnIN4ZSytFGVwoTjBa6w==", "Nsd5wG+dBhUvVktxuz/adg==", "HFchxDnUHv0YgEfYisGA6A==", "DyteGYzEcNMaIwU0U8gq/w==", "u0MfT/CHY1AhIYRRjCtdhw==", "VUNwpBj4hvcLARxqxrvCCg==", "6qUVSp56FVn/1B93TTNdqw==", "SueY1m9dU5duigybt2Nk8g==", "dc0xpXbQDi3upLAUXz65ZQ==", "sv+609cXG/bmAhwCPRMNHg==", "SRtj8i4HsQkjCyC1YPMDYw==", "bmwYxyT6fmHIa8FODhI70w==", "ztlVnn1P+W74ZN9vh2BisQ==", "cLetPtVgm731iRPvGEIeyw==", "8BsUEMjLB96UtpRd1ludrg==", "xcQReVPnPEIim0iMTZWDwA==", "ZoK4/bCJQ036BMFIy2mG8g==", "/0WOR5Jn6BKoC/9+5dlz1Q==", "ekipReKDch8nQkv6wLHVww==", "PDZIjg6u6C4zc5d09d4Brw==", "fCueh1dJqv6EGaBRtXT/Xw==", "LVwzv4Idra62FxSa6vFC9Q==", "zj6YFnKGohJeDG/BPBNZLQ==", "4Jo5xwEh2K91Sr9xMmwzcw==", "LFiejdPb02ZvCk9/k6M2OA==", "4xxaXkxeYvxr8HgxLSDyHw==", "H1xPFeyk3sWGXc+DXLkdaQ==", "TQa/g/LeIEmPrJezTGlmcw==", "E6F4Bsc58fK+0x+N9LY6gA==", "UC0U9/zd+klwBmGR1YYVPg==", "XSCYGr+cvuvD+k3V0XhWSw==", "tQmmf4j1ZMloac9gv7yd7w==", "5ua6yduRd8slR+XckPuEJw==", "POSFLQ5mtdC9jMcn5UF8FA==", "W9IdHW1dLxMcDTawlof8yw==", "JAo3AhiUcpCO3tqtc2i6uQ==", "Tgjy7QZmeE1bsLws5liQbA==", "Ka536JJULCqquJoBCXWh8w==", "ZMCWgxkMJ4LjF/nj5/+01g==", "fdpDWwmwFLyFeyU+CnbxxQ==", "npYdj4HvH6/ZpruXP++2aA==", "hXiyheRZcHY0l7xO8DNsTg==", "/qkNjq5a4HrGsyOMMBvKNA==", "FMxCd9UpiJciq+gDQcTY5g==", "rTV9bjfy2M3+eJBkP+611w==", "fM+r7qYMTXMx81IJhr45YA==", "OVekopeo2m1+vPR8dGU9Qw==", "kicrFnXrLH996rjfEw0amg==", "3xBuQnj5DELjtk3GymuBTw==", "yOUu4ImaYusi101ZTf86nw==", "MJtIM09Jw6pIepBEcf4LwQ==", "4Utc/6C5f6+A3gsr9KU/IA==", "Ax9cBjsH+o8aWMbSV/GNMA==", "Aw4zZDl3LL7dRv7HVDTRTw==", "KQMykeLmRcNMu7v2ZhkQOg==", "yIgeDQgyoDXR+INQbK5bbA==", "7BER6omsA92tkjpEqGZJLA==", "uGPuYR0b3uiHdpdRa97mfw==", "VAdEk79bS0dMBh0fcQAI2w==", "cpPUNXFgwF2pB9MJlxFOqg==", "V6UHlQALqhW5x7Cn9PKUfg==", "e2U3+rnCE0yJbEhq/B49zQ==", "EGDBCdh3xodxfhx6SFGa1w==", "9XbremjCd0rS6zu/GB+mjA==", "Pd5fn59ga3nlH8XsDKvDWA==", "KWqotAAFzFGFp1GIUjXi0g==", "L+KHKrPvSxZVeDMiWq92vw==", "I362Vwh1x92yigOP2ZDpKA==", "rr46XqayJxVyzdN89JIktA==", "R7IaseHP2Jo3rY8+KZLpFQ==", "01GEWNrsm5Pgr9C+LDMW/A==", "DmDFGmfYPZVBn95oG8E43w==", "yycUgbk2YE6jCbX68FtPLA==", "34BcC5oWRD1/7/1kuocy1g==" ], "HRtVOTg/Y7Pvd6wqcX24fA==": [ "oGVW07Zdco+t8LxGqPbEUA==", "cwXdqs9AFOcThYn4e8y3yw==", "WV6CLob4bxW/eDgXBTJfxA==", "M0WxNlBrWr1WR0ACcsFS3w==", "9b3hAQW/ubh4v6zyl2M5Ig==", "oCDLcNdeKQmSOcg6w237gw==" ], "HbglDdnV9yne0i8jQL30HA==": [ "LuirMfnv2JkWFEU8MUuKUQ==", "ws+M5wSfZVeN7hPLThggdg==", "e5qPgcasC/ZE1MEWSxEewQ==" ], "J0HrVYoM3raELvTfJ82QMA==": [ "cD+9p+2eb4ubWbn/ynDqrQ==", "+nrMi8U389zlK2TEsOUGbw==" ], "JHQdC8JdSGipvO0sCig0cQ==": [ "UVRy+pWnw+7xa7f2U2B15Q==", "DjqCxCryg8LYvAZ67mAiSQ==", "3FpQibjt3OzhrwoSJ9I0Mg==", "QskDoDnTSvrQeDXklM4YOw==", "74B4VkBJHkNvj2AsRU4uTw==", "dkVrajFcsmFenGJa2HiWQg==", "+tNEhZfQ7eus2PEerEe59g==" ], "JaDqP2PIekJ4FuDfyPDUKA==": [ "vekzBecfH1YN/Zd4MHsZmA==" ], "Jt5/Qd9oxegZwQjsNbUyYA==": [ "C0udSo+foVK8TphEaJ9u7g==", "CoMZiX0VsWNhKSQo1NCYkg==", "wlPwpwE94ExdZ/N5EaE3ow==", "2A2BjgErU1GldRQi2g+XQg==", "7v+kCrIi/mMmyn+o9Uh+oA==", "2Z/NA7sGgadio/qisfiC3Q==", "BQivQt20Anl3mLgiJoMKAA==", "RLfmH4oizoEHB59VpAV6Kg==", "ZPTYG1GW4N8khhdO0sFXlQ==", "Jek37tQeVdKEwtu+6a9/CA==", "9Yjf3Ev3R8wbqlhNdfwPQQ==", "atAnLiOuVhy8qyEUVNzM2w==", "9vaAmbFDwko+7w/wBDHWvg==", "noUIfMZn5dUZdEKTi/GsOA==" ], "KlSRCTMecbL63Kg+FZjUdQ==": [ "TMzu1Teu8W2WYCPcLUGpbg==", "5Wt7PRY2CMVsPwL8nxZwcQ==" ], "L1wl5gEz2lzyNJbirzPmpQ==": [ "S5Dzz9cigoJDCj8s5UcT0g==" ], "L4diUjusARli24fy/u9lAw==": [ "l8driNMmALQs2/V7+uCq+w==", "FkUafBj1ekysZyPIbZi5fg==" ], "LD9yEwGtdZJl2S96EO58PQ==": [ "RgBI11FezD5/LF6u61IQtw==", "yrD0ecVnK2Y23POHVpCwiA==" ], "LR+S3JloJQ5YEViBpmcLkA==": [ "ydg80VAiaAwfrueUhGEKNA==", "BSSJGCoYu7W24g5Emwqfdg==", "y+qe2Ltr+Zxrpu9HCascIQ==", "Et5t375uu538q7zsCZ9I3w==", "iQtqv3HeCGvWBf2ImnFK1w==", "toXp/ZwNqXAUsdXRb/4DVg==", "PhzQEpAkCFfaNfVzGQzMgg==", "Ogq02fai+FFfBUlCUVZlhw==", "4i2XUvSeC6zka4yp7MoBfg==", "Kt6vMl5nXH7V+FrvbEPv5A==", "3S91ZYwiienVlUnFeIzkRw==", "J4ecrOEw69avIhhOznG+2w==" ], "MJmw8vClC4VAn/J4MfhK2Q==": [ "DWl94vpEWRXsnNv1XWboVA==", "8ix99v6BzhAwu2rRaagVKw==" ], "MXR26wvfFq4/JiRamdOfsA==": [ "tJJUE3O+B2dj0YzqLSTtDA==" ], "MxYp6jmrNGPG4EUMxgtsIw==": [ "qNquCdlCIf/n2ozJDLW9Rw==", "SPxMxLW2DZ8IvP04UR/H6g==", "Av6IvPz8z+8JAyypXmkbTA==", "+VEguSVDjTT9/ZZv1zUgpg==", "kUo4IyXRh1XFppRDAqTNnw==", "gvOYexCvSFjRc1ovPwHsww==", "WKEI7EQhRkCAgIF18HZjKg==" ], "N4dB55YYjGYeXRj+vLBatg==": [ "lQ+CMunyB1B/r/pkv6U72w==", "14EBaSYBL4fLL4zgayhBkg==" ], "On+NX4Yr+KIGVwagqPDWcQ==": [ "S5Dzz9cigoJDCj8s5UcT0g==" ], "OvOSK0YS4U6j2gyFBATNXg==": [ "aOUfuyvyyWEe7Z1IZT+fGw==" ], "PHkBez1UE90U9LJepncOKQ==": [ "842T09LMtibo6aQ7X6A47A==", "Jx8Savf4pVqPTLt8HsgoXA==" ], "Q+exKQZH61PI/8YfpN472w==": [ "cKtHM3xMrk1VjV0S8Zl4qQ==", "eZDuJI6jaohxUM7fcdYEYA==", "99Q540ZW70Bq59gE8MRNHA==", "LBK9PqJKfCEUpttQCyryqw==", "DzB2GvXN7uyOKTXPPshLvg==", "7W/pTtx9kAg13U/6tl322g==", "jmCYpsGWnnwiehZQL2tyGg==", "RXSYUreBGXQz5Vll3C130A==", "4zvDuRN18ZTgEdA+auow3w==", "pv5Nm8Lwfq3X5Sm3cuoD1g==", "XM09w+ZScTz4IEN6LeAUgg==", "L0O+Qmwnpkk+Rg/VqN7QWA==", "Ih4ScPgmvAttJN/czzciaQ==", "Mo4ARlLui4P8nHgMUyYhSw==", "70rtBro0k4gOrF1v9b0LPQ==", "59oEBlU3jh6EL6gtZDUaug==", "icr9XD5DN3YDWvP3naYL+g==", "MT27FBW6q+x91HBvTyGVKQ==", "uWz4SaM79VpO4EPAy+0C8g==", "9bjl4H6CMWLL3h1g5y6i9Q==", "ija3h8P09PxwjEuLSUS2HA==", "rpqh6K+YqMAxf172QUbycQ==", "XjQpmqOxrg5I1zgVKxswFw==", "8ML0IVFlCjXlypnsSOqB1Q==", "6Za/T764+Wnq0wfxFjEvGw==", "vwUe6Dpe5Fb7V8GdyGEhjA==", "PNe7L04JfETT1S4nMUYcGA==", "/kFHc0+JKhJmQT3bM6TpTQ==", "sEY+u8JcXEvFyPiUDTNKow==", "KhBWOViCuCZdWqrkDlYvOA==", "Po+GLdyrucAyVatfOmZxGg==", "wMpTUDltgKPDv4b44/0Spg==", "Y+LzorqDQD2Povh+kyYSqw==", "rJHkC74NrobNudSijB/y4A==", "F6i42vx+GvZ/9LpnToKHcw==", "bzewxC8waOXL414yMxKcqQ==" ], "QCZyKHG3XZk9MlIs9ZFBuA==": [ "70hF296ZfY1ODiaUXL3gcQ==" ], "QwKK6TG/JtcCly9jntVf+w==": [ "HOYwG5Rw5KtCLqSTp9IaXQ==", "0w7yDxNwDisUMkIdlkUTZw==", "lgYZVj6kPc0Poy1meDiyZQ==", "mEw7dcF5jpuxJvu2G3JEew==", "de6Wm8GcUOvZ/vqX7ogEtQ==", "XuMP4XKeqFlYH9jgvFKXXw==", "TIcWaTRsDD52irGN4xUQyA==", "KsboTEAsiwsdLEKIDivkyA==", "BfDjqoaYrd0NKCGGxtokTg==", "Qe1reyLPtQVZ5wKqKa9jQA==", "RATpPhLUqjEbe+XxyYxOOw==", "0v5F4x1W0RxkklLvRs6NKQ==", "00cDk2w3qfvdzMbO27c/+w==", "6LazNwUBgu5kQGKPCQnaOw==", "e7h3lwyDkLbzwbeza9/TWw==", "zDmU3WG0c3AQYw7NFebUCQ==", "hxluEp8Si16NQcfaJDWcLg==", "I3vwwgMxzxWo15otCOgvAw==", "Q0D37bmhhLGtYILIAMgFXg==", "GXMpRf2go/wGEbwpp9BPPQ==", "+uMSPU5jbqI0+jsP/eX6PA==", "KB8w2g8b8sP5A8+iqhqw8A==", "h+nOQU6khNxAH7kkGqVqkQ==", "5D5WFK01Su4Lrj4hhwDYGQ==", "qug1advw8m4TjVAUPEUPiA==", "0bK7Vo3x9SXQYvDvMmgzXA==", "rO5a9fYyaqaIZ4bH0M8fdA==", "zx97OaxgXH8j+mFWesQySQ==", "JmKf//IQj2eMVJFTB1Feyw==", "DNd0sdbW83acQbIl3FDaPw==", "lHLNxD93t7uUJfmDhNwvCQ==", "6asSIEJz7ggo9QEXpbSOYg==", "YUwZZ9Cg1FloxBZV60vOCg==", "T5Nghm4crNWWnUrYvZZItg==", "vTajNh0ysqaO8NuTMU//uw==", "AwUdH/KSEhHnx1nx0tagUQ==", "kTyfGInwWoCVv7gGPYCF5g==", "X10PEbhI2yv6KYFUPacecg==", "NeZAaBfGrzLvaMKrJL7WlA==", "W0TAw6aTfwXOMlJwloDkZA==", "JD0llI0bGUOG/VBz+9LeVQ==", "6MW1lRUdNNc4s+6uD2JNvw==", "6LOgJE44rXWziB7/OMO/ig==", "aQGx6Am8fU9TZmcyiMNL4A==", "cxMZ2TEnkk6RdtuU9fDThg==", "rJljaCTiTdw1uI1lvfy+hw==", "u1caIbS4Tk6y8c7sz8Hvhw==", "w1094TrprBpG+5TZJus6FA==", "qWK7H7gz7e8gS19GJSeIIg==", "MLyBE3p9/9+LMOMl2JBi6w==", "s2uSNGuV+OyVW2eHDGWWKw==", "7AoZZiCMmvqX9d9WD62FnQ==", "7sGexlbSpX41SOBbWHg8BQ==", "HHBOKYlzeD2Busv7btyBAA==", "gGrGej/Pj6/poAgebFb+dg==", "Y6TEBwH0+CoZ50j5sQV23w==", "HSaKorahiaNwGqqE2DJSaw==", "0YVxD0vSH+0MhijemP/Jmg==", "eekbTUpqIafepE8Hfmhn6g==", "Y/6FiFNJ+h2jXNTlPOzrnQ==", "XL1Nv8y45q8aiA92A99YyA==", "qEhRdzGH44SGjJIcqcIv/g==", "g6spFzT6DoopzuQCE0pjRg==", "SvhQ7tNvl6ANrVnaJ4cBNw==", "b2xf65/2S45gOxG8Grxy0g==", "LkJjju2s50oKpBRyBT8s0A==", "2RZ3u6UmceVG9iB/xb73SA==", "2UHqEqfMIIn53NkDlDEppQ==", "6dwQWrojfQ/1hgTT2PQckg==", "+hBhqk1qKnkU+nqn6a96qg==", "jVeIQzIm92EdkbCIlGT1qA==", "6o8ui0RxMttDzkyqTDO5tg==", "kaUbMItvWrS1leJMEsAk9A==", "saK0Qxr6f3taAu0dVT0erg==", "oyvtOIVUDqm1ruQx8vhRhA==", "uDfc8ZaPfrhTGcFwVaIvAA==", "QbgvVzhz2dr5BDvAUM6wFQ==", "o8O4Ttqnv0lQfm1yyfyVsw==", "Ah03jmj/7fQOqUbg05PtZg==", "+PjI2yN4wCMPyf1oygeT5Q==", "oVgcRSL89qnSRkMXpV8N8A==", "w8af/LTYrBLWhYkZBSi2Lg==", "GfPY5zBbHJQI4ZGaDcJj2A==", "r410Z5X0yojDsVg9YVcNqQ==", "/YcdipQjiqJUDpddwhDiIw==", "l/tOmWC5BVb4or7dYqfWjA==", "Rd2hVVbUws+mcvoC7DaoiQ==", "KYv6PwzjV6/5I33cZ9LUmQ==", "3WRC4Vl08/leTJ1MFHuCEg==", "QgRg8usqYLpC2SzTmhUKsQ==", "zAQhwfD+1kpXY0CwZC6HxA==", "UBzPfwycyyJOBETwdSTG/w==", "8563iLEht/ghMGItALTFUw==", "OXr+UvfSDAQbLGP4xOBSMw==", "lz6O0nYiDpis8SScmTUuSg==", "HlOu0EmTxHkjzmJeJEuJmw==", "2sm08sXcjWtT2Gtu3CdSug==", "8efBqSZ3OYqd+nT8a21FNA==", "BS5Qx6nN3HmM64VVoKmayw==", "cMY+6QfPqyOZE380Mf5rIQ==", "BTToHfvg0weSXCH9D0acFA==", "2I/0B+uXhxpPJWXGwNGlLw==", "bACUKZThWu3kcO82NfO4eg==", "19Kvl4LS7MCiBo2cRD5fxQ==", "Ob+LJ5zYHnbjt14Yf8W7UA==", "s6kt2DqKLHgzYSGciPtGtQ==", "3Lvdmj//2sze9S8I3n8yrw==", "rR226S9SV4WbmIVotM0CsQ==", "93O9BjbBwz1jYmTNCzgkUw==", "2luu38jiVQvy6qOXHFgpAg==", "JtGggrfMckWn0xvfWBMJJQ==", "GnBCRP9H+R6do428z3nOkQ==", "QX9gQ7esz1e73iQHmwojXA==", "AIlN8RmMOvhBveVuVAyHQQ==", "qYORp6v9x0Jy6S8OKerZvw==", "1WQ/LJu/kefEuHRv58l0Lw==", "dO/rj/SVo/ZlfJAB2ajOEQ==", "tLSR0X6hQ7hvyPbBXZslBQ==", "cjoCrbQlAeGxtTPUlcMPuA==", "bh7RRRlNP555+LOFASdB0w==", "ylg3k+AtgUcIl3hJiXNMlw==", "y9E+Lh5SpPDKe0DW19HLjA==", "UBV+Z4vQ/HB9/cVGq/+u3w==", "dMO4fX/IkQ2bi0ds65uBZA==", "iFYspvRjIYFKUw7Fpj3PSg==", "AYOaUiAITXfmzrid+CR2Og==" ], "R7K6A/Ve75xrYpD+6H0Z8w==": [ "rIk/NHa428tmc6oDgqypQw==", "1q7YjyB3mR25zvqxJ6Zk3w==" ], "RRIjgvJwJW9jZT+h6lhzrQ==": [ "/GSEB7NuV5IOBsMvXs0hOw==", "c95Jb/MAeM4/Wnq2jSIopg==", "ghVsimzHhtfG91QJVkK8Jg==", "Aet749oXCwhRnnY9gEGYGw==", "sWCyUi5vmFbqsTEOh1QQvQ==", "dNHj9TUgbfnbgJUCEellCw==", "A3ZYVQ8Z63tDAx8FSltQHw==", "JVuTqfPwohmj6ucokgM2sQ==", "GDAkupnsjiTl71rwzH5RJg==", "VEE7ccbKf4EH2dNVXOf2uA==", "7jE4UN8ZNzWXfNDZ8BZq3Q==", "DUP5ugYJi+iUbcfFxoSiig==", "T8IbBnTK2Iv5YVT88l9ngQ==", "J1cvee8xy6oZDEdA21dqEg==", "8TL7OmwuwkB+6m9uO5u62g==", "sxcy9NTxyeNn/j3K+DCTCQ==", "k6D6o9qP1X41yPQlNQ8aww==", "X4CDljJQJsftQ2RA57ftuw==", "gFgnmTqhW1tr7jmOrXQQQQ==", "XsxaedsaFYv/ys7GTRoUVw==", "Ji6OY1u39nJByKzCNwfpIw==", "1I7VtxkB33ashDX0kB4Teg==", "+doAGgTwsE0iptDdCED/aA==", "791CRjnt/pj2GXzRz2PiHg==", "gx7w+mYZCEGlSNGIkO6bLQ==", "3skSbDjTQ02+eNiFJz716g==", "J6JEqF6+PkBwS7J9B0Lefw==", "JvC/rVWSiuNeMXzeTDRZHQ==", "nuFsbkH7VzW6LS3WLhSszA==", "e1tWGyUIVU1QafO75am9CA==", "lWxwCNVjYSW4SdS9h9uKvg==", "GR80zW702W+xho6dTSNlyw==", "MEP8FBVAfPt6fwJRFfcI5w==", "+govv3Zh4UHQ+P7JiRlanw==", "FTPBk9LaoSZGiQO5kXSorA==", "oCYqRL0yaCqkmUcecOaYrA==", "3+pow+WXSexmxDv966vMqQ==", "V0awGVhndNVps/Yhh/P2GQ==", "psr6EfqmKkDu2s/af+27mw==", "cBmZwV0l/QLSSsoNwTuUWA==", "f8I+U+fazHHULdzT2Vp7cA==", "6/Rn1WFxVO6aopyr8psGfQ==", "w/NMuS0o9hChTkNvZhIOtg==", "LdefrT414pk0XLw3PJpgwQ==", "mT/r0SKhQZ91EH4d3KiGWQ==", "7CoZtRXELVa05aD7HVx7dg==", "Ht/FCT7E55SLIJNr/AHy9A==", "HUhIlH+/4z8COoDr8jeAaQ==", "+eh9aI+N2OVaUhb6bBR86g==", "IFJrKlOefqh8BMNkCUNhqA==", "DjTY6HUnX+COP0+KJxD8lg==", "pWQV0Z8XQHYl5n7sHUZBqA==", "4N3POA/rTFsL9RdGINkq1A==", "6thTxik/0CDWjirwYbVkYw==", "hwn8HSXSxoAi1TYe+ACqPA==", "5XT+5ghtfmJFJSJCERGwhQ==", "kFbIkTDdc0p9e6ndPrAnHA==", "ByykkIf8cqMarBUwgOjK0g==", "AcbVYbhZ/tTIOm89OCy5kQ==", "iWIsGkw9mQk/URE9m7xoVA==", "TBYZOvAMUG/MxA4GOKP5FQ==", "SbvnfacnQ1X9A0OepqCdbg==", "o7U6pbXnKgxDi4OXl/ryRA==", "oQ8YhXsWl1bwUCG1x+HzDQ==", "5N/eQ/DLmsm7yS6+3apC5A==", "owALVsfUiwMtDqenpdt7Zg==", "RJa5WIC77pr9MGY1RZloTw==", "1/xm1gDhSpcAv1vbsLnNhA==", "+1zjTJXhgIQ5uwrI0Po3UA==", "JS6LnmY1PZfE5YxJsCWPPQ==", "mbMEAQXpYoMKq7Io1LfrJA==", "WzMeKgvORq7XF2Xr4q+JaQ==", "6pPl5aD/FZ2M/6Yaa588Aw==", "7oEe6HdmVrscCmplGQsEeQ==", "POO0JR6PIxa5cAikhYHhiQ==", "qYLCfB1EzRWGloOr+Ke8RA==", "QL7KLbo+Ri9Q4aoq0+/c2w==", "SXF95Q57bdA0qf3iy/XSPw==", "qEQEeZkI3fZm1RmMiKeYYg==", "fVObUUKRXAwXLBcuBzgu5g==", "akJLZ6dhkrnudAb8gXyuyw==", "dJvtOf1rRIWFniMT4IOhrw==", "kxjEyJZKMrQwjAj12bH0Ag==", "KM/iKSazFyPeIBezQXviSQ==", "kTasTqgA/HsT2H85z8VDPw==", "DAwq8wwWp0GN/p0AvtHE9Q==", "948mcXHuK8LL3gmmFQKgVg==", "jcBNjU0VQp8W5rs9GaZnrw==", "kdSSzkEHTOGF0fpTfXjzcg==", "kRGVc4s/SuXPOfCHc7Q9ug==", "Dlv776lHnCBm01HWpf1zZQ==", "X2wqIFGbKlJQpE/DojrwxA==", "qr6Jra3xQBxvbIQJAqILNQ==", "z6u9MfxJ5450gPIBXVMBZg==", "NFJR7P8KL9HNF/dsA5opTw==", "HiF486OoQCfE4Hwc8DTxrQ==", "/YIHlhDwc0XvwYDDbGEIMg==", "Eptc9iAtWcHP72eK8tBCkA==", "XWfDomoStj3uOui0AGO+Tg==", "SFoELvc6okNKWKi7mExikA==", "AuT5DLBrUT23i8Fkzi5nrA==", "0ZniYEExf5hn6bWx9CxbmA==", "htuN+yEom1R161MtW9b2yw==", "L5u3G3ilU8/0RtMpJ7kdKQ==", "u/b1G56mYgMO4E+lYxSxjA==", "vBXrhxnu9HxQSmN5xWhZaQ==", "Ee2apAGC0PFcPNtPjyeqbg==", "Kcd+UQxBw37KfFkRbn1QXw==", "2eI6vtB1jD43elLjnJ5clw==", "O+EMSAzsAMtyqCd2+UnsmQ==", "jcRqiXZ9kQjBDkPtzEXksQ==", "ywuC+FbT7FV6PIDV8mhosw==", "MYhgpNDg22nk0/HCSwm/gw==", "wO2dcFx5JhDjz2K4QDYydw==", "e37CxvNgywelF2ouwzqL2Q==", "yCrfh+WfD/7UJatf+Ek6jA==", "43uaBOp3I4s6BbwM75Dtcg==", "6qJXB6OTmGgjS8WJVVTxvQ==", "ujzNJ5kQVFINisRmEnkrzA==", "Oi+2EF5+FNNGg+4WyowonQ==", "XC3MXlpMb9D+YigNspsXlA==", "kABs7TAnvuphaClsm0yUYQ==", "NdytkbUiOF+2t+S7vqzKaA==", "GnJD0wUWuwBPc7SVZsuSoQ==", "7cYNZPh51XXj7WctPkn2Ww==", "H09E3JrUNhQlgS4Jd5yiVw==", "NPJh6PwkJYtfpkFMxFCfIA==", "HlmfsCkhcIqBoptvS1F7pQ==", "Mv4iyriHqxAR4oNVnJlPbw==", "6ZTNb8xwQ12tf1lZxG3rMg==", "HBDLPf0FBMppxrTwW+gqlA==", "Y08Ni7+TSPQ/xSSRr851zQ==", "gl5O329psI82Wn7F+BP/pw==", "r9qwoudvbxrKUZqCmUc7NA==", "anPJmbS134IB2gfGIWKJ0Q==", "wc5lIWGg0A45t1Tgl/aghw==", "9kpPzhUEkQr6h/4fDNnSuA==", "fMAAjFKUhFra8hfsyV6M/Q==", "0yUB19C4Q870tLOnId/omg==", "dZdW43K/PTswO8gz0zCkYQ==", "1CDGyH/KaS7DctjOTuk4Gg==", "IL9yoqEJiA7P9oRxQrj7SQ==", "rV97UXmAqepOnnvJur9ybQ==", "8Gv2MnEpGRP5xQ5SzNJn8w==", "s7SQVHshgYWyJSuzXO9o6Q==", "MIr3rO85X7uqJgFm0U3O8Q==", "ZZEVbWhAYTXw9FIX3zIAtw==", "F0PQEZy2PTlCGjp9J75Btw==", "1IGqkgWGwsavqCo3U8V2Jw==", "NuT3W1dL/YKETJsMHw1WfA==", "8gEKPHHBHHTuUEvwhsnEFQ==", "nrMORRsp2EH7zbxJc144bw==", "0ahYjiLWT0VE+MRcEm8yAQ==", "pl0eAtev2igDstYhHd6sxw==", "Sl37ASpmhZPtZSKlrwYF6A==", "QsiHUYCa/QcMQzBitOtxXQ==", "kCyfUBctJ+eryOZP6UiDKQ==", "gs7k9o3a1jAc/zZ5AEytpQ==", "UbJne6U4WRZmmyYLeEtt4w==", "UEgRngB2KVq3bhFU/6+13Q==", "RDdKN1sSPMFiFxzJJm3X1g==", "fLX8W8dMekP7EyhcY34ZKg==", "DzmttTV7e68kFVXC8f9lew==", "jYkhobM1mHtLOwQie8WeWA==", "m/d6QTwNzEzxGSR3T2263Q==", "eZ2tz3j+u7GWuS6rb2RB7g==", "5ejk3bhFpvIIABy9EwjwqQ==", "F4g8Bboy9/sMyy+EusFlpA==", "zBm31RctqcDF3ITqeA/9oA==", "pfNYlxG8sY9hFt3528zJoA==", "60Ucz+CE49NFnmVBiIwnwQ==", "8Q2ZBhYapsH90MwXLMDOQQ==", "Z3lzEUxuKss3/Hx3NeRKoQ==", "Je7Pxg/aoxf95KynM7XUig==", "uHGQ4u2cwHgRGK+9r/8n+w==", "xmjtcASNDmlJFcM3cVQlVg==" ], "RhNJQyxUHoA1z70UtgAC4Q==": [ "vb7DdaxZjPV5NEcCqN9EkQ==", "kwBmjCC7+d5xUliMZJPNWA==" ], "RjsHhFfoWvmQBIu8lxYZjw==": [ "ycihN0043OihPtrAPlFZyA==", "iK/w4oP0ry88Fhi1iG/FpA==" ], "SSFXEK4vNCR4s9ImWtXtgA==": [ "GAn7gWUe2pFr7PbwechqxA==", "9iigvnuYDaC8UzcOIDLjIQ==", "AUiFITCnRjRxctzqqbDeeA==", "iF/o4aDbQf1DAw7R+LiVQw==", "76z9Mpn8Jp7lhZSPsHTHug==", "PUCpgzV2LGcCb5yPJbawGw==" ], "SV9uo4F9Li9vAHBKYcAlZA==": [ "MMLwOzBcCET4jaa3dPuTwQ==", "hUC86VV8kD262xFcev0ZiA==", "RoQvxPrgcpXyTej834bT2Q==", "5C8DQrs9fwpmV8rRYlvfCQ==", "uPUnbuUJlh23l0km8iQ2tA==", "4wegIDtvEZ75QrQWM65auQ==", "lWdVDKK0NI1ECjrQyrQZhA==", "MS7UYZB0gpv9XnBQo9QJdA==", "CQPV/OxtJ+DwYc6C4gniNQ==", "vZIHu7rsNO8R8If5mjyTiw==", "guG+lyS5JQIDSZS6MEfIow==", "lJ8RTw7m+AgAnWW6upSntA==", "q5joCCZ2cOTa0rXBUtiSpQ==", "4LZWGm07jnOHHBGX2FzAwg==", "QaKFgrY/cUPl6Ls/xAwlFQ==", "1w+glHHFE32ql3XJuIAYWQ==", "gNGv6C2nj/tHk2ntVJUOWw==", "4WgtH2AC4w3jDaPCHFqEaw==", "knUP7wXG3O435cJDvu9Thw==", "MIaYLvbJRWXm7UR3+CJ1PA==", "IeTK1HBLKpS1+gfVSPrpvg==", "sAlO/t+jkkm59mLcdOgB9w==", "I3+uP7bb+nPtzRYHH2UUgw==", "cly/G/AvUZQM2J1YMymkpQ==", "r4Fu2fNYrl5cfm4zX5YpZQ==", "uEn9qA67O/SoYHOtH/EL2w==", "Bu9dxnhmsLXDd3x0oRPHfA==", "e/bnYsWq3UNe4TO8qzzb8A==", "1CCABRgs/s9xxQcDgxw00A==", "ElE6r7xQZAfd5MScs95BXQ==", "rwC2lB0lflNzttbo5Agt3g==", "oGhsPyoyEtiEHT7/0qF+CQ==", "k9jtJIr2beiO7DTwypDNWw==", "RRtBD+EuTLmzasgAaBJyZw==", "uO3OOEY6W3k9QH/tNVK0LQ==", "dcH4AHY4X+K0bO3O9nqJrQ==", "/MgFHW097IAGIZkNc/Fltw==", "tbkEtEs3aa+p2/YQaD8BfQ==", "i2CsObRdsFCFCIvnyVzw5g==", "Kr2KcyJfYQ8J1RDorzTofQ==", "8XLKalkulxeAh8qfecmGlA==", "mmFI4mA7exd6BfbwTUwJfQ==", "FroZeKbNhNx69+bj8o0OqQ==", "PqOWZHQu7W9hh0UlnMkHAQ==", "oIBUxFCAPk4vRXBwpcmtFw==", "ZNpRshLHRo06/00CGV605Q==", "2IUiS8eDJ2evZHzBkLGqPw==", "wh2k+ZZKZUi/oRaog5dfGQ==", "UeuwcxsDMDrcMU7c13lXsQ==" ], "TANtf1h6RhI5yVQQhHFTbg==": [ "QxQ47SEMl+UFCOv8XVwx9A==", "XPUXyp+BOEJyEGOgXafi8Q==", "6rBlrHxkkFbqVRbyfq+scg==" ], "THoW7icQ9Ts4hZAkh5A/WQ==": [ "0hxAfeI84l0pzeedcqmGpQ==", "rd7C8AD7IYUHYPSfAYtKrQ==" ], "Tl6ebomp9GQLN9svWzKp+w==": [ "H003kvHQyN0gsWRXOrXzxA==", "QgyYiUqrv2nc1+RqO1bM4A==", "DXoWfwXPN9ZCvCU/obObKQ==", "FyNQxVBbour86huhtgTOzA==", "qnfP2y61ycFKlR/SBnZ5sw==", "72HhoIyfPMwkQyR2IF7qqw==" ], "Tob5YtKxleVTQzw2GCmwGg==": [ "fbRJLkkKyAqhMbdbbcLwwg==", "+SOMbfLFiy8gAeP6YTZQLA==", "+Jox86Lr4olzZZpeF2W5Cg==", "7HuMMq7XSYKaQG/oWdxnyg==" ], "TzNyp6yTJ3m0O8xeeDKC3A==": [ "fbRJLkkKyAqhMbdbbcLwwg==", "Gzt3Aov08YmfW0b/CN7tHw==", "ST+HmAso4vf4Hnu6TuBXXQ==", "d8O/Pp2nkWZxFhUyXQucZg==" ], "TzT9ayOh2hZShfYtipxZEw==": [ "z1wZ8EsA73QQBAtKsHeNNA==", "HveCNT+j0lknlUOFTaqgtg==", "1XwPa50Si6EKs+Oms8SLUA==" ], "U0P0dNPn1iUcw6b33AAKUg==": [ "Npa1TFSpFpskBtk163Khxw==", "+gPHeZza1/WobF3MlhRjIQ==", "pX9giWYBuTR0yK974RC2ng==", "bugTfOdgCaATW4vTnuXTSQ==", "HxI42iSjURjRki+uV6q/9w==", "BhK7UpiFjhg7FsRQcftqbg==", "yqjwgy5aE2uj+E3fW5VIUQ==", "T1160/hke2bN2YNtHQGAVQ==" ], "Uui1iXuECCOB7NgLQMsJpg==": [ "EUzfiOQu+qZDEDuD1AbDtA==", "fxc/de3PyQgiwjyykMQ4ow==", "e+8uKOviBSOTR4ltKl/Y5Q==", "XVnPYCI1ck0zTs/Cz6Yl5A==", "Pdc4LabMMVIl3+kSdEepMw==", "hqWNdyyShysFv4UI5qHkfQ==", "JWrwO52d5SNbcmJ2KpFaJQ==", "C9NKmmH/EbcYxVOEg1uY9g==", "T4bxk7MHk24P39KEeRKoig==", "WNA27LqRIql90O1m/PSAgQ==", "ZpoRIduwcda+XFGXyoaDAA==", "9lOiMN/e99o1oI1dhS9S2Q==", "B7rM39vvdeIIjmDnRAuTIQ==", "bVLJeNp3UltT+T1xu6C55A==", "brTmpkOORx2yJvCnkPzYRw==", "59oEBlU3jh6EL6gtZDUaug==", "icr9XD5DN3YDWvP3naYL+g==", "MT27FBW6q+x91HBvTyGVKQ==", "uWz4SaM79VpO4EPAy+0C8g==", "9bjl4H6CMWLL3h1g5y6i9Q==", "ija3h8P09PxwjEuLSUS2HA==", "nRlBpDuWR9J0Ttd/BugkSQ==", "U7q9649W3+OXGS9kMwowkw==", "lM6Cai1zYvH4FYQ8nb6tQg==", "0wSMVHwI5T4EgYqkub8RhA==", "MtExg9vrmkuo/+/XELnvpA==", "effBIHrddz1MPHYj0XdN+A==", "UApauQbQz6UZdsAuW9miOQ==", "ewA3f3GyFBJhwPX+CvDYtg==", "WoF8HAs7BhQT5cycNGL9tw==", "PLT6ItGnGibNqyU7ikhmRA==", "Nl5OfrnQ/SPbLIWCvdxEHw==", "70Ajh2QFCXmrQTWVljWbIg==", "2pofu/QdlV4xoXosgfKRNw==", "zNwhU1to6ohdg5Ws/JmM/Q==", "0QqnWQey4QRkB1tBadW1jg==" ], "VFldiAD+rTFuce+kutFUuA==": [ "TwoNniaY2Urt7TF64epJXg==", "YtNpM5pykErH+UBXZABWdg==", "2TDjlt2gAEWsLyBBPigFYw==", "M293c+QguJ/aaYP3cMwfyQ==", "0E1VjQWdmolR9lr9ElIZZQ==", "Ie7rkr8oApZOM9PK2gFB6A==", "6hAQW3vY9ZA/8datv1rY4g==", "5BksN0izCeDRrtFMsNCyvg==", "mZCCwO//htsOIXazj/SeOw==", "iACEEOg8p4u2oul22eTv+Q==", "sJOXRbCL0QuUC1P4v8JTZA==", "b9vpp7YMXEAHYnt8gPj4PA==", "rBDj6tuhee896qgiVA2peA==", "khwtIlYEcWkkzJP1rg7BNg==", "69HZBPjw2QR8kIdKeSUwQg==", "zLUPO/DSeItPLWNqYd2DSQ==", "+Y8OjDjxiEFL5zY0EIjaWA==", "HJf9PCZx5YjpyYLqECiTKg==", "Xnj4Kpl+tPifTh/+xOnglw==", "55nFlly0ydgYROdIHNoLjg==", "zi+zTCtHwI+xWITxpaOJBw==", "EGiW9TUcKA6dU0wY//GJ7w==", "W5birtu1clZwp55QDPxkAA==", "AF4l+pfrs0Si/0Bf3toHtA==", "ABh4yTmrbQSCnnP4F8iX5A==", "nZ2DFaqiaft4/Dqj5SJp4Q==", "+fYUom03o4taYF0LdBwDsg==", "bQ1N5xPGM/wU59iAjdfQ6A==", "FUeASYCa2REKwmC0CFlz2g==", "qNhEJopIC+OWvXbrkilAfQ==", "aqaaxa85Ibw3RSMRWLL7yg==", "t/e+iLCKcOMzXEuhRWry6g==", "24Ysg4Ma/AJz8Z93D2PzNQ==", "7tbcfIdYm3nwAiNQR5eK/Q==", "6+K4D2mkqcFFftanju984w==", "tZSfr7Q1QfQP2u7Sjxqmrw==", "swCufUgs8xGhLcR4oX101Q==", "3cVM/UH6o+8G2FMQ1Gl/Ww==", "iRvSvKSGVLHqIXREJ4Ht/w==", "+YsItiFwLsY/quEIP17M6A==", "mX276ORRxpj/FeNL+3OrXg==", "7d4YdteAff532bV2Gg5lmw==", "s0BW8R7FNYnFn+nWkJnUqQ==", "I1n6/nf1BmKoqYe/GXCV3A==", "1r5b1oLl7viNgjtnEVfEyw==", "+xzMjgQ/BhN1jTBlVwQfIA==", "akEF6NF80R9wfgwbXmOEDA==", "m+ltkfB6bwuyxpSjgAFr9w==", "iA/QQjWhvxyNLUaetWDlcQ==", "7Z352FfiS2LxToBH4DWhEg==", "UgQV4Vz6WyghQx4C2rQgVw==", "vA4lSE/GSHGX0yBPiE7RSQ==", "gZW7OlWAfe3YqvPh9YUqJA==", "xIqTu52elcgV5FuN0Fuj4Q==", "pWmmw4ixBXV6KyYl3C9RWQ==", "pfZcHRowGRRifIIMXAg+9w==", "N8aXqWnqmq7yO6fhu3+9cg==", "Y9X/nbUFq4l8+xowG5hDkg==", "MmfAubFbaM6MUJCO86BuPA==", "GzRz/FwkFLGO3g4HmoZPSA==", "KPOfrxBVcu8XVCAYPGVuZA==", "Z9vlvDewcgZxmJe4Kp3wxA==", "mXfTdwl2racpbSHHHKO6EA==", "3A+d+ITPUBtAGX1jTlLhKg==", "TXvJlim3LAUzBPedea1SGA==", "5pFK2pddNfoGuwrNwC3BlQ==", "mpJkDXIXuQphmTXI2ejm1A==", "P8DPJn528tUhUQhsixUumA==", "rDeZ9YqARbQ/8OcOA5Tn4g==", "6/KKbV2mEAFGDxV5hCYPjA==", "Zg/5yy5ojZu/q0X+9MCQQA==", "BCUOacmvjky6+oK/3U158Q==", "UoBD3GwEne6Zwl54oZgCCg==", "xzz0v3ajpuFhN3HDJCDDYg==", "oDr5DknKU9AmvJu2r8+yFw==" ], "VKbklzwNVEem7m1iQRERDg==": [ "C7v5oMuGS9CuS5bfckNF/w==", "Mds6YkAImABVZfFVPdan5w==", "tlbehmhIbT1WwXt6llfQYw==", "grZJQsj3BT+fQns8dkci1g==", "pTT7g2z3OsAYgdVqJMZOLQ==", "JwRn6LaXs4DLH+aotGHcIQ==", "RFeq5rwe+sxgyWgUXeEitA==", "sEXYrXIRghEOX+5cKfh4HA==", "HMytRAMTGJlQRfqVbIzzVg==", "xKgvhqTYvQwR5QWUkRuf6Q==", "pvm4gwkuqzgisbgZu1oTlQ==", "w/qPRfgu7T1MbY4EuhkWZw==", "8bMBj5vTG1tOpQ1wuVD1bQ==", "g29pa0L/tOFblhQQDFeJbA==", "7aOJwf1br9gIaC1RH6UwDQ==", "8m+MeF1Vk+YvSROjY2pN5Q==", "oYEyIJ07SURdsg7rK6qrYw==", "U2e7dgKDqk0OlJ2oJw2iuw==", "jL7k69KOM8ZjTH+gwznwQg==", "TTh9HGJJgt1I4lhDqtPBIA==", "k/RAvY71xpuUVrSpsGkYlA==", "nOD1OtMP4aGP/bT3iktDEQ==", "VNA7ljkMyeRq9SDNO9drHQ==", "DhiTSAV5nEGdAk1xkbjRsw==", "SbrfelK/hRkg8QJAv7881A==", "KhtP1/ZJ9jcZ6Whijt7vkw==", "081ZZUa7+goThe2JzRBcxw==", "r0yngP+sUJvKraMLgaaWww==", "n9h0mZrBntcdO8rut9mZew==", "lIzMhy2E3/kAp+LsQCQyCA==", "s+/PgMrbczH4dntN+Uku4A==", "walyEMfvPvVh3KXxCNA/pQ==", "Bd+yU6xHUdyyaw65uiacIw==", "oGKMWwqd8g23cJbO7k5MNA==", "Cr4I2Hcgcf8xO3Bc2/KIfA==", "4evfzAbeD7HXRBHHbDpAwA==", "8Ug8/LJbCT7/mzHPjLi21A==", "F1KNP85q9V8sONVWKuOzrw==", "Qimhraux3dZtFrPRbNJqyw==", "FcmkgsiNKCrDAJ6OFK/Y8g==", "NkAsviHzXhNrys9cILlYeQ==", "EX/jsJKUxl+Y92LbkHwIVg==", "xP/kV8YDeJxssrXaMcjXUg==", "KM3euWq+O2CS0VP936TjVg==", "vpkqaxRDIkUCRIT3f2sk6Q==", "BofAiVtqC38hX5ZAkBLTpA==", "J9wD9ZF9kAJd1nu03TllBQ==", "kHC7JlgJ1gpjDIHxKgXZuQ==", "IkLJJWoz7DjiEwkwHd9+Bw==", "v+VZolEvt4HU4yiZTpFx+Q==", "A/za5QfQmT4HYcIQ4RyCzA==", "naO+9RNjE/hIMaezFHe7IA==", "//2gjbgNV4aF0qefir+7Ng==", "CFRtSPlXDJlgi28bdADXZg==", "1qsA4RvCYZB2uDwgIo8TuQ==", "6GzxFtf19XU1Y6ySz6SgYQ==", "bklfMYFV2WKM17hKPU+5BA==", "cWbhx4ozV3Pkh4rK/phNRA==", "4PW1pGs0HJlG6XNR1xk0ZA==", "833/aZmn4g2C0czWW40RBQ==", "IDAwc/hZzIcM4IBkaUT9YA==", "fZX9tMkRg8Ij95v2HLw9Ew==", "TGjVfFW0jWP1/Slr8hCo8Q==", "o52gvb+djtuOAe8fWpXboQ==", "Ga3lVfExNl500JGwW345sQ==", "rPWZNH+en7vYfObneQGeUA==", "8dARvXsFfslEQUJNpOVqyQ==", "EahYBNc6RsapXfHOvUMG/A==", "4jKXN+o/0vyACgd6hmLCbw==", "KlFwXzVoVlebAInsnw41Qw==", "mOQ3hJyzcYBnd65M1VVdFA==", "FjluGqmW83eEOEvyKIkrSA==", "KxS2ZtWgZx0lQavGmel4Wg==", "x80ydqeeoahPQLNiV1VXvQ==", "U86r1ELAOJanBnxwrapY0g==", "YGKNwwPTf6g9pxsaSlPd0g==", "UeiYbCd+yCsmz4K385pQkQ==", "YusnUSJD47mdstk8KsgGZQ==", "cpsr/YFJ0iUNtv72fOtdjw==", "4ifTGHhVbtDPeqLwYDVyJA==", "BqzAZ5iQVHE6OkJ+a2YydQ==", "2+grY6RsLOFJVlzFN96AuQ==", "u6YfnQt98V+kYlUqAP+rFg==", "QPsg6Jr0bVMm0tr2j4YMwA==", "X5o2Qoo8DgfpPtqZ+d9MzQ==", "pENgwsqn4gloGqUZSMstFA==", "X2XVS8beM5noGWCQGlVZ6g==", "Zwyz7XImU98ApFQj0FPRmw==", "FWn8i7eSvTTcwwX8x1YMmg==", "ZAG3qysphRz8tGIp96ls9A==", "aHbxsEzv/m7Yq5sqD6BR6A==" ], "W+js148eF9SSUbrTSIRvOQ==": [ "GpJjElMhBMa2ZIh0g/0hAQ==", "yV3QixxBrXQjuo0c4OIL/w==", "8ez1JQpqUyVUQaplF/dpog==", "dN3ZkuuHRauklH+tfqwFYA==", "Ry6vRm+cs1w4rnhTcw+4ww==", "Ws0fZZUTvLi37jSEx1MM5g==", "PYQ8GtvInfQ411U5gwbErQ==", "Vbqm1jpiIiIM2rxq++FdoQ==", "kCgZMoKRMbRx90oiE7jJ+w==", "lWKRi6BgpanbsQgeIct91A==", "IH0yoiWyuDmG+HH8h9dKLw==", "1ylYMOLaPUA6xIkqwKBb9w==", "EHdSTtZdfwUmOpf3vIeLWQ==", "NdlKBrj70+HY4gSgv+wTmA==", "2n2n++65Q4X6kZeNZUZXMw==", "Y/1r01hBo8mhueiynQb9pg==", "5EJ0MC7TgiGIlilbbiOvfQ==", "H1wshPoazj8pmzsnWAztZA==", "6rEIsdyQtCC456AuGwgsDQ==", "X4Ym25zfqcH7/samBN+yPw==", "Pza9Y2xtH9MChVMkZwgw2A==", "3UNcgW64Eji4iyY2ZDB1cg==", "X7DmUVoCri5i6vdYVBBgXg==", "zqGJegkbTlVqcHBa6HtRTQ==", "vnI8VBZMnSK/Spr6qFIUOA==", "IFUwSX5dX69QHRHfvOeQDg==", "oqSc7q4k6wTno/u9knscCQ==", "l6IrI73Pg+lrisEtcgX+0Q==", "FQwXyPZ+oHyxQZ9RBQXbpw==", "YIlv6HIDfGqvZL/MDTWWpg==", "d0nPfXoEZybRuV9TMDY3YQ==", "8MfvwX+dRI6Qt2H+x71rZg==", "+TrS27bZKgEeir9pISurnQ==", "a9FllBAJiFi5FeYl0KG4aQ==", "smB1yCGhBb8gDhPAER7odg==", "d9qJI4TyihrqXixZ+S73jg==", "ZZLfaN7MH3nRy8BlgA10kg==", "kRa60N9SRvgjl+iiwZ9fZg==", "lh/EYac7XXFvwJr7gkU1TA==", "RnzVpoLf3gQvIDiBFFXm6w==", "82S4cf8ecOlHYb8LNQQn+w==", "P1K1eUbqwgam0P6f7iB/IA==", "wjPVtpb8yNf3j3pc1wfy6A==", "Stfm7ne4Ofst02xkZn9K1w==", "/m4KubgMsY+Uf3GqqbY5Og==", "I44fXMfux3yPYaBHaNxgsg==", "WwkM3aNBW0LnenEr6xDxWQ==", "JLZyRakMGnyMKNtD6nnqpQ==", "UsTHWG7fBbgk8T9K0i79Ww==", "zFG8iDklz8FcuYliYZGkqA==", "XKuZX/r+YD1eQ8+4f77NQQ==", "8lLGaMUZk8kOHbicsIjPjw==" ], "W4amAY83CsyR7zQ0GM7zsg==": [ "S5Dzz9cigoJDCj8s5UcT0g==" ], "WCNTEGU4JEqQUNwdkKkP0Q==": [ "gmo+iv72N8R3ZKjUbp9DXg==", "3O4R28kD2w0Acw7XQvAZ3Q==" ], "WIBkwuKReD+vnev0WY88mA==": [ "+SqndwadNHIvm6x16t9CQg==", "mFUy6wspY0y/sfnCfQc0Yw==", "pC9XVLaTUwErG9Rd01nABA==", "NHJdq5G883S5W8foR85U2A==", "zYQmqjwBNORHvvIZjBy6jg==" ], "WN9YKonIBKVWuMNAg76vrA==": [ "4MoaZecth+9t4X3jdykhZg==", "0U0p6zwok5l6rbIxjBRN7w==" ], "WXfnWfq5UvDl4B0hS+0enw==": [ "XW4X9/W6MfETfE/VICA4Jw==", "fSeU4QTAs+fY+ihLpgdM9A==", "R1x4adkbkgVhxc9hzgUZcA==", "n39YhRffL6tFFAy/S18A8Q==" ], "WgTBt6b85L1bF7WXV5bQRA==": [ "YgwLp863ho/Lz7XdBK6IXw==", "LMrJ8zW3vxlqJrvFMbbCGA==" ], "WuHt6bav9qTQn9+qCLLu3w==": [ "ulsMCA3bm5VANCxYIf54Zw==", "ZmOheSIAULld8cF9POTj/w==", "TRd8qEGSmZkjG+mmOfTmTg==", "ssYEt3aOFwnaqoufFlsCAw==", "vLgELeoIueNM9KX5ZIMtjg==", "ZUoGCxFJ/+PUPUdg60izwg==" ], "XD0JiZBKTweysL9d3sIzpw==": [ "LULa++Og4kM4JJrQxnZj0w==", "eERb0a2u5NJoo8XHmwI23A==" ], "XMPq7+46c92RSax5sZ9PZw==": [ "RHShqbO2hqcBNPYbKDg/3A==", "qFIYjZJeFnLAVC7lR0n6oQ==", "AwYRRq6SmgfJLn2NZxQUdw==", "8kndQj/aRn+NNJdGVP9v4g==", "F4WBuBnk4OQIl1a5Q4CVPg==", "jiVVTQmOtKqVixv7agF/Hg==", "8ZCpE1M7eqNdy615aO2gLQ==", "u0cs09LPRVEEfen4PHM6gA==", "DTApvRZh1HJD5XbbpU3ahw==", "cex7jEfdv/MaWi3px1ZgxQ==", "xoMyxEWbrnIOZWHnwVuShQ==", "HRagOYGIDOKfFoQakG4CEA==", "VgTIKWxJpYFkd788UcqT3A==", "vbUGycVGGL83rd1I5CfHuQ==", "RfXeDDRCykmZZMDXVfaGtg==", "by4qEj8r2+yQ8xw2ZHB4/Q==", "ozbcadljjD/zIm3hj6kVaw==", "NoEVAwQMgkCr1UvAm6iQBQ==", "qFdiNhAK1CrksJV/dJy7OA==", "4rkDoNFFNCrcnkPj+GN2vA==", "QNVm3dpa9lFJUb6FBjjc1g==", "mYgwcPpa/l0bTZdysqbplg==", "rY2PGGazDLFtrrL5h0HYLQ==", "hYg6jGCQ5Nuq7UsitAzuiw==", "ZrKcftBnwBVZKQlRJoJcLw==", "vayO6Zpv5fCNARnrSOYfGg==", "TU6sUeJdvbpf1Uxt7QBVXQ==", "A98JJ8FAQWnMhx8Nb3TYXA==", "9rfGlkZ9WMAUo942FMnq5A==", "lBoi08D0xA11v+agRADO8A==", "vwdkC2aeXSkn642Di7lXbw==", "kQEcZDAS6Ka6J710VZUH9w==", "DwDznogCJiIx7SjddRcbCQ==", "4YMcCEsfWO5KpctoAqwrFQ==", "4hX2FW/Yj9HDbKRBqrhgdg==", "FLpBF1y0CvCfFuXOmlaRZw==", "bDhy7gfmPOwxr6lS2HOcFg==" ], "XX1gx35T8rMzed7p4qESdA==": [ "cSPoRTB3BjDaa16wszdN3g==", "HveCNT+j0lknlUOFTaqgtg==", "rKpZxH2tXrNLthuse32FWg==" ], "Xs0UZDLX+3bz2vT+iSJz7Q==": [ "PrCrIesi0sSvMQjPpvxecw==", "klH60uFrR0WkawaSlcOEKg==", "e0VfCD1REapdkagkByCnXQ==", "VYGbkY0i6P3tRJd9mM1wNg==", "Qbjoqw6Ot3cGOKNyQYBo4g==", "svCt47J2Zwa45xj8gn3U/w==", "NrTzMmbWyM5UeSvnQVNLOg==", "yzZzF1vLZmeTiLJMgY7W0Q==", "ixc06f0H9vqMfsbwQSwwvA==", "Eh3WlvVSpgyvj1kaA5So7g==", "e8Ba4iAzVtDvrookiM9XAg==", "8Zz8gP9QPTYBttUQXDeNpg==", "FdtzK6tyT53moDNlzBGPBQ==", "GaZVgTbcdJiJMvdUeofqTA==", "5xW5MMwESxiksXgaLrFCnQ==", "nNNVXLjFvnegTKkITfCBuA==", "JqWXvYyB4T300h7KRcWtFA==", "x+E+r7arkKvVcXf/ay8rdg==", "9SrODyBGF+py5BfKYxVllg==", "5/L+eT1BzZSWVW4ZLUXszw==", "iveVedfC78Qk/6ltHJ21kQ==", "sHvGKpRovk0D6WznAeRDaw==", "oVI7j6msaWseNIkn6m/3+A==" ], "Y2WVn7YbALZNiKrMVF83bA==": [ "GJy8g/4zoy4CPDvWLZr9kQ==", "coZUZkSgAUHkgS8Joj97mg==", "194woe53clmG4lfLXvwjcA==", "3NsOBlWsKnPW4267fh2nUA==", "CUQJjAsDbX9xkyOrUzo/mg==", "uGxAJHfmN99PtsQCJqV/nQ==", "VWEbeFnFOHy1IkG21b5a5g==", "mJw+LvAbCoVMIOZXCXNFpg==", "76mWuVYhbmIFsc4DNorK9A==", "Kqq2xlybjD/tOLmQWu2xPw==", "xxrOMZzPk7ETmnvrIjBo0A==", "lQBARBTddFvexevUD04GZA==", "uaetuJImncB6wudykQLpEA==", "sykv+pGN4TXggZNIwL/H4g==", "Ez8lHT2uV9Tf9vJC/T4WXg==", "Rm7aeXEOy4+PSaaC/AfGyw==", "FzTxCzGYtLmJVoQ1syBiUQ==", "nS3gw6C5KX889pH0DdnXbQ==", "l5iJurZf3UzepkqgzjvSSQ==", "qSRGSB2uV6n5bH1pdu2LUQ==", "9lxLFgIezXSh1WnSsRhwNQ==" ], "YRfO+WACNVQDTEO1DaRoPw==": [ "VWEbeFnFOHy1IkG21b5a5g==", "mJw+LvAbCoVMIOZXCXNFpg==", "76mWuVYhbmIFsc4DNorK9A==", "Kqq2xlybjD/tOLmQWu2xPw==", "xxrOMZzPk7ETmnvrIjBo0A==", "lQBARBTddFvexevUD04GZA==", "uaetuJImncB6wudykQLpEA==", "sykv+pGN4TXggZNIwL/H4g==", "Ez8lHT2uV9Tf9vJC/T4WXg==", "KEWGfOVGYNjr6kNjpQx0qg==", "KMGV9rbVZ/vVUNSX6f+JqA==", "LxYgcRll4fEnbCHHZWt4BA==", "/8OUfvwBnXvWQXB4Meq/rQ==", "YX2rGofSXHBcNhTOGpNkAA==", "fcEhBEQT+7+nxaOwZEIInQ==", "9CmH5Y/MDHXGbta8UBA5HQ==", "znnZtQrOfSxqGV/OZKzI5g==", "eUh0vSDVmqXTnsB7jL0b4g==", "+T/c3saENK5zeqXtZtGLNw==", "vtpIIEEoAREfzDi0+K26Fg==", "9ca/WR2Db6VUKD0h31yyGw==" ], "ZEh/5caJmj5WMgoK5/jyfw==": [ "fHxgcXxpn2MkgE/aUd2Vkw==", "KTLyj41W+cHfjH/HBrA7BQ==" ], "Znd6oNA8HDVHwd3abR/PEg==": [ "372OESqFjEs8/4MHn0xr+Q==", "e0/Fzu8wfMZp9zX32i9rMQ==", "5LplZpuSZzAiOH2fmk3HWg==" ], "a0GQ0ecdg5PXNSF9I+cGHw==": [ "cbNKZbfbJhPfPLHi6va27w==", "TEg+H5IUFEuL8/4VudXtEg==", "JBIWl7TA4AzjcNVfFPjHaw==", "QznSXY89jmEtP62PhxgH1g==", "Lcg+9plLPEAo58BHKBlIGw==", "vc3i6DfzTVpLFX6x0zKE4A==" ], "aW0vfCmvp3ku6dMkvaoZGw==": [ "2oTX17kDUCTK4lHB98r0SQ==", "FAES1XlWFCETbKQytoq57Q==" ], "ao0mLJHwgqEhua26lzg6gQ==": [ "ZQsszFOlqLuLyfXZGfRKxQ==", "0bsVwLbC3DjqoPdFlpHGrA==", "hEt6vsfHYq4kHELEO5xWxA==", "USroe8+XCxLDwAOkjWfs+Q==", "mIzvIMMUHDBMdt3eAx+4Rw==", "lTNtbu9KrTbZ2ion3t+azw==", "alSeOMnzCu4eh8h4VjVrpA==", "9Bnr48B1Gkm5b1u7nixqng==", "KwXuJ1mZuqgv14dKI+DdIw==", "l3j9C20yHr6ZHIXLApzl0A==", "wBC264S906jsJ9EHip/24A==", "1sD6TJmtoMKm89Mo2ka5lA==", "L/8naYULbNo7VCB5WzvpDw==", "4L3dk768qs7Sg3jWyr+5Ug==", "okW8xf+CinO7BWuM9dEk4Q==", "59oEBlU3jh6EL6gtZDUaug==", "icr9XD5DN3YDWvP3naYL+g==", "MT27FBW6q+x91HBvTyGVKQ==", "uWz4SaM79VpO4EPAy+0C8g==", "9bjl4H6CMWLL3h1g5y6i9Q==", "ija3h8P09PxwjEuLSUS2HA==", "EB6fg0YbdpF3FjycPEVN/Q==", "AyHFH4N7lNUZlwVfgigcMA==", "eKvGCJDf1Iytf5g2d8kaFQ==", "FV18DPtJsW6qZZIHDbkGJA==", "5MGCN705vR5eWycZyFuYJQ==", "oIxZENYISdQtE42Fc34Vyg==", "OvvtykNCZtfooZWGyghXfg==", "DjpSix06K6wkPOmaLpbGWg==", "qQxzRYdLEwZ+uwtq33H+Uw==", "8qeM99NPNtS3R0CIVDnqTw==", "c9kKQdmqE31JfE8hW1jBfg==", "g3/sX4CO9sGFGMvToQ+how==", "mjV/DAgymXlZYSj9rj04pg==", "lc0ErrFagkcQxsv9AGKTjw==", "H04yzALMJAjmclexKFeS2w==" ], "arzS3GnLPLKzM8xRPFnUzw==": [ "tbhLz74i3ShwS72WbIsoOA==", "1VKGbptJGVhPmMaic8aidg==", "Qzh+CSMQ9O8Q+LoKZ+3MuA==", "xhnxsdmWc6+n3gUj6yqBpw==", "j/Ffe29Pz7uoI3ROVu3/hw==" ], "ax5YZqtoTsGSLh5YAOUDAA==": [ "J/vqYu1qTz7dsS8oVaCTTw==", "vJceii8mKrpQPBtlAKleGQ==" ], "bbOmNWQZu2GtbHRNTT5LbA==": [ "S5Dzz9cigoJDCj8s5UcT0g==" ], "bp0rUgZ5FkIYAX2aEVd/VA==": [ "YmjsPDVfe7xyjGwOgJunGw==", "qsn7RE1KMH045/wAyIDw7A==", "ZtlPcxFiuXhGia0ZM6cNBg==", "XkiVaSOj/tcz5wNKnglN4w==", "CQNzMQJa1wEomWRr1m5WUQ==", "j2qyk9XQmGp7ssMhZKM8jg==", "mXoGTWRL/KLyEYWh5uyvXQ==", "QXekSyzWiuaI8YTxDgngHw==", "XuMP4XKeqFlYH9jgvFKXXw==", "TIcWaTRsDD52irGN4xUQyA==", "KsboTEAsiwsdLEKIDivkyA==", "BfDjqoaYrd0NKCGGxtokTg==", "Qe1reyLPtQVZ5wKqKa9jQA==", "RATpPhLUqjEbe+XxyYxOOw==", "0v5F4x1W0RxkklLvRs6NKQ==", "00cDk2w3qfvdzMbO27c/+w==", "6LazNwUBgu5kQGKPCQnaOw==", "e7h3lwyDkLbzwbeza9/TWw==", "zDmU3WG0c3AQYw7NFebUCQ==", "hxluEp8Si16NQcfaJDWcLg==", "I3vwwgMxzxWo15otCOgvAw==", "Q0D37bmhhLGtYILIAMgFXg==", "GXMpRf2go/wGEbwpp9BPPQ==", "+uMSPU5jbqI0+jsP/eX6PA==", "KB8w2g8b8sP5A8+iqhqw8A==", "h+nOQU6khNxAH7kkGqVqkQ==", "5D5WFK01Su4Lrj4hhwDYGQ==", "qug1advw8m4TjVAUPEUPiA==", "0bK7Vo3x9SXQYvDvMmgzXA==", "rO5a9fYyaqaIZ4bH0M8fdA==", "zx97OaxgXH8j+mFWesQySQ==", "JmKf//IQj2eMVJFTB1Feyw==", "DNd0sdbW83acQbIl3FDaPw==", "lHLNxD93t7uUJfmDhNwvCQ==", "6asSIEJz7ggo9QEXpbSOYg==", "YUwZZ9Cg1FloxBZV60vOCg==", "T5Nghm4crNWWnUrYvZZItg==", "vTajNh0ysqaO8NuTMU//uw==", "AwUdH/KSEhHnx1nx0tagUQ==", "kTyfGInwWoCVv7gGPYCF5g==", "X10PEbhI2yv6KYFUPacecg==", "NeZAaBfGrzLvaMKrJL7WlA==", "W0TAw6aTfwXOMlJwloDkZA==", "JD0llI0bGUOG/VBz+9LeVQ==", "6MW1lRUdNNc4s+6uD2JNvw==", "6LOgJE44rXWziB7/OMO/ig==", "aQGx6Am8fU9TZmcyiMNL4A==", "cxMZ2TEnkk6RdtuU9fDThg==", "rJljaCTiTdw1uI1lvfy+hw==", "u1caIbS4Tk6y8c7sz8Hvhw==", "w1094TrprBpG+5TZJus6FA==", "qWK7H7gz7e8gS19GJSeIIg==", "MLyBE3p9/9+LMOMl2JBi6w==", "s2uSNGuV+OyVW2eHDGWWKw==", "7AoZZiCMmvqX9d9WD62FnQ==", "7sGexlbSpX41SOBbWHg8BQ==", "HHBOKYlzeD2Busv7btyBAA==", "gGrGej/Pj6/poAgebFb+dg==", "Y6TEBwH0+CoZ50j5sQV23w==", "HSaKorahiaNwGqqE2DJSaw==", "0YVxD0vSH+0MhijemP/Jmg==", "eekbTUpqIafepE8Hfmhn6g==", "Y/6FiFNJ+h2jXNTlPOzrnQ==", "XL1Nv8y45q8aiA92A99YyA==", "qEhRdzGH44SGjJIcqcIv/g==", "g6spFzT6DoopzuQCE0pjRg==", "SvhQ7tNvl6ANrVnaJ4cBNw==", "b2xf65/2S45gOxG8Grxy0g==", "LkJjju2s50oKpBRyBT8s0A==", "2RZ3u6UmceVG9iB/xb73SA==", "2UHqEqfMIIn53NkDlDEppQ==", "6dwQWrojfQ/1hgTT2PQckg==", "+hBhqk1qKnkU+nqn6a96qg==", "jVeIQzIm92EdkbCIlGT1qA==", "6o8ui0RxMttDzkyqTDO5tg==", "kaUbMItvWrS1leJMEsAk9A==", "saK0Qxr6f3taAu0dVT0erg==", "oyvtOIVUDqm1ruQx8vhRhA==", "uDfc8ZaPfrhTGcFwVaIvAA==", "QbgvVzhz2dr5BDvAUM6wFQ==", "o8O4Ttqnv0lQfm1yyfyVsw==", "Ah03jmj/7fQOqUbg05PtZg==", "+PjI2yN4wCMPyf1oygeT5Q==", "oVgcRSL89qnSRkMXpV8N8A==", "w8af/LTYrBLWhYkZBSi2Lg==", "GfPY5zBbHJQI4ZGaDcJj2A==", "r410Z5X0yojDsVg9YVcNqQ==", "/YcdipQjiqJUDpddwhDiIw==", "l/tOmWC5BVb4or7dYqfWjA==", "Rd2hVVbUws+mcvoC7DaoiQ==", "KYv6PwzjV6/5I33cZ9LUmQ==", "3WRC4Vl08/leTJ1MFHuCEg==", "QgRg8usqYLpC2SzTmhUKsQ==", "zAQhwfD+1kpXY0CwZC6HxA==", "UBzPfwycyyJOBETwdSTG/w==", "8563iLEht/ghMGItALTFUw==", "OXr+UvfSDAQbLGP4xOBSMw==", "lz6O0nYiDpis8SScmTUuSg==", "HlOu0EmTxHkjzmJeJEuJmw==", "2sm08sXcjWtT2Gtu3CdSug==", "8efBqSZ3OYqd+nT8a21FNA==", "BS5Qx6nN3HmM64VVoKmayw==", "cMY+6QfPqyOZE380Mf5rIQ==", "BTToHfvg0weSXCH9D0acFA==", "2I/0B+uXhxpPJWXGwNGlLw==", "bACUKZThWu3kcO82NfO4eg==", "19Kvl4LS7MCiBo2cRD5fxQ==", "Ob+LJ5zYHnbjt14Yf8W7UA==", "s6kt2DqKLHgzYSGciPtGtQ==", "3Lvdmj//2sze9S8I3n8yrw==", "rR226S9SV4WbmIVotM0CsQ==", "93O9BjbBwz1jYmTNCzgkUw==", "2luu38jiVQvy6qOXHFgpAg==", "JtGggrfMckWn0xvfWBMJJQ==", "GnBCRP9H+R6do428z3nOkQ==", "QX9gQ7esz1e73iQHmwojXA==", "AIlN8RmMOvhBveVuVAyHQQ==", "qYORp6v9x0Jy6S8OKerZvw==", "1WQ/LJu/kefEuHRv58l0Lw==", "dO/rj/SVo/ZlfJAB2ajOEQ==", "tLSR0X6hQ7hvyPbBXZslBQ==", "cjoCrbQlAeGxtTPUlcMPuA==", "bh7RRRlNP555+LOFASdB0w==", "ylg3k+AtgUcIl3hJiXNMlw==", "WACsy7vAhq3GJRyxAuj7NA==", "ltryu+P4IG4b3EAJKjyGHQ==", "75kzXqx/LGJU9hkFlgdGGA==", "wQvupTbd1tnTVAWewQzJMw==", "l5eC5C4lpe8Zt0TnNwDO+g==", "uWnN7JCvikoCVXMugnDhoA==", "hMc0MDqaKmmGxo7P4SKmKg==", "wn4STzMt4ytbVHyERUyNoA==" ], "byfHs8LLvbAc+YzK8+QmXA==": [ "59oEBlU3jh6EL6gtZDUaug==", "icr9XD5DN3YDWvP3naYL+g==", "MT27FBW6q+x91HBvTyGVKQ==", "uWz4SaM79VpO4EPAy+0C8g==", "9bjl4H6CMWLL3h1g5y6i9Q==", "ija3h8P09PxwjEuLSUS2HA==", "8eY8PV83CN3R/MV2hK7XHA==", "gqWTMUdDL1db9YSLA4qpRQ==", "IrRjtVOpf04EO7iAKFAznQ==", "gJ/fF2D4AXb0sjRGNWgixw==", "wqIGHEm21/U4VCTr0VeLVw==", "GVOb0whjVXBMMGVZhZjH0g==", "3ehQjUp3PMzo2i+ZXMC7RA==", "kMB61Eclf1Qb2Suk3JRmXw==", "eoZiXVXIYF5HZwY9O+NvfQ==", "+UOyQgpOAnrWS+mVMK5k1Q==", "SWMi5UoagLshKWAW26MJTw==", "SsFE9yHqow9BNx1O4nMcCg==", "5zg9huqgOp8E89z3dxtcHg==", "V2C0OnbFKs9wiV3IrUOPew==", "VdavXNeRp4EjkXxldYSiUw==", "EXWaDNivW550gBh9Dm6gCQ==", "sJNoOKrtqJYf9M2tWcTlqg==", "8OhIIjb+vwm01NjtGgcnDw==", "vHIEJpBGkCNiUPmahPyLqQ==", "ZBDjl4GlHR5BEu3WvRQHHQ==", "Iy2V+5RC7ENxxmnS9KdBOw==", "qbsbXExNvRlblIMDPNkFzA==", "y5N73UEFT/BHwjJkVAx22A==", "juRvPdedfeoW/YVn4PBM8Q==", "WPBuKgPICmQT6PHBjmoC1A==", "cm/gvI0AVbEJW8SbZVw6fw==", "DDPdyyhkyoDS2Vq0O3We0w==", "1hhG+RKT0fsxlS/Wf/LWEA==", "4IznDha57aCNWoI0Hc828Q==", "1BGBx+ICmx9ndSR1J6c9Rw==", "SKyAPnATFclliIE0mjtq+w==", "C+2GxqMTQEZYKlJYDQE1Pg==", "OUOPFj6v5qm/F5KSXf7dVw==", "yubezWiwTBzlJyfKBBah5A==", "SYSyRuW2vXdWcXLSfRP1aQ==", "k4dDUqBohIhzwbUS8fZiCA==" ], "c+W6x4Mcea6sasJQFpayfg==": [ "ryPu/punYtMOzifbFWj3Xg==", "cr4RGJYSJM2QUssm6cAQ4w==", "XH8pWtqEhhBDhQuq+NWhvQ==" ], "c4cAHnbL6QvzxTWvSxwSUQ==": [ "Tz9Z9WUqfvL0BrLTJjlG5g==", "13Dkon5caDMIMuKn79Qskg==", "jujfK7kvNttCHbG9Y1cEjw==", "+QQwOZo/9naGhbYAyaOr+w==", "OSUAY4vX1mm91uqYY2QyKA==", "mjI/WzMYY52AQdc1No8ugQ==", "ZZYlhV9nOBPxmh+lN8Wzlg==", "WGwIYJUrzsJ4/8TTyxMGGQ==", "3UFdmogC8LxBJ8vh97CLKg==", "4ZcrBE+d85+98j2eHMpVTQ==", "C+zOyZD8CwAZei0FDIvlTA==", "qAjJcUd7scO8lHObIc+8TA==", "pLMgO5RHEs1yrujEkb226g==", "/w1B4Q4YhRhn+C15Pv2Mlg==", "Xo53LSQ1UPT3k4c2guU75Q==", "4PIM0/eLiUwExdFACTKEEw==", "zEKtVLhCQn3xgvKNhFo2bg==", "WlLXHoXR9O8Ph+uSZ6aDCg==", "LTObsRKzbMcDf7ZCch9lsA==", "CfhyOTUZXzyZ1gBqX8Jz5Q==", "ab/GKLlj0s6Lkn9DyDnUUQ==", "3A/kVsDzDDwZXdM+JpfWlA==", "uFRb2siFSROrNSaSMqsvqQ==", "2/tA0uwDqjzRb7JZP+f4Mw==", "QMVQFQxQO9E+szLpK5nZ9w==", "2usQa32fSqIDVo0qKM7RFA==", "DI7HeHo8A/itZHGTOHOQIg==", "h/OVEZRz5ndHYLHsNXXXMg==", "xxrk6qwvf/BkNdal8rz/jA==", "O7l2OQQ3NRM4VNrd4YvEaA==", "b8cX6Z3ptet250uYs1XjIQ==", "x+9X6oSMihxrE4Tni3a4Zw==", "4iFNln+X4k0SeUiw/ueLUA==", "Z5H14Z81HW+BVvKWtV5kDQ==", "Km0Kj8/PT21DcOVckLYRyA==", "U86hsRMcoSpvWp72aUJNFQ==", "8ImlkqI0B9hvKdKXJLla/w==", "/KRhrFyFO2WBBj1/Wnbnrg==", "Dp0x43cNy9IQTCa5Vb7Uyw==", "UcI2WjL14mHQYOfXIkpuzA==", "e91QDoc1m7i0h9Urg1XIuQ==", "u1EBYvwhn/Xoyt4PDy5M1A==", "kQL9cvtBFPgCA0FVlrhUBg==", "hjzu3I+m68mPWogOfZscVg==", "+DDOZxWQYsdNCtZZs4LB2w==", "bS+af0/VFTa2vHJUfxeH5g==", "SqKI5VB6698Nen4zsScUuw==", "bUleeXyDhPPtw2/S2E8kiw==", "W01A5sOetTjsV/4bYawPgA==", "sQzygdvKruRINz20KeXUpg==", "jM18i6BgFcWSycW3ixuZHw==", "qRLrD7xZAOZ93NjJgcm1Qw==", "DrIpfcclD2b0iXSNtu+I6Q==", "UTm7DZVRUmqWWBx0Js7vCA==", "9U8BTRqVPM+WCls5RolwuQ==", "c/TMKje5Txl9grWesV+S0A==", "nVEuAeNYaydUTqNE5GOm/w==", "sa5mIA5TIgDDEs7v0PwTjQ==", "sfZFr+txEQMBXhlDkKUnmw==", "lH27Z8PmZeo/EM/AegpCTA==", "9lAt/24IrVKtsskC+grSQQ==", "UjXmsuFAyS2A1LN7d6S/5w==", "5sY/WncZRmQ7FUzZZ4kBfQ==", "Ayn8XyGcXwYPR+J1PSWdHQ==", "Ec/FYvTTz4riEqnQe1G+Fw==", "HW1HxtJFrKBktMKHARGGeQ==", "yOFL3ef2F8Ux3GMySAVXxg==", "pHq3XsQe5Y157BuUHMufyg==", "0DSgRHOq1OLwMX3biKMcbA==", "Fys7cTDgnkqkKy/A1tAWPQ==", "h5U/sk69K9TcWs3P9TuKxQ==", "d1j+WeBwgxUY2DD8tjQwMA==", "0ZQtBpkFjRCvM3RNGGREDQ==", "7SyD51cUTMP7ddBSGNw3Iw==", "LKHvKuMU+ZaZN+c9jQoc8A==", "n8gOZ9FmDLirfTfnNZSfNA==", "hIHRMVndQh85jnW2uCawbw==", "RH0QKqHuyNcotxvkkCiTBA==", "2CBaGFwc5Pbj3yR6Gim3fA==", "96QbNqFHhG4RmHyIqvnk+w==", "WOIdi+BEnCeSEkfRBmj1AA==", "nfRozYKxaq/cbStnERagAQ==", "CuWE9qOLaSI+JhOsCiY03Q==", "5RT9+X+8xx3rC02gOnVsjQ==", "Bua36N02B8W4H7+P8yixkw==", "flC/+W9ll6TqBKBRm/YUiA==" ], "cGWkJkC9Qm+QCP4f8vmD+Q==": [ "cbNKZbfbJhPfPLHi6va27w==", "TEg+H5IUFEuL8/4VudXtEg==", "vdokiHWKHEv0aYbydeDs5Q==", "x5MnAXJPkWBC+zd+i08Svw==", "OJ5Ok6CMeJ8/3txCizz4cg==", "opnb226IH8+SU+iAVOx8hw==" ], "caF9WsICRhpk2jJBTv5OsQ==": [ "m94VQcvA5qigjAcL/i2L2Q==", "x4y353xwTKkgu0582Qh5wg==" ], "cj0M8yBzJA8j5tTGHOqDIw==": [ "FAoi5hf12Vg9h7NFehHyBg==", "5AQXXWGtKGeqoPkMqmVzTg==" ], "clGQ5Kq/RKZZziBln/4BLA==": [ "koaJtTt9+fGxG4OSw5hxFA==", "R9lgi90skf6A+gEQ2Lu8dg==" ], "dMY7Qly4vcBOdARECvhzxQ==": [ "ac4lX1PsJ8EE0cPV3DeA7Q==", "VVK93SGSs31Rb325qicorA==", "tbhLz74i3ShwS72WbIsoOA==", "IbhdAqkTe4EMzAhoNvBoZw==", "T6MROVROqLQIoY85LYvLww==" ], "dnA+092RxSVxmYLtbm4n5w==": [ "cH2BKUm0Ri3t0Dex4X9yvQ==", "e0/Fzu8wfMZp9zX32i9rMQ==", "n30+9otRNHBUO3IOHvF3kA==" ], "dt/eA+h8BqXPeZvbQ4xjlQ==": [ "bf41zTvm6HAv6xdiXpwGWQ==", "bpwdCug2xQZhmaazCqwIew==", "rcUIg6JYVsZx379+fVhSVg==", "3KVKKCxdWl+iCbo/o6cUCw==", "PvgbBaq86gnOp8hffKEHhQ==", "3R40oInfBrzPyywU8VZGOA==", "YgehfkOilPM31dosmRXxDA==", "cS8BJbrTN4Z2MOJCTGMR8w==", "dtQx2uUyC6Kj72i0o1bELQ==", "q7IyWv1MOsi/PXOLUGKElQ==", "iAZzrtYDqIG5uluq/FjhDA==", "zH/R3mCgsX+vslxcP7p4cg==", "Vm1exr1mz0tcpwIoZQ3ySQ==", "JAlZO0sgdy1FBW5F7Zj+Pg==", "pvtiIO9KHqFscFbvNo86Dw==", "uLJc9xWoMs4KcjASTFLV/A==", "uWvHibmfs86jbjyb5h+qpg==", "gIt1VKjk5s7zkgD1H7aLmQ==", "IEgg0w4Stl0SPUBA3ppc4w==", "L8FIUEPJFSQ6xN1TgXR/Yg==", "ezX9kOOahP0wfe4oJbRg6A==", "qvQ7cHiYiYJv4aTIPVusXA==", "jvIOr2cGPChl6X44xwkz2w==", "9ScYbT0nSftN/jrx/8pPuA==", "HrQTGWot7zXPyYbisnzShg==", "XEhX6upCFgCYuF9SSk9Iyg==", "SKOD3G/MxX5t9s/HjT+ehg==", "Xme6FM3Lt2Ob4s0txlAE5w==", "VKPJSs7Cf+zeQ6s9gNUvhw==", "sXReFixXG4Bn4+eq/AJDBA==", "o2KTVNHERxR9Fh6aLcwbCA==", "nPl1VYR04nooFy6e74yZlg==" ], "eJ5VkZHE2z3KyF5sFEKj8g==": [ "sFUeaSTxmIP9ksmZtDFy/w==" ], "eUjbBBk9e6ukjdxq7Ysc5Q==": [ "wj5w4kQEe9iH2tb9jj1wEA==", "BwQexIGmUvV9ONa+9gpe2w==", "14Etv/7765FAI8QbzsokBQ==", "lv4eSxX+AEAW88phUmOolQ==", "L7bRdQbudZhoHiefk8z45A==", "xmhlBgW9Qhx+a2k3SdfUzA==", "9RLVzTylr5Ocdbql97n+1Q==", "0Tr3QMpqaFB6S//rbJ/Onw==", "GeI10LHPuNgyyt295MOmIQ==", "bDvGK7B1/5BJREOCtiSQyw==", "C2ejCCBwa9n29Fq9gpW/sw==", "7aI+wyLEqkIPj2Wh4f1UKg==", "lppk3oI+Rm/KVCEYBGVKcg==", "dkvelc7KXIcNmlVEKWwOSg==", "y1VRnBNNx34t1XvqjEl7IQ==", "fjsXh+vV+qSWYTJhGoqerg==", "s6zRbI6E6xMFwOoLRjlPfw==", "fwXkQZwZsVuPtoAZBIG06w==", "qB1uVwi5ydv4et+JpGcenw==", "NUj8ykIgUTA27ShVMCBysA==", "+pLPiYWkQ9M+8Zi7lKlOZA==", "RDlpzaleAPnYWwZyjvoRug==", "ZC2BsE3IgWbuyuu1cz3YMQ==", "MwRbFLckfwf7ZXLrr6KBUQ==" ], "eckWZv7IBjaLZNS/vZ1gWg==": [ "h8RB92Gx2aWFJ7WtAQ4wDA==" ], "ey7Cn3NmMZ6qorZvUccGqA==": [ "/GSEB7NuV5IOBsMvXs0hOw==", "c95Jb/MAeM4/Wnq2jSIopg==", "ghVsimzHhtfG91QJVkK8Jg==", "Aet749oXCwhRnnY9gEGYGw==", "sWCyUi5vmFbqsTEOh1QQvQ==", "dNHj9TUgbfnbgJUCEellCw==", "A3ZYVQ8Z63tDAx8FSltQHw==", "JVuTqfPwohmj6ucokgM2sQ==", "GDAkupnsjiTl71rwzH5RJg==", "VEE7ccbKf4EH2dNVXOf2uA==", "7jE4UN8ZNzWXfNDZ8BZq3Q==", "DUP5ugYJi+iUbcfFxoSiig==", "T8IbBnTK2Iv5YVT88l9ngQ==", "J1cvee8xy6oZDEdA21dqEg==", "8TL7OmwuwkB+6m9uO5u62g==", "sxcy9NTxyeNn/j3K+DCTCQ==", "k6D6o9qP1X41yPQlNQ8aww==", "X4CDljJQJsftQ2RA57ftuw==", "gFgnmTqhW1tr7jmOrXQQQQ==", "XsxaedsaFYv/ys7GTRoUVw==", "Ji6OY1u39nJByKzCNwfpIw==", "1I7VtxkB33ashDX0kB4Teg==", "+doAGgTwsE0iptDdCED/aA==", "791CRjnt/pj2GXzRz2PiHg==", "gx7w+mYZCEGlSNGIkO6bLQ==", "3skSbDjTQ02+eNiFJz716g==", "J6JEqF6+PkBwS7J9B0Lefw==", "JvC/rVWSiuNeMXzeTDRZHQ==", "nuFsbkH7VzW6LS3WLhSszA==", "e1tWGyUIVU1QafO75am9CA==", "lWxwCNVjYSW4SdS9h9uKvg==", "GR80zW702W+xho6dTSNlyw==", "MEP8FBVAfPt6fwJRFfcI5w==", "+govv3Zh4UHQ+P7JiRlanw==", "tk58DmpOzYRq2tA73Zt4KA==", "2s0qmbyWNwDtt7UJcKOirQ==", "dd3EQsCq/udXJ3yVefT72Q==", "ECzeIHiPGDDmiEUQjBzFxg==", "b8ZUCmMy8tFNcjKWAPWexQ==", "3XIBdvUrBg0m5KBpdJCHaA==", "CGXPj+Vc0sEcrUqgBw+BIQ==", "ruEPtR2s2d2PTSaLwtf04g==", "PWWEgCX9dooaG7K56MMKDg==", "7FDf95fwOcyZ1YXNVDIx0A==", "Fg8qijPO2mYzPczZJG7NiQ==", "wN+C2Zg1myHVbcMR/36bqA==", "6+AE2YxwD/sq8tw4nc1qGA==", "LVK2sPVncIeKs9ALN+mPDg==", "pGkOHCsusTyFHJ/G9JGXiA==", "uOeAKP5ZyZtLLU7CjOuFcw==", "IGjKj/4HsFqLB1NtljhGnQ==", "5pINgBOJXOluBJi9rQyioQ==", "3wYf+EaP3IAW5wHFWATuaw==", "mQKKxdEERDHEVyOMhYExEw==", "kiHPM08GilYyFXQYDbdefw==", "0RLigWktH24pjgFtIwRH2A==", "bhGWI9pwDmrdv65FPEeviA==", "yzaTkDwqkUqRGFQFgsnIAA==", "JMm3XklIA2t/hFi6HmAXVg==", "wgjZroGG2ECX8FlIRRqZmw==", "roGA0nQUzXWg+M1vb3jr3g==", "xvZ+aaak6OxbCE7Nu46XhA==", "ra+5M5K0yyS4TNorJBFVYw==", "39KBEdrZX0FwGoQxYgkupQ==", "mqxlcVJc3F4dPOTEtUve1Q==", "GPyfUVX9W8Bmxm38kovI0g==", "xDXpto7iDgv1dyFWeDEVcQ==", "HT2SNCYX7dkF36jwcJ6tBg==", "WxgHh2OQ1QuZWw68VI9xSg==", "T1AEmBcJCa6ktci+apxdAg==", "L1oZ+rWwTAdhKgF16l3EEA==", "AYXw2VaylssI+NkH09HL4Q==", "QZ7uKIt3KkZJfzRLCLWsIg==", "4vS3iu8lvGukFpBFqYCdVg==", "T0HgzMn5d4x2X74gH/2z+g==", "tiE5Hgw3cKrNfJ9IvmRV7w==", "f8p5x6K3g1RRQ6ZIljxpeQ==", "ckmL8g+r8c1O3UTEaVeJgQ==", "c1lEpxuKpeMWatR0F4jVaw==", "IqAfwTRGJO3I/HkfDNLMoQ==", "mNBwoKfe9sN/pVvuupOIpQ==", "VAImfCoV0wqw11Rnggbqlw==", "0E3jDwz9OiQ7ty2SI9zDYQ==", "LBzBPjCNeeSOWXyc2o2hnQ==", "plDQVm4QhCu9lfz3pQKBFw==", "W38wbfyrQoe88ivLfgHXaA==", "EXLHkqcreyuJdfrNBsxdNw==", "scmQI6T6oitCtZW5973ovw==", "chAsSpcJWTbOWxYZ5RrJ4A==", "zBagx41pcIC7Z4HwA6qQbQ==", "bN/37R0s8WD9IOTdf9jzwA==", "wfyGNkRP1AKTpRqTPf0oQQ==", "EHm3zJn0ztZtx1t/Qo6ngA==", "iEtbVUUM9WmTLHwIzUrGAw==", "52sJHqmx5ZJcw5GfZwVEvg==", "PRErogcN/aXkh7DLlBPLlw==", "JeQmbhDl7hbl+0rcJiCpWw==", "viJWUTYaczSUI8knrOEDyQ==", "OIti7hlc3vRNRODodvPE4A==", "tVQs2LJzOpi0sAtiX4H2oQ==", "IaNq7BGSUI5KW7kcB5RXdQ==", "9HkrQyk+mvh4YcyBYw6eQg==", "/IZs3BxM2p7QaA473aqOUw==", "08D4UJe9dGHvq1NhH1rKXw==", "ezIkXhK2r/dRH2KmSwBPeA==", "ZxcJWoacxiKADUWqPITGyA==" ], "fTz/BbdjDg+PD+HvcMlQ3A==": [ "B6kRennXxnam4nW6s2O9mQ==", "N7aJA9Ztt3v7MF1iEQ71dg==", "UykJtPxmRiaRteAhKYbbOQ==", "DSmpC9N7HZQbvi76icwCgw==", "Bp0jmZLVDqekxjq/Mq7PPA==", "B6Y4wCqGGirgAxQnKrzDxQ==", "CVEVcsUTo53Dm1KwYASf/w==", "7cqLG7sQEqqh9WoHfpekpw==", "vfap0EiPsFnTW4GzZ53hcA==", "l7gfVyLrNH9qcWdXdRt9Kg==", "0mCcBHbOVq3mhrs5PZYNvA==", "7MUqmqmB2hEWys43ktPpcQ==", "obTTrP5oWTTgSGItpJqyKg==", "HtyjDn7BTHlrC40bO1Itjw==", "L0CRHbX1682QNRh65eVCrA==", "isT7miwloz6n/DNr9N8lHA==", "EwaSk27OsoNLQFoZ6FCsfw==", "oucbqlkzMDMKcvhtL5s8bg==", "xsiKeHcIwwzMLDEPFdNSFQ==", "7gOP9DIpChjY4waX+o9WXg==", "NWqPMtB06drZmdGhOgqvEA==", "Ko362Be/IvWvKgd5medxJw==", "CV6bnIgwQPKblPGXrSplMA==", "/SEhubz8W4ZKbKg2+yh86Q==", "NObEgWpn6tAdrn33X3GoKw==", "D2CamKwAHk5K+VusEH9d7Q==", "EFfUhTiwNATI8s7BT2T3xA==", "YHFFhFpG8nzfxX1O469onQ==", "hJqH5PsFQ03HT/LzTwaCXA==", "uJpX1i+k36BH7BSmiGPDBQ==", "zYJDi0K0bIQE0iPOdJilbQ==", "haYiiYG8S+76vEnaF2JX0g==", "rPECjFpzDOL0Nn2WUSH6yg==", "OlhZuHzjnGJlFRoEEZLvZw==", "BLPjiJKh0zrGI5mH+bPIGw==", "Sw8bDdvvxQW2LmbjS6B1hg==", "Bo7awcYyKS5mr2PoscvH4g==", "WHLXl098SguAfGDl/9SUeQ==", "Es53GFQ6IFbSLBefLkbOEQ==", "BbiEB28Kb+GaQAOEIfj+qQ==", "7bYXVEfvDWEIL53s8ARxGg==", "UcSRaJxHOHBFxbLpeEwTSA==", "p5Ki7Z96ChbT07EZ4WnnKg==", "ltoIfsso65jjPxRqV9UMRw==", "ERpg5QsiyVdbxyySZngvaA==", "EhcxS6FJz0RDq0+uuwuiEA==", "peuiWx2cfvlg0ej3db5p4Q==", "+YVz742I3o3v3ix+O1wb3g==", "YPUY4Y/POEizUQSOdGH26g==", "EhgsZTFIUAr2YMmtGzoFMQ==", "LczpEojKeJQxs4tAiPNubw==", "nS4rhARAcjvkSY8dJUFdOA==", "y2mXLQnvQEY7S/5iFBq5VQ==", "Hv5r2lArsZsqnS0cLJ2sfw==", "U06t0kkLaLeKpn0QxtZUSg==", "cgUuYY1sKP0jeDPr/wEn4w==", "Q/06Mcx6TVo+ZKk4ymf7TA==", "nVgNlf1p1N8UKAkTllJrCA==", "QX/cK7dAcSVwXa3qFcSUeQ==", "7czTMSwqOjLz2LigIYHAeg==", "fyE+IA6J77V4hC6QL4QCJQ==", "GVpKc+ySNcDAOMrSpk+5bQ==", "LmpJ6GJi47QcNT9dtXcmiA==", "g2+VTeiFdddqhRpToXK2Vw==", "sVTwqtGyRA8GgZdyQgXnqw==", "l8z3hCmcLYlZgxzha0zw+g==", "Zv+LSqi94387CYLrb5PiCw==", "9R8nFX27y8SI3yR7d7vH5A==", "du8AOXnNlQgdqsSZceyiaQ==", "DG5z7r6LqnKlVNwHAxeXgA==", "Zc9mVAa+SgrDGA78Zo8GIg==", "9/6RhDAFXPVo7L6QeEsy9w==", "rwX0WRiXvDcxdTv5pslgxw==", "gg092DB69lXLcZyDPZ/RtQ==", "+dqw6lT9TwTTzMp6O2vf1w==", "S2kC/8+NtHD0EdQuoPqXlg==", "Vl7X+IopOqzOWh1MyUOYCw==", "aGi0xIYQeGr5qYFMFsAN2w==", "qcGz8bluItM475eimPK89w==", "gNlF6/GdqE8VbQCfjdB0tg==", "rDRtTk3Xuv5MlaUi1WKGpA==", "7df4FOgRU0BSF6P5QJkjaQ==", "YHdZ6rml8dKQg9XmpjCrnw==", "AfEBBMV7R48kk4frVmVcAg==", "sx5ziSZauoyjmcMB827V/Q==" ], "hGxLNL3q3tYYzz2uKfKB4A==": [ "1geoBO6lBMXVRM+dfApwgw==", "iYahLjRBvYk4Zq4Nz9JtHg==", "KHHIjt6Egtc7csaIbQ3mbw==", "Hk8k4qPIhaJI1mipqA9iiw==", "xh8zszQflFXgahc/vYUUWQ==", "rG5ADP3EQcz3Qvp36Lywxw==", "0EZfEnxlowgJ1Et69rh7Fg==", "Aspz79uO5bKpApwSqMsL8A==", "TrfUjn7Hi6JPe4l/9tuyAQ==", "DKQ/Jfye0O77T1m4bCFM9A==", "te0mQBJAxCZ9Xzg2xrzQcg==", "f6muqKqBGKMbn75htgvMLQ==", "Zx7E5aKvS5JXoyQSS0VOKg==", "N4tVXpSdUCCcisq1+6WN4w==", "v/fIHXRO37U49Wniv4Yhsg==", "5xY3IHUogqpqvbFwiQURyA==", "wTqPXpGv5suIYx7xVHwxzw==", "RJziShukaon2ShF1sKdneQ==", "PDkkYuYRnbObAyDWKDapig==", "/F62/Gd7cIE4aLRbxVnfCA==", "ldTn/Q3i3BpKZ95U4mfrcQ==", "J3RGaCFhZHnCvtta/VAJIw==", "JDKdFwYwkAoUNrTYp3XIYA==", "a/YI2nxM2FSL9LuqLWCJ1A==", "Ovx/FK8kd+H6TytgRdsBFA==", "iRRK+UGfH5YqM+4LOHExpQ==" ], "hHL/OokyETnopazrev0shg==": [ "OtUtUn02ewCzaijseyEVUA==", "u6PjuomLq+nVKrTw/0Jyeg==" ], "hNv7ol5w6PGaZXktwlRWPg==": [ "uu3d3lIlYVCZwOjqoNec3g==", "e0/Fzu8wfMZp9zX32i9rMQ==", "bgJs7DKkcMwNTsh9yTDgQg==" ], "hasHd85qN7fkJeIIqjjDow==": [ "XPUXyp+BOEJyEGOgXafi8Q==", "92O2+eS3W5hGvsWPMPwTRQ==", "FecDYUjbiWlU3PuXl5vs5w==" ], "hvKbzRSMjrg1f3y/PRzGwg==": [ "pEwkPeffucbY50JSGQdERQ==", "Zn86UzCNWJIJ8FVaY91JYg==", "Z1WcJp/m0RHVikTcp3uRKA==", "+hNDIOxLd94c7zDMEtwHAQ==", "FwvyPIBVlE1fAIgwJ1H6Sw==", "gC8lb/CZmVxLK6PkYWC9cw==", "Zk3m2J10w4VuwKsJJMXB2Q==", "nAVorfcFz0ZcWPmPpZfMtg==", "31lRdk8cNY+AWoLVxQqBUw==", "eUkddiaCaFnfKmT+Sa6bPg==", "NQ+dtAZLrUPoMA29mi1Odg==", "VVUozaap6uAAqX8QCLFGyg==", "by27tPFgbmYSIGNVHDyy/w==", "z1fiDjJjV7T+4MZClzquUA==", "+KQdB1idGjEGKH9of9v/Ew==", "IDDFCE+x3YM7koS2SvW5fA==", "McWWD4LMk3xYwv1KCFcOEQ==", "X7vlygSvbngQQIjU19VnZQ==", "I53ZVLR4IycE9d0CU5r5nA==", "vLLr24Ej4L78gTG08XYkRg==", "7y5jXLyua18Srex9lNrfkQ==", "LAdEFhGjw+B+5uRqObeXiQ==", "nGijNEIOx4yiwRd2hN0uZA==", "mwpgk/i3GXoSJDpblt44zg==", "R+49XKdX2qOOaoykdLSbyw==", "mSEMDfE7dS8a+RoMfkjqhg==", "WFXV6zzHKCX8JuqtokClVw==", "NuCOPhrrauNCWs3jqnDA1A==", "Rz0KcMyzx8GC2p+YUZpHPQ==", "HqbYURF/7TaXoQPMqtdsIA==", "CYkHBvLQQf6RYY/2Qkr5gw==", "WVPPqMDSvwuthc5RexsDjg==", "XPiYSctd10AtrHxx1Yivlw==", "TwoNniaY2Urt7TF64epJXg==", "YtNpM5pykErH+UBXZABWdg==", "2TDjlt2gAEWsLyBBPigFYw==", "M293c+QguJ/aaYP3cMwfyQ==", "0E1VjQWdmolR9lr9ElIZZQ==", "Ie7rkr8oApZOM9PK2gFB6A==", "6hAQW3vY9ZA/8datv1rY4g==", "5BksN0izCeDRrtFMsNCyvg==", "mZCCwO//htsOIXazj/SeOw==", "Qr2/3ufYTxjXiJuEKM7I7w==", "T38zlL6BTag6EVZfMAMcaw==", "2Jpm8Zc5oiON+VhscwC/4w==", "jlm8MnE+Ua07hmnpXd564A==", "JVp8gcuEEeRLeKprUvrBUg==", "6XzckJlhvkdWwkN1ERVdzg==", "oEKqq2GIVwWjorWJihmJiw==", "lAFNCmDlAVSKGu2gqmWvBw==", "/VvBaUxAqtfTsAgPes9bAA==", "6+TrxTb+GrNbsX7xQgQW9Q==", "J+a2wc6cR5fLyNj39ghgVg==", "NW78+g0sKpejEre7I2lCOA==", "gPjSjC7XxsCvs5w6EQPViQ==", "f+wdQFOhBCEFYs6UTbgVcw==", "041SU8x5Wrw6mRfaRurHIg==", "hnVuaDEhxbGffMCkOiTy1A==", "/h81Nr0GSz2fO9zGO8rpYw==", "KFwkHKkJGVyJAn2RsW13sw==", "WhQSrxicq09HlEU8PxUQSQ==", "Z707rrfU/uxs1xujVpKMRA==", "DIXgPb+QqAbL75dH7f2Zww==", "V8n5VKFkjNZwkLq+W6E59g==", "WhY0uvyUG/ImjnbaewZftw==", "j/6W06GHqfn2irJJ7LDKTQ==", "mESXtMr2XIcnFGpdxMD0iA==", "Py++HyN8+aNZZa9dPe2rDQ==", "ueWEd2PE6kwBx153FL1eIA==", "269Lb6JhyjdTwif2gzpsMQ==", "gaDJ+6UMi8jegvsDECsoeg==", "UiO8eKIdcPJIKIj94tK4ug==", "CQXGvG5qF0LSGK3lgLUXJg==", "fu2viInfwA1Zq9LmALUkzg==", "pzONVbRfZmj1lkGaWtUucQ==" ], "i1yNGcAdCbK2SnebCgMUqQ==": [ "I9Xc2JiRiPWfOFS5AHY1Ww==", "gg6QYPBlPoN8zpwNyr7x6w==", "DrIVK8+yvV91OzF2CS9o5A==", "QskDoDnTSvrQeDXklM4YOw==", "pN9L6/wRgu21CuY/FfnkIA==", "ki2PMarj2WoMKDbw3+XV3A==", "QSP4YGVknCXnnhDrDAxftg==" ], "iBA/JBMmSIEGbBZDQlcuUQ==": [ "xNJWUdryH0nBQB/93HRNuw==", "hfVFht+buqTExOEVhwr1xQ==" ], "iQnKl0+RxymKc9bhVdyuyQ==": [ "zFZE1hLph4hR8T7aNvRt0w==", "FM2lHn17qlO5uIZtM+Ehmg==" ], "jADxtb7PiatU9dihVhjp/Q==": [ "XW4X9/W6MfETfE/VICA4Jw==", "fSeU4QTAs+fY+ihLpgdM9A==", "R1x4adkbkgVhxc9hzgUZcA==", "n39YhRffL6tFFAy/S18A8Q==" ], "jSOT/FBECA7xUY+Zv/Ps+Q==": [ "sxxGu02J6Xp0UskX/yPO4w==", "dwNH2KaulTKNFX+9quNpvw==", "R7XEe59RfqPZwHJmDbOyww==", "eTM7aUBt48fzJjd2YY1Kaw==", "6PfMuZGMOADiSo4Ifx0/Qw==", "+Hel9A1WiSK+ZclItesXnQ==" ], "kAc8BYCjeCgQR9YdLeGx9w==": [ "i1iqh+iGOleBv5v21I50xw==", "bJGGlc8FG/c2T93ktUh6Ig==", "LiT2UIJJCX7RQxuKZd5BaQ==", "YdpqbsRbo4xx71CiWUF39Q==", "kEe4Kuw3hXrzhJ/JDjR7wg==", "8zIRit7VqNRaBPLxL/+VAg==" ], "kMrprdB/TspYL2Dyt9hBfw==": [ "nbtTb8L4YMUxpajoNaatQg==", "XPUXyp+BOEJyEGOgXafi8Q==", "qdWe9wwJNQD9uM1J1li1Vg==" ], "kdml4TiffKDDUHJjP7R1Tg==": [ "d/522T+B/ARMNSG+3QfAWA==" ], "ki6pd/LsWsx2BY6b+Np6dQ==": [ "CacO7saUr+KLTbynVQRYzg==", "XPUXyp+BOEJyEGOgXafi8Q==", "I3Zso12Z+9mUcVEvUKWJ8w==" ], "ktHjHCegyaFGFLaqVjqkVA==": [ "cbNKZbfbJhPfPLHi6va27w==", "TEg+H5IUFEuL8/4VudXtEg==", "ugk8bc5JAs//Hgj923HTXA==", "/rGrv6ID1FHztWkSNUU0Yw==", "todSxpG0ADSu6dX8ZW+q4A==", "B/+SfhbeumQponnHheNEVg==" ], "kzHnWWgcRX/Do32aQ8TMBQ==": [ "8QRmG/+fMsQQzP2maaxOag==", "ZNESegZx5Vgpkv3OXwE5Cw==", "Mv7iQu0SgLhcoLH3nS/HZw==", "vPDXRcEg4abq9PCqTBFkAg==", "dWdVOD7SorvI9CNble8XGw==", "uILMvGS6obqeMj18FLYSbg==", "+wnQC0tYj+uyZzMNgN2bcw==", "AdhtRMEnBdpFFyeSlUP6fA==", "4comqU/5SRuDKC1qqBMlGQ==", "PPWqABLxfDDxZRPH4wfL9g==", "Ojd6gfhf5HOGBRFGRWmKOg==", "noShzkxXeZ6xaXHAA8su4g==", "I2w7mAdeccRvDV/HeaBOoA==", "QTcHwvmTXpVKkHS0xdfb9g==", "vnQE6sVVricZrrWA9Xv5RQ==", "6tML+4g9GkMhdrrSDsX4Zw==", "MGoFQMcsriBEPanvv9LYcQ==", "SmczXqxeZRCcJykxG3Abrg==", "H8XwHNDIkW12mW+y74dsdQ==", "Q2EySKz2roj2mYOhGJQA3A==", "O+a4984RTSUBIVVJsZTw1A==", "kkxgUCDqJw1GL8dK+Je2RA==", "KXAIwMyIqS4MKyyyosxjhw==" ], "lITnNJqHTfcVQiCGHjWozA==": [ "ScOp6HuJxBp54FxFpTVDnA==", "TsVNXuAeF3PhiRZhIOjjtQ==", "DtkRUkQTzcJrj8ZsC36kqQ==", "gpPTgXxcA95Uk2vaf3/2dw==", "jGwIyHTli8TFB8vvlYRLgQ==", "o16kBwzDyL2DXuhbCPWX9Q==" ], "lwkb5oxxrG7ZgPYzSyvcZQ==": [ "Daj39cn0p5rpBblQYRpPNw==", "9uo4qIbgVv97/yzslhE6/g==", "EhGXJy3ul8A4j+8SbzYCkw==", "uW/TgHSIKlO53BnXG1YZSA==", "yNIngFjcdt+ETIv0YvW+4Q==", "BXlYoXrAW947O+Adruh7Zw==", "uFR2NXYHCgkD0jUkHBTh3g==", "PJ/Blkuxb9rGhjSw0f3NrA==", "jDj44frt+6TCj0cwExt14w==", "xNOfe6PszfMbCxNEPk4FCg==", "CYbzKTdqzfhVDluEF23Dxg==", "n78TtR5pw5YtOwMk7gVGmg==", "WHMzYQNPFNnp30WX8W+gnw==", "5Prc3wgX2qu0EaSsAQiCqw==", "RHShqbO2hqcBNPYbKDg/3A==", "qFIYjZJeFnLAVC7lR0n6oQ==", "AwYRRq6SmgfJLn2NZxQUdw==", "8kndQj/aRn+NNJdGVP9v4g==", "F4WBuBnk4OQIl1a5Q4CVPg==", "jiVVTQmOtKqVixv7agF/Hg==", "8ZCpE1M7eqNdy615aO2gLQ==", "u0cs09LPRVEEfen4PHM6gA==", "DTApvRZh1HJD5XbbpU3ahw==", "pg+SRV3v3Mv4Yg+0x76+jg==", "YfE+7ocdRscmJ75uekg0tA==", "LTbAvxPwXv/MF/Dqg/sWFw==", "qPGxfT+FyuMifHo1C/aY6w==", "tKVE3VH+DixxL49Cbeit6Q==", "J1MkSCEBivWCQoYUEvHXOw==", "6E1YTgmxENPqo7FirtVNvw==", "32PT0J5usgv3laBJ37g1fA==", "S9GgHs7lpMPNDjvswObhPg==", "b9Kb4WNexa+E+t+B4ZpfRA==", "dr+z30s3mVMvpF2iMBJ7YA==", "eKKwwoH894W3Vae5kYCKtA==", "fLtdaHqvu72qO520MbPg/A==", "ETHiyyNutSsXU1p7nfcRIA==" ], "lxyER9sFQyH/cLua8fAlfw==": [ "p2+Y5XRhYt7mgZ7H+35S0w==", "/MWzwBJlhhNbF+zp0zgq+A==" ], "ly9SmBBH7WsYXh1oG69XaQ==": [ "G/EKAYKB/V29JLdsy1wFCA==" ], "mLZQEF4KLS62c+8BB/jz0Q==": [ "Q1F3DVZZ3gpMNQT3yhbiSg==", "C7VuSVoDHe6g3ERpzwYLFg==", "i6aHe7Qjo768bvS9xSorFw==", "v+qPraJNH1peMhjiTk1OgA==", "fBIyxzoMf4PtxmiD953WFg==", "8dqpgv7n5GVlIYVt/hP0Gg==" ], "mLtyJkgiain09bfdUDF0tA==": [ "4aR9t5J6YwMk5D9wZ0BV7w==" ], "mRRefE/Wm2s5CZDmwUJ8jg==": [ "1npmxgSnoYj2MyAhQMaE7g==" ], "mS/mU0XqXurt5b2cC0G2wA==": [ "tW4ew6Bpf68YpYbdwMyYGA==", "sgKxepKQb+uxgfzzrcWS7w==" ], "me8N6gnEhOLccvD/431aCw==": [ "sna4IH0E1Ui1jpzpKgnFOg==", "XPUXyp+BOEJyEGOgXafi8Q==", "bDMsFO9+dr7IgrwHxKJ/2g==" ], "mqd6XOc7hJ7OKe7FI62YlA==": [ "a5tv38r7RoeoKCznzGbyPQ==", "8WJdLrW8n72AHCvZK8pH9w==" ], "n2BikwI3Mg2dIr4kYK8New==": [ "j7yoSCks+i8LevHtgFwCwQ==" ], "nC22unSxVi1R4g6taYLM9Q==": [ "vyA1wlYQO8dho14dAhrP+g==", "1cpz1Hzz2hsR9fx5YrxP3g==" ], "nRx5HCyZ2M4L1LvJSclibw==": [ "vSLFgRYoehmDve19rxyjcw==", "gOogxiWB/WP4jrEWNQnPXA==", "6GILJqctNxTbZFPR6fLtoA==", "2vdCDySzHer9qKv7EOUGqQ==", "nF1VC5iJhTtrDBwL8mfOiw==", "SdlHZBjfHlAbNa/I1YXwQA==", "Mrux1XY1LZVvkWuUp2MCHQ==", "D5TjVz7ghGYgdoVa5+N8bw==", "fKSzg5ZVW35n1QRKSQYbUA==", "TAntNn3gBlGhX3mRHNXfWw==", "r105o04EqvvFDoXWzu0UAQ==", "jZXEa4mdIQd85t4aOIhsfA==", "Ft+9wGiX7gFQHYNS5do1oA==" ], "nUBBsXgA+QSl6Tx9eXi6Mw==": [ "DqajPgSmNnfF5+bVSuLXZQ==", "NVw9L7wf5CkACfCMTn/ArA==" ], "noZz3cbDBX3Q1ohSWIKe1g==": [ "pBJCL45M2NleSRKXAGAPTw==", "6J86dffyd+kQEKbjTTbD2Q==", "q4W6wpO2YbOLS87LUXPVBw==", "TNb7OrRxFn2Bis7zp2oi8A==", "uFXEnN9gepJ4+HtQWdLrOg==", "qMBdcJlDiWOfl15fflzyow==", "abYhvv2PIAbu240JiMWauA==", "GuM8+Ku1VtBzfPk3/FCgzw==", "0u2Zo3eZYFAXhVSIZh+vXQ==", "KC4H6WRPkYrWvXb9OC+odg==", "Ihq7mkhGM9sf/8QM05o7gw==", "Ub9JoNToSyT09hD5MOIlGA==", "uglqkYqbcsDd4SCu9NI2Ww==", "+o9j0Llb6+ISl2S6vmkRkQ==", "FAgeMhGaGcH9QOhQHw5rhQ==", "vz18/+7m2wxxY2NMQUQ6Yg==", "tEG4S6zEddB/Fl32LgLV+A==", "4K4SQ2PlDqXihbvwEXiB/w==", "CCQ15lzJdM5OqfQf0dLnJQ==", "AOVkipVLZLxGjwVCB/7mwg==", "NDTeUbmjAj/XEHx68pTD9A==", "2t1KBK7sA8rKgVHavF6SZA==", "EpmDyksRTsldGi5rxDcMlA==", "cw4W3PskPKPJZy+QzFk5bA==", "iJ/65EjB0RUIoiFFN5HgAw==", "k/2DvTn2KLL28Yuh/WFLmw==", "DPcSz1MBKzyaMMMhJWVyEA==", "i+IfpRQo89HWL/sPRoOFsw==", "3f5N5l71YgnMV/U9whrIuA==", "4n9Ikrh9k/dcuFfUsd+cxQ==", "NAN7p79skZ+eBA0xQMnnqw==", "RxmnlWamNxvphCIuarducQ==", "zwpNi+NBoVUfQ5Ed4vkNug==", "cbSiFirRdrVkpUeOLy/CjA==", "hinEteXkZ2xZbWF5lSQDEw==", "aUFq3vh1h0/30jIMgLEGbg==", "GwdBWjTMLLj14UbkCrmh/A==", "o94cfzaEslnrzBtYm19DkA==", "TCtup4kp9cBGgmnLMbI+rw==", "vWwpCPVTGndMb9IraxXgGg==", "0nQVynV3NMmwash6dBc+8Q==", "xjE2Ua1GOmdwVi+xIIGVeQ==", "eaW+XnaOzUpP/JmOZv+wCg==", "SduSwzmffGiGJfqQDrSyEA==", "QNrS4atSfp1tFVuWE/Cnqg==", "kRqkfuoNHXgeW9vp8iyzQw==", "AEXyQvL2wFfW+v4I9XmTaQ==", "obSzOBXxlQxURPk04eb+8Q==", "CrxvMdhOPgYpnOjfUKfH3Q==", "EVXEAewBnzdtEIOYHBpZfA==", "eeetX6Vv3iXNMfmjNIPkQg==", "I5CKvoKqBhFd1vY7fxFKtQ==", "rm3fF4UjNztR1JpYwTPaVg==", "PwX0RLPO5W1w6VDjSgcV8A==", "/U8Jx7SKI9t4H3q4Xm/KEQ==", "YVYIQ/H++AefhUYldlykPg==" ], "nwgNWiqPWTP9jQpHdB8CFA==": [ "c/EuG5G0xeL87UQs3yxxqQ==" ], "o0sNxhdrQvn3LtgSlydcdw==": [ "S5Dzz9cigoJDCj8s5UcT0g==" ], "o3loazzxvm2hQ5N1QRaYvg==": [ "5K1UAD5Q5lqCB0j11S6DcA==", "VDqplxSZcK9CHQ9RjGiEqQ==", "FTUrLe1XMNYvUzaxMdsWeQ==", "c0R7sQMFyTIRhp8ZTCTmlw==", "U2w6LmoqKmaGSd6IxLZGKg==", "eXNCnm2O3ulyDBrjgqgngA==", "TFku8MBahkkWbmKYS7dbIQ==", "PrCrIesi0sSvMQjPpvxecw==", "klH60uFrR0WkawaSlcOEKg==", "e0VfCD1REapdkagkByCnXQ==", "VYGbkY0i6P3tRJd9mM1wNg==", "Qbjoqw6Ot3cGOKNyQYBo4g==", "svCt47J2Zwa45xj8gn3U/w==", "NrTzMmbWyM5UeSvnQVNLOg==", "yzZzF1vLZmeTiLJMgY7W0Q==", "ixc06f0H9vqMfsbwQSwwvA==", "w8vuCHS+4au/MfXahCBARA==", "2GOqqUt4mwKng/FA0FV67w==", "U47k8+SGMpP7nHNJFxv5oA==", "LDhDJjeJTHD14xx6vYgQUQ==", "B3tKTgCVG9JSLHIgfbUFmw==", "DtYmtBkxVMK6KVHn4U+2Yw==", "mPAC5fvINjFbBEv6qTd6tQ==" ], "oCbJhi6fmGrlKcF1SlNuYw==": [ "8QRmG/+fMsQQzP2maaxOag==", "4Gs7xCHPPMrNepkQNCPnkg==", "OhQ6agVzWuY02NakmnlJmw==", "1378JmiuKDjVj7PZAMUvLg==", "WqlqRQL17MeMqdTx+SuEyw==", "YgD8tCzB10z/Jq6XOfCfgQ==", "qFhnV7djagzTbJn2rH4ndA==", "Oz/6eC07LwyvcoelwlI47w==", "Wy87cIX7luFb8A/riFwUyw==", "9Wku9APf1oJxEbcM0XqrLQ==", "HNWibMRA8AF0jyyBYQthdA==", "JMuZ2WXBBx9rW6/jTPLu0A==", "ygPqOnRCEHz9NjTVM+wIZA==", "OIcx4C9IsgtrAE0nDs9GdA==", "nxT/hl64jXfWptNxWhmDuA==", "/pWkiqt8QgDCUksSSa24UQ==", "ZiZuAbc4Tq3tBRSI53FjWg==", "13fIhbDHRYF0KXmxmJIfiA==", "/eIvRWSFFmU3q3Ki3j/gKA==", "bfa/XbakkA2/5GrUyvwSyw==", "XXYPGOxEabdavz27Qo+rWQ==", "qb5Q/H2wcR/YimCQn+AUYw==", "p4PSGpZ+FENmdQZ22vQ2FQ==" ], "oGWSEEsLb6ToIwJ1tUBkwg==": [ "0UxirvKJMj5gY8fbrSf6sA==", "l2+nQ26t0lYvVluseJErUQ==" ], "og/hyn7iqbsNsfIv/8VHFg==": [ "HveCNT+j0lknlUOFTaqgtg==", "ugAB401UYtKGrqztlPOlZA==", "LlIx9R1y9EWEYmMjr1l1rw==" ], "om/hnbn42itSjLCSeL6+2A==": [ "BBVHDYnqIwi0Vk9ZX1yGIw==", "JmAt+4wqaQRWn+7jyy1oCQ==", "QBNxNqNCcUL/GHKqOh7Fyw==" ], "p9BcHmUiqsfiDX2HpNFM5g==": [ "APh1+6yq/mlF0fXLxUkIDw==", "ymKqobod4xPivmLT/iq9oQ==", "4Oz54fEBFyAJBdTJ/p2wxA==", "OlzUZywb212kcLte3jiS3g==" ], "pc8TmjOHnExT3yvCQuGR7Q==": [ "rmKqD8ZR5vrHqnZkFulqdg==", "dKzgwwkG/spsYd8PVvrk6A==", "Ywdulqdw8k75jjL2qb8gPg==", "+81WHs4+NlxNNP8OWMLJ2g==", "81pNWZHPHOUJjusdIRcrCg==" ], "peDze6790+ubKa/8hacS+w==": [ "VNA7ljkMyeRq9SDNO9drHQ==", "DhiTSAV5nEGdAk1xkbjRsw==", "SbrfelK/hRkg8QJAv7881A==", "KhtP1/ZJ9jcZ6Whijt7vkw==", "081ZZUa7+goThe2JzRBcxw==", "r0yngP+sUJvKraMLgaaWww==", "n9h0mZrBntcdO8rut9mZew==", "lIzMhy2E3/kAp+LsQCQyCA==", "s+/PgMrbczH4dntN+Uku4A==", "walyEMfvPvVh3KXxCNA/pQ==", "Bd+yU6xHUdyyaw65uiacIw==", "oGKMWwqd8g23cJbO7k5MNA==", "Cr4I2Hcgcf8xO3Bc2/KIfA==", "4evfzAbeD7HXRBHHbDpAwA==", "8Ug8/LJbCT7/mzHPjLi21A==", "F1KNP85q9V8sONVWKuOzrw==", "Qimhraux3dZtFrPRbNJqyw==", "FcmkgsiNKCrDAJ6OFK/Y8g==", "NkAsviHzXhNrys9cILlYeQ==", "EX/jsJKUxl+Y92LbkHwIVg==", "xP/kV8YDeJxssrXaMcjXUg==", "KM3euWq+O2CS0VP936TjVg==", "vpkqaxRDIkUCRIT3f2sk6Q==", "BofAiVtqC38hX5ZAkBLTpA==", "J9wD9ZF9kAJd1nu03TllBQ==", "kHC7JlgJ1gpjDIHxKgXZuQ==", "IkLJJWoz7DjiEwkwHd9+Bw==", "v+VZolEvt4HU4yiZTpFx+Q==", "A/za5QfQmT4HYcIQ4RyCzA==", "naO+9RNjE/hIMaezFHe7IA==", "//2gjbgNV4aF0qefir+7Ng==", "CFRtSPlXDJlgi28bdADXZg==", "1qsA4RvCYZB2uDwgIo8TuQ==", "6GzxFtf19XU1Y6ySz6SgYQ==", "bklfMYFV2WKM17hKPU+5BA==", "cWbhx4ozV3Pkh4rK/phNRA==", "4PW1pGs0HJlG6XNR1xk0ZA==", "833/aZmn4g2C0czWW40RBQ==", "IDAwc/hZzIcM4IBkaUT9YA==", "fZX9tMkRg8Ij95v2HLw9Ew==", "TGjVfFW0jWP1/Slr8hCo8Q==", "o52gvb+djtuOAe8fWpXboQ==", "Ga3lVfExNl500JGwW345sQ==", "rPWZNH+en7vYfObneQGeUA==", "8dARvXsFfslEQUJNpOVqyQ==", "EahYBNc6RsapXfHOvUMG/A==", "4jKXN+o/0vyACgd6hmLCbw==", "KlFwXzVoVlebAInsnw41Qw==", "mOQ3hJyzcYBnd65M1VVdFA==", "FjluGqmW83eEOEvyKIkrSA==", "KxS2ZtWgZx0lQavGmel4Wg==", "x80ydqeeoahPQLNiV1VXvQ==", "U86r1ELAOJanBnxwrapY0g==", "YGKNwwPTf6g9pxsaSlPd0g==", "UeiYbCd+yCsmz4K385pQkQ==", "YusnUSJD47mdstk8KsgGZQ==", "cpsr/YFJ0iUNtv72fOtdjw==", "4ifTGHhVbtDPeqLwYDVyJA==", "BqzAZ5iQVHE6OkJ+a2YydQ==", "2+grY6RsLOFJVlzFN96AuQ==", "u6YfnQt98V+kYlUqAP+rFg==", "QPsg6Jr0bVMm0tr2j4YMwA==", "X5o2Qoo8DgfpPtqZ+d9MzQ==", "pENgwsqn4gloGqUZSMstFA==", "X2XVS8beM5noGWCQGlVZ6g==", "Zwyz7XImU98ApFQj0FPRmw==", "FWn8i7eSvTTcwwX8x1YMmg==", "ZAG3qysphRz8tGIp96ls9A==", "aHbxsEzv/m7Yq5sqD6BR6A==" ], "pff1wMeg2U6ebqlGIkRlMg==": [ "8QRmG/+fMsQQzP2maaxOag==", "9feM+1JJIYgC5OZCglyV3w==", "+0Id+AHw3V8pYW+ywWnP+g==", "U/ITon4/vjzN/EsZEGI38Q==", "u0i6Tc2zpzW8/pMdj7AH4w==", "9Ad5Q6DJD1JusuIjCNfUvQ==", "R1Akf7BYKFH+Usf+3IS0Cg==", "CD0KTiCn+kQ9+lGQdzy4Lw==", "fD8Z9mQCc8h27ZwElVMLmA==", "NJQIxCJu/MH10b3rWNiBVw==", "m02T5S9rBezyv/+a/R6Fkw==", "B1THb18jP+rSUaY77CvPng==", "a+77t9fGz9BxOnJlGe2W1Q==", "goLAuNZUT0caQTKiv7m0Fg==", "WLpGLJSV+lV8a0xggVfA3A==", "mBrf1Yfgr5icNwG8S0edeA==", "JZVeRC2oy93Tv6vLZpVqJQ==", "s/wLIAA4VDi9HrbyrnYgbg==", "Y2pXpR4HKVIWAZ1sDtjo8A==", "8oKavHMm8C7p1QC+rNA0zA==", "DK1x7B/vzgaKlXynN3g1KA==", "fI1ruEtJ325PbGUQKXuiVA==", "IENtFrOwfEqYX/lp+0u2Gw==" ], "ptT0YL/h24MTjTTVlPAZVg==": [ "FOhuL+ZLaAMigc1crKc/uA==", "BBVHDYnqIwi0Vk9ZX1yGIw==", "ryv0HUHLJe8DIxGNl9VAgQ==" ], "qIHoKDOcFEbVk0+xQvglbQ==": [ "3E/EPC1OcoKQToPb+efdaQ==", "VDQb6roo+zwBamxPu+hGeQ==", "/jvSCV2RwJ6c/Llx9z8uvA==", "ca+BSCGp5tEYAgJqvm8GFw==", "Sal0GJMIh5Nqb3U4N6ro0g==", "QSEpEyTM9A7rsX/qx644wQ==", "g9gU2/SbcO/F9X65zpT4Uw==", "yUucg71orzE08FiDgaKBPQ==", "PdWXJaz3tjlEOUmbSqfsDQ==", "e/EuZlSZUQTHCSl8kHuFag==", "QqK1O3FCNB9QbClJ7bZ6YA==", "B1FsL93s2G1YxIvrdDvTfg==", "+U7CyAHaY71mhNm2Xnq2uw==", "wG1iwTc5HBr1VKWUstaeHw==", "4u3exWl+MPcCOYOgbQLM+A==", "gxC5QcXnizTYqfkIqc6zTA==", "ixD2h349uZz3eCy55KxIlw==", "5amguv6OT1njd8r+RXMCQQ==", "bjyLMZdYnkrpUxDySiQ34Q==", "piA8HykwHgm/u3haFYSPzw==", "K5fLrkou5COixf2q2qhQ5Q==", "sTWSbUm1UHqZR0zHxPPV1A==", "Jrkns8qeStFRPhcitcuZ4w==", "JS9NNql9cJTDkzzfXyJzDQ==", "D7U85Qc3CYAscEzhSfT76A==", "GWKQvGJTKzyU9GiQECoFhg==", "m0VRm0XEm9FSwttsQ8QLaQ==", "j/vFtwZCr4ow5q2VPKgR9g==", "FkxoK2aSVfPglVllnxzplw==", "YCFy9R5BUcPVuUEYQkJQ4w==", "K/Jzpgc6xwHh47HFu+S8BQ==", "wh8UL6jE02MHJgululn0nA==", "y7I268PAr74OoToX85XE8w==", "TwoNniaY2Urt7TF64epJXg==", "YtNpM5pykErH+UBXZABWdg==", "2TDjlt2gAEWsLyBBPigFYw==", "M293c+QguJ/aaYP3cMwfyQ==", "0E1VjQWdmolR9lr9ElIZZQ==", "Ie7rkr8oApZOM9PK2gFB6A==", "6hAQW3vY9ZA/8datv1rY4g==", "5BksN0izCeDRrtFMsNCyvg==", "mZCCwO//htsOIXazj/SeOw==", "ZhxWQvKqBGgL77fuUQ4Ghg==", "26JRymquUeoxtDSKcKSDSg==", "ncqqUTuMttuUZ8SF9/Ywrg==", "HHpOVRDbzmY2UhydU+uwcg==", "6pBzw2YiS9JmVvplQUxl2Q==", "K12v1aAHn6bz+NiEB1W7GA==", "T507T5wFbtPlOW9lG7LxIA==", "429KD7e1Cl6AyUZNBGOTQw==", "v5GtOUp47xYv9Rr0sFi4PQ==", "7eKrcl3YwGJqhWmZNbH7Eg==", "lsfrxxENmZMCtV8uOKkr8Q==", "/+0dqY3HS0Vwp8Izm3R04Q==", "KCgZ2MK707GRfjAO2Q3SOA==", "8Ldq46rf2Z9JTBjkrtfV0g==", "3bb0a18NQSPWO0aeq9twVw==", "dkGOl+YKkRksmyjmvQ3FsA==", "WP0Zjo/ORuC7+jbSIrru8A==", "JK4fCJz1Ja5lmfE/vF5PcQ==", "fFM0zIKtKuexRqlZMkzQpg==", "EhVqWSecC9djAkoW+k/+hQ==", "PgPRtFXcN+6zuIY77w+muQ==", "uXRgwaipa8s2OMXjAf1Thg==", "u90uEyQ6vxfKeIQvjGNTHQ==", "M3xoPIiF+fvDRyYkizrMWQ==", "78ARTcr/iVbEbtXWNEyadA==", "OB9n4NdBrq+3wlcM9+90Dg==", "5IIoRCBMIgus62mGlE3F9A==", "Argl342WI7oZtgSo+p9kMA==", "l2fXal/tlhZFSzN3bmiLSg==", "Lc7NiV76Y8Ubl6+6Vgd+sw==", "xsP7BCzVmEb3+qivw8mFIQ==", "PdNX5RN9keIsqOloxy7mkg==", "Q6o565VsHFcmyuOW6jCOGw==" ], "qTTyL80F/2JUAy85WSpobg==": [ "AD3UsMwxeXvBzVWIm5l5yw==" ], "rTAf2eiAGJSR1vI+tk12zg==": [ "bOC69k4Gpn8Av1w/ra2Tdw==", "e0/Fzu8wfMZp9zX32i9rMQ==", "zmNQpHydwXFAJmLcFFYiyQ==" ], "rY/kE/V4JnxYoqV+lmc9mg==": [ "DDxCHnX+kCqcRQj9b90/cg==" ], "rkUaC636uKZYge61PN1dew==": [ "nFaODSvvA4RrGIiPJ9FjRA==", "lCd4ciOqH+xVdJTAK6erDg==" ], "ryPyL0/oZK1jJ8umBZkZBA==": [ "7+mdkcJcBwtv88RB9AcmHQ==", "ky4IJ5u2Ib7CaDmE7xOysg==" ], "szNvvFbgC3+nu7+FkWHQxA==": [ "QhESIu1eoXqoSNW7jNhlZg==", "QQ1upjXEDW7OiB4aR8O/8A==" ], "tOoZIHzytN01BRAw3es1Yg==": [ "HMF5qYGPMt4Fb5i6RtdwRA==", "tC2r7U8qVBEhU9NaT3fMVg==" ], "tsX00aIcJlVDdnN8EABj3g==": [ "EEMnwT7ARQJ+dbVETnKljw==", "SSAJUNd+iNG0Dh0JEHjSXA==" ], "u95OKK2MhRQlEYI4tmvSVQ==": [ "Qmv/HFfBCKuu6eMPjatnfw==", "e0/Fzu8wfMZp9zX32i9rMQ==", "kDZjsaAjptkThRRg1TjTRg==" ], "uXpj8krYkomg5XDZ83F2kg==": [ "qtpMNZ+V4szO/Tox+eT3Cg==", "936XDvlfcwVB/34fQscf7w==" ], "uwkXfq5VvKEldZwWOwGq4w==": [ "i3BrKsmhYf5wZYkQCBxUGw==", "/EvgSih2YVXl7ohENLMJIQ==" ], "vSRLH3asu5knZtxqOxtnwQ==": [ "e3z/W9uylzA9XCJCS6Je3A==", "869xwjsmIoG+JuVnJO5pSA==" ], "vVZXXrZNgHNmTJM7knKqAQ==": [ "MdEybCUhVKCoyI/dXRvNlA==", "e0/Fzu8wfMZp9zX32i9rMQ==", "B9qUokfV8wr0vL8EYHLo5g==" ], "vaBZgtoGX6VZtIwrD9w+EQ==": [ "Mukn5ixgUb/zb+mcMFd16Q==" ], "vtNcuXyRth8r8K/W3sfqrQ==": [ "9LiBp4nDSgt/Uyk2VD23Ig==", "tc3yI78GS4DzyIWUxAPWyg==", "yR8yQT8vjjYwY0t0RI5P5A==", "4TUE8wYBdfhOKrJqWCYBNg==", "W5SSItV7fPTUmtVkE5E9HQ==", "ITpj/wESnpXzi/8j4E382w==", "v9qMLnWqPbLz+WC1hPhb9g==", "3AbYXrLwWtddQg0NqJQudw==", "4os+HU28VQ7buZvoEKQ/kg==", "W4i+1AnMm5l6mD/A/2lJnQ==", "SSReN3l+Qu29CQbqRghmtA==", "Xms/F5NRiyBcCNuPxw8aoA==", "a8lEoliaJpwjl9bCwQSdLA==", "GMnASWjZHihDlhJdlv57Iw==", "MtOwgWyogkVoNGuQavHN8g==", "//8buewiV8gb20qv4g1cqQ==", "SJA+1v6mehbGh4JXJ2n5jA==", "gn3bQe/78AdzPhooNm1KQw==", "2No3jCnnmCwOEpCbk+TZGA==", "BDC/Jijmwb4kfsAYqG7t2Q==" ], "wXu3MDegq/TfLSbBy6aoBQ==": [ "3k2lNJd2kR3VB6gGhj547g==", "XPUXyp+BOEJyEGOgXafi8Q==", "Kqi7XT4SGpqJzglrXFbYsQ==" ], "wsc0mBnyNwrXYdpo0V+0aw==": [ "TteHTvD/qC9z9/bg4D+o8w==", "YSdK7PYtLQ7JLXu7W4mdRQ==" ], "xC2PhiBOHiQbniVjaMltjw==": [ "j7yoSCks+i8LevHtgFwCwQ==" ], "xSR/sMJIXbuFPYhZS2ZN2Q==": [ "5MqCycBYSRDsdNOzvOandQ==", "XPUXyp+BOEJyEGOgXafi8Q==", "WhaoYkvfheR7Tz30m0/IKA==" ], "xdunfqVk+0spTcWoJA7wPw==": [ "hRSnphgIhBaU8a2RyBPsuA==", "s20Tn7zOYHvK/n/K8/hWrA==", "+0pi5+jw8FdwHp5pZIVTBg==", "hHDtCxiuvJ9VSCSwnEG0Fw==" ], "y9sflCLWTaHWSSC+w8u7bQ==": [ "aOUfuyvyyWEe7Z1IZT+fGw==" ], "yLdg/zIMr1LMvkW9tAZlGw==": [ "fT2bR3Pvvu+yOGDatxsWcw==", "0tfYnYhAiMREOXyqf/1Urw==", "h8nlVtUPrGKdJF9xyffy7g==", "skjryijgaN9YVeVVq8xZmA==", "ggJq5z8YW0kySCUAGUYdXg==", "j8vL1GycOevI00+qC9aKmw==" ], "yXx0rhfj7kyXaTrxOLQSfA==": [ "T+jfDhqJcXwVQ38oWEz/6g==", "e0/Fzu8wfMZp9zX32i9rMQ==", "z/beWyrkyrQJfgGCkMIsWg==" ], "z/d/zUXK6aF2L4H7dfeSZw==": [ "j7yoSCks+i8LevHtgFwCwQ==" ], "zPYyryKVwACz98/WbfSW6w==": [ "hWXaFNGw43ZC0VkI4/s2Pw==", "jlQB8YKpspXbBoHQT0JY7A==", "YlN21JbaOAqORXBYjgJOYA==", "o/JG334q9R0nTyZD1vNw7w==", "CaVsGPkqzxcrIauiEFdPpw==", "GXObP88ZOLkWQuVeVgHh/g==" ], "zpqzIc9TY4hiXJG024jdBQ==": [ "Tz9Z9WUqfvL0BrLTJjlG5g==", "13Dkon5caDMIMuKn79Qskg==", "jujfK7kvNttCHbG9Y1cEjw==", "+QQwOZo/9naGhbYAyaOr+w==", "OSUAY4vX1mm91uqYY2QyKA==", "mjI/WzMYY52AQdc1No8ugQ==", "ZZYlhV9nOBPxmh+lN8Wzlg==", "WGwIYJUrzsJ4/8TTyxMGGQ==", "3UFdmogC8LxBJ8vh97CLKg==", "4ZcrBE+d85+98j2eHMpVTQ==", "C+zOyZD8CwAZei0FDIvlTA==", "qAjJcUd7scO8lHObIc+8TA==", "pLMgO5RHEs1yrujEkb226g==", "/w1B4Q4YhRhn+C15Pv2Mlg==", "Xo53LSQ1UPT3k4c2guU75Q==", "4PIM0/eLiUwExdFACTKEEw==", "zEKtVLhCQn3xgvKNhFo2bg==", "WlLXHoXR9O8Ph+uSZ6aDCg==", "LTObsRKzbMcDf7ZCch9lsA==", "CfhyOTUZXzyZ1gBqX8Jz5Q==", "ab/GKLlj0s6Lkn9DyDnUUQ==", "3A/kVsDzDDwZXdM+JpfWlA==", "uFRb2siFSROrNSaSMqsvqQ==", "2/tA0uwDqjzRb7JZP+f4Mw==", "QMVQFQxQO9E+szLpK5nZ9w==", "2usQa32fSqIDVo0qKM7RFA==", "3E5wmOETiTx03Y24iDJEUg==", "JeqcZQqZ6re77qRb9vpAHQ==", "dxRzT6G0UObuWf8SWujnng==", "CVNFdSU8eHIr3mZk7+SX/Q==", "iKVtZrDNXfISjmDp1xYKBQ==", "izYg2kL7sTEI8ASmlxRCdA==", "okRzJuZWda3BPI4wHU6OSg==", "xqLSmaq+0/3ps+9zoCEL9g==", "YQVoCJX8BLl6S5wPwmTGtg==", "9lqG2xu+85HJHcn8UQyZ2A==", "zRaIctSo0IHgkpOD2xBvHw==", "dT4TBdsMnRpAlGfPboRcFg==", "6otwEH3RP+2A14zXLvGXpg==", "jweM09oSTMKt4t5s2Lpg9g==", "2tFr9TQJkcgsTrNAQX0kdw==", "R/1pH8uHGa3Vo+JZ4isuOQ==", "j7ssITCzXW4N87uje7nkZg==", "6Q0Sg/Y1lskU2n7rbcxAIw==", "Lsd0oY+cRz3Y5y3+G6CYMA==", "ajN2ub+i7la5x0tiLPy3pQ==", "G1ju8KSMzz6zOg31bF5lRw==", "z+NiHm13dFQpx3ZynhKpIQ==", "bj9lurrpBxE/q4lRd2Wp7A==", "rPXe6sMC/46EZbom2R58Iw==", "Pp6wwZ+94c04WPY1/Wy+4A==", "HemNnBPTgSHasXNahNqsQg==", "6ysC6D7BSkYQ7y8vZ1O7HA==", "rDx7RcnC1Ce961LxuRo53Q==", "xEtBJoALTqnQBn0TOsRe9w==", "sWPZolO+x42N83xPk/byrw==", "NfM08djkMgc3ukqHI37OMg==", "BgLn2RypgHsjIVj0SLunZg==", "XcaHXhT/kGXPIEcG1BNy1g==", "UEW14H6J4RBSZEjpG6p4bw==", "JMtxzN1jgVs2Gwo2QsOKnQ==", "IIfJmT1yzMqBOVKMy3nlyQ==", "/HT2WOXIuvVNrzT1Wp3ntw==", "o2Jv7s2Wil4Jz6qK6599ww==", "10T7L0U8GuP9Qhz3unCqvw==", "6W4lt5SjUgXnbxNap1O0Cg==", "5gK/V8vtqDYoHf1LFdtSbA==", "h7rVfEQf7/yrRLndyq6HvA==", "GKtgrnguQJIeMtP51nnNZQ==", "00MQS+g+VNjKvRbuFWsWbQ==", "nM+XWkmaG537tz4PDM13+w==", "v6t7qJCF3xL8IO0nPwJX1g==", "IUI8ka2AYA1twZAQi4gL5Q==", "DlzGGXSItv6fZobEGaNWCA==", "IoeuDKI/vu/XCDGoDKzX3g==", "quxt3+YB7vB2VUonbp8+2g==", "VxNINARrmRd6QnZ2htNesA==", "pqvnt6puEE8VbSe1ozlTfg==", "f6S0OqBhSEfNFL2mdF01Og==", "gjn1JHWHaWtPNhKrrRINWw==", "r3htJBqpa1VO27wdQgcGyw==", "ibGOv13N1m/577Kb32wGxw==", "NeoXfJYSR9hqSpA4BJOyWQ==", "DI5ofU0JT+/wsYx2AeXNiA==", "htRPPeb7P9MNS47zhEuuaw==", "Kp6vEAyTjVJyCperHJ2MsQ==" ] }, "enrichments": {} } pod: go-component-dlsyll-on-pull-request-j8lb7-clair-scan-pod | container step-oci-attach-report: Selecting auth Using token for quay.io/redhat-appstudio-qe/group-uztv/go-component-dlsyll Attaching clair-report-amd64.json to quay.io/redhat-appstudio-qe/group-uztv/go-component-dlsyll@sha256:c053d095b5cbfcdcb81dc6c9e56b3469240fe9fb9367477d0becb289c651631d Executing: oras attach --no-tty --format go-template={{.digest}} --registry-config /home/oras/auth.json --artifact-type application/vnd.redhat.clair-report+json quay.io/redhat-appstudio-qe/group-uztv/go-component-dlsyll@sha256:c053d095b5cbfcdcb81dc6c9e56b3469240fe9fb9367477d0becb289c651631d clair-report-amd64.json:application/vnd.redhat.clair-report+json pod: go-component-dlsyll-on-pull-request-j8lb7-clair-scan-pod | container step-conftest-vulnerabilities: [ { "filename": "/tekton/home/clair-result-amd64.json", "namespace": "required_checks", "successes": 3, "warnings": [ { "msg": "Found packages with high vulnerabilities associated with RHSA fixes. Consider updating to a newer version of those packages, they may no longer be affected by the reported CVEs.", "metadata": { "details": { "description": "Vulnerabilities found: libcurl-devel-7.76.1-19.el9_1.1 (CVE-2023-38545), bsdtar-3.5.3-3.el9 (CVE-2025-5914, CVE-2026-4111, CVE-2026-4424), nodejs-libs-1:16.18.1-3.el9_1 (CVE-2023-30581, CVE-2023-32002, CVE-2023-32006, CVE-2023-32067, CVE-2023-44487, CVE-2024-22019, CVE-2024-27983, CVE-2025-23083, CVE-2025-23166, CVE-2025-3277, CVE-2025-55130, CVE-2025-55131, CVE-2025-59465, CVE-2025-6965, CVE-2026-1526, CVE-2026-1528, CVE-2026-21710, CVE-2026-2229, CVE-2026-27135), sqlite-3.34.1-6.el9_1 (CVE-2025-6965), openssl-devel-1:3.0.1-47.el9_1 (CVE-2024-12797, CVE-2025-15467), subscription-manager-1.29.30.1-1.el9_1 (CVE-2023-3899), python3-libs-3.9.14-1.el9_1.2 (CVE-2023-24329, CVE-2023-40217, CVE-2023-6597, CVE-2024-12718, CVE-2025-4138, CVE-2025-4517, CVE-2026-4519, CVE-2026-4786, CVE-2026-6100), libtiff-devel-4.4.0-5.el9_1 (CVE-2025-8176, CVE-2025-9900, CVE-2026-4775), go-srpm-macros-3.0.9-9.el9 (CVE-2025-61726, CVE-2026-25679), nodejs-full-i18n-1:16.18.1-3.el9_1 (CVE-2023-30581, CVE-2023-32002, CVE-2023-32006, CVE-2023-32067, CVE-2023-44487, CVE-2024-21892, CVE-2024-21896, CVE-2024-22017, CVE-2024-22019, CVE-2024-27983, CVE-2025-23083, CVE-2025-23166, CVE-2025-3277, CVE-2025-55130, CVE-2025-55131, CVE-2025-59465, CVE-2025-6965, CVE-2026-1526, CVE-2026-1528, CVE-2026-21710, CVE-2026-2229, CVE-2026-27135), golang-1.18.9-1.el9_1 (CVE-2023-24540, CVE-2023-29403, CVE-2023-29404, CVE-2023-29405, CVE-2023-39325, CVE-2023-44487, CVE-2023-45288, CVE-2024-1394, CVE-2024-34156, CVE-2025-22874, CVE-2025-4674, CVE-2025-61726, CVE-2025-61729, CVE-2025-61731, CVE-2025-61732, CVE-2026-25679), gnupg2-2.3.3-2.el9_0 (CVE-2025-68973), libbrotli-1.0.9-6.el9 (CVE-2025-6176), libxslt-devel-1.1.34-9.el9 (CVE-2024-55549, CVE-2025-24855), brotli-devel-1.0.9-6.el9 (CVE-2025-6176), libpng-devel-2:1.6.37-12.el9 (CVE-2025-64720, CVE-2025-65018, CVE-2025-66293, CVE-2026-25646), python3-subscription-manager-rhsm-1.29.30.1-1.el9_1 (CVE-2023-3899), libcurl-minimal-7.76.1-19.el9_1.1 (CVE-2023-38545), rsync-3.2.3-18.el9 (CVE-2024-12085), glibc-2.34-40.el9_1.1 (CVE-2023-4911, CVE-2024-2961, CVE-2024-33599), libtiff-4.4.0-5.el9_1 (CVE-2025-8176, CVE-2025-9900, CVE-2026-4775), openssl-libs-1:3.0.1-47.el9_1 (CVE-2024-12797, CVE-2025-15467), glibc-common-2.34-40.el9_1.1 (CVE-2023-4911, CVE-2024-2961, CVE-2024-33599), emacs-filesystem-1:27.2-6.el9 (CVE-2023-2491, CVE-2023-28617, CVE-2025-1244), golang-bin-1.18.9-1.el9_1 (CVE-2023-24540, CVE-2023-29403, CVE-2023-29404, CVE-2023-29405, CVE-2023-39325, CVE-2023-44487, CVE-2023-45288, CVE-2024-1394, CVE-2024-34156, CVE-2025-22874, CVE-2025-4674, CVE-2025-61726, CVE-2025-61729, CVE-2025-61731, CVE-2025-61732, CVE-2026-25679), python3-cloud-what-1.29.30.1-1.el9_1 (CVE-2023-3899), npm-1:8.19.2-1.16.18.1.3.el9_1 (CVE-2023-30581, CVE-2023-32002, CVE-2023-32006, CVE-2023-32067, CVE-2023-44487, CVE-2024-21892, CVE-2024-21896, CVE-2024-22017, CVE-2024-22019, CVE-2024-27983, CVE-2025-23083, CVE-2025-23166, CVE-2025-3277, CVE-2025-55130, CVE-2025-55131, CVE-2025-59465, CVE-2025-6965, CVE-2026-1526, CVE-2026-1528, CVE-2026-21710, CVE-2026-2229, CVE-2026-27135), openssh-8.7p1-24.el9_1 (CVE-2023-38408, CVE-2024-6387, CVE-2026-3497, CVE-2026-35385), libpng-2:1.6.37-12.el9 (CVE-2025-64720, CVE-2025-65018, CVE-2025-66293, CVE-2026-25646), glibc-langpack-en-2.34-40.el9_1.1 (CVE-2023-4911, CVE-2024-2961, CVE-2024-33599), git-core-doc-2.31.1-3.el9_1 (CVE-2023-25652, CVE-2023-29007, CVE-2024-32002, CVE-2024-32004, CVE-2025-48384, CVE-2025-48385), openssh-clients-8.7p1-24.el9_1 (CVE-2023-38408, CVE-2024-6387, CVE-2026-3497, CVE-2026-35385), libdnf-plugin-subscription-manager-1.29.30.1-1.el9_1 (CVE-2023-3899), nodejs-docs-1:16.18.1-3.el9_1 (CVE-2023-30581, CVE-2023-32002, CVE-2023-32006, CVE-2023-32067, CVE-2023-44487, CVE-2024-21892, CVE-2024-21896, CVE-2024-22017, CVE-2024-22019, CVE-2024-27983, CVE-2025-23083, CVE-2025-23166, CVE-2025-3277, CVE-2025-55130, CVE-2025-55131, CVE-2025-59465, CVE-2025-6965, CVE-2026-1526, CVE-2026-1528, CVE-2026-21710, CVE-2026-2229, CVE-2026-27135), git-2.31.1-3.el9_1 (CVE-2023-25652, CVE-2023-29007, CVE-2024-32002, CVE-2024-32004, CVE-2025-48384, CVE-2025-48385), libnghttp2-1.43.0-5.el9 (CVE-2023-44487, CVE-2026-27135), libwebp-1.2.0-3.el9 (CVE-2023-1999, CVE-2023-4863), git-core-2.31.1-3.el9_1 (CVE-2023-25652, CVE-2023-29007, CVE-2024-32002, CVE-2024-32004, CVE-2025-48384, CVE-2025-48385), expat-2.4.9-1.el9_1.1 (CVE-2025-59375), delve-1.8.3-1.el9 (CVE-2024-34156), pam-1.5.1-12.el9 (CVE-2024-10963, CVE-2025-6020, CVE-2025-8941), python3-setuptools-53.0.0-10.el9_1.1 (CVE-2024-6345), libwebp-devel-1.2.0-3.el9 (CVE-2023-1999, CVE-2023-4863), glibc-headers-2.34-40.el9_1.1 (CVE-2023-4911, CVE-2024-2961, CVE-2024-33599), openssl-1:3.0.1-47.el9_1 (CVE-2024-12797, CVE-2025-15467), python3-urllib3-1.26.5-3.el9 (CVE-2025-66418, CVE-2025-66471, CVE-2026-21441), libxslt-1.1.34-9.el9 (CVE-2024-55549, CVE-2025-24855), freetype-devel-2.10.4-9.el9 (CVE-2025-27363), go-toolset-1.18.9-1.el9_1 (CVE-2023-29403, CVE-2023-29404, CVE-2023-29405, CVE-2023-45288, CVE-2024-1394, CVE-2024-34156, CVE-2025-22874, CVE-2025-4674, CVE-2025-61726, CVE-2025-61729, CVE-2025-61731, CVE-2025-61732, CVE-2026-25679), vim-filesystem-2:8.2.2637-20.el9_1 (CVE-2026-34982), sqlite-libs-3.34.1-6.el9_1 (CVE-2025-6965), less-590-1.el9_0 (CVE-2024-32487), libeconf-0.4.1-2.el9 (CVE-2023-30079), perl-Git-2.31.1-3.el9_1 (CVE-2023-25652, CVE-2023-29007, CVE-2024-32002, CVE-2024-32004, CVE-2025-48384, CVE-2025-48385), glibc-devel-2.34-40.el9_1.1 (CVE-2023-4911, CVE-2024-2961, CVE-2024-33599), python3-setuptools-wheel-53.0.0-10.el9_1.1 (CVE-2024-6345), freetype-2.10.4-9.el9 (CVE-2025-27363), glibc-locale-source-2.34-40.el9_1.1 (CVE-2023-4911, CVE-2024-2961, CVE-2024-33599), nodejs-1:16.18.1-3.el9_1 (CVE-2023-30581, CVE-2023-32002, CVE-2023-32006, CVE-2023-32067, CVE-2023-44487, CVE-2024-21892, CVE-2024-21896, CVE-2024-22017, CVE-2024-22019, CVE-2024-27983, CVE-2025-23083, CVE-2025-23166, CVE-2025-3277, CVE-2025-55130, CVE-2025-55131, CVE-2025-59465, CVE-2025-6965, CVE-2026-1526, CVE-2026-1528, CVE-2026-21710, CVE-2026-2229, CVE-2026-27135), libpq-13.5-1.el9 (CVE-2025-1094), vim-minimal-2:8.2.2637-20.el9_1 (CVE-2026-33412, CVE-2026-34982), libpq-devel-13.5-1.el9 (CVE-2025-1094), glibc-minimal-langpack-2.34-40.el9_1.1 (CVE-2023-4911, CVE-2024-2961, CVE-2024-33599), curl-minimal-7.76.1-19.el9_1.1 (CVE-2023-38545), krb5-libs-1.19.1-24.el9_1 (CVE-2023-39975, CVE-2024-3596), libxml2-devel-2.9.13-3.el9_1 (CVE-2024-56171, CVE-2025-24928, CVE-2025-49794, CVE-2025-49796, CVE-2025-7425), glibc-gconv-extra-2.34-40.el9_1.1 (CVE-2023-4911, CVE-2024-2961, CVE-2024-33599), sqlite-devel-3.34.1-6.el9_1 (CVE-2025-6965), libarchive-3.5.3-3.el9 (CVE-2025-5914, CVE-2026-4111, CVE-2026-4424), brotli-1.0.9-6.el9 (CVE-2025-6176), golang-src-1.18.9-1.el9_1 (CVE-2023-24540, CVE-2023-29403, CVE-2023-29404, CVE-2023-29405, CVE-2023-39325, CVE-2023-44487, CVE-2023-45288, CVE-2024-1394, CVE-2024-34156, CVE-2025-22874, CVE-2025-4674, CVE-2025-61726, CVE-2025-61729, CVE-2025-61731, CVE-2025-61732, CVE-2026-25679), python3-3.9.14-1.el9_1.2 (CVE-2023-24329, CVE-2023-40217, CVE-2023-6597, CVE-2024-12718, CVE-2025-4138, CVE-2025-4517, CVE-2026-4519, CVE-2026-4786, CVE-2026-6100), libcap-2.48-8.el9 (CVE-2026-4878), libxml2-2.9.13-3.el9_1 (CVE-2024-56171, CVE-2025-24928, CVE-2025-49794, CVE-2025-49796, CVE-2025-7425)", "name": "clair_high_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 330 } }, { "msg": "Found packages with unpatched high vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: gdb-headless-10.2-10.el9 (CVE-2026-6846), golang-1.18.9-1.el9_1 (CVE-2026-27137, CVE-2026-27140, CVE-2026-32280, CVE-2026-33810), libpng-devel-2:1.6.37-12.el9 (CVE-2026-22020), rsync-3.2.3-18.el9 (CVE-2026-41035), golang-bin-1.18.9-1.el9_1 (CVE-2026-27137, CVE-2026-27140, CVE-2026-32280, CVE-2026-33810), libpng-2:1.6.37-12.el9 (CVE-2026-22020), gdb-gdbserver-10.2-10.el9 (CVE-2026-6846), gdb-10.2-10.el9 (CVE-2026-6846), go-toolset-1.18.9-1.el9_1 (CVE-2025-61726, CVE-2025-61732, CVE-2026-27137, CVE-2026-27140, CVE-2026-32280, CVE-2026-33810), gnutls-3.7.6-12.el9_0 (CVE-2026-33845, CVE-2026-33846), krb5-libs-1.19.1-24.el9_1 (CVE-2026-40356), golang-src-1.18.9-1.el9_1 (CVE-2026-27137, CVE-2026-27140, CVE-2026-32280, CVE-2026-33810)", "name": "clair_unpatched_high_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 27 } }, { "msg": "Found packages with medium vulnerabilities associated with RHSA fixes. Consider updating to a newer version of those packages, they may no longer be affected by the reported CVEs.", "metadata": { "details": { "description": "Vulnerabilities found: perl-IO-1.43-479.el9 (CVE-2023-47038, CVE-2025-40909), libX11-devel-1.7.0-7.el9 (CVE-2023-3138, CVE-2023-43785, CVE-2023-43786, CVE-2023-43787), util-linux-2.37.4-9.el9 (CVE-2025-14104), libcurl-devel-7.76.1-19.el9_1.1 (CVE-2023-23916, CVE-2023-27535, CVE-2023-27536, CVE-2023-27538, CVE-2023-28321, CVE-2023-46218, CVE-2024-2398, CVE-2025-9086), pixman-0.40.0-5.el9 (CVE-2022-44638), bsdtar-3.5.3-3.el9 (CVE-2025-25724, CVE-2026-5121), libX11-1.7.0-7.el9 (CVE-2023-3138, CVE-2023-43785, CVE-2023-43786, CVE-2023-43787), nodejs-libs-1:16.18.1-3.el9_1 (CVE-2021-35065, CVE-2022-25881, CVE-2022-4904, CVE-2023-23918, CVE-2023-23936, CVE-2023-30588, CVE-2023-30589, CVE-2023-30590, CVE-2023-31130, CVE-2023-31147, CVE-2023-32559, CVE-2024-22025, CVE-2024-27982, CVE-2024-28182, CVE-2025-22150, CVE-2025-23085, CVE-2025-31498, CVE-2025-55132, CVE-2025-59466, CVE-2026-1525, CVE-2026-1527, CVE-2026-21637, CVE-2026-21711, CVE-2026-21712, CVE-2026-21713, CVE-2026-21714, CVE-2026-21717, CVE-2026-25547, CVE-2026-2581, CVE-2026-26996, CVE-2026-27904), tar-2:1.34-6.el9_1 (CVE-2025-45582), sqlite-3.34.1-6.el9_1 (CVE-2023-7104), perl-NDBM_File-1.15-479.el9 (CVE-2023-47038, CVE-2025-40909), perl-mro-1.23-479.el9 (CVE-2023-47038, CVE-2025-40909), openssl-devel-1:3.0.1-47.el9_1 (CVE-2023-0466, CVE-2023-2650, CVE-2023-5363, CVE-2024-6119, CVE-2025-11187, CVE-2025-69419, CVE-2025-9230), python3-libs-3.9.14-1.el9_1.2 (CVE-2023-27043, CVE-2024-0450, CVE-2024-11168, CVE-2024-6232, CVE-2024-6923, CVE-2024-8088, CVE-2024-9287, CVE-2025-0938, CVE-2025-12084, CVE-2025-15366, CVE-2025-15367, CVE-2025-4330, CVE-2025-4435, CVE-2025-6069, CVE-2025-8194, CVE-2025-8291, CVE-2026-0865, CVE-2026-1299), libicu-67.1-9.el9 (CVE-2025-5222), libtiff-devel-4.4.0-5.el9_1 (CVE-2017-17095, CVE-2022-3570, CVE-2022-3597, CVE-2022-3598, CVE-2022-3599, CVE-2022-3626, CVE-2022-3627, CVE-2022-3970, CVE-2022-40090, CVE-2022-4645, CVE-2022-48281, CVE-2023-0795, CVE-2023-0796, CVE-2023-0797, CVE-2023-0798, CVE-2023-0799, CVE-2023-0800, CVE-2023-0801, CVE-2023-0802, CVE-2023-0803, CVE-2023-0804, CVE-2023-26965, CVE-2023-26966, CVE-2023-2731, CVE-2023-30086, CVE-2023-30774, CVE-2023-30775, CVE-2023-3316, CVE-2023-3576, CVE-2023-3618, CVE-2023-40745, CVE-2023-41175, CVE-2023-52355, CVE-2023-52356, CVE-2024-7006), libicu-devel-67.1-9.el9 (CVE-2025-5222), harfbuzz-2.7.4-8.el9 (CVE-2023-25193), go-srpm-macros-3.0.9-9.el9 (CVE-2025-47906), perl-lib-0.65-479.el9 (CVE-2023-47038, CVE-2025-40909), nodejs-full-i18n-1:16.18.1-3.el9_1 (CVE-2021-35065, CVE-2022-25881, CVE-2022-25883, CVE-2022-3517, CVE-2022-43548, CVE-2022-4904, CVE-2023-23918, CVE-2023-23919, CVE-2023-23936, CVE-2023-30588, CVE-2023-30589, CVE-2023-30590, CVE-2023-31130, CVE-2023-31147, CVE-2023-32559, CVE-2023-38552, CVE-2023-46809, CVE-2024-21890, CVE-2024-21891, CVE-2024-22020, CVE-2024-22025, CVE-2024-27982, CVE-2024-28182, CVE-2024-28863, CVE-2025-22150, CVE-2025-23085, CVE-2025-23167, CVE-2025-31498, CVE-2025-55132, CVE-2025-59466, CVE-2026-1525, CVE-2026-1527, CVE-2026-21637, CVE-2026-21711, CVE-2026-21712, CVE-2026-21713, CVE-2026-21714, CVE-2026-21717, CVE-2026-25547, CVE-2026-2581, CVE-2026-26996, CVE-2026-27904), systemd-pam-250-12.el9_1.3 (CVE-2023-7008, CVE-2025-4598, CVE-2026-29111), golang-1.18.9-1.el9_1 (CVE-2023-24532, CVE-2023-24534, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538, CVE-2023-24539, CVE-2023-29400, CVE-2023-29402, CVE-2023-29406, CVE-2023-29409, CVE-2023-39326, CVE-2023-45285, CVE-2023-45289, CVE-2023-45290, CVE-2024-24783, CVE-2024-24784, CVE-2024-24785, CVE-2024-24789, CVE-2024-24790, CVE-2024-24791, CVE-2024-34155, CVE-2024-34158, CVE-2024-45336, CVE-2024-9355, CVE-2025-22866, CVE-2025-22871, CVE-2025-4673, CVE-2025-47906, CVE-2025-47907, CVE-2025-58183, CVE-2025-61728, CVE-2025-68121), libgcrypt-1.10.0-8.el9_0 (CVE-2024-2236), libuuid-2.37.4-9.el9 (CVE-2025-14104), perl-FileHandle-2.03-479.el9 (CVE-2023-47038, CVE-2025-40909), perl-Errno-1.30-479.el9 (CVE-2023-47038, CVE-2025-40909), cpp-11.3.1-2.1.el9 (CVE-2020-11023), util-linux-core-2.37.4-9.el9 (CVE-2025-14104), libxslt-devel-1.1.34-9.el9 (CVE-2023-40403), libpng-devel-2:1.6.37-12.el9 (CVE-2026-22695, CVE-2026-22801), libcurl-minimal-7.76.1-19.el9_1.1 (CVE-2023-23916, CVE-2023-27535, CVE-2023-27536, CVE-2023-27538, CVE-2023-28321, CVE-2023-46218, CVE-2024-2398, CVE-2025-9086), wget-1.21.1-7.el9 (CVE-2024-38428), perl-overload-1.31-479.el9 (CVE-2023-47038, CVE-2025-40909), perl-File-Basename-2.85-479.el9 (CVE-2023-47038, CVE-2025-40909), rsync-3.2.3-18.el9 (CVE-2024-12087, CVE-2024-12088, CVE-2024-12747, CVE-2025-10158), libstdc++-11.3.1-2.1.el9 (CVE-2020-11023), glibc-2.34-40.el9_1.1 (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2024-33600, CVE-2025-0395, CVE-2025-4802, CVE-2025-5702, CVE-2025-8058, CVE-2026-0915), libtiff-4.4.0-5.el9_1 (CVE-2017-17095, CVE-2022-3570, CVE-2022-3597, CVE-2022-3598, CVE-2022-3599, CVE-2022-3626, CVE-2022-3627, CVE-2022-3970, CVE-2022-40090, CVE-2022-4645, CVE-2022-48281, CVE-2023-0795, CVE-2023-0796, CVE-2023-0797, CVE-2023-0798, CVE-2023-0799, CVE-2023-0800, CVE-2023-0801, CVE-2023-0802, CVE-2023-0803, CVE-2023-0804, CVE-2023-26965, CVE-2023-26966, CVE-2023-2731, CVE-2023-30086, CVE-2023-30774, CVE-2023-30775, CVE-2023-3316, CVE-2023-3576, CVE-2023-3618, CVE-2023-40745, CVE-2023-41175, CVE-2023-52355, CVE-2023-52356, CVE-2024-7006), openssl-libs-1:3.0.1-47.el9_1 (CVE-2023-0466, CVE-2023-2650, CVE-2023-5363, CVE-2024-6119, CVE-2025-11187, CVE-2025-69419, CVE-2025-9230), perl-overloading-0.02-479.el9 (CVE-2023-47038, CVE-2025-40909), glibc-common-2.34-40.el9_1.1 (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2024-33600, CVE-2025-0395, CVE-2025-4802, CVE-2025-5702, CVE-2025-8058), emacs-filesystem-1:27.2-6.el9 (CVE-2022-45939, CVE-2022-48337, CVE-2022-48338, CVE-2022-48339, CVE-2024-30203, CVE-2024-30204, CVE-2024-30205, CVE-2024-39331, CVE-2024-53920), golang-bin-1.18.9-1.el9_1 (CVE-2023-24532, CVE-2023-24534, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538, CVE-2023-24539, CVE-2023-29400, CVE-2023-29402, CVE-2023-29406, CVE-2023-29409, CVE-2023-39326, CVE-2023-45285, CVE-2023-45289, CVE-2023-45290, CVE-2024-24783, CVE-2024-24784, CVE-2024-24785, CVE-2024-24789, CVE-2024-24790, CVE-2024-24791, CVE-2024-34155, CVE-2024-34158, CVE-2024-45336, CVE-2024-9355, CVE-2025-22866, CVE-2025-22871, CVE-2025-4673, CVE-2025-47906, CVE-2025-47907, CVE-2025-58183, CVE-2025-61728, CVE-2025-68121), bzip2-1.0.8-8.el9 (CVE-2019-12900), rpm-build-libs-4.16.1.3-19.el9_1 (CVE-2021-35937, CVE-2021-35938, CVE-2021-35939), systemd-libs-250-12.el9_1.3 (CVE-2023-7008, CVE-2025-4598, CVE-2026-29111), perl-B-1.80-479.el9 (CVE-2023-47038, CVE-2025-40909), libXpm-3.5.13-8.el9_1 (CVE-2023-43788, CVE-2023-43789), harfbuzz-icu-2.7.4-8.el9 (CVE-2023-25193), libjpeg-turbo-devel-2.0.90-5.el9 (CVE-2021-29390, CVE-2021-46822), libblkid-devel-2.37.4-9.el9 (CVE-2025-14104), libX11-common-1.7.0-7.el9 (CVE-2023-3138, CVE-2023-43785, CVE-2023-43786, CVE-2023-43787), perl-HTTP-Tiny-0.076-460.el9 (CVE-2023-31486), npm-1:8.19.2-1.16.18.1.3.el9_1 (CVE-2021-35065, CVE-2022-25881, CVE-2022-25883, CVE-2022-3517, CVE-2022-43548, CVE-2022-4904, CVE-2023-23918, CVE-2023-23919, CVE-2023-23936, CVE-2023-30588, CVE-2023-30589, CVE-2023-30590, CVE-2023-31130, CVE-2023-31147, CVE-2023-32559, CVE-2023-38552, CVE-2023-46809, CVE-2024-21890, CVE-2024-21891, CVE-2024-22020, CVE-2024-22025, CVE-2024-27982, CVE-2024-28182, CVE-2024-28863, CVE-2025-22150, CVE-2025-23085, CVE-2025-23167, CVE-2025-31498, CVE-2025-55132, CVE-2025-59466, CVE-2026-1525, CVE-2026-21637, CVE-2026-25547, CVE-2026-26996, CVE-2026-27904), qt5-srpm-macros-5.15.3-1.el9 (CVE-2023-33285, CVE-2023-34410), dbus-1:1.12.20-7.el9_1 (CVE-2023-34969), perl-IPC-Open3-1.21-479.el9 (CVE-2023-47038, CVE-2025-40909), harfbuzz-devel-2.7.4-8.el9 (CVE-2023-25193), openssh-8.7p1-24.el9_1 (CVE-2023-25136, CVE-2023-48795, CVE-2023-51385, CVE-2024-6409, CVE-2025-26465, CVE-2025-61984, CVE-2025-61985, CVE-2026-35414), rpm-4.16.1.3-19.el9_1 (CVE-2021-35937, CVE-2021-35938, CVE-2021-35939), libpng-2:1.6.37-12.el9 (CVE-2026-22695, CVE-2026-22801), glibc-langpack-en-2.34-40.el9_1.1 (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2024-33600, CVE-2025-0395, CVE-2025-4802, CVE-2025-5702, CVE-2025-8058), gcc-11.3.1-2.1.el9 (CVE-2020-11023), git-core-doc-2.31.1-3.el9_1 (CVE-2022-24765, CVE-2022-29187, CVE-2022-39253, CVE-2022-39260, CVE-2023-22490, CVE-2023-23946, CVE-2024-32465, CVE-2024-52005, CVE-2025-27613, CVE-2025-27614), openssh-clients-8.7p1-24.el9_1 (CVE-2023-25136, CVE-2023-48795, CVE-2023-51385, CVE-2024-6409, CVE-2025-26465, CVE-2025-61984, CVE-2025-61985, CVE-2026-35414), nodejs-docs-1:16.18.1-3.el9_1 (CVE-2021-35065, CVE-2022-25881, CVE-2022-25883, CVE-2022-3517, CVE-2022-43548, CVE-2022-4904, CVE-2023-23918, CVE-2023-23919, CVE-2023-23936, CVE-2023-30588, CVE-2023-30589, CVE-2023-30590, CVE-2023-31130, CVE-2023-31147, CVE-2023-32559, CVE-2023-38552, CVE-2023-46809, CVE-2024-21890, CVE-2024-21891, CVE-2024-22020, CVE-2024-22025, CVE-2024-27982, CVE-2024-28182, CVE-2024-28863, CVE-2025-22150, CVE-2025-23085, CVE-2025-23167, CVE-2025-31498, CVE-2025-55132, CVE-2025-59466, CVE-2026-1525, CVE-2026-1527, CVE-2026-21637, CVE-2026-21711, CVE-2026-21712, CVE-2026-21713, CVE-2026-21714, CVE-2026-21717, CVE-2026-25547, CVE-2026-2581, CVE-2026-26996, CVE-2026-27904), libmount-devel-2.37.4-9.el9 (CVE-2025-14104), libstdc++-devel-11.3.1-2.1.el9 (CVE-2020-11023), python3-idna-2.10-7.el9 (CVE-2024-3651), git-2.31.1-3.el9_1 (CVE-2022-24765, CVE-2022-29187, CVE-2022-39253, CVE-2022-39260, CVE-2023-22490, CVE-2023-23946, CVE-2024-32465, CVE-2024-52005, CVE-2025-27613, CVE-2025-27614), gcc-c++-11.3.1-2.1.el9 (CVE-2020-11023), libnghttp2-1.43.0-5.el9 (CVE-2024-28182), python3-requests-2.25.1-6.el9 (CVE-2023-32681, CVE-2024-35195, CVE-2024-47081), rpm-libs-4.16.1.3-19.el9_1 (CVE-2021-35937, CVE-2021-35938, CVE-2021-35939), perl-vars-1.05-479.el9 (CVE-2023-47038, CVE-2025-40909), perl-File-Find-1.37-479.el9 (CVE-2023-47038, CVE-2025-40909), git-core-2.31.1-3.el9_1 (CVE-2022-24765, CVE-2022-29187, CVE-2022-39253, CVE-2022-39260, CVE-2023-22490, CVE-2023-23946, CVE-2024-32465, CVE-2024-52005, CVE-2025-27613, CVE-2025-27614), perl-File-stat-1.09-479.el9 (CVE-2023-47038, CVE-2025-40909), expat-2.4.9-1.el9_1.1 (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-45492, CVE-2024-50602, CVE-2024-8176), delve-1.8.3-1.el9 (CVE-2024-45336, CVE-2025-22866, CVE-2025-58183, CVE-2025-68121), pam-1.5.1-12.el9 (CVE-2024-10041, CVE-2024-22365), python3-setuptools-53.0.0-10.el9_1.1 (CVE-2025-47273), glibc-headers-2.34-40.el9_1.1 (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2024-33600, CVE-2025-0395, CVE-2025-4802, CVE-2025-5702, CVE-2025-8058), openssl-1:3.0.1-47.el9_1 (CVE-2023-0466, CVE-2023-2650, CVE-2023-5363, CVE-2024-6119, CVE-2025-11187, CVE-2025-69419, CVE-2025-9230), libgcc-11.3.1-2.1.el9 (CVE-2020-11023), libtasn1-4.16.0-8.el9_1 (CVE-2024-12133), perl-Class-Struct-0.66-479.el9 (CVE-2023-47038, CVE-2025-40909), dbus-libs-1:1.12.20-7.el9_1 (CVE-2023-34969), python3-urllib3-1.26.5-3.el9 (CVE-2023-43804, CVE-2023-45803, CVE-2024-37891), libxslt-1.1.34-9.el9 (CVE-2023-40403), glib2-devel-2.68.4-5.el9 (CVE-2024-34397, CVE-2024-52533, CVE-2025-13601, CVE-2025-4373), perl-subs-1.03-479.el9 (CVE-2023-47038, CVE-2025-40909), perl-SelectSaver-1.02-479.el9 (CVE-2023-47038, CVE-2025-40909), python3-rpm-4.16.1.3-19.el9_1 (CVE-2021-35937, CVE-2021-35938, CVE-2021-35939), libjpeg-turbo-2.0.90-5.el9 (CVE-2021-29390, CVE-2021-46822), gmp-1:6.2.0-10.el9 (CVE-2021-43618), go-toolset-1.18.9-1.el9_1 (CVE-2023-29402, CVE-2023-39326, CVE-2023-45285, CVE-2023-45289, CVE-2023-45290, CVE-2024-24783, CVE-2024-24784, CVE-2024-24785, CVE-2024-24789, CVE-2024-24790, CVE-2024-24791, CVE-2024-34155, CVE-2024-34158, CVE-2024-45336, CVE-2024-9355, CVE-2025-22866, CVE-2025-22871, CVE-2025-4673, CVE-2025-47906, CVE-2025-47907, CVE-2025-58183, CVE-2025-61728, CVE-2025-68121), perl-libs-4:5.32.1-479.el9 (CVE-2023-47038, CVE-2025-40909), dbus-common-1:1.12.20-7.el9_1 (CVE-2023-34969), gnutls-3.7.6-12.el9_0 (CVE-2023-0361, CVE-2023-5981, CVE-2024-0553, CVE-2024-0567, CVE-2024-12243, CVE-2024-28834, CVE-2024-28835, CVE-2025-14831, CVE-2025-32988, CVE-2025-32989, CVE-2025-32990, CVE-2025-6395), vim-filesystem-2:8.2.2637-20.el9_1 (CVE-2025-53905), bzip2-devel-1.0.8-8.el9 (CVE-2019-12900), rpm-sign-libs-4.16.1.3-19.el9_1 (CVE-2021-35937, CVE-2021-35938, CVE-2021-35939), sqlite-libs-3.34.1-6.el9_1 (CVE-2023-7104), perl-Getopt-Std-1.12-479.el9 (CVE-2023-47038, CVE-2025-40909), less-590-1.el9_0 (CVE-2022-46663, CVE-2022-48624), libeconf-0.4.1-2.el9 (CVE-2023-22652), perl-Git-2.31.1-3.el9_1 (CVE-2022-24765, CVE-2022-29187, CVE-2022-39253, CVE-2022-39260, CVE-2023-22490, CVE-2023-23946, CVE-2024-32465, CVE-2024-52005, CVE-2025-27613, CVE-2025-27614), libX11-xcb-1.7.0-7.el9 (CVE-2023-3138, CVE-2023-43785, CVE-2023-43786, CVE-2023-43787), libgomp-11.3.1-2.1.el9 (CVE-2020-11023), libfdisk-2.37.4-9.el9 (CVE-2025-14104), perl-Symbol-1.08-479.el9 (CVE-2023-47038, CVE-2025-40909), perl-File-Compare-1.100.600-479.el9 (CVE-2023-47038, CVE-2025-40909), perl-base-2.27-479.el9 (CVE-2023-47038, CVE-2025-40909), libblkid-2.37.4-9.el9 (CVE-2025-14104), libmount-2.37.4-9.el9 (CVE-2025-14104), glibc-devel-2.34-40.el9_1.1 (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2024-33600, CVE-2025-0395, CVE-2025-4802, CVE-2025-5702, CVE-2025-8058), bzip2-libs-1.0.8-8.el9 (CVE-2019-12900), python3-setuptools-wheel-53.0.0-10.el9_1.1 (CVE-2025-47273), glibc-locale-source-2.34-40.el9_1.1 (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2024-33600, CVE-2025-0395, CVE-2025-4802, CVE-2025-5702, CVE-2025-8058), ncurses-base-6.2-8.20210508.el9 (CVE-2023-29491), nodejs-1:16.18.1-3.el9_1 (CVE-2021-35065, CVE-2022-25881, CVE-2022-25883, CVE-2022-3517, CVE-2022-43548, CVE-2022-4904, CVE-2023-23918, CVE-2023-23919, CVE-2023-23936, CVE-2023-30588, CVE-2023-30589, CVE-2023-30590, CVE-2023-31130, CVE-2023-31147, CVE-2023-32559, CVE-2023-38552, CVE-2023-46809, CVE-2024-21890, CVE-2024-21891, CVE-2024-22020, CVE-2024-22025, CVE-2024-27982, CVE-2024-28182, CVE-2024-28863, CVE-2025-22150, CVE-2025-23085, CVE-2025-23167, CVE-2025-31498, CVE-2025-55132, CVE-2025-59466, CVE-2026-1525, CVE-2026-1527, CVE-2026-21637, CVE-2026-21711, CVE-2026-21712, CVE-2026-21713, CVE-2026-21714, CVE-2026-21717, CVE-2026-25547, CVE-2026-2581, CVE-2026-26996, CVE-2026-27904), libXpm-devel-3.5.13-8.el9_1 (CVE-2023-43788, CVE-2023-43789), dmidecode-1:3.3-7.el9 (CVE-2023-30630), libpq-13.5-1.el9 (CVE-2025-12818), systemd-rpm-macros-250-12.el9_1.3 (CVE-2023-7008, CVE-2025-4598, CVE-2026-29111), ncurses-libs-6.2-8.20210508.el9 (CVE-2023-29491), perl-POSIX-1.94-479.el9 (CVE-2023-47038, CVE-2025-40909), tpm2-tss-3.0.3-8.el9 (CVE-2023-22745), glib2-2.68.4-5.el9 (CVE-2024-34397, CVE-2024-52533, CVE-2025-13601, CVE-2025-4373), vim-minimal-2:8.2.2637-20.el9_1 (CVE-2025-53905, CVE-2026-25749, CVE-2026-28421), libpq-devel-13.5-1.el9 (CVE-2025-12818), perl-interpreter-4:5.32.1-479.el9 (CVE-2023-47038, CVE-2025-40909), perl-DynaLoader-1.47-479.el9 (CVE-2023-47038, CVE-2025-40909), glibc-minimal-langpack-2.34-40.el9_1.1 (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2024-33600, CVE-2025-0395, CVE-2025-4802, CVE-2025-5702, CVE-2025-8058), perl-AutoLoader-5.74-479.el9 (CVE-2023-47038, CVE-2025-40909), curl-minimal-7.76.1-19.el9_1.1 (CVE-2023-23916, CVE-2023-27535, CVE-2023-27536, CVE-2023-27538, CVE-2023-28321, CVE-2023-46218, CVE-2024-2398, CVE-2025-9086), perl-if-0.60.800-479.el9 (CVE-2023-47038, CVE-2025-40909), krb5-libs-1.19.1-24.el9_1 (CVE-2020-17049, CVE-2023-36054, CVE-2024-26462, CVE-2024-37370, CVE-2024-37371, CVE-2025-24528, CVE-2025-3576), libxml2-devel-2.9.13-3.el9_1 (CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2023-39615, CVE-2024-25062, CVE-2025-32414, CVE-2025-32415, CVE-2025-6021, CVE-2025-9714), libsmartcols-2.37.4-9.el9 (CVE-2025-14104), glibc-gconv-extra-2.34-40.el9_1.1 (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2024-33600, CVE-2025-0395, CVE-2025-4802, CVE-2025-5702, CVE-2025-8058), systemd-250-12.el9_1.3 (CVE-2023-7008, CVE-2025-4598, CVE-2026-29111), sqlite-devel-3.34.1-6.el9_1 (CVE-2023-7104), binutils-gold-2.35.2-24.el9 (CVE-2022-4285, CVE-2025-11083), binutils-2.35.2-24.el9 (CVE-2022-4285, CVE-2025-11083), libarchive-3.5.3-3.el9 (CVE-2025-25724, CVE-2026-5121), perl-File-Copy-2.34-479.el9 (CVE-2023-47038, CVE-2025-40909), golang-src-1.18.9-1.el9_1 (CVE-2023-24532, CVE-2023-24534, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538, CVE-2023-24539, CVE-2023-29400, CVE-2023-29402, CVE-2023-29406, CVE-2023-29409, CVE-2023-39326, CVE-2023-45285, CVE-2023-45289, CVE-2023-45290, CVE-2024-24783, CVE-2024-24784, CVE-2024-24785, CVE-2024-24789, CVE-2024-24790, CVE-2024-24791, CVE-2024-34155, CVE-2024-34158, CVE-2024-45336, CVE-2024-9355, CVE-2025-22866, CVE-2025-22871, CVE-2025-4673, CVE-2025-47906, CVE-2025-47907, CVE-2025-58183, CVE-2025-61728, CVE-2025-68121), python3-3.9.14-1.el9_1.2 (CVE-2023-27043, CVE-2024-0450, CVE-2024-11168, CVE-2024-6232, CVE-2024-6923, CVE-2024-8088, CVE-2024-9287, CVE-2025-0938, CVE-2025-12084, CVE-2025-15366, CVE-2025-15367, CVE-2025-4330, CVE-2025-4435, CVE-2025-6069, CVE-2025-8194, CVE-2025-8291, CVE-2026-0865, CVE-2026-1299), libcap-2.48-8.el9 (CVE-2023-2603), perl-Fcntl-1.13-479.el9 (CVE-2023-47038, CVE-2025-40909), ncurses-6.2-8.20210508.el9 (CVE-2023-29491), libxml2-2.9.13-3.el9_1 (CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2023-39615, CVE-2024-25062, CVE-2025-32414, CVE-2025-32415, CVE-2025-6021, CVE-2025-9714), gcc-plugin-annobin-11.3.1-2.1.el9 (CVE-2020-11023)", "name": "clair_medium_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 843 } }, { "msg": "Found packages with unpatched medium vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: libX11-devel-1.7.0-7.el9 (CVE-2022-3554), util-linux-2.37.4-9.el9 (CVE-2026-27456), libcurl-devel-7.76.1-19.el9_1.1 (CVE-2025-13034, CVE-2025-14017, CVE-2026-1965, CVE-2026-3783, CVE-2026-3784, CVE-2026-3805, CVE-2026-4873, CVE-2026-5545, CVE-2026-5773, CVE-2026-6253, CVE-2026-6429), openldap-compat-2.6.2-3.el9 (CVE-2026-22185), bsdtar-3.5.3-3.el9 (CVE-2023-30571, CVE-2025-60753, CVE-2026-4426, CVE-2026-5745), libX11-1.7.0-7.el9 (CVE-2022-3554), nodejs-libs-1:16.18.1-3.el9_1 (CVE-2021-27290, CVE-2021-3807, CVE-2022-25883, CVE-2023-38552, CVE-2023-46809, CVE-2024-24806, CVE-2025-29087, CVE-2025-59464, CVE-2025-62408, CVE-2025-64118, CVE-2025-64756, CVE-2025-7458, CVE-2026-1527, CVE-2026-21712, CVE-2026-21713, CVE-2026-21714, CVE-2026-21717, CVE-2026-25547, CVE-2026-2581, CVE-2026-27903, CVE-2026-27904, CVE-2026-33671, CVE-2026-33672, CVE-2026-33750), tar-2:1.34-6.el9_1 (CVE-2025-64118, CVE-2026-33056, CVE-2026-5704), openssl-devel-1:3.0.1-47.el9_1 (CVE-2026-28390, CVE-2026-31790), python3-libs-3.9.14-1.el9_1.2 (CVE-2025-11468, CVE-2025-12781, CVE-2025-13837, CVE-2025-15282, CVE-2025-4516, CVE-2026-0672, CVE-2026-1502, CVE-2026-3644, CVE-2026-4224, CVE-2026-5713, CVE-2026-6019), libtiff-devel-4.4.0-5.el9_1 (CVE-2023-25433, CVE-2023-25434, CVE-2023-25435, CVE-2023-3164, CVE-2023-6277, CVE-2025-61143, CVE-2025-61144, CVE-2025-61145, CVE-2025-8851), harfbuzz-2.7.4-8.el9 (CVE-2026-22693), go-srpm-macros-3.0.9-9.el9 (CVE-2024-8244, CVE-2026-32282), nodejs-full-i18n-1:16.18.1-3.el9_1 (CVE-2021-27290, CVE-2021-3807, CVE-2022-25883, CVE-2023-38552, CVE-2023-46809, CVE-2024-24806, CVE-2025-29087, CVE-2025-59464, CVE-2025-62408, CVE-2025-64118, CVE-2025-64756, CVE-2025-7458, CVE-2026-1527, CVE-2026-21712, CVE-2026-21713, CVE-2026-21714, CVE-2026-21717, CVE-2026-25547, CVE-2026-2581, CVE-2026-27903, CVE-2026-27904, CVE-2026-33671, CVE-2026-33672, CVE-2026-33750), systemd-pam-250-12.el9_1.3 (CVE-2026-4105), gdb-headless-10.2-10.el9 (CVE-2025-11081, CVE-2025-11082, CVE-2025-11083, CVE-2025-5245, CVE-2026-4647, CVE-2026-6844, CVE-2026-6845), golang-1.18.9-1.el9_1 (CVE-2021-3115, CVE-2021-42574, CVE-2023-39323, CVE-2025-22870, CVE-2025-22873, CVE-2025-47912, CVE-2025-58190, CVE-2025-61724, CVE-2025-61727, CVE-2025-68119, CVE-2026-27142, CVE-2026-27143, CVE-2026-27144, CVE-2026-32281, CVE-2026-32282, CVE-2026-32288, CVE-2026-32289, CVE-2026-33809, CVE-2026-33812, CVE-2026-6993), libgcrypt-1.10.0-8.el9_0 (CVE-2026-41989), libuuid-2.37.4-9.el9 (CVE-2026-27456), xz-libs-5.2.5-8.el9_0 (CVE-2026-34743), gnupg2-2.3.3-2.el9_0 (CVE-2025-68972), util-linux-core-2.37.4-9.el9 (CVE-2026-27456), libxslt-devel-1.1.34-9.el9 (CVE-2025-10911), libpng-devel-2:1.6.37-12.el9 (CVE-2025-28164, CVE-2025-64505, CVE-2025-64506, CVE-2026-33416, CVE-2026-33636, CVE-2026-34757), libcurl-minimal-7.76.1-19.el9_1.1 (CVE-2025-13034, CVE-2025-14017, CVE-2026-1965, CVE-2026-3783, CVE-2026-3784, CVE-2026-3805, CVE-2026-4873, CVE-2026-5545, CVE-2026-5773, CVE-2026-6253, CVE-2026-6429), wget-1.21.1-7.el9 (CVE-2021-31879, CVE-2024-10524), rsync-3.2.3-18.el9 (CVE-2024-12086), glibc-2.34-40.el9_1.1 (CVE-2026-4046, CVE-2026-4437, CVE-2026-5435, CVE-2026-5450, CVE-2026-5928), libtiff-4.4.0-5.el9_1 (CVE-2023-25433, CVE-2023-25434, CVE-2023-25435, CVE-2023-3164, CVE-2023-6277, CVE-2025-61143, CVE-2025-61144, CVE-2025-61145, CVE-2025-8851), openssl-libs-1:3.0.1-47.el9_1 (CVE-2026-28390, CVE-2026-31790), glibc-common-2.34-40.el9_1.1 (CVE-2026-4046, CVE-2026-4437, CVE-2026-5435, CVE-2026-5450, CVE-2026-5928), golang-bin-1.18.9-1.el9_1 (CVE-2021-3115, CVE-2021-42574, CVE-2023-39323, CVE-2025-22870, CVE-2025-22873, CVE-2025-47912, CVE-2025-58190, CVE-2025-61724, CVE-2025-61727, CVE-2025-68119, CVE-2026-27142, CVE-2026-27143, CVE-2026-27144, CVE-2026-32281, CVE-2026-32282, CVE-2026-32288, CVE-2026-32289, CVE-2026-33809, CVE-2026-33812, CVE-2026-6993), systemd-libs-250-12.el9_1.3 (CVE-2026-4105), harfbuzz-icu-2.7.4-8.el9 (CVE-2026-22693), libblkid-devel-2.37.4-9.el9 (CVE-2026-27456), libX11-common-1.7.0-7.el9 (CVE-2022-3554), npm-1:8.19.2-1.16.18.1.3.el9_1 (CVE-2021-27290, CVE-2021-3807, CVE-2022-25883, CVE-2023-38552, CVE-2023-46809, CVE-2024-24806, CVE-2025-29087, CVE-2025-59464, CVE-2025-62408, CVE-2025-64118, CVE-2025-64756, CVE-2025-7458, CVE-2026-1527, CVE-2026-21712, CVE-2026-21713, CVE-2026-21714, CVE-2026-21717, CVE-2026-25547, CVE-2026-2581, CVE-2026-27903, CVE-2026-27904, CVE-2026-33671, CVE-2026-33672, CVE-2026-33750), qt5-srpm-macros-5.15.3-1.el9 (CVE-2021-38593, CVE-2023-24607, CVE-2025-5683), harfbuzz-devel-2.7.4-8.el9 (CVE-2026-22693), openssh-8.7p1-24.el9_1 (CVE-2023-51767, CVE-2025-32728), libpng-2:1.6.37-12.el9 (CVE-2025-28164, CVE-2025-64505, CVE-2025-64506, CVE-2026-33416, CVE-2026-33636, CVE-2026-34757), glibc-langpack-en-2.34-40.el9_1.1 (CVE-2026-4046, CVE-2026-4437, CVE-2026-5435, CVE-2026-5450, CVE-2026-5928), git-core-doc-2.31.1-3.el9_1 (CVE-2025-48386), openssh-clients-8.7p1-24.el9_1 (CVE-2023-51767, CVE-2025-32728), nodejs-docs-1:16.18.1-3.el9_1 (CVE-2021-27290, CVE-2021-3807, CVE-2022-25883, CVE-2023-38552, CVE-2023-46809, CVE-2024-24806, CVE-2025-29087, CVE-2025-59464, CVE-2025-62408, CVE-2025-64118, CVE-2025-64756, CVE-2025-7458, CVE-2026-1527, CVE-2026-21712, CVE-2026-21713, CVE-2026-21714, CVE-2026-21717, CVE-2026-25547, CVE-2026-2581, CVE-2026-27903, CVE-2026-27904, CVE-2026-33671, CVE-2026-33672, CVE-2026-33750), libmount-devel-2.37.4-9.el9 (CVE-2026-27456), git-2.31.1-3.el9_1 (CVE-2025-48386), git-core-2.31.1-3.el9_1 (CVE-2025-48386), expat-2.4.9-1.el9_1.1 (CVE-2026-32776, CVE-2026-32777, CVE-2026-32778), glibc-headers-2.34-40.el9_1.1 (CVE-2026-4046, CVE-2026-4437, CVE-2026-5435, CVE-2026-5450, CVE-2026-5928), openssl-1:3.0.1-47.el9_1 (CVE-2026-28390, CVE-2026-31790), openldap-2.6.2-3.el9 (CVE-2026-22185), gdb-gdbserver-10.2-10.el9 (CVE-2025-11081, CVE-2025-11082, CVE-2025-11083, CVE-2025-5245, CVE-2026-4647, CVE-2026-6844, CVE-2026-6845), libxslt-1.1.34-9.el9 (CVE-2025-10911), glib2-devel-2.68.4-5.el9 (CVE-2025-14087, CVE-2025-14512, CVE-2026-1484, CVE-2026-1489), freetype-devel-2.10.4-9.el9 (CVE-2026-23865), gdb-10.2-10.el9 (CVE-2025-11081, CVE-2025-11082, CVE-2025-11083, CVE-2025-5245, CVE-2026-4647, CVE-2026-6844, CVE-2026-6845), go-toolset-1.18.9-1.el9_1 (CVE-2020-28362, CVE-2021-3115, CVE-2021-42574, CVE-2022-1705, CVE-2022-1962, CVE-2022-28131, CVE-2022-30630, CVE-2022-30631, CVE-2022-30632, CVE-2022-30633, CVE-2022-30635, CVE-2022-32148, CVE-2023-39323, CVE-2025-22870, CVE-2025-22873, CVE-2025-47912, CVE-2025-58190, CVE-2025-61724, CVE-2025-61727, CVE-2025-61728, CVE-2025-68119, CVE-2025-68121, CVE-2026-27142, CVE-2026-27143, CVE-2026-27144, CVE-2026-32281, CVE-2026-32282, CVE-2026-32288, CVE-2026-32289, CVE-2026-33809, CVE-2026-33812, CVE-2026-6993), gnutls-3.7.6-12.el9_0 (CVE-2026-3833), vim-filesystem-2:8.2.2637-20.el9_1 (CVE-2025-29768, CVE-2026-28418, CVE-2026-28419, CVE-2026-28420, CVE-2026-35177, CVE-2026-39881, CVE-2026-41411), xz-5.2.5-8.el9_0 (CVE-2026-34743), perl-Git-2.31.1-3.el9_1 (CVE-2025-48386), libX11-xcb-1.7.0-7.el9 (CVE-2022-3554), coreutils-single-8.32-32.el9 (CVE-2025-5278), libfdisk-2.37.4-9.el9 (CVE-2026-27456), libblkid-2.37.4-9.el9 (CVE-2026-27456), libmount-2.37.4-9.el9 (CVE-2026-27456), glibc-devel-2.34-40.el9_1.1 (CVE-2026-4046, CVE-2026-4437, CVE-2026-5435, CVE-2026-5450, CVE-2026-5928), freetype-2.10.4-9.el9 (CVE-2026-23865), xz-devel-5.2.5-8.el9_0 (CVE-2026-34743), glibc-locale-source-2.34-40.el9_1.1 (CVE-2026-4046, CVE-2026-4437, CVE-2026-5435, CVE-2026-5450, CVE-2026-5928), nodejs-1:16.18.1-3.el9_1 (CVE-2021-27290, CVE-2021-3807, CVE-2022-25883, CVE-2023-38552, CVE-2023-46809, CVE-2024-24806, CVE-2025-29087, CVE-2025-59464, CVE-2025-62408, CVE-2025-64118, CVE-2025-64756, CVE-2025-7458, CVE-2026-1527, CVE-2026-21712, CVE-2026-21713, CVE-2026-21714, CVE-2026-21717, CVE-2026-25547, CVE-2026-2581, CVE-2026-27903, CVE-2026-27904, CVE-2026-33671, CVE-2026-33672, CVE-2026-33750), libpq-13.5-1.el9 (CVE-2025-4207), systemd-rpm-macros-250-12.el9_1.3 (CVE-2026-4105), python3-pip-wheel-21.2.3-6.el9 (CVE-2023-45803, CVE-2025-50181, CVE-2025-50182, CVE-2026-25645, CVE-2026-32284), tpm2-tss-3.0.3-8.el9 (CVE-2024-29040), glib2-2.68.4-5.el9 (CVE-2025-14087, CVE-2025-14512, CVE-2026-1484, CVE-2026-1489), vim-minimal-2:8.2.2637-20.el9_1 (CVE-2025-29768, CVE-2026-28418, CVE-2026-28419, CVE-2026-28420, CVE-2026-35177, CVE-2026-39881, CVE-2026-41411), llvm-libs-14.0.6-1.el9 (CVE-2026-27903), libpq-devel-13.5-1.el9 (CVE-2025-4207), glibc-minimal-langpack-2.34-40.el9_1.1 (CVE-2026-4046, CVE-2026-4437, CVE-2026-5435, CVE-2026-5450, CVE-2026-5928), curl-minimal-7.76.1-19.el9_1.1 (CVE-2025-13034, CVE-2025-14017, CVE-2026-1965, CVE-2026-3783, CVE-2026-3784, CVE-2026-3805, CVE-2026-4873, CVE-2026-5545, CVE-2026-5773, CVE-2026-6253, CVE-2026-6429), krb5-libs-1.19.1-24.el9_1 (CVE-2026-40355), libxml2-devel-2.9.13-3.el9_1 (CVE-2026-0990, CVE-2026-1757, CVE-2026-6732), libsmartcols-2.37.4-9.el9 (CVE-2026-27456), glibc-gconv-extra-2.34-40.el9_1.1 (CVE-2026-4046, CVE-2026-4437, CVE-2026-5435, CVE-2026-5450, CVE-2026-5928), systemd-250-12.el9_1.3 (CVE-2026-4105), binutils-gold-2.35.2-24.el9 (CVE-2021-20197, CVE-2021-45078, CVE-2025-11081, CVE-2025-11082, CVE-2025-5245, CVE-2025-7545, CVE-2026-4647, CVE-2026-6844, CVE-2026-6845), binutils-2.35.2-24.el9 (CVE-2021-20197, CVE-2021-45078, CVE-2025-11081, CVE-2025-11082, CVE-2025-5245, CVE-2025-7545, CVE-2026-4647, CVE-2026-6844, CVE-2026-6845), libarchive-3.5.3-3.el9 (CVE-2023-30571, CVE-2025-60753, CVE-2026-4426, CVE-2026-5745), golang-src-1.18.9-1.el9_1 (CVE-2021-3115, CVE-2021-42574, CVE-2023-39323, CVE-2025-22870, CVE-2025-22873, CVE-2025-47912, CVE-2025-58190, CVE-2025-61724, CVE-2025-61727, CVE-2025-68119, CVE-2026-27142, CVE-2026-27143, CVE-2026-27144, CVE-2026-32281, CVE-2026-32282, CVE-2026-32288, CVE-2026-32289, CVE-2026-33809, CVE-2026-33812, CVE-2026-6993), python3-3.9.14-1.el9_1.2 (CVE-2025-11468, CVE-2025-12781, CVE-2025-13837, CVE-2025-15282, CVE-2025-4516, CVE-2026-0672, CVE-2026-1502, CVE-2026-3644, CVE-2026-4224, CVE-2026-5713, CVE-2026-6019), libxml2-2.9.13-3.el9_1 (CVE-2026-0990, CVE-2026-1757, CVE-2026-6732)", "name": "clair_unpatched_medium_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 483 } }, { "msg": "Found packages with low/negligible vulnerabilities associated with RHSA fixes. Consider updating to a newer version of those packages, they may no longer be affected by the reported CVEs.", "metadata": { "details": { "description": "Vulnerabilities found: libcurl-devel-7.76.1-19.el9_1.1 (CVE-2022-35252, CVE-2022-43552, CVE-2023-27533, CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), bsdtar-3.5.3-3.el9 (CVE-2022-36227), procps-ng-3.3.17-8.el9 (CVE-2023-4016), nodejs-libs-1:16.18.1-3.el9_1 (CVE-2023-23920, CVE-2023-24807, CVE-2023-31124, CVE-2024-25629, CVE-2025-23165, CVE-2026-21715, CVE-2026-21716), openssl-devel-1:3.0.1-47.el9_1 (CVE-2022-3358, CVE-2023-0464, CVE-2023-0465, CVE-2023-1255, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2023-6129, CVE-2023-6237, CVE-2024-0727, CVE-2024-2511, CVE-2024-4603, CVE-2024-4741, CVE-2024-5535, CVE-2025-15468, CVE-2025-15469, CVE-2025-66199, CVE-2025-68160, CVE-2025-69418, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796), python3-libs-3.9.14-1.el9_1.2 (CVE-2024-0397, CVE-2024-4032, CVE-2024-5642, CVE-2024-7592, CVE-2025-6075), libtiff-devel-4.4.0-5.el9_1 (CVE-2023-6228), nodejs-full-i18n-1:16.18.1-3.el9_1 (CVE-2023-23920, CVE-2023-24807, CVE-2023-31124, CVE-2023-39333, CVE-2023-45143, CVE-2024-22018, CVE-2024-25629, CVE-2024-36137, CVE-2025-23165, CVE-2026-21715, CVE-2026-21716), gdb-headless-10.2-10.el9 (CVE-2021-3826), golang-1.18.9-1.el9_1 (CVE-2024-45341), libcurl-minimal-7.76.1-19.el9_1.1 (CVE-2022-35252, CVE-2022-43552, CVE-2023-27533, CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), glibc-2.34-40.el9_1.1 (CVE-2024-33601, CVE-2024-33602, CVE-2025-15281, CVE-2026-0861), lua-libs-5.4.4-2.el9_1 (CVE-2022-28805), libtiff-4.4.0-5.el9_1 (CVE-2023-6228), openssl-libs-1:3.0.1-47.el9_1 (CVE-2022-3358, CVE-2023-0464, CVE-2023-0465, CVE-2023-1255, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2023-6129, CVE-2023-6237, CVE-2024-0727, CVE-2024-2511, CVE-2024-4603, CVE-2024-4741, CVE-2024-5535, CVE-2025-15468, CVE-2025-15469, CVE-2025-66199, CVE-2025-68160, CVE-2025-69418, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796), file-5.39-10.el9 (CVE-2022-48554), glibc-common-2.34-40.el9_1.1 (CVE-2024-33601, CVE-2024-33602), golang-bin-1.18.9-1.el9_1 (CVE-2024-45341), npm-1:8.19.2-1.16.18.1.3.el9_1 (CVE-2023-23920, CVE-2023-24807, CVE-2023-31124, CVE-2023-39333, CVE-2023-45143, CVE-2024-22018, CVE-2024-25629, CVE-2024-36137, CVE-2025-23165), qt5-srpm-macros-5.15.3-1.el9 (CVE-2023-32573), openssh-8.7p1-24.el9_1 (CVE-2026-35386, CVE-2026-35387, CVE-2026-35388), glibc-langpack-en-2.34-40.el9_1.1 (CVE-2024-33601, CVE-2024-33602), git-core-doc-2.31.1-3.el9_1 (CVE-2023-25815, CVE-2024-32020, CVE-2024-32021, CVE-2024-50349, CVE-2024-52006, CVE-2025-46835), openssh-clients-8.7p1-24.el9_1 (CVE-2026-35386, CVE-2026-35387, CVE-2026-35388), nodejs-docs-1:16.18.1-3.el9_1 (CVE-2023-23920, CVE-2023-24807, CVE-2023-31124, CVE-2023-39333, CVE-2023-45143, CVE-2024-22018, CVE-2024-25629, CVE-2024-36137, CVE-2025-23165, CVE-2026-21715, CVE-2026-21716), git-2.31.1-3.el9_1 (CVE-2023-25815, CVE-2024-32020, CVE-2024-32021, CVE-2024-50349, CVE-2024-52006, CVE-2025-46835), git-core-2.31.1-3.el9_1 (CVE-2023-25815, CVE-2024-32020, CVE-2024-32021, CVE-2024-50349, CVE-2024-52006, CVE-2025-46835), shadow-utils-2:4.9-5.el9 (CVE-2023-4641, CVE-2024-56433), file-libs-5.39-10.el9 (CVE-2022-48554), delve-1.8.3-1.el9 (CVE-2024-45341), glibc-headers-2.34-40.el9_1.1 (CVE-2024-33601, CVE-2024-33602), openssl-1:3.0.1-47.el9_1 (CVE-2022-3358, CVE-2023-0464, CVE-2023-0465, CVE-2023-1255, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2023-6129, CVE-2023-6237, CVE-2024-0727, CVE-2024-2511, CVE-2024-4603, CVE-2024-4741, CVE-2024-5535, CVE-2025-15468, CVE-2025-15469, CVE-2025-66199, CVE-2025-68160, CVE-2025-69418, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796), gdb-gdbserver-10.2-10.el9 (CVE-2021-3826), glib2-devel-2.68.4-5.el9 (CVE-2023-29499, CVE-2023-32611, CVE-2023-32665), gdb-10.2-10.el9 (CVE-2021-3826), go-toolset-1.18.9-1.el9_1 (CVE-2024-45341), gnutls-3.7.6-12.el9_0 (CVE-2025-9820), vim-filesystem-2:8.2.2637-20.el9_1 (CVE-2021-3903, CVE-2023-4752), perl-Git-2.31.1-3.el9_1 (CVE-2023-25815, CVE-2024-32020, CVE-2024-32021, CVE-2024-50349, CVE-2024-52006, CVE-2025-46835), glibc-devel-2.34-40.el9_1.1 (CVE-2024-33601, CVE-2024-33602), glibc-locale-source-2.34-40.el9_1.1 (CVE-2024-33601, CVE-2024-33602), ncurses-base-6.2-8.20210508.el9 (CVE-2022-29458), nodejs-1:16.18.1-3.el9_1 (CVE-2023-23920, CVE-2023-24807, CVE-2023-31124, CVE-2023-39333, CVE-2023-45143, CVE-2024-22018, CVE-2024-25629, CVE-2024-36137, CVE-2025-23165, CVE-2026-21715, CVE-2026-21716), libpq-13.5-1.el9 (CVE-2022-41862), ncurses-libs-6.2-8.20210508.el9 (CVE-2022-29458), glib2-2.68.4-5.el9 (CVE-2023-29499, CVE-2023-32611, CVE-2023-32665), vim-minimal-2:8.2.2637-20.el9_1 (CVE-2021-3903, CVE-2023-4752), libpq-devel-13.5-1.el9 (CVE-2022-41862), glibc-minimal-langpack-2.34-40.el9_1.1 (CVE-2024-33601, CVE-2024-33602), curl-minimal-7.76.1-19.el9_1.1 (CVE-2022-35252, CVE-2022-43552, CVE-2023-27533, CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), krb5-libs-1.19.1-24.el9_1 (CVE-2024-26458, CVE-2024-26461), glibc-gconv-extra-2.34-40.el9_1.1 (CVE-2024-33601, CVE-2024-33602), libarchive-3.5.3-3.el9 (CVE-2022-36227), golang-src-1.18.9-1.el9_1 (CVE-2024-45341), python3-3.9.14-1.el9_1.2 (CVE-2024-0397, CVE-2024-4032, CVE-2024-5642, CVE-2024-7592, CVE-2025-6075), libcap-2.48-8.el9 (CVE-2023-2602), ncurses-6.2-8.20210508.el9 (CVE-2022-29458)", "name": "clair_low_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 235 } }, { "msg": "Found packages with unpatched low/negligible vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: libX11-devel-1.7.0-7.el9 (CVE-2022-3555), libcurl-devel-7.76.1-19.el9_1.1 (CVE-2024-11053, CVE-2024-7264, CVE-2024-9681, CVE-2025-14524, CVE-2025-15079, CVE-2025-15224, CVE-2026-6276), bsdtar-3.5.3-3.el9 (CVE-2025-1632, CVE-2025-5915, CVE-2025-5916, CVE-2025-5917, CVE-2025-5918), libX11-1.7.0-7.el9 (CVE-2022-3555), nodejs-libs-1:16.18.1-3.el9_1 (CVE-2023-39333, CVE-2023-45143, CVE-2024-21538, CVE-2025-47279, CVE-2025-5889, CVE-2025-70873, CVE-2026-21715, CVE-2026-21716, CVE-2026-22036, CVE-2026-27171), tar-2:1.34-6.el9_1 (CVE-2023-39804), sqlite-3.34.1-6.el9_1 (CVE-2024-0232, CVE-2025-70873), openssl-devel-1:3.0.1-47.el9_1 (CVE-2024-13176, CVE-2024-41996, CVE-2025-9232, CVE-2026-2673, CVE-2026-28388, CVE-2026-28389, CVE-2026-31789), python3-libs-3.9.14-1.el9_1.2 (CVE-2025-1795, CVE-2026-2297, CVE-2026-3479), libtiff-devel-4.4.0-5.el9_1 (CVE-2017-16232, CVE-2022-1056, CVE-2023-1916, CVE-2024-13978, CVE-2025-8961, CVE-2025-9165), pcre2-utf16-10.40-2.el9 (CVE-2022-41409), nodejs-full-i18n-1:16.18.1-3.el9_1 (CVE-2023-39333, CVE-2023-45143, CVE-2024-21538, CVE-2025-47279, CVE-2025-5889, CVE-2025-70873, CVE-2026-21715, CVE-2026-21716, CVE-2026-22036, CVE-2026-27171), pcre2-devel-10.40-2.el9 (CVE-2022-41409), gdb-headless-10.2-10.el9 (CVE-2022-47007, CVE-2022-47010, CVE-2022-47011, CVE-2024-57360, CVE-2025-11412, CVE-2025-11413, CVE-2025-11414, CVE-2025-11494, CVE-2025-11495, CVE-2025-1150, CVE-2025-1151, CVE-2025-1152, CVE-2025-1153, CVE-2025-11839, CVE-2025-11840, CVE-2025-3198, CVE-2025-66861, CVE-2025-66862, CVE-2025-66863, CVE-2025-66864, CVE-2025-66865, CVE-2025-66866, CVE-2025-69644, CVE-2025-69645, CVE-2025-69646, CVE-2025-69647, CVE-2025-69648, CVE-2025-69649, CVE-2025-69650, CVE-2025-69651, CVE-2025-69652), golang-1.18.9-1.el9_1 (CVE-2026-27138, CVE-2026-27139), pcre2-utf32-10.40-2.el9 (CVE-2022-41409), libgcrypt-1.10.0-8.el9_0 (CVE-2026-41990), gnupg2-2.3.3-2.el9_0 (CVE-2022-3219, CVE-2025-30258, CVE-2026-24883), cpp-11.3.1-2.1.el9 (CVE-2022-27943), libxslt-devel-1.1.34-9.el9 (CVE-2025-11731), libpng-devel-2:1.6.37-12.el9 (CVE-2022-3857), libcurl-minimal-7.76.1-19.el9_1.1 (CVE-2024-11053, CVE-2024-7264, CVE-2024-9681, CVE-2025-14524, CVE-2025-15079, CVE-2025-15224, CVE-2026-6276), rsync-3.2.3-18.el9 (CVE-2026-27171), libstdc++-11.3.1-2.1.el9 (CVE-2022-27943), glibc-2.34-40.el9_1.1 (CVE-2026-4438), libtiff-4.4.0-5.el9_1 (CVE-2017-16232, CVE-2022-1056, CVE-2023-1916, CVE-2024-13978, CVE-2025-8961, CVE-2025-9165), openssl-libs-1:3.0.1-47.el9_1 (CVE-2024-13176, CVE-2024-41996, CVE-2025-9232, CVE-2026-2673, CVE-2026-28388, CVE-2026-28389, CVE-2026-31789), pkgconf-pkg-config-1.7.3-9.el9 (CVE-2023-24056), glibc-common-2.34-40.el9_1.1 (CVE-2026-4438), emacs-filesystem-1:27.2-6.el9 (CVE-2017-1000383), golang-bin-1.18.9-1.el9_1 (CVE-2026-27138, CVE-2026-27139), gawk-5.1.0-6.el9 (CVE-2023-4156), libX11-common-1.7.0-7.el9 (CVE-2022-3555), npm-1:8.19.2-1.16.18.1.3.el9_1 (CVE-2023-39333, CVE-2023-45143, CVE-2024-21538, CVE-2025-47279, CVE-2025-5889, CVE-2025-70873, CVE-2026-21715, CVE-2026-21716, CVE-2026-22036, CVE-2026-27171), qt5-srpm-macros-5.15.3-1.el9 (CVE-2025-23050), elfutils-default-yama-scope-0.187-5.el9 (CVE-2024-25260, CVE-2025-1371, CVE-2025-1376, CVE-2025-1377), libpng-2:1.6.37-12.el9 (CVE-2022-3857), glibc-langpack-en-2.34-40.el9_1.1 (CVE-2026-4438), gcc-11.3.1-2.1.el9 (CVE-2022-27943), nodejs-docs-1:16.18.1-3.el9_1 (CVE-2023-39333, CVE-2023-45143, CVE-2024-21538, CVE-2025-47279, CVE-2025-5889, CVE-2025-70873, CVE-2026-21715, CVE-2026-21716, CVE-2026-22036, CVE-2026-27171), patch-2.7.6-16.el9 (CVE-2021-45261), libstdc++-devel-11.3.1-2.1.el9 (CVE-2022-27943), gcc-c++-11.3.1-2.1.el9 (CVE-2022-27943), expat-2.4.9-1.el9_1.1 (CVE-2025-66382, CVE-2026-24515, CVE-2026-41080), glibc-headers-2.34-40.el9_1.1 (CVE-2026-4438), openssl-1:3.0.1-47.el9_1 (CVE-2024-13176, CVE-2024-41996, CVE-2025-9232, CVE-2026-2673, CVE-2026-28388, CVE-2026-28389, CVE-2026-31789), libgcc-11.3.1-2.1.el9 (CVE-2022-27943), gdb-gdbserver-10.2-10.el9 (CVE-2022-47007, CVE-2022-47010, CVE-2022-47011, CVE-2024-57360, CVE-2025-11412, CVE-2025-11413, CVE-2025-11414, CVE-2025-11494, CVE-2025-11495, CVE-2025-1150, CVE-2025-1151, CVE-2025-1152, CVE-2025-1153, CVE-2025-11839, CVE-2025-11840, CVE-2025-3198, CVE-2025-66861, CVE-2025-66862, CVE-2025-66863, CVE-2025-66864, CVE-2025-66865, CVE-2025-66866, CVE-2025-69644, CVE-2025-69645, CVE-2025-69646, CVE-2025-69647, CVE-2025-69648, CVE-2025-69649, CVE-2025-69650, CVE-2025-69651, CVE-2025-69652), libtasn1-4.16.0-8.el9_1 (CVE-2025-13151), libxslt-1.1.34-9.el9 (CVE-2025-11731), glib2-devel-2.68.4-5.el9 (CVE-2023-32636, CVE-2025-3360, CVE-2025-7039, CVE-2026-0988, CVE-2026-1485), gdb-10.2-10.el9 (CVE-2022-47007, CVE-2022-47010, CVE-2022-47011, CVE-2024-57360, CVE-2025-11412, CVE-2025-11413, CVE-2025-11414, CVE-2025-11494, CVE-2025-11495, CVE-2025-1150, CVE-2025-1151, CVE-2025-1152, CVE-2025-1153, CVE-2025-11839, CVE-2025-11840, CVE-2025-3198, CVE-2025-66861, CVE-2025-66862, CVE-2025-66863, CVE-2025-66864, CVE-2025-66865, CVE-2025-66866, CVE-2025-69644, CVE-2025-69645, CVE-2025-69646, CVE-2025-69647, CVE-2025-69648, CVE-2025-69649, CVE-2025-69650, CVE-2025-69651, CVE-2025-69652), unzip-6.0-56.el9 (CVE-2021-4217, CVE-2022-0529, CVE-2022-0530), go-toolset-1.18.9-1.el9_1 (CVE-2026-27138, CVE-2026-27139), elfutils-libelf-0.187-5.el9 (CVE-2024-25260, CVE-2025-1371, CVE-2025-1376, CVE-2025-1377), libpkgconf-1.7.3-9.el9 (CVE-2023-24056), gnutls-3.7.6-12.el9_0 (CVE-2026-3832), vim-filesystem-2:8.2.2637-20.el9_1 (CVE-2021-3927, CVE-2021-3928, CVE-2021-3968, CVE-2021-3973, CVE-2021-3974, CVE-2021-4136, CVE-2021-4166, CVE-2021-4173, CVE-2021-4187, CVE-2022-0213, CVE-2022-0351, CVE-2022-1616, CVE-2022-1619, CVE-2022-1620, CVE-2022-1674, CVE-2022-1720, CVE-2022-1725, CVE-2022-2042, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2182, CVE-2022-2183, CVE-2022-2206, CVE-2022-2207, CVE-2022-2208, CVE-2022-2210, CVE-2022-2257, CVE-2022-2284, CVE-2022-2285, CVE-2022-2286, CVE-2022-2287, CVE-2022-2304, CVE-2022-2343, CVE-2022-2344, CVE-2022-2345, CVE-2022-2522, CVE-2022-2817, CVE-2022-2819, CVE-2022-2845, CVE-2022-2849, CVE-2022-2862, CVE-2022-2874, CVE-2022-2889, CVE-2022-2923, CVE-2022-2946, CVE-2022-2980, CVE-2022-2982, CVE-2022-3016, CVE-2022-3037, CVE-2022-3099, CVE-2022-3134, CVE-2022-3153, CVE-2022-3234, CVE-2022-3235, CVE-2022-3256, CVE-2022-3278, CVE-2022-3296, CVE-2022-3297, CVE-2022-3324, CVE-2022-3352, CVE-2022-3705, CVE-2022-4141, CVE-2022-4292, CVE-2022-4293, CVE-2023-0049, CVE-2023-0051, CVE-2023-0054, CVE-2023-0288, CVE-2023-0433, CVE-2023-0512, CVE-2023-1127, CVE-2023-1170, CVE-2023-1175, CVE-2023-1264, CVE-2023-2609, CVE-2023-2610, CVE-2023-46246, CVE-2023-4734, CVE-2023-4735, CVE-2023-4738, CVE-2023-4751, CVE-2023-4781, CVE-2023-48231, CVE-2023-48232, CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237, CVE-2023-48706, CVE-2023-5344, CVE-2023-5441, CVE-2023-5535, CVE-2024-22667, CVE-2024-41957, CVE-2024-41965, CVE-2024-43374, CVE-2024-43802, CVE-2024-45306, CVE-2024-47814, CVE-2025-1215, CVE-2025-22134, CVE-2025-24014, CVE-2025-26603, CVE-2026-26269, CVE-2026-28422), sqlite-libs-3.34.1-6.el9_1 (CVE-2024-0232, CVE-2025-70873), pcre2-syntax-10.40-2.el9 (CVE-2022-41409), zlib-devel-1.2.11-35.el9_1 (CVE-2026-27171), libX11-xcb-1.7.0-7.el9 (CVE-2022-3555), libgomp-11.3.1-2.1.el9 (CVE-2022-27943), elfutils-libs-0.187-5.el9 (CVE-2024-25260, CVE-2025-1371, CVE-2025-1376, CVE-2025-1377), glibc-devel-2.34-40.el9_1.1 (CVE-2026-4438), pkgconf-m4-1.7.3-9.el9 (CVE-2023-24056), glibc-locale-source-2.34-40.el9_1.1 (CVE-2026-4438), ncurses-base-6.2-8.20210508.el9 (CVE-2023-50495), nodejs-1:16.18.1-3.el9_1 (CVE-2023-39333, CVE-2023-45143, CVE-2024-21538, CVE-2025-47279, CVE-2025-5889, CVE-2025-70873, CVE-2026-21715, CVE-2026-21716, CVE-2026-22036, CVE-2026-27171), ncurses-libs-6.2-8.20210508.el9 (CVE-2023-50495), python3-pip-wheel-21.2.3-6.el9 (CVE-2021-3572), glib2-2.68.4-5.el9 (CVE-2023-32636, CVE-2025-3360, CVE-2025-7039, CVE-2026-0988, CVE-2026-1485), vim-minimal-2:8.2.2637-20.el9_1 (CVE-2021-3927, CVE-2021-3928, CVE-2021-3968, CVE-2021-3973, CVE-2021-3974, CVE-2021-4136, CVE-2021-4166, CVE-2021-4173, CVE-2021-4187, CVE-2022-0213, CVE-2022-0351, CVE-2022-1616, CVE-2022-1619, CVE-2022-1620, CVE-2022-1674, CVE-2022-1720, CVE-2022-1725, CVE-2022-2042, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2182, CVE-2022-2183, CVE-2022-2206, CVE-2022-2207, CVE-2022-2208, CVE-2022-2210, CVE-2022-2257, CVE-2022-2284, CVE-2022-2285, CVE-2022-2286, CVE-2022-2287, CVE-2022-2304, CVE-2022-2343, CVE-2022-2344, CVE-2022-2345, CVE-2022-2522, CVE-2022-2817, CVE-2022-2819, CVE-2022-2845, CVE-2022-2849, CVE-2022-2862, CVE-2022-2874, CVE-2022-2889, CVE-2022-2923, CVE-2022-2946, CVE-2022-2980, CVE-2022-2982, CVE-2022-3016, CVE-2022-3037, CVE-2022-3099, CVE-2022-3134, CVE-2022-3153, CVE-2022-3234, CVE-2022-3235, CVE-2022-3256, CVE-2022-3278, CVE-2022-3296, CVE-2022-3297, CVE-2022-3324, CVE-2022-3352, CVE-2022-3705, CVE-2022-4141, CVE-2022-4292, CVE-2022-4293, CVE-2023-0049, CVE-2023-0051, CVE-2023-0054, CVE-2023-0288, CVE-2023-0433, CVE-2023-0512, CVE-2023-1127, CVE-2023-1170, CVE-2023-1175, CVE-2023-1264, CVE-2023-2609, CVE-2023-2610, CVE-2023-46246, CVE-2023-4734, CVE-2023-4735, CVE-2023-4738, CVE-2023-4751, CVE-2023-4781, CVE-2023-48231, CVE-2023-48232, CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237, CVE-2023-48706, CVE-2023-5344, CVE-2023-5441, CVE-2023-5535, CVE-2024-22667, CVE-2024-41957, CVE-2024-41965, CVE-2024-43374, CVE-2024-43802, CVE-2024-45306, CVE-2024-47814, CVE-2025-1215, CVE-2025-22134, CVE-2025-24014, CVE-2025-26603, CVE-2026-26269, CVE-2026-28422), cmake-filesystem-3.20.2-7.el9 (CVE-2025-9301), elfutils-debuginfod-client-0.187-5.el9 (CVE-2024-25260, CVE-2025-1371, CVE-2025-1376, CVE-2025-1377), glibc-minimal-langpack-2.34-40.el9_1.1 (CVE-2026-4438), zlib-1.2.11-35.el9_1 (CVE-2026-27171), curl-minimal-7.76.1-19.el9_1.1 (CVE-2024-11053, CVE-2024-7264, CVE-2024-9681, CVE-2025-14524, CVE-2025-15079, CVE-2025-15224, CVE-2026-6276), libxml2-devel-2.9.13-3.el9_1 (CVE-2023-45322, CVE-2024-34459, CVE-2025-27113, CVE-2025-6170, CVE-2026-0989, CVE-2026-0992), glibc-gconv-extra-2.34-40.el9_1.1 (CVE-2026-4438), sqlite-devel-3.34.1-6.el9_1 (CVE-2024-0232, CVE-2025-70873), pkgconf-1.7.3-9.el9 (CVE-2023-24056), binutils-gold-2.35.2-24.el9 (CVE-2021-3826, CVE-2022-38533, CVE-2022-44840, CVE-2022-47007, CVE-2022-47008, CVE-2022-47010, CVE-2022-47011, CVE-2023-1972, CVE-2024-57360, CVE-2025-11412, CVE-2025-11413, CVE-2025-11414, CVE-2025-11494, CVE-2025-11495, CVE-2025-1150, CVE-2025-1151, CVE-2025-1152, CVE-2025-1153, CVE-2025-11839, CVE-2025-11840, CVE-2025-3198, CVE-2025-66861, CVE-2025-66862, CVE-2025-66863, CVE-2025-66864, CVE-2025-66865, CVE-2025-66866, CVE-2025-69644, CVE-2025-69645, CVE-2025-69646, CVE-2025-69647, CVE-2025-69648, CVE-2025-69649, CVE-2025-69650, CVE-2025-69651, CVE-2025-69652), pcre2-10.40-2.el9 (CVE-2022-41409), binutils-2.35.2-24.el9 (CVE-2021-3826, CVE-2022-38533, CVE-2022-44840, CVE-2022-47007, CVE-2022-47008, CVE-2022-47010, CVE-2022-47011, CVE-2023-1972, CVE-2024-57360, CVE-2025-11412, CVE-2025-11413, CVE-2025-11414, CVE-2025-11494, CVE-2025-11495, CVE-2025-1150, CVE-2025-1151, CVE-2025-1152, CVE-2025-1153, CVE-2025-11839, CVE-2025-11840, CVE-2025-3198, CVE-2025-66861, CVE-2025-66862, CVE-2025-66863, CVE-2025-66864, CVE-2025-66865, CVE-2025-66866, CVE-2025-69644, CVE-2025-69645, CVE-2025-69646, CVE-2025-69647, CVE-2025-69648, CVE-2025-69649, CVE-2025-69650, CVE-2025-69651, CVE-2025-69652), libarchive-3.5.3-3.el9 (CVE-2025-1632, CVE-2025-5915, CVE-2025-5916, CVE-2025-5917, CVE-2025-5918), golang-src-1.18.9-1.el9_1 (CVE-2026-27138, CVE-2026-27139), python3-3.9.14-1.el9_1.2 (CVE-2025-1795, CVE-2026-2297, CVE-2026-3479), ncurses-6.2-8.20210508.el9 (CVE-2023-50495), libxml2-2.9.13-3.el9_1 (CVE-2023-45322, CVE-2024-34459, CVE-2025-27113, CVE-2025-6170, CVE-2026-0989, CVE-2026-0992), gcc-plugin-annobin-11.3.1-2.1.el9 (CVE-2022-27943)", "name": "clair_unpatched_low_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 613 } }, { "msg": "Found packages with unknown vulnerabilities. Consider updating to a newer version of those packages, they may no longer be affected by the reported CVEs.", "metadata": { "details": { "description": "Vulnerabilities found: libwebp-1.2.0-3.el9 (CVE-2023-5129), libwebp-devel-1.2.0-3.el9 (CVE-2023-5129)", "name": "clair_unknown_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 2 } } ] } ] {"vulnerabilities":{"critical":0,"high":330,"medium":843,"low":235,"unknown":2},"unpatched_vulnerabilities":{"critical":0,"high":27,"medium":483,"low":613,"unknown":0}} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/group-uztv/go-component-dlsyll:on-pr-a5839952a803695473c9db1daaf20da0c2f5d74b", "digests": ["sha256:c053d095b5cbfcdcb81dc6c9e56b3469240fe9fb9367477d0becb289c651631d"]}} {"result":"SUCCESS","timestamp":"2026-05-06T07:11:18+00:00","note":"Task clair-scan completed: Refer to Tekton task result SCAN_OUTPUT for vulnerabilities scanned by Clair.","namespace":"default","successes":0,"failures":0,"warnings":0} pod: go-component-dlsyll-on-pull-request-j8lb7-clamav-scan-pod | init container: prepare 2026/05/06 07:07:29 Entrypoint initialization pod: go-component-dlsyll-on-pull-request-j8lb7-clamav-scan-pod | init container: place-scripts 2026/05/06 07:08:09 Decoded script /tekton/scripts/script-0-6tv2q 2026/05/06 07:08:09 Decoded script /tekton/scripts/script-1-4qltg pod: go-component-dlsyll-on-pull-request-j8lb7-clamav-scan-pod | container step-extract-and-scan-image: Starting clamd ... clamd is ready! Detecting artifact type for quay.io/redhat-appstudio-qe/group-uztv/go-component-dlsyll@sha256:c053d095b5cbfcdcb81dc6c9e56b3469240fe9fb9367477d0becb289c651631d. Detected container image. Processing image manifests. Running "oc image extract" on image of arch amd64 Scanning image for arch amd64. This operation may take a while. ----------- SCAN SUMMARY ----------- Infected files: 0 Time: 169.178 sec (2 m 49 s) Start Date: 2026:05:06 07:08:52 End Date: 2026:05:06 07:11:41 Executed-on: Scan was executed on clamsdcan version - ClamAV 1.4.3/27992/Tue May 5 06:26:41 2026 Database version: 27992 [ { "filename": "/work/logs/clamscan-result-log-amd64.json", "namespace": "required_checks", "successes": 2 } ] {"timestamp":"1778051502","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1778051502","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1778051502","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/group-uztv/go-component-dlsyll:on-pr-a5839952a803695473c9db1daaf20da0c2f5d74b", "digests": ["sha256:c053d095b5cbfcdcb81dc6c9e56b3469240fe9fb9367477d0becb289c651631d"]}} pod: go-component-dlsyll-on-pull-request-j8lb7-clamav-scan-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/group-uztv/go-component-dlsyll Attaching to quay.io/redhat-appstudio-qe/group-uztv/go-component-dlsyll:on-pr-a5839952a803695473c9db1daaf20da0c2f5d74b Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/vnd.clamav quay.io/redhat-appstudio-qe/group-uztv/go-component-dlsyll:on-pr-a5839952a803695473c9db1daaf20da0c2f5d74b@sha256:c053d095b5cbfcdcb81dc6c9e56b3469240fe9fb9367477d0becb289c651631d clamscan-result-amd64.log:text/vnd.clamav clamscan-ec-test-amd64.json:application/vnd.konflux.test_output+json Preparing clamscan-result-amd64.log Preparing clamscan-ec-test-amd64.json Exists 44136fa355b3 application/vnd.oci.empty.v1+json Uploading a011038cb1ac clamscan-result-amd64.log Uploading 1706cd7339ff clamscan-ec-test-amd64.json Uploaded a011038cb1ac clamscan-result-amd64.log Uploaded 1706cd7339ff clamscan-ec-test-amd64.json Uploading f1606a421b89 application/vnd.oci.image.manifest.v1+json Uploaded f1606a421b89 application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/group-uztv/go-component-dlsyll:on-pr-a5839952a803695473c9db1daaf20da0c2f5d74b@sha256:c053d095b5cbfcdcb81dc6c9e56b3469240fe9fb9367477d0becb289c651631d Digest: sha256:f1606a421b89f6bc9ab82c9566bee99b71c7a0ad19624f881df0b0caae99df64 pod: go-component-dlsyll-on-pull-request-j8lb7-clone-repository-pod | init container: prepare 2026/05/06 07:03:50 Entrypoint initialization pod: go-component-dlsyll-on-pull-request-j8lb7-clone-repository-pod | init container: place-scripts 2026/05/06 07:03:51 Decoded script /tekton/scripts/script-0-kr42g 2026/05/06 07:03:51 Decoded script /tekton/scripts/script-1-57dmc pod: go-component-dlsyll-on-pull-request-j8lb7-clone-repository-pod | container step-clone: INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt {"level":"info","ts":1778051035.567318,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1778051035.762987,"caller":"git/git.go:223","msg":"Successfully cloned https://github.com/redhat-appstudio-qe/group-snapshot-multi-component @ a5839952a803695473c9db1daaf20da0c2f5d74b (grafted, HEAD) in path /workspace/output/source"} {"level":"info","ts":1778051035.7630491,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1778051035.7865872,"caller":"git/git.go:277","msg":"Successfully initialized and updated submodules in path /workspace/output/source"} Merge option disabled. Using checked-out revision a5839952a803695473c9db1daaf20da0c2f5d74b directly. pod: go-component-dlsyll-on-pull-request-j8lb7-clone-repository-pod | container step-symlink-check: Running symlink check pod: go-component-dlsyll-on-pull-request-j8lb7-init-pod | init container: prepare 2026/05/06 07:03:40 Entrypoint initialization pod: go-component-dlsyll-on-pull-request-j8lb7-init-pod | container step-init: time="2026-05-06T07:03:43Z" level=info msg="[param] enable: false" time="2026-05-06T07:03:43Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-05-06T07:03:43Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-05-06T07:03:43Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-05-06T07:03:43Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-05-06T07:03:43Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-05-06T07:03:43Z" level=info msg="Cache proxy is disabled via param" time="2026-05-06T07:03:43Z" level=info msg="[result] HTTP PROXY: " time="2026-05-06T07:03:43Z" level=info msg="[result] NO PROXY: " pod: go-component-dlsyll-on-pull-request-j8lb7-push-dockerfile-pod | init container: prepare 2026/05/06 07:08:44 Entrypoint initialization pod: go-component-dlsyll-on-pull-request-j8lb7-push-dockerfile-pod | init container: working-dir-initializer pod: go-component-dlsyll-on-pull-request-j8lb7-push-dockerfile-pod | container step-push: time="2026-05-06T07:08:48Z" level=info msg="[param] image-url: quay.io/redhat-appstudio-qe/group-uztv/go-component-dlsyll:on-pr-a5839952a803695473c9db1daaf20da0c2f5d74b" time="2026-05-06T07:08:48Z" level=info msg="[param] image-digest: sha256:c053d095b5cbfcdcb81dc6c9e56b3469240fe9fb9367477d0becb289c651631d" time="2026-05-06T07:08:48Z" level=info msg="[param] containerfile: docker/Dockerfile" time="2026-05-06T07:08:48Z" level=info msg="[param] context: go-component" time="2026-05-06T07:08:48Z" level=info msg="[param] tag-suffix: .dockerfile" time="2026-05-06T07:08:48Z" level=info msg="[param] artifact-type: application/vnd.konflux.dockerfile" time="2026-05-06T07:08:48Z" level=info msg="[param] source: source" time="2026-05-06T07:08:48Z" level=info msg="[param] result-path-image-ref: /tekton/results/IMAGE_REF" time="2026-05-06T07:08:48Z" level=info msg="[param] alternative-filename: Dockerfile" time="2026-05-06T07:08:49Z" level=info msg="oras [stdout] quay.io/redhat-appstudio-qe/group-uztv/go-component-dlsyll@sha256:05aaf91de526831a3433869e89c10d6e2439d0a6f18e8ff250257fceb5cbb089" logger=CliExecutor time="2026-05-06T07:08:49Z" level=info msg="Containerfile '/workspace/workspace/source/go-component/docker/Dockerfile' is pushed to registry with tag: sha256-c053d095b5cbfcdcb81dc6c9e56b3469240fe9fb9367477d0becb289c651631d.dockerfile" {"image_ref":"quay.io/redhat-appstudio-qe/group-uztv/go-component-dlsyll@sha256:05aaf91de526831a3433869e89c10d6e2439d0a6f18e8ff250257fceb5cbb089"} pod: go-component-dlsyll-on-pull-request-j8lb7-sast-snyk-check-pod | init container: prepare 2026/05/06 07:08:46 Entrypoint initialization pod: go-component-dlsyll-on-pull-request-j8lb7-sast-snyk-check-pod | init container: place-scripts 2026/05/06 07:08:48 Decoded script /tekton/scripts/script-0-75fcz 2026/05/06 07:08:48 Decoded script /tekton/scripts/script-1-88gzl pod: go-component-dlsyll-on-pull-request-j8lb7-sast-snyk-check-pod | init container: working-dir-initializer pod: go-component-dlsyll-on-pull-request-j8lb7-sast-snyk-check-pod | container step-sast-snyk-check: INFO: The PROJECT_NAME used is: go-component-dlsyll INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' {"result":"SKIPPED","timestamp":"2026-05-06T07:08:55+00:00","note":"Task sast-snyk-check skipped: If you wish to use the Snyk code SAST task, please create a secret name snyk-secret with the key 'snyk_token' containing the Snyk token by following the steps given [here](https://konflux-ci.dev/docs/testing/build/snyk/)","namespace":"default","successes":0,"failures":0,"warnings":0} pod: go-component-dlsyll-on-pull-request-j8lb7-sast-snyk-check-pod | container step-upload: No sast_snyk_check_out.sarif exists. Skipping upload. No excluded-findings.json exists. Skipping upload. pod: go-component-dlsyll-on-pull9ee313c35627e8c84fa3e281c81f3a74-pod | init container: prepare 2026/05/06 07:04:10 Entrypoint initialization pod: go-component-dlsyll-on-pull9ee313c35627e8c84fa3e281c81f3a74-pod | init container: place-scripts 2026/05/06 07:04:10 Decoded script /tekton/scripts/script-0-mclg2 pod: go-component-dlsyll-on-pull9ee313c35627e8c84fa3e281c81f3a74-pod | container step-prefetch-dependencies: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' Using mounted service CA bundle: /mnt/service-ca/ca-bundle.crt '/mnt/service-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/service-ca.crt' time="2026-05-06T07:04:16Z" level=debug msg="Starting prefetch-dependencies" time="2026-05-06T07:04:16Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-05-06T07:04:16Z" level=info msg="Not using package registry proxy because allow-package-registry-proxy is not set to `true` on the cluster level" logger=PrefetchDependencies time="2026-05-06T07:04:16Z" level=info msg="[param] source-dir: /workspace/source/source" time="2026-05-06T07:04:16Z" level=info msg="[param] output-dir: /workspace/source/cachi2/output" time="2026-05-06T07:04:16Z" level=info msg="[param] sbom-format: spdx" time="2026-05-06T07:04:16Z" level=info msg="[param] mode: strict" time="2026-05-06T07:04:16Z" level=info msg="[param] output-dir-mount-point: /cachi2/output" time="2026-05-06T07:04:16Z" level=info msg="[param] env-files: [/workspace/source/cachi2/cachi2.env /workspace/source/cachi2/prefetch.env /workspace/source/cachi2/prefetch-env.json]" time="2026-05-06T07:04:16Z" level=info msg="[param] git-auth-directory: /workspace/git-basic-auth" time="2026-05-06T07:04:17Z" level=info msg="hermeto [stdout] hermeto 0.51.0" logger=CliExecutor time="2026-05-06T07:04:18Z" level=warning msg="No input provided; skipping prefetch-dependencies" logger=PrefetchDependencies time="2026-05-06T07:04:18Z" level=debug msg="Finished prefetch-dependencies" pod: go-component-dlsyll-on-pullbcb951ca44a6643c8edadc8b2f306a2a-pod | init container: prepare 2026/05/06 07:08:27 Entrypoint initialization pod: go-component-dlsyll-on-pullbcb951ca44a6643c8edadc8b2f306a2a-pod | init container: place-scripts 2026/05/06 07:08:28 Decoded script /tekton/scripts/script-0-jqm7h 2026/05/06 07:08:28 Decoded script /tekton/scripts/script-1-zxnkf 2026/05/06 07:08:29 Decoded script /tekton/scripts/script-2-sv4hx 2026/05/06 07:08:29 Decoded script /tekton/scripts/script-3-6nt6z 2026/05/06 07:08:29 Decoded script /tekton/scripts/script-4-776bq 2026/05/06 07:08:29 Decoded script /tekton/scripts/script-5-jgmrl pod: go-component-dlsyll-on-pullbcb951ca44a6643c8edadc8b2f306a2a-pod | container step-introspect: Artifact type will be determined by introspection. Checking the media type of the OCI artifact... [retry] executing: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/group-uztv/go-component-dlsyll:on-pr-a5839952a803695473c9db1daaf20da0c2f5d74b The media type of the OCI artifact is application/vnd.docker.distribution.manifest.v2+json. Looking for image labels that indicate this might be an operator bundle... [retry] executing: skopeo inspect --retry-times 3 docker://quay.io/redhat-appstudio-qe/group-uztv/go-component-dlsyll:on-pr-a5839952a803695473c9db1daaf20da0c2f5d74b Found 0 matching labels. Expecting 3 or more to identify this image as an operator bundle. Introspection concludes that this artifact is of type "application". pod: go-component-dlsyll-on-pullbcb951ca44a6643c8edadc8b2f306a2a-pod | container step-generate-container-auth: Selecting auth for quay.io/redhat-appstudio-qe/group-uztv/go-component-dlsyll:on-pr-a5839952a803695473c9db1daaf20da0c2f5d74b Using token for quay.io/redhat-appstudio-qe/group-uztv/go-component-dlsyll Auth json written to "/auth/auth.json". pod: go-component-dlsyll-on-pullbcb951ca44a6643c8edadc8b2f306a2a-pod | container step-set-skip-for-bundles: 2026/05/06 07:08:50 INFO Step was skipped due to when expressions were evaluated to false. pod: go-component-dlsyll-on-pullbcb951ca44a6643c8edadc8b2f306a2a-pod | container step-app-check: time="2026-05-06T07:08:51Z" level=info msg="certification library version" version="1.17.2 <commit: eb87e5b2d67ad110a0afe8edfb16f445e0877c4e>" time="2026-05-06T07:08:52Z" level=info msg="running checks for quay.io/redhat-appstudio-qe/group-uztv/go-component-dlsyll:on-pr-a5839952a803695473c9db1daaf20da0c2f5d74b for platform amd64" time="2026-05-06T07:08:52Z" level=info msg="target image" image="quay.io/redhat-appstudio-qe/group-uztv/go-component-dlsyll:on-pr-a5839952a803695473c9db1daaf20da0c2f5d74b" time="2026-05-06T07:09:16Z" level=info msg="warning: licenses directory does not exist or all of its children are empty directories: error when checking for /licenses: stat /tmp/preflight-2113255330/fs/licenses: no such file or directory" check=HasLicense time="2026-05-06T07:09:16Z" level=info msg="check completed" check=HasLicense result=FAILED time="2026-05-06T07:09:16Z" level=info msg="check completed" check=HasUniqueTag result=PASSED time="2026-05-06T07:09:16Z" level=info msg="check completed" check=LayerCountAcceptable result=PASSED time="2026-05-06T07:09:16Z" level=info msg="check completed" check=HasNoProhibitedPackages result=PASSED time="2026-05-06T07:09:16Z" level=info msg="check completed" check=HasRequiredLabel result=PASSED time="2026-05-06T07:09:16Z" level=info msg="USER 1001 specified that is non-root" check=RunAsNonRoot time="2026-05-06T07:09:16Z" level=info msg="check completed" check=RunAsNonRoot result=PASSED time="2026-05-06T07:09:46Z" level=info msg="check completed" check=HasModifiedFiles result=PASSED time="2026-05-06T07:09:46Z" level=info msg="check completed" check=BasedOnUbi result=PASSED time="2026-05-06T07:09:46Z" level=info msg="This image's tag on-pr-a5839952a803695473c9db1daaf20da0c2f5d74b will be paired with digest sha256:c053d095b5cbfcdcb81dc6c9e56b3469240fe9fb9367477d0becb289c651631d once this image has been published in accordance with Red Hat Certification policy. You may then add or remove any supplemental tags through your Red Hat Connect portal as you see fit." { "image": "quay.io/redhat-appstudio-qe/group-uztv/go-component-dlsyll:on-pr-a5839952a803695473c9db1daaf20da0c2f5d74b", "passed": false, "test_library": { "name": "github.com/redhat-openshift-ecosystem/openshift-preflight", "version": "1.17.2", "commit": "eb87e5b2d67ad110a0afe8edfb16f445e0877c4e" }, "results": { "passed": [ { "name": "HasUniqueTag", "elapsed_time": 0, "description": "Checking if container has a tag other than 'latest', so that the image can be uniquely identified." }, { "name": "LayerCountAcceptable", "elapsed_time": 0, "description": "Checking if container has less than 40 layers. Too many layers within the container images can degrade container performance." }, { "name": "HasNoProhibitedPackages", "elapsed_time": 110, "description": "Checks to ensure that the image in use does not include prohibited packages, such as Red Hat Enterprise Linux (RHEL) kernel packages." }, { "name": "HasRequiredLabel", "elapsed_time": 0, "description": "Checking if the required labels (name, vendor, version, release, summary, description, maintainer) are present in the container metadata" }, { "name": "RunAsNonRoot", "elapsed_time": 0, "description": "Checking if container runs as the root user because a container that does not specify a non-root user will fail the automatic certification, and will be subject to a manual review before the container can be approved for publication" }, { "name": "HasModifiedFiles", "elapsed_time": 29541, "description": "Checks that no files installed via RPM in the base Red Hat layer have been modified" }, { "name": "BasedOnUbi", "elapsed_time": 391, "description": "Checking if the container's base image is based upon the Red Hat Universal Base Image (UBI)" } ], "failed": [ { "name": "HasLicense", "elapsed_time": 0, "description": "Checking if terms and conditions applicable to the software including open source licensing information are present. The license must be at /licenses", "help": "Check HasLicense encountered an error. Please review the preflight.log file for more information.", "suggestion": "Create a directory named /licenses and include all relevant licensing and/or terms and conditions as text file(s) in that directory.", "knowledgebase_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction", "check_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction" } ], "errors": [] } } time="2026-05-06T07:09:46Z" level=info msg="Preflight result: FAILED" pod: go-component-dlsyll-on-pullbcb951ca44a6643c8edadc8b2f306a2a-pod | container step-app-set-outcome: {"result":"FAILURE","timestamp":"1778051387","note":"Task preflight is a FAILURE: Refer to Tekton task logs for more information","successes":7,"failures":1,"warnings":0}[retry] executing: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/group-uztv/go-component-dlsyll:on-pr-a5839952a803695473c9db1daaf20da0c2f5d74b pod: go-component-dlsyll-on-pullbcb951ca44a6643c8edadc8b2f306a2a-pod | container step-final-outcome: + [[ ! -f /mount/konflux.results.json ]] + tee /tekton/steps/step-final-outcome/results/test-output {"result":"FAILURE","timestamp":"1778051387","note":"Task preflight is a FAILURE: Refer to Tekton task logs for more information","successes":7,"failures":1,"warnings":0} pod: go-component-dlsyll-on-pulldfcd628380e10417233ca582b3fb3ea5-pod | init container: prepare 2026/05/06 07:08:44 Entrypoint initialization pod: go-component-dlsyll-on-pulldfcd628380e10417233ca582b3fb3ea5-pod | init container: place-scripts 2026/05/06 07:08:44 Decoded script /tekton/scripts/script-0-4f7tx 2026/05/06 07:08:44 Decoded script /tekton/scripts/script-1-6m54g pod: go-component-dlsyll-on-pulldfcd628380e10417233ca582b3fb3ea5-pod | init container: working-dir-initializer pod: go-component-dlsyll-on-pulldfcd628380e10417233ca582b3fb3ea5-pod | container step-sast-unicode-check: + . /utils.sh ++ OPM_RENDER_CACHE=/tmp/konflux-test-opm-cache ++ DEFAULT_INDEX_IMAGE=registry.redhat.io/redhat/redhat-operator-index + trap 'handle_error /tekton/results/TEST_OUTPUT' EXIT INFO: The PROJECT_NAME used is: go-component-dlsyll + [[ -z '' ]] + PROJECT_NAME=go-component-dlsyll + echo 'INFO: The PROJECT_NAME used is: go-component-dlsyll' + ca_bundle=/mnt/trusted-ca/ca-bundle.crt + '[' -f /mnt/trusted-ca/ca-bundle.crt ']' INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt + echo 'INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt' + cp -vf /mnt/trusted-ca/ca-bundle.crt /etc/pki/ca-trust/source/anchors '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' + update-ca-trust + SCAN_PROP=https://github.com/siddhesh/find-unicode-control.git#c2accbfbba7553a8bc1ebd97089ae08ad8347e58 + FUC_EXIT_CODE=0 + declare -a ALL_TARGETS + OLD_IFS=' ' + IFS=, + for d in $TARGET_DIRS + ALL_TARGETS+=("${SOURCE_CODE_DIR}/source/${d}") + IFS=' ' + LANG=en_US.utf8 + find_unicode_control.py -p bidi -v -d -t /workspace/workspace/source/. + [[ 0 -ne 0 ]] + sed -i raw_sast_unicode_check_out.txt -E -e 's|(.*:[0-9]+)(.*)|\1: warning:\2|' -e 's|^|Error: UNICONTROL_WARNING:\n|' + CSGERP_OPTS=(--mode=json --remove-duplicates --embed-context=3 --set-scan-prop="${SCAN_PROP}" --strip-path-prefix="${SOURCE_CODE_DIR}"/source/) + csgrep --mode=json --remove-duplicates --embed-context=3 --set-scan-prop=https://github.com/siddhesh/find-unicode-control.git#c2accbfbba7553a8bc1ebd97089ae08ad8347e58 --strip-path-prefix=/workspace/workspace/source/ raw_sast_unicode_check_out.txt + csgrep --mode=evtstat processed_sast_unicode_check_out.json + [[ SITE_DEFAULT == \S\I\T\E\_\D\E\F\A\U\L\T ]] + KFP_GIT_URL=https://gitlab.cee.redhat.com/osh/known-false-positives.git + PROBE_URL=https://gitlab.cee.redhat.com/osh/known-false-positives + KFP_DIR=known-false-positives + KFP_CLONED=0 + mkdir known-false-positives + [[ -n https://gitlab.cee.redhat.com/osh/known-false-positives.git ]] + echo -n 'INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... ' INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... + curl --fail --head --max-time 60 --no-progress-meter https://gitlab.cee.redhat.com/osh/known-false-positives ++ head -1 curl: (6) Could not resolve host: gitlab.cee.redhat.com + [[ 0 -eq 0 ]] + echo 'WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered' WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered + mv processed_sast_unicode_check_out.json sast_unicode_check_out.json + csgrep --mode=sarif sast_unicode_check_out.json + [[ 0 -eq 0 ]] + note='Task sast-unicode-check success: No finding was detected' ++ make_result_json -r SUCCESS -t 'Task sast-unicode-check success: No finding was detected' ++ local RESULT= ++ local SUCCESSES=0 ++ local FAILURES=0 ++ local WARNINGS=0 ++ local 'NOTE=For details, check Tekton task log.' ++ local NAMESPACE=default ++ local OUTPUT ++ local OPTIND opt ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ RESULT=SUCCESS ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ NOTE='Task sast-unicode-check success: No finding was detected' ++ getopts :r:s:f:w:t:n: opt ++ shift 4 ++ '[' -z SUCCESS ']' ++ case "${RESULT}" in ++++ date -u --iso-8601=seconds +++ jq -rce --arg date 2026-05-06T07:08:56+00:00 --arg result SUCCESS --arg note 'Task sast-unicode-check success: No finding was detected' --arg namespace default --arg successes 0 --arg failures 0 --arg warnings 0 --null-input '{ result: $result, timestamp: $date, note: $note, namespace: $namespace, successes: $successes|tonumber, failures: $failures|tonumber, warnings: $warnings|tonumber }' ++ OUTPUT='{"result":"SUCCESS","timestamp":"2026-05-06T07:08:56+00:00","note":"Task sast-unicode-check success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' ++ echo '{"result":"SUCCESS","timestamp":"2026-05-06T07:08:56+00:00","note":"Task sast-unicode-check success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' + ERROR_OUTPUT='{"result":"SUCCESS","timestamp":"2026-05-06T07:08:56+00:00","note":"Task sast-unicode-check success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' + echo '{"result":"SUCCESS","timestamp":"2026-05-06T07:08:56+00:00","note":"Task sast-unicode-check success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' + tee /tekton/results/TEST_OUTPUT {"result":"SUCCESS","timestamp":"2026-05-06T07:08:56+00:00","note":"Task sast-unicode-check success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0} + handle_error /tekton/results/TEST_OUTPUT + exit_code=0 + '[' 0 -ne 0 ']' + exit 0 pod: go-component-dlsyll-on-pulldfcd628380e10417233ca582b3fb3ea5-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/group-uztv/go-component-dlsyll Attaching to quay.io/redhat-appstudio-qe/group-uztv/go-component-dlsyll:on-pr-a5839952a803695473c9db1daaf20da0c2f5d74b Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/sarif+json quay.io/redhat-appstudio-qe/group-uztv/go-component-dlsyll:on-pr-a5839952a803695473c9db1daaf20da0c2f5d74b@sha256:c053d095b5cbfcdcb81dc6c9e56b3469240fe9fb9367477d0becb289c651631d sast_unicode_check_out.sarif:application/sarif+json Preparing sast_unicode_check_out.sarif Uploading 0e9806f310b4 sast_unicode_check_out.sarif Exists 44136fa355b3 application/vnd.oci.empty.v1+json Uploaded 0e9806f310b4 sast_unicode_check_out.sarif Uploading 2a10262161e5 application/vnd.oci.image.manifest.v1+json Uploaded 2a10262161e5 application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/group-uztv/go-component-dlsyll:on-pr-a5839952a803695473c9db1daaf20da0c2f5d74b@sha256:c053d095b5cbfcdcb81dc6c9e56b3469240fe9fb9367477d0becb289c651631d Digest: sha256:2a10262161e5732019298ce96bcb10d447126b22fde32aef2fff32a37462bbf0 No excluded-findings.json exists. Skipping upload. New PipelineRun go-component-dlsyll-on-pull-request-fsc9w found after retrigger for component group-uztv/go-component-dlsyll PipelineRun go-component-dlsyll-on-pull-request-fsc9w found for Component group-uztv/go-component-dlsyll PipelineRun go-component-dlsyll-on-pull-request-fsc9w reason: ResolvingTaskRef PipelineRun go-component-dlsyll-on-pull-request-fsc9w reason: Running PipelineRun go-component-dlsyll-on-pull-request-fsc9w reason: Running PipelineRun go-component-dlsyll-on-pull-request-fsc9w reason: Running PipelineRun go-component-dlsyll-on-pull-request-fsc9w reason: Running PipelineRun go-component-dlsyll-on-pull-request-fsc9w reason: Running PipelineRun go-component-dlsyll-on-pull-request-fsc9w reason: Running PipelineRun go-component-dlsyll-on-pull-request-fsc9w reason: Running PipelineRun go-component-dlsyll-on-pull-request-fsc9w reason: Running PipelineRun go-component-dlsyll-on-pull-request-fsc9w reason: Running PipelineRun go-component-dlsyll-on-pull-request-fsc9w reason: Running PipelineRun go-component-dlsyll-on-pull-request-fsc9w reason: Running PipelineRun go-component-dlsyll-on-pull-request-fsc9w reason: Running PipelineRun go-component-dlsyll-on-pull-request-fsc9w reason: Running PipelineRun go-component-dlsyll-on-pull-request-fsc9w reason: Running PipelineRun go-component-dlsyll-on-pull-request-fsc9w reason: Running PipelineRun go-component-dlsyll-on-pull-request-fsc9w reason: Running PipelineRun go-component-dlsyll-on-pull-request-fsc9w reason: Running PipelineRun go-component-dlsyll-on-pull-request-fsc9w reason: Running PipelineRun go-component-dlsyll-on-pull-request-fsc9w reason: Completed < Exit [It] should lead to build PipelineRunA finishing successfully - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:231 @ 05/06/26 07:18:38.459 (14m56.902s) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:18:38.459 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:18:38.463 (3ms) > Enter [It] should lead to a PaC PR creation for componentA go-component - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:236 @ 05/06/26 07:18:38.473 < Exit [It] should lead to a PaC PR creation for componentA go-component - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:236 @ 05/06/26 07:18:38.925 (451ms) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:18:38.925 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:18:38.925 (0s) > Enter [It] checks if the Snapshot is created - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:258 @ 05/06/26 07:18:38.926 < Exit [It] checks if the Snapshot is created - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:258 @ 05/06/26 07:18:38.933 (8ms) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:18:38.934 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:18:38.934 (0s) > Enter [It] should find the related Integration PipelineRuns - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:263 @ 05/06/26 07:18:38.934 < Exit [It] should find the related Integration PipelineRuns - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:263 @ 05/06/26 07:18:39.018 (83ms) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:18:39.018 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:18:39.018 (0s) > Enter [It] integration pipeline should end up with success - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:270 @ 05/06/26 07:18:39.018 PipelineRun integration-resolver-pipelinerun-rf59c reason: Succeeded < Exit [It] integration pipeline should end up with success - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:270 @ 05/06/26 07:18:39.025 (6ms) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:18:39.025 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:18:39.025 (0s) > Enter [It] should merge the init PaC PR successfully - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:277 @ 05/06/26 07:18:39.025 merged result sha: f05a1231ddc54d23de27733de98e74c2dae23cff for PR #21703 < Exit [It] should merge the init PaC PR successfully - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:277 @ 05/06/26 07:18:41.373 (2.348s) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:18:41.374 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:18:41.374 (0s) > Enter [It] creates the Component B successfully - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:296 @ 05/06/26 07:18:41.374 < Exit [It] creates the Component B successfully - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:296 @ 05/06/26 07:18:51.403 (10.029s) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:18:51.403 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:18:51.403 (0s) > Enter [It] triggers a Build PipelineRun for component python-component - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:304 @ 05/06/26 07:18:51.404 Build PipelineRun has not been created yet for the componentB group-uztv/python-component-quemif < Exit [It] triggers a Build PipelineRun for component python-component - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:304 @ 05/06/26 07:19:11.46 (20.056s) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:19:11.46 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:19:11.46 (0s) > Enter [It] does not contain an annotation with a Snapshot Name - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:318 @ 05/06/26 07:19:11.461 < Exit [It] does not contain an annotation with a Snapshot Name - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:318 @ 05/06/26 07:19:11.461 (0s) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:19:11.461 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:19:11.461 (0s) > Enter [It] should lead to build PipelineRun finishing successfully - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:322 @ 05/06/26 07:19:11.461 PipelineRun python-component-quemif-on-pull-request-prvjb found for Component group-uztv/python-component-quemif PipelineRun python-component-quemif-on-pull-request-prvjb reason: Running PipelineRun python-component-quemif-on-pull-request-prvjb reason: Running PipelineRun python-component-quemif-on-pull-request-prvjb reason: Running PipelineRun python-component-quemif-on-pull-request-prvjb reason: Running PipelineRun python-component-quemif-on-pull-request-prvjb reason: Running PipelineRun python-component-quemif-on-pull-request-prvjb reason: Running PipelineRun python-component-quemif-on-pull-request-prvjb reason: Running PipelineRun python-component-quemif-on-pull-request-prvjb reason: Running PipelineRun python-component-quemif-on-pull-request-prvjb reason: Running PipelineRun python-component-quemif-on-pull-request-prvjb reason: Running PipelineRun python-component-quemif-on-pull-request-prvjb reason: Running PipelineRun python-component-quemif-on-pull-request-prvjb reason: Running PipelineRun python-component-quemif-on-pull-request-prvjb reason: Running PipelineRun python-component-quemif-on-pull-request-prvjb reason: Running PipelineRun python-component-quemif-on-pull-request-prvjb reason: Running PipelineRun integration-resolver-pipelinerun-6xj7c reason: Succeeded < Exit [It] should lead to build PipelineRun finishing successfully - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:322 @ 05/06/26 07:24:11.478 (5m0.017s) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:24:11.478 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:24:11.479 (0s) > Enter [It] should lead to a PaC PR creation for component python-component - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:327 @ 05/06/26 07:24:11.479 < Exit [It] should lead to a PaC PR creation for component python-component - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:327 @ 05/06/26 07:24:11.81 (331ms) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:24:11.81 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:24:11.81 (0s) > Enter [It] checks if the Snapshot is created - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:349 @ 05/06/26 07:24:11.811 < Exit [It] checks if the Snapshot is created - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:349 @ 05/06/26 07:24:11.819 (9ms) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:24:11.819 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:24:11.819 (0s) > Enter [It] should find the related Integration PipelineRuns - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:354 @ 05/06/26 07:24:11.82 < Exit [It] should find the related Integration PipelineRuns - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:354 @ 05/06/26 07:24:11.825 (6ms) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:24:11.826 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:24:11.826 (0s) > Enter [It] integration pipeline should end up with success - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:361 @ 05/06/26 07:24:11.826 PipelineRun integration-resolver-pipelinerun-6xj7c reason: Succeeded < Exit [It] integration pipeline should end up with success - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:361 @ 05/06/26 07:24:11.831 (6ms) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:24:11.832 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:24:11.832 (0s) > Enter [It] should merge the init PaC PR successfully - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:368 @ 05/06/26 07:24:11.832 merged result sha: c62bf6ca0f05ea831c50c3c086c7fcd269b36e95 for PR #21707 < Exit [It] should merge the init PaC PR successfully - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:368 @ 05/06/26 07:24:13.827 (1.995s) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:24:13.827 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:24:13.827 (0s) > Enter [It] creates the Component C successfully - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:387 @ 05/06/26 07:24:13.828 < Exit [It] creates the Component C successfully - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:387 @ 05/06/26 07:24:23.889 (10.061s) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:24:23.889 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:24:23.889 (0s) > Enter [It] triggers a Build PipelineRun for componentC konflux-test-integration-clone - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:395 @ 05/06/26 07:24:23.89 Build PipelineRun has not been created yet for the componentC group-uztv/konflux-test-integration-clone-xdzkqc < Exit [It] triggers a Build PipelineRun for componentC konflux-test-integration-clone - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:395 @ 05/06/26 07:24:43.919 (20.029s) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:24:43.919 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:24:43.919 (0s) > Enter [It] does not contain an annotation with a Snapshot Name - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:409 @ 05/06/26 07:24:43.92 < Exit [It] does not contain an annotation with a Snapshot Name - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:409 @ 05/06/26 07:24:43.92 (0s) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:24:43.92 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:24:43.92 (0s) > Enter [It] should lead to build PipelineRun finishing successfully - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:413 @ 05/06/26 07:24:43.92 PipelineRun konflux-test-integration-clone-xdzkqc-on-pull-request-8pd9w found for Component group-uztv/konflux-test-integration-clone-xdzkqc PipelineRun konflux-test-integration-clone-xdzkqc-on-pull-request-8pd9w reason: Running PipelineRun konflux-test-integration-clone-xdzkqc-on-pull-request-8pd9w reason: Running PipelineRun konflux-test-integration-clone-xdzkqc-on-pull-request-8pd9w reason: Running PipelineRun konflux-test-integration-clone-xdzkqc-on-pull-request-8pd9w reason: Running PipelineRun konflux-test-integration-clone-xdzkqc-on-pull-request-8pd9w reason: Running PipelineRun konflux-test-integration-clone-xdzkqc-on-pull-request-8pd9w reason: Running PipelineRun konflux-test-integration-clone-xdzkqc-on-pull-request-8pd9w reason: Running PipelineRun konflux-test-integration-clone-xdzkqc-on-pull-request-8pd9w reason: Running PipelineRun konflux-test-integration-clone-xdzkqc-on-pull-request-8pd9w reason: Running PipelineRun konflux-test-integration-clone-xdzkqc-on-pull-request-8pd9w reason: Running PipelineRun integration-resolver-pipelinerun-h45pj reason: Succeeded < Exit [It] should lead to build PipelineRun finishing successfully - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:413 @ 05/06/26 07:28:03.963 (3m20.043s) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:28:03.963 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:28:03.963 (0s) > Enter [It] should lead to a PaC PR creation for componentC konflux-test-integration-clone - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:418 @ 05/06/26 07:28:03.964 < Exit [It] should lead to a PaC PR creation for componentC konflux-test-integration-clone - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:418 @ 05/06/26 07:28:04.352 (388ms) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:28:04.352 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:28:04.352 (0s) > Enter [It] checks if the Snapshot is created - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:440 @ 05/06/26 07:28:04.353 < Exit [It] checks if the Snapshot is created - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:440 @ 05/06/26 07:28:04.36 (7ms) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:28:04.36 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:28:04.36 (0s) > Enter [It] should find the related Integration PipelineRuns - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:445 @ 05/06/26 07:28:04.361 < Exit [It] should find the related Integration PipelineRuns - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:445 @ 05/06/26 07:28:04.367 (6ms) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:28:04.367 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:28:04.367 (0s) > Enter [It] integration pipeline should end up with success - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:452 @ 05/06/26 07:28:04.368 PipelineRun integration-resolver-pipelinerun-h45pj reason: Succeeded < Exit [It] integration pipeline should end up with success - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:452 @ 05/06/26 07:28:04.374 (6ms) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:28:04.374 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:28:04.374 (0s) > Enter [It] should merge the init PaC PR successfully - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:459 @ 05/06/26 07:28:04.374 merged result sha: ba44463a1fcf5c228196c32f0adfa2e12bc60ad4 for PR #9129 < Exit [It] should merge the init PaC PR successfully - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:459 @ 05/06/26 07:28:06.335 (1.96s) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:28:06.335 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:28:06.335 (0s) > Enter [It] should make change to the root folder - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:479 @ 05/06/26 07:28:06.336 PR #21710 got created with sha 2e70ad4803910d228b91676cf40c0715db7ef024 < Exit [It] should make change to the root folder - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:479 @ 05/06/26 07:28:09.275 (2.939s) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:28:09.275 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:28:09.275 (0s) > Enter [It] should make change to the multiple-repo - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:497 @ 05/06/26 07:28:09.276 PR #9130 got created with sha 68ad7f32bfd03aa574b16197d5915efd229435c3 < Exit [It] should make change to the multiple-repo - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:497 @ 05/06/26 07:28:11.441 (2.165s) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:28:11.441 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:28:11.441 (0s) > Enter [It] wait for the last components build to finish - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:513 @ 05/06/26 07:28:11.442 PipelineRun go-component-dlsyll-on-pull-request-fsc9w found for Component group-uztv/go-component-dlsyll PipelineRun go-component-dlsyll-on-pull-request-fsc9w reason: Completed PipelineRun integration-resolver-pipelinerun-6xj7c found for Component group-uztv/python-component-quemif PipelineRun integration-resolver-pipelinerun-6xj7c reason: Succeeded PipelineRun integration-resolver-pipelinerun-h45pj found for Component group-uztv/konflux-test-integration-clone-xdzkqc PipelineRun integration-resolver-pipelinerun-h45pj reason: Succeeded < Exit [It] wait for the last components build to finish - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:513 @ 05/06/26 07:28:11.484 (43ms) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:28:11.485 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:28:11.485 (0s) > Enter [It] wait for all component snapshots to be created with proper PR group annotations - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:521 @ 05/06/26 07:28:11.485 Component snapshot integ-app-prtm-20260506-071214-000 has PR group annotation: konflux-go-component-dlsyll Component snapshot integ-app-prtm-20260506-071852-000 is missing PR group annotation Component snapshot integ-app-prtm-20260506-071858-000 has PR group annotation: konflux-python-component-quemif Component snapshot integ-app-prtm-20260506-072429-000 has PR group annotation: konflux-konflux-test-integration-clone-xdzkqc All component snapshots are ready with PR group annotations < Exit [It] wait for all component snapshots to be created with proper PR group annotations - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:521 @ 05/06/26 07:28:11.493 (8ms) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:28:11.493 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:28:11.493 (0s) > Enter [It] get all group snapshots and check if pr-group annotation contains all components - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:556 @ 05/06/26 07:28:11.494 Attempting to find group snapshots for application integ-app-prtm in namespace group-uztv Found 4 component snapshots: PR Groups found: map[konflux-go-component-dlsyll:1 konflux-konflux-test-integration-clone-xdzkqc:1 konflux-python-component-quemif:1] No group snapshots found yet. Component snapshots may not have been processed by integration service controller yet. Attempting to find group snapshots for application integ-app-prtm in namespace group-uztv Found 4 component snapshots: PR Groups found: map[konflux-go-component-dlsyll:1 konflux-konflux-test-integration-clone-xdzkqc:1 konflux-python-component-quemif:1] No group snapshots found yet. Component snapshots may not have been processed by integration service controller yet. Attempting to find group snapshots for application integ-app-prtm in namespace group-uztv Found 5 component snapshots: PR Groups found: map[konflux-go-component-dlsyll:1 konflux-konflux-test-integration-clone-xdzkqc:1 konflux-python-component-quemif:1] No group snapshots found yet. Component snapshots may not have been processed by integration service controller yet. Attempting to find group snapshots for application integ-app-prtm in namespace group-uztv Found 5 component snapshots: PR Groups found: map[konflux-go-component-dlsyll:1 konflux-konflux-test-integration-clone-xdzkqc:1 konflux-python-component-quemif:1] No group snapshots found yet. Component snapshots may not have been processed by integration service controller yet. Attempting to find group snapshots for application integ-app-prtm in namespace group-uztv Found 5 component snapshots: PR Groups found: map[konflux-go-component-dlsyll:1 konflux-konflux-test-integration-clone-xdzkqc:1 konflux-python-component-quemif:1] No group snapshots found yet. Component snapshots may not have been processed by integration service controller yet. Attempting to find group snapshots for application integ-app-prtm in namespace group-uztv Found 5 component snapshots: PR Groups found: map[konflux-go-component-dlsyll:1 konflux-konflux-test-integration-clone-xdzkqc:1 konflux-python-component-quemif:1] No group snapshots found yet. Component snapshots may not have been processed by integration service controller yet. Attempting to find group snapshots for application integ-app-prtm in namespace group-uztv Found 5 component snapshots: PR Groups found: map[konflux-go-component-dlsyll:1 konflux-konflux-test-integration-clone-xdzkqc:1 konflux-python-component-quemif:1] No group snapshots found yet. Component snapshots may not have been processed by integration service controller yet. Attempting to find group snapshots for application integ-app-prtm in namespace group-uztv Found 5 component snapshots: PR Groups found: map[konflux-go-component-dlsyll:1 konflux-konflux-test-integration-clone-xdzkqc:1 konflux-python-component-quemif:1] No group snapshots found yet. Component snapshots may not have been processed by integration service controller yet. Attempting to find group snapshots for application integ-app-prtm in namespace group-uztv Found 6 component snapshots: PR Groups found: map[konflux-go-component-dlsyll:1 konflux-konflux-test-integration-clone-xdzkqc:1 konflux-python-component-quemif:1 pr-branch-nlbauj:1] No group snapshots found yet. Component snapshots may not have been processed by integration service controller yet. Attempting to find group snapshots for application integ-app-prtm in namespace group-uztv Found 6 component snapshots: PR Groups found: map[konflux-go-component-dlsyll:1 konflux-konflux-test-integration-clone-xdzkqc:1 konflux-python-component-quemif:1 pr-branch-nlbauj:1] No group snapshots found yet. Component snapshots may not have been processed by integration service controller yet. Attempting to find group snapshots for application integ-app-prtm in namespace group-uztv Found 7 component snapshots: PR Groups found: map[konflux-go-component-dlsyll:1 konflux-konflux-test-integration-clone-xdzkqc:1 konflux-python-component-quemif:1 pr-branch-nlbauj:2] No group snapshots found yet. Component snapshots may not have been processed by integration service controller yet. Attempting to find group snapshots for application integ-app-prtm in namespace group-uztv Found 8 component snapshots: PR Groups found: map[konflux-go-component-dlsyll:1 konflux-konflux-test-integration-clone-xdzkqc:1 konflux-python-component-quemif:1 pr-branch-nlbauj:3] Found 1 group snapshots! Group Snapshot 0: integ-app-prtm-20260506-073336-408 (type: group) Group Test Info: [{"namespace":"group-uztv","component":"go-component-dlsyll","buildPipelineRun":"go-component-dlsyll-on-pull-request-dzf7q","snapshot":"integ-app-prtm-20260506-072813-000-2t","repoUrl":"https://github.com/redhat-appstudio-qe/group-snapshot-multi-component","pullRequestNumber":"21710"},{"namespace":"group-uztv","component":"python-component-quemif","buildPipelineRun":"python-component-quemif-on-pull-request-r6m8l","snapshot":"integ-app-prtm-20260506-072813-000","repoUrl":"https://github.com/redhat-appstudio-qe/group-snapshot-multi-component","pullRequestNumber":"21710"},{"namespace":"group-uztv","component":"konflux-test-integration-clone-xdzkqc","buildPipelineRun":"konflux-test-integration-clone-xdzkqc-on-pull-request-25bng","snapshot":"integ-app-prtm-20260506-072815-000","repoUrl":"https://github.com/redhat-appstudio-qe/konflux-test-integration-clone","pullRequestNumber":"9130"}] Validating group test info annotation: [{"namespace":"group-uztv","component":"go-component-dlsyll","buildPipelineRun":"go-component-dlsyll-on-pull-request-dzf7q","snapshot":"integ-app-prtm-20260506-072813-000-2t","repoUrl":"https://github.com/redhat-appstudio-qe/group-snapshot-multi-component","pullRequestNumber":"21710"},{"namespace":"group-uztv","component":"python-component-quemif","buildPipelineRun":"python-component-quemif-on-pull-request-r6m8l","snapshot":"integ-app-prtm-20260506-072813-000","repoUrl":"https://github.com/redhat-appstudio-qe/group-snapshot-multi-component","pullRequestNumber":"21710"},{"namespace":"group-uztv","component":"konflux-test-integration-clone-xdzkqc","buildPipelineRun":"konflux-test-integration-clone-xdzkqc-on-pull-request-25bng","snapshot":"integ-app-prtm-20260506-072815-000","repoUrl":"https://github.com/redhat-appstudio-qe/konflux-test-integration-clone","pullRequestNumber":"9130"}] Group snapshot validation completed successfully < Exit [It] get all group snapshots and check if pr-group annotation contains all components - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:556 @ 05/06/26 07:33:41.942 (5m30.449s) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:33:41.942 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:33:41.943 (0s) > Enter [It] make sure that group snapshot contains last build pipelinerun for each component - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:635 @ 05/06/26 07:33:41.943 < Exit [It] make sure that group snapshot contains last build pipelinerun for each component - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:635 @ 05/06/26 07:33:42.159 (216ms) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:33:42.159 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:33:42.159 (0s) > Enter [It] make change to the multiple-repo to trigger a new cycle of testing - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:648 @ 05/06/26 07:33:42.16 < Exit [It] make change to the multiple-repo to trigger a new cycle of testing - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:648 @ 05/06/26 07:33:43.079 (919ms) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:33:43.079 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:33:43.079 (0s) > Enter [It] wait for the components A and B build to finish - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:654 @ 05/06/26 07:33:43.08 Waiting for build pipelineRun to be created for app group-uztv/integ-app-prtm, sha: 58a4be208d25707a69aa6cb33775dd105f3a34f4 PipelineRun go-component-dlsyll-on-pull-request-dzf7q found for Component group-uztv/go-component-dlsyll PipelineRun go-component-dlsyll-on-pull-request-dzf7q reason: Completed PipelineRun integration-resolver-pipelinerun-6xj7c found for Component group-uztv/python-component-quemif PipelineRun integration-resolver-pipelinerun-6xj7c reason: Succeeded < Exit [It] wait for the components A and B build to finish - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:654 @ 05/06/26 07:33:43.199 (119ms) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:33:43.199 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:33:43.199 (0s) > Enter [It] get all component snapshots for component A and check if older snapshot has been cancelled - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:663 @ 05/06/26 07:33:43.2 < Exit [It] get all component snapshots for component A and check if older snapshot has been cancelled - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:663 @ 05/06/26 07:39:23.499 (5m40.299s) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:39:23.499 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:39:23.499 (0s) > Enter [It] get all group snapshots and check if older group snapshot is cancelled - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:690 @ 05/06/26 07:39:23.5 < Exit [It] get all group snapshots and check if older group snapshot is cancelled - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:690 @ 05/06/26 07:39:23.599 (99ms) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:39:23.599 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:39:23.599 (0s) > Enter [It] verifies that ResolutionRequest is deleted after pipeline resolution - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:720 @ 05/06/26 07:39:23.6 < Exit [It] verifies that ResolutionRequest is deleted after pipeline resolution - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:720 @ 05/06/26 07:39:23.82 (220ms) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:39:23.82 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:39:23.82 (0s) > Enter [It] verifies that no orphaned ResolutionRequests remain in namespace after test completion - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:740 @ 05/06/26 07:39:23.821 < Exit [It] verifies that no orphaned ResolutionRequests remain in namespace after test completion - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:740 @ 05/06/26 07:39:24.026 (205ms) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:39:24.026 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:39:24.026 (0s) > Enter [BeforeAll] when IntegrationTestScenario reference to task as pipelinerun resolution - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:775 @ 05/06/26 07:39:24.027 < Exit [BeforeAll] when IntegrationTestScenario reference to task as pipelinerun resolution - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:775 @ 05/06/26 07:39:24.078 (51ms) > Enter [It] trigger pipelinerun for invalid integrationTestScenario by annotating snapshot and verify failing to create integration pipelinerun - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:780 @ 05/06/26 07:39:24.078 < Exit [It] trigger pipelinerun for invalid integrationTestScenario by annotating snapshot and verify failing to create integration pipelinerun - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:780 @ 05/06/26 07:39:44.132 (20.055s) > Enter [AfterAll] with status reporting of Integration tests in CheckRuns - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:149 @ 05/06/26 07:39:44.132 < Exit [AfterAll] with status reporting of Integration tests in CheckRuns - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:149 @ 05/06/26 07:39:50.458 (6.325s) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:39:50.458 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.x1MqQ7KQDy/tests/integration-service/group-snapshots-tests.go:50 @ 05/06/26 07:39:50.458 (0s) > Enter [BeforeAll] component update with renovate - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:72 @ 05/06/26 07:02:05.764 ReleaseAdmissionPlan data: {"Mapping":{"Components":[{"Name":"gh-multi-component-parent-pgxn","Repository":"quay.io/redhat-appstudio-qe/release-repository"}]}} < Exit [BeforeAll] component update with renovate - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:72 @ 05/06/26 07:02:56.563 (50.799s) > Enter [It] creates component with nudges - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:235 @ 05/06/26 07:02:56.563 Image repository for component gh-multi-component-child-pgxn in namespace build-e2e-wjua do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. Image repository for component gh-multi-component-child-pgxn in namespace build-e2e-wjua do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. Image repository for component gh-multi-component-parent-pgxn in namespace build-e2e-wjua do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. Image repository for component gh-multi-component-parent-pgxn in namespace build-e2e-wjua do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. < Exit [It] creates component with nudges - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:235 @ 05/06/26 07:03:56.688 (1m0.125s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:28 @ 05/06/26 07:03:56.688 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:28 @ 05/06/26 07:03:56.688 (0s) > Enter [It] triggers a PipelineRun for parent component - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:259 @ 05/06/26 07:03:56.689 PipelineRun has not been created yet for the component build-e2e-wjua/gh-multi-component-parent-pgxn PipelineRun has not been created yet for the component build-e2e-wjua/gh-multi-component-parent-pgxn < Exit [It] triggers a PipelineRun for parent component - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:259 @ 05/06/26 07:04:36.759 (40.069s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:28 @ 05/06/26 07:04:36.759 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:28 @ 05/06/26 07:04:36.759 (0s) > Enter [It] the PipelineRun should eventually finish successfully for parent component - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:274 @ 05/06/26 07:04:36.759 PipelineRun gh-multi-component-parent-pgxn-on-pull-request-hl2q7 found for Component build-e2e-wjua/gh-multi-component-parent-pgxn PipelineRun gh-multi-component-parent-pgxn-on-pull-request-hl2q7 reason: Running PipelineRun gh-multi-component-parent-pgxn-on-pull-request-hl2q7 reason: Running PipelineRun gh-multi-component-parent-pgxn-on-pull-request-hl2q7 reason: Running PipelineRun gh-multi-component-parent-pgxn-on-pull-request-hl2q7 reason: Running PipelineRun gh-multi-component-parent-pgxn-on-pull-request-hl2q7 reason: Running PipelineRun gh-multi-component-parent-pgxn-on-pull-request-hl2q7 reason: Running PipelineRun gh-multi-component-parent-pgxn-on-pull-request-hl2q7 reason: Running PipelineRun gh-multi-component-parent-pgxn-on-pull-request-hl2q7 reason: Running PipelineRun gh-multi-component-parent-pgxn-on-pull-request-hl2q7 reason: Running PipelineRun gh-multi-component-parent-pgxn-on-pull-request-hl2q7 reason: Running PipelineRun gh-multi-component-parent-pgxn-on-pull-request-hl2q7 reason: Running PipelineRun gh-multi-component-parent-pgxn-on-pull-request-hl2q7 reason: Running PipelineRun gh-multi-component-parent-pgxn-on-pull-request-hl2q7 reason: Running PipelineRun gh-multi-component-parent-pgxn-on-pull-request-hl2q7 reason: Running PipelineRun gh-multi-component-parent-pgxn-on-pull-request-hl2q7 reason: Running PipelineRun gh-multi-component-parent-pgxn-on-pull-request-hl2q7 reason: Running PipelineRun gh-multi-component-parent-pgxn-on-pull-request-hl2q7 reason: Running PipelineRun gh-multi-component-parent-pgxn-on-pull-request-hl2q7 reason: Running PipelineRun gh-multi-component-parent-pgxn-on-pull-request-hl2q7 reason: Running PipelineRun gh-multi-component-parent-pgxn-on-pull-request-hl2q7 reason: Running PipelineRun gh-multi-component-parent-pgxn-on-pull-request-hl2q7 reason: Running PipelineRun gh-multi-component-parent-pgxn-on-pull-request-hl2q7 reason: Succeeded < Exit [It] the PipelineRun should eventually finish successfully for parent component - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:274 @ 05/06/26 07:11:36.773 (7m0.014s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:28 @ 05/06/26 07:11:36.774 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:28 @ 05/06/26 07:11:36.774 (0s) > Enter [It] the PipelineRun should eventually finish successfully for child component - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:285 @ 05/06/26 07:11:36.774 PipelineRun gh-multi-component-child-pgxn-on-pull-request-g8gzh found for Component build-e2e-wjua/gh-multi-component-child-pgxn PipelineRun gh-multi-component-child-pgxn-on-pull-request-g8gzh reason: Failed attempt 1/3: PipelineRun "gh-multi-component-child-pgxn-on-pull-request-g8gzh" failed: pod: gh-multi-component-child-pgxn-on-pull-request-g8gzh-init-pod | init container: prepare 2026/05/06 07:04:11 Entrypoint initialization pod: gh-multi-component-child-pgxn-on-pull-request-g8gzh-init-pod | container step-init: time="2026-05-06T07:04:15Z" level=info msg="[param] enable: false" time="2026-05-06T07:04:15Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-05-06T07:04:15Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-05-06T07:04:15Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-05-06T07:04:15Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-05-06T07:04:15Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-05-06T07:04:15Z" level=info msg="Cache proxy is disabled via param" time="2026-05-06T07:04:15Z" level=info msg="[result] HTTP PROXY: " time="2026-05-06T07:04:15Z" level=info msg="[result] NO PROXY: " New PipelineRun gh-multi-component-child-pgxn-on-pull-request-jhprj found after retrigger for component build-e2e-wjua/gh-multi-component-child-pgxn PipelineRun gh-multi-component-child-pgxn-on-pull-request-jhprj found for Component build-e2e-wjua/gh-multi-component-child-pgxn PipelineRun gh-multi-component-child-pgxn-on-pull-request-jhprj reason: ResolvingTaskRef PipelineRun gh-multi-component-child-pgxn-on-pull-request-jhprj reason: Running PipelineRun gh-multi-component-child-pgxn-on-pull-request-jhprj reason: Running PipelineRun gh-multi-component-child-pgxn-on-pull-request-jhprj reason: Running PipelineRun gh-multi-component-child-pgxn-on-pull-request-jhprj reason: Running PipelineRun gh-multi-component-child-pgxn-on-pull-request-jhprj reason: Running PipelineRun gh-multi-component-child-pgxn-on-pull-request-jhprj reason: Running PipelineRun gh-multi-component-child-pgxn-on-pull-request-jhprj reason: Running PipelineRun gh-multi-component-child-pgxn-on-pull-request-jhprj reason: Running PipelineRun gh-multi-component-child-pgxn-on-pull-request-jhprj reason: Running PipelineRun gh-multi-component-child-pgxn-on-pull-request-jhprj reason: Running PipelineRun gh-multi-component-child-pgxn-on-pull-request-jhprj reason: Running PipelineRun gh-multi-component-child-pgxn-on-pull-request-jhprj reason: Running PipelineRun gh-multi-component-child-pgxn-on-pull-request-jhprj reason: Running PipelineRun gh-multi-component-child-pgxn-on-pull-request-jhprj reason: Running PipelineRun gh-multi-component-child-pgxn-on-pull-request-jhprj reason: Succeeded < Exit [It] the PipelineRun should eventually finish successfully for child component - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:285 @ 05/06/26 07:16:47.856 (5m11.082s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:28 @ 05/06/26 07:16:47.856 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:28 @ 05/06/26 07:16:47.856 (0s) > Enter [It] should lead to a PaC PR creation for child component - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:289 @ 05/06/26 07:16:47.857 < Exit [It] should lead to a PaC PR creation for child component - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:289 @ 05/06/26 07:16:48.079 (222ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:28 @ 05/06/26 07:16:48.079 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:28 @ 05/06/26 07:16:48.079 (0s) > Enter [It] Merging the PaC PR should be successful for child component - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:307 @ 05/06/26 07:16:48.079 merged result sha: fe3c4c7135a256dc80675eab6653b729e3eaa87a for PR #1 < Exit [It] Merging the PaC PR should be successful for child component - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:307 @ 05/06/26 07:16:50.717 (2.638s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:28 @ 05/06/26 07:16:50.718 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:28 @ 05/06/26 07:16:50.718 (0s) > Enter [It] create dockerfile and yaml manifest that references build and distribution repositories - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:318 @ 05/06/26 07:16:50.718 < Exit [It] create dockerfile and yaml manifest that references build and distribution repositories - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:318 @ 05/06/26 07:16:57.682 (6.963s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:28 @ 05/06/26 07:16:57.682 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:28 @ 05/06/26 07:16:57.682 (0s) > Enter [It] should lead to a PaC PR creation for parent component - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:358 @ 05/06/26 07:16:57.683 < Exit [It] should lead to a PaC PR creation for parent component - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:358 @ 05/06/26 07:16:57.893 (211ms) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:28 @ 05/06/26 07:16:57.894 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:28 @ 05/06/26 07:16:57.894 (0s) > Enter [It] Merging the PaC PR should be successful for parent component - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:375 @ 05/06/26 07:16:57.894 merged result sha: 6d08fbb7b8b864f7d80d7e990b97963f7a77ff1f for PR #1 < Exit [It] Merging the PaC PR should be successful for parent component - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:375 @ 05/06/26 07:16:59.998 (2.104s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:28 @ 05/06/26 07:16:59.999 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:28 @ 05/06/26 07:16:59.999 (0s) > Enter [It] PR merge triggers PAC PipelineRun for parent component - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:385 @ 05/06/26 07:16:59.999 Push PipelineRun has not been created yet for the component build-e2e-wjua/gh-multi-component-parent-pgxn < Exit [It] PR merge triggers PAC PipelineRun for parent component - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:385 @ 05/06/26 07:17:20.021 (20.022s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:28 @ 05/06/26 07:17:20.021 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:28 @ 05/06/26 07:17:20.021 (0s) > Enter [It] PAC PipelineRun for parent component is successful - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:401 @ 05/06/26 07:17:20.022 PipelineRun gh-multi-component-parent-pgxn-on-push-tj62l found for Component build-e2e-wjua/gh-multi-component-parent-pgxn PipelineRun gh-multi-component-parent-pgxn-on-push-tj62l reason: Running PipelineRun gh-multi-component-parent-pgxn-on-push-tj62l reason: Running PipelineRun gh-multi-component-parent-pgxn-on-push-tj62l reason: Running PipelineRun gh-multi-component-parent-pgxn-on-push-tj62l reason: Running PipelineRun gh-multi-component-parent-pgxn-on-push-tj62l reason: Running PipelineRun gh-multi-component-parent-pgxn-on-push-tj62l reason: Running PipelineRun gh-multi-component-parent-pgxn-on-push-tj62l reason: Running PipelineRun gh-multi-component-parent-pgxn-on-push-tj62l reason: Running PipelineRun gh-multi-component-parent-pgxn-on-push-tj62l reason: Running PipelineRun gh-multi-component-parent-pgxn-on-push-tj62l reason: Running PipelineRun gh-multi-component-parent-pgxn-on-push-tj62l reason: Running PipelineRun gh-multi-component-parent-pgxn-on-push-tj62l reason: Running PipelineRun gh-multi-component-parent-pgxn-on-push-tj62l reason: Running PipelineRun gh-multi-component-parent-pgxn-on-push-tj62l reason: Running PipelineRun gh-multi-component-parent-pgxn-on-push-tj62l reason: Succeeded < Exit [It] PAC PipelineRun for parent component is successful - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:401 @ 05/06/26 07:22:00.038 (4m40.016s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:28 @ 05/06/26 07:22:00.039 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:28 @ 05/06/26 07:22:00.039 (0s) [FAILED] Timed out after 1200.000s. timed out when waiting for component nudge PR to be created in build-nudge-child-rixmca repository Expected <bool>: false to be true In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:427 @ 05/06/26 07:42:00.04 > Enter [It] should lead to a nudge PR creation for child component - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:412 @ 05/06/26 07:22:00.039 [FAILED] Timed out after 1200.000s. timed out when waiting for component nudge PR to be created in build-nudge-child-rixmca repository Expected <bool>: false to be true In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:427 @ 05/06/26 07:42:00.04 < Exit [It] should lead to a nudge PR creation for child component - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:412 @ 05/06/26 07:42:00.04 (20m0.001s) > Enter [AfterAll] component update with renovate - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:214 @ 05/06/26 07:42:00.04 < Exit [AfterAll] component update with renovate - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:214 @ 05/06/26 07:42:16.123 (16.083s) > Enter [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:28 @ 05/06/26 07:42:16.123 < Exit [AfterEach] [build-service-suite Build service E2E tests] - /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:28 @ 05/06/26 07:42:16.282 (159ms) [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:429 @ 05/06/26 07:42:16.283 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.x1MqQ7KQDy/tests/build/renovate.go:440 @ 05/06/26 07:42:16.283