Inspecting raw image manifest quay.io/redhat-appstudio-qe/forgejo-rep-ej48/test-comp-pac-forgejo-f4qblp@sha256:cf1bf4df39ded23a47d57441f8a2413aa9466cabad532a3094ccc74a3e01b309. Selecting auth Using token for quay.io/redhat-appstudio-qe/forgejo-rep-ej48/test-comp-pac-forgejo-f4qblp Selecting auth Using token for quay.io/redhat-appstudio-qe/forgejo-rep-ej48/test-comp-pac-forgejo-f4qblp WARNING: SBOM attachments are deprecated and support will be removed in a Cosign release soon after 2024-02-22 (see https://github.com/sigstore/cosign/issues/2755). Instead, please use SBOM attestations. WARNING: Downloading SBOMs this way does not ensure its authenticity. If you want to ensure a tamper-proof SBOM, download it using 'cosign download attestation '. Found SBOM of media type: text/spdx+json Running TPA scan on amd64 image manifest... % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed { "scanned" : { "total" : 165, "direct" : 38, "transitive" : 127 }, "providers" : { "rhtpa" : { "status" : { "ok" : true, "name" : "rhtpa", "code" : 200, "message" : "OK", "warnings" : { "pkg:maven/io.github.stuartwdouglas.hacbstest.Main/hacbs-test" : [ "Unable to process: missing version component" ] } }, "sources" : { "osv-github" : { "summary" : { "direct" : 2, "transitive" : 0, "total" : 2, "dependencies" : 1, "critical" : 0, "high" : 2, "medium" : 0, "low" : 0, "remediations" : 0, "recommendations" : 0, "unscanned" : 0 }, "dependencies" : [ { "ref" : "pkg:pypi/setuptools@39.2.0", "issues" : [ { "id" : "CVE-2024-6345", "source" : "osv-github", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false }, { "id" : "CVE-2022-40897", "source" : "osv-github", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-40897" ], "unique" : false } ], "transitive" : [ ], "highestVulnerability" : { "id" : "CVE-2024-6345", "source" : "osv-github", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false } } ] }, "redhat-csaf" : { "summary" : { "direct" : 81, "transitive" : 361, "total" : 442, "dependencies" : 58, "critical" : 7, "high" : 144, "medium" : 260, "low" : 31, "remediations" : 0, "recommendations" : 0, "unscanned" : 0 }, "dependencies" : [ { "ref" : "pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64&distro=rhel-8.10&upstream=openldap-2.4.46-21.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=openssl-1.1.1k-15.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2022-1473", "title" : "Resource leakage when decoding certificates and keys", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1473" ], "unique" : false }, { "id" : "CVE-2022-3358", "title" : "Using a Custom Cipher with NID_undef may lead to NULL encryption", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3358" ], "unique" : false }, { "id" : "CVE-2022-3602", "title" : "X.509 Email Address 4-byte Buffer Overflow", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3602" ], "unique" : false }, { "id" : "CVE-2022-3786", "title" : "X.509 Email Address Variable Length Buffer Overflow", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3786" ], "unique" : false }, { "id" : "CVE-2022-4450", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-4450" ], "unique" : false }, { "id" : "CVE-2023-0215", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0215" ], "unique" : false }, { "id" : "CVE-2023-0216", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0216" ], "unique" : false }, { "id" : "CVE-2023-0217", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0217" ], "unique" : false }, { "id" : "CVE-2023-0401", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0401" ], "unique" : false }, { "id" : "CVE-2023-5363", "title" : "Incorrect cipher key & IV length processing", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2023-0286", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2023-0286" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "title" : "Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2022-1292", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1292" ], "unique" : false }, { "id" : "CVE-2022-2068", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2022-2068" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "title" : "NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2020-1971", "title" : "EDIPARTYNAME NULL pointer dereference", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2020-1971" ], "unique" : false }, { "id" : "CVE-2022-4304", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4304" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "title" : "SSL_select_next_proto buffer overread", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "title" : "Missing ASN1_TYPE validation in TS_RESP_verify_response() function", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "title" : "ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "title" : "Out-of-bounds read & write in RFC 3211 KEK Unwrap", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "title" : "PKCS12 Decoding crashes", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "title" : "Missing ASN1_TYPE validation in PKCS#12 parsing", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2022-1343", "title" : "OCSP_basic_verify may incorrectly verify the response signing certificate", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1343" ], "unique" : false }, { "id" : "CVE-2022-2097", "title" : "AES OCB fails to encrypt some bytes", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-2097" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "title" : "Excessive time spent in DH check / generation with large Q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2022-4203", "source" : "redhat-csaf", "cvssScore" : 4.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4203" ], "unique" : false }, { "id" : "CVE-2025-68160", "title" : "Heap out-of-bounds write in BIO_f_linebuffer on short writes", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "title" : "Unauthenticated/unencrypted trailing bytes with low-level OCB function calls", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "title" : "Unbounded memory growth with session handling in TLSv1.3", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.18.2-33.el8_10?arch=x86_64&distro=rhel-8.10&upstream=krb5-1.18.2-33.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "title" : "RADIUS Protocol under RFC2865 is vulnerable to forgery attacks.", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2022-42898", "title" : "PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has \"a similar bug.\"", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2022-42898" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2020-17049", "title" : "Kerberos KDC Security Feature Bypass Vulnerability", "source" : "redhat-csaf", "cvssScore" : 7.2, "severity" : "HIGH", "cves" : [ "CVE-2020-17049" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "title" : "Krb5: kerberos rc4-hmac-md5 checksum vulnerability enabling message spoofing via md5 collisions", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false }, { "id" : "CVE-2026-40355", "title" : "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-40355" ], "unique" : false }, { "id" : "CVE-2026-40356", "title" : "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-40356" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "title" : "RADIUS Protocol under RFC2865 is vulnerable to forgery attacks.", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.34.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "title" : "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "title" : "Glibc: buffer overflow in ld.so leading to privilege escalation", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "title" : "Glibc: stack read overflow in getaddrinfo in no-aaaa mode", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2026-6238", "title" : "Buffer overread in ns_printrrf with corrupted RDATA field", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-6238" ], "unique" : false }, { "id" : "CVE-2023-4806", "title" : "Glibc: potential use-after-free in getaddrinfo()", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2026-4046", "title" : "iconv crash due to assertion failure with untrusted input", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4046" ], "unique" : false }, { "id" : "CVE-2026-5450", "title" : "scanf %mc off-by-one heap buffer overflow", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5450" ], "unique" : false }, { "id" : "CVE-2026-5928", "title" : "Potential buffer under-read in ungetwc", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5928" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "title" : "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.34.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "title" : "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "title" : "Glibc: buffer overflow in ld.so leading to privilege escalation", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "title" : "Glibc: stack read overflow in getaddrinfo in no-aaaa mode", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "title" : "Glibc: potential use-after-free in getaddrinfo()", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "title" : "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.34.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "title" : "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "title" : "Glibc: buffer overflow in ld.so leading to privilege escalation", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "title" : "Glibc: stack read overflow in getaddrinfo in no-aaaa mode", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "title" : "Glibc: potential use-after-free in getaddrinfo()", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "title" : "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/zlib@1.2.11-25.el8?arch=x86_64&distro=rhel-8.10&upstream=zlib-1.2.11-25.el8.src.rpm", "issues" : [ { "id" : "CVE-2018-25032", "title" : "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2018-25032" ], "unique" : false }, { "id" : "CVE-2022-37434", "title" : "zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2022-37434" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2018-25032", "title" : "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2018-25032" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=rhel-8.10&upstream=ncurses-6.1-10.20180224.el8.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=rhel-8.10&upstream=ncurses-6.1-10.20180224.el8.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-6.el8_10.1?arch=x86_64&distro=rhel-8.10&upstream=libcap-2.48-6.el8_10.1.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64&distro=rhel-8.10&upstream=pcre2-10.32-3.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2022-1586", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1586" ], "unique" : false }, { "id" : "CVE-2022-1587", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1587" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-1586", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1586" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bash@4.4.20-6.el8_10?arch=x86_64&distro=rhel-8.10&upstream=bash-4.4.20-6.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2022-3715", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3715" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-3715", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3715" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gmp@6.1.2-11.el8?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=gmp-6.1.2-11.el8.src.rpm", "issues" : [ { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=rhel-8.10&upstream=gcc-8.5.0-28.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=rhel-8.10&upstream=libtasn1-4.13-5.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2021-46848", "title" : "GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2021-46848" ], "unique" : false }, { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-46848", "title" : "GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2021-46848" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcom_err@1.45.6-7.el8_10?arch=x86_64&distro=rhel-8.10&upstream=e2fsprogs-1.45.6-7.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2022-1304", "title" : "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.", "source" : "redhat-csaf", "cvssScore" : 5.8, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1304" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-1304", "title" : "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.", "source" : "redhat-csaf", "cvssScore" : 5.8, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1304" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.23.22-2.el8?arch=x86_64&distro=rhel-8.10&upstream=p11-kit-0.23.22-2.el8.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=rhel-8.10&upstream=python3-3.6.8-76.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2022-42919", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2022-42919" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2015-20107", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2015-20107" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2020-10735", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2020-10735" ], "unique" : false }, { "id" : "CVE-2022-45061", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-45061" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2021-28861", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2021-28861" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2023-27043", "title" : "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=openssl-1.1.1k-15.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2022-1473", "title" : "Resource leakage when decoding certificates and keys", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1473" ], "unique" : false }, { "id" : "CVE-2022-3358", "title" : "Using a Custom Cipher with NID_undef may lead to NULL encryption", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3358" ], "unique" : false }, { "id" : "CVE-2022-3602", "title" : "X.509 Email Address 4-byte Buffer Overflow", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3602" ], "unique" : false }, { "id" : "CVE-2022-3786", "title" : "X.509 Email Address Variable Length Buffer Overflow", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3786" ], "unique" : false }, { "id" : "CVE-2022-4450", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-4450" ], "unique" : false }, { "id" : "CVE-2023-0215", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0215" ], "unique" : false }, { "id" : "CVE-2023-0216", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0216" ], "unique" : false }, { "id" : "CVE-2023-0217", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0217" ], "unique" : false }, { "id" : "CVE-2023-0401", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0401" ], "unique" : false }, { "id" : "CVE-2023-5363", "title" : "Incorrect cipher key & IV length processing", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2023-0286", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2023-0286" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "title" : "Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2022-1292", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1292" ], "unique" : false }, { "id" : "CVE-2022-2068", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2022-2068" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "title" : "NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2020-1971", "title" : "EDIPARTYNAME NULL pointer dereference", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2020-1971" ], "unique" : false }, { "id" : "CVE-2022-4304", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4304" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "title" : "SSL_select_next_proto buffer overread", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "title" : "Missing ASN1_TYPE validation in TS_RESP_verify_response() function", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "title" : "ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "title" : "Out-of-bounds read & write in RFC 3211 KEK Unwrap", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "title" : "PKCS12 Decoding crashes", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "title" : "Missing ASN1_TYPE validation in PKCS#12 parsing", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2022-1343", "title" : "OCSP_basic_verify may incorrectly verify the response signing certificate", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1343" ], "unique" : false }, { "id" : "CVE-2022-2097", "title" : "AES OCB fails to encrypt some bytes", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-2097" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "title" : "Excessive time spent in DH check / generation with large Q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2022-4203", "source" : "redhat-csaf", "cvssScore" : 4.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4203" ], "unique" : false }, { "id" : "CVE-2025-68160", "title" : "Heap out-of-bounds write in BIO_f_linebuffer on short writes", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "title" : "Unauthenticated/unencrypted trailing bytes with low-level OCB function calls", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "title" : "Unbounded memory growth with session handling in TLSv1.3", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.18.2-33.el8_10?arch=x86_64&distro=rhel-8.10&upstream=krb5-1.18.2-33.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "title" : "RADIUS Protocol under RFC2865 is vulnerable to forgery attacks.", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2022-42898", "title" : "PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has \"a similar bug.\"", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2022-42898" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2020-17049", "title" : "Kerberos KDC Security Feature Bypass Vulnerability", "source" : "redhat-csaf", "cvssScore" : 7.2, "severity" : "HIGH", "cves" : [ "CVE-2020-17049" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "title" : "Krb5: kerberos rc4-hmac-md5 checksum vulnerability enabling message spoofing via md5 collisions", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false }, { "id" : "CVE-2026-40355", "title" : "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-40355" ], "unique" : false }, { "id" : "CVE-2026-40356", "title" : "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-40356" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "title" : "RADIUS Protocol under RFC2865 is vulnerable to forgery attacks.", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-setuptools-wheel@39.2.0-9.el8_10?arch=noarch&distro=rhel-8.10&upstream=python-setuptools-39.2.0-9.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false }, { "id" : "CVE-2025-47273", "title" : "setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-47273" ], "unique" : false }, { "id" : "CVE-2022-40897", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-40897" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.34.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "title" : "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "title" : "Glibc: buffer overflow in ld.so leading to privilege escalation", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "title" : "Glibc: stack read overflow in getaddrinfo in no-aaaa mode", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2026-6238", "title" : "Buffer overread in ns_printrrf with corrupted RDATA field", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-6238" ], "unique" : false }, { "id" : "CVE-2023-4806", "title" : "Glibc: potential use-after-free in getaddrinfo()", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2026-4046", "title" : "iconv crash due to assertion failure with untrusted input", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4046" ], "unique" : false }, { "id" : "CVE-2026-5450", "title" : "scanf %mc off-by-one heap buffer overflow", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5450" ], "unique" : false }, { "id" : "CVE-2026-5928", "title" : "Potential buffer under-read in ungetwc", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5928" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "title" : "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.34.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "title" : "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "title" : "Glibc: buffer overflow in ld.so leading to privilege escalation", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "title" : "Glibc: stack read overflow in getaddrinfo in no-aaaa mode", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "title" : "Glibc: potential use-after-free in getaddrinfo()", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "title" : "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.34.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "title" : "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "title" : "Glibc: buffer overflow in ld.so leading to privilege escalation", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "title" : "Glibc: stack read overflow in getaddrinfo in no-aaaa mode", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "title" : "Glibc: potential use-after-free in getaddrinfo()", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "title" : "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.4-4.el8_6?arch=x86_64&distro=rhel-8.10&upstream=xz-5.2.4-4.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2022-1271", "title" : "An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2022-1271" ], "unique" : false }, { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-1271", "title" : "An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2022-1271" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=rhel-8.10&upstream=python3-3.6.8-76.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2022-42919", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2022-42919" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2015-20107", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2015-20107" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2020-10735", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2020-10735" ], "unique" : false }, { "id" : "CVE-2022-45061", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-45061" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2021-28861", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2021-28861" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2023-27043", "title" : "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/zlib@1.2.11-25.el8?arch=x86_64&distro=rhel-8.10&upstream=zlib-1.2.11-25.el8.src.rpm", "issues" : [ { "id" : "CVE-2018-25032", "title" : "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2018-25032" ], "unique" : false }, { "id" : "CVE-2022-37434", "title" : "zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2022-37434" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2018-25032", "title" : "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2018-25032" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-6.el8_10.1?arch=x86_64&distro=rhel-8.10&upstream=libcap-2.48-6.el8_10.1.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=rhel-8.10&upstream=ncurses-6.1-10.20180224.el8.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=rhel-8.10&upstream=ncurses-6.1-10.20180224.el8.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=rhel-8.10&upstream=sqlite-3.26.0-20.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false }, { "id" : "CVE-2022-35737", "title" : "SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-35737" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=rhel-8.10&upstream=expat-2.5.0-1.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "title" : "An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "title" : "An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "title" : "An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "title" : "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false }, { "id" : "CVE-2026-41080", "title" : "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-41080" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtirpc@1.1.4-12.el8_10?arch=x86_64&distro=rhel-8.10&upstream=libtirpc-1.1.4-12.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2021-46828", "title" : "In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2021-46828" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-46828", "title" : "In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2021-46828" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64&distro=rhel-8.10&upstream=pcre2-10.32-3.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2022-1586", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1586" ], "unique" : false }, { "id" : "CVE-2022-1587", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1587" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-1586", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1586" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bash@4.4.20-6.el8_10?arch=x86_64&distro=rhel-8.10&upstream=bash-4.4.20-6.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2022-3715", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3715" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-3715", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3715" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gmp@6.1.2-11.el8?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=gmp-6.1.2-11.el8.src.rpm", "issues" : [ { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=rhel-8.10&upstream=gcc-8.5.0-28.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=rhel-8.10&upstream=libtasn1-4.13-5.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2021-46848", "title" : "GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2021-46848" ], "unique" : false }, { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-46848", "title" : "GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2021-46848" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcom_err@1.45.6-7.el8_10?arch=x86_64&distro=rhel-8.10&upstream=e2fsprogs-1.45.6-7.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2022-1304", "title" : "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.", "source" : "redhat-csaf", "cvssScore" : 5.8, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1304" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-1304", "title" : "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.", "source" : "redhat-csaf", "cvssScore" : 5.8, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1304" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=rhel-8.10&upstream=python-pip-9.0.3-24.el8.src.rpm", "issues" : [ { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.23.22-2.el8?arch=x86_64&distro=rhel-8.10&upstream=p11-kit-0.23.22-2.el8.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.6-28.el8_10?arch=x86_64&distro=rhel-8.10&upstream=bzip2-1.0.6-28.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/java-17-openjdk-headless@17.0.19.0.10-1.el8?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=java-17-openjdk-17.0.19.0.10-1.el8.src.rpm", "issues" : [ { "id" : "CVE-2026-22016", "title" : "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-22016" ], "unique" : false }, { "id" : "CVE-2026-34282", "title" : "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-34282" ], "unique" : false }, { "id" : "CVE-2026-22013", "title" : "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N).", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22013" ], "unique" : false }, { "id" : "CVE-2026-22021", "title" : "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22021" ], "unique" : false }, { "id" : "CVE-2026-23865", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-23865" ], "unique" : false }, { "id" : "CVE-2026-22018", "title" : "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-22018" ], "unique" : false }, { "id" : "CVE-2026-22007", "title" : "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 2.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).", "source" : "redhat-csaf", "cvssScore" : 2.9, "severity" : "LOW", "cves" : [ "CVE-2026-22007" ], "unique" : false }, { "id" : "CVE-2026-34268", "title" : "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 2.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).", "source" : "redhat-csaf", "cvssScore" : 2.9, "severity" : "LOW", "cves" : [ "CVE-2026-34268" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=openssl-1.1.1k-15.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2022-1473", "title" : "Resource leakage when decoding certificates and keys", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1473" ], "unique" : false }, { "id" : "CVE-2022-3358", "title" : "Using a Custom Cipher with NID_undef may lead to NULL encryption", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3358" ], "unique" : false }, { "id" : "CVE-2022-3602", "title" : "X.509 Email Address 4-byte Buffer Overflow", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3602" ], "unique" : false }, { "id" : "CVE-2022-3786", "title" : "X.509 Email Address Variable Length Buffer Overflow", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3786" ], "unique" : false }, { "id" : "CVE-2022-4450", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-4450" ], "unique" : false }, { "id" : "CVE-2023-0215", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0215" ], "unique" : false }, { "id" : "CVE-2023-0216", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0216" ], "unique" : false }, { "id" : "CVE-2023-0217", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0217" ], "unique" : false }, { "id" : "CVE-2023-0401", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0401" ], "unique" : false }, { "id" : "CVE-2023-5363", "title" : "Incorrect cipher key & IV length processing", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2023-0286", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2023-0286" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "title" : "Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2022-1292", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1292" ], "unique" : false }, { "id" : "CVE-2022-2068", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2022-2068" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "title" : "NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2020-1971", "title" : "EDIPARTYNAME NULL pointer dereference", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2020-1971" ], "unique" : false }, { "id" : "CVE-2022-4304", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4304" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "title" : "SSL_select_next_proto buffer overread", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "title" : "Missing ASN1_TYPE validation in TS_RESP_verify_response() function", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "title" : "ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "title" : "Out-of-bounds read & write in RFC 3211 KEK Unwrap", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "title" : "PKCS12 Decoding crashes", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "title" : "Missing ASN1_TYPE validation in PKCS#12 parsing", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2022-1343", "title" : "OCSP_basic_verify may incorrectly verify the response signing certificate", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1343" ], "unique" : false }, { "id" : "CVE-2022-2097", "title" : "AES OCB fails to encrypt some bytes", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-2097" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "title" : "Excessive time spent in DH check / generation with large Q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2022-4203", "source" : "redhat-csaf", "cvssScore" : 4.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4203" ], "unique" : false }, { "id" : "CVE-2025-68160", "title" : "Heap out-of-bounds write in BIO_f_linebuffer on short writes", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "title" : "Unauthenticated/unencrypted trailing bytes with low-level OCB function calls", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "title" : "Unbounded memory growth with session handling in TLSv1.3", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.18.2-33.el8_10?arch=x86_64&distro=rhel-8.10&upstream=krb5-1.18.2-33.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "title" : "RADIUS Protocol under RFC2865 is vulnerable to forgery attacks.", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2022-42898", "title" : "PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has \"a similar bug.\"", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2022-42898" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2020-17049", "title" : "Kerberos KDC Security Feature Bypass Vulnerability", "source" : "redhat-csaf", "cvssScore" : 7.2, "severity" : "HIGH", "cves" : [ "CVE-2020-17049" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "title" : "Krb5: kerberos rc4-hmac-md5 checksum vulnerability enabling message spoofing via md5 collisions", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false }, { "id" : "CVE-2026-40355", "title" : "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-40355" ], "unique" : false }, { "id" : "CVE-2026-40356", "title" : "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-40356" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "title" : "RADIUS Protocol under RFC2865 is vulnerable to forgery attacks.", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-setuptools-wheel@39.2.0-9.el8_10?arch=noarch&distro=rhel-8.10&upstream=python-setuptools-39.2.0-9.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false }, { "id" : "CVE-2025-47273", "title" : "setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-47273" ], "unique" : false }, { "id" : "CVE-2022-40897", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-40897" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.28-251.el8_10.34?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.34.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "title" : "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "title" : "Glibc: buffer overflow in ld.so leading to privilege escalation", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "title" : "Glibc: stack read overflow in getaddrinfo in no-aaaa mode", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2026-6238", "title" : "Buffer overread in ns_printrrf with corrupted RDATA field", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-6238" ], "unique" : false }, { "id" : "CVE-2023-4806", "title" : "Glibc: potential use-after-free in getaddrinfo()", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2026-4046", "title" : "iconv crash due to assertion failure with untrusted input", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4046" ], "unique" : false }, { "id" : "CVE-2026-5450", "title" : "scanf %mc off-by-one heap buffer overflow", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5450" ], "unique" : false }, { "id" : "CVE-2026-5928", "title" : "Potential buffer under-read in ungetwc", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5928" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "title" : "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.28-251.el8_10.34?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.34.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "title" : "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "title" : "Glibc: buffer overflow in ld.so leading to privilege escalation", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "title" : "Glibc: stack read overflow in getaddrinfo in no-aaaa mode", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "title" : "Glibc: potential use-after-free in getaddrinfo()", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "title" : "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/javapackages-filesystem@5.3.0-1.module%2Bel8%2B2447%2B6f56d9a6?arch=noarch&distro=rhel-8.10&upstream=javapackages-tools-5.3.0-1.module%2Bel8%2B2447%2B6f56d9a6.src.rpm", "issues" : [ { "id" : "CVE-2025-48734", "title" : "Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2025-48734" ], "unique" : false }, { "id" : "CVE-2019-10086", "title" : "In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2019-10086" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-48734", "title" : "Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2025-48734" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.34?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.34.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "title" : "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "title" : "Glibc: buffer overflow in ld.so leading to privilege escalation", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "title" : "Glibc: stack read overflow in getaddrinfo in no-aaaa mode", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "title" : "Glibc: potential use-after-free in getaddrinfo()", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "title" : "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.4-4.el8_6?arch=x86_64&distro=rhel-8.10&upstream=xz-5.2.4-4.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2022-1271", "title" : "An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2022-1271" ], "unique" : false }, { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-1271", "title" : "An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2022-1271" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-libs@3.6.8-76.el8_10?arch=x86_64&distro=rhel-8.10&upstream=python3-3.6.8-76.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2022-42919", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2022-42919" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2015-20107", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2015-20107" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2020-10735", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2020-10735" ], "unique" : false }, { "id" : "CVE-2022-45061", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-45061" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2021-28861", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2021-28861" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2023-27043", "title" : "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/zlib@1.2.11-25.el8?arch=x86_64&distro=rhel-8.10&upstream=zlib-1.2.11-25.el8.src.rpm", "issues" : [ { "id" : "CVE-2018-25032", "title" : "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2018-25032" ], "unique" : false }, { "id" : "CVE-2022-37434", "title" : "zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2022-37434" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2018-25032", "title" : "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2018-25032" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/cups-libs@2.2.6-67.el8_10?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=cups-2.2.6-67.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2025-58060", "source" : "redhat-csaf", "cvssScore" : 8.0, "severity" : "HIGH", "cves" : [ "CVE-2025-58060" ], "unique" : false }, { "id" : "CVE-2024-47175", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2024-47175" ], "unique" : false }, { "id" : "CVE-2023-34241", "title" : "CUPS vulnerable to use-after-free in cupsdAcceptClient()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-34241" ], "unique" : false }, { "id" : "CVE-2022-26691", "title" : "A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges.", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2022-26691" ], "unique" : false }, { "id" : "CVE-2023-32360", "title" : "An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An unauthenticated user may be able to access recently printed documents.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32360" ], "unique" : false }, { "id" : "CVE-2025-58364", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-58364" ], "unique" : false }, { "id" : "CVE-2023-32324", "title" : "OpenPrinting CUPS vulnerable to heap buffer overflow", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32324" ], "unique" : false }, { "id" : "CVE-2025-58436", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-58436" ], "unique" : false }, { "id" : "CVE-2024-35235", "title" : "Cupsd Listen arbitrary chmod 0140777", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-35235" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-58060", "source" : "redhat-csaf", "cvssScore" : 8.0, "severity" : "HIGH", "cves" : [ "CVE-2025-58060" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/systemd-libs@239-82.el8_10.16?arch=x86_64&distro=rhel-8.10&upstream=systemd-239-82.el8_10.16.src.rpm", "issues" : [ { "id" : "CVE-2026-29111", "title" : "systemd: Local unprivileged user can trigger an assert", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2026-29111" ], "unique" : false }, { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false }, { "id" : "CVE-2022-3821", "title" : "An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3821" ], "unique" : false }, { "id" : "CVE-2022-4415", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4415" ], "unique" : false }, { "id" : "CVE-2022-45873", "title" : "systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-45873" ], "unique" : false }, { "id" : "CVE-2025-4598", "title" : "Systemd-coredump: race condition that allows a local attacker to crash a suid program and gain read access to the resulting core dump", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4598" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-29111", "title" : "systemd: Local unprivileged user can trigger an assert", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2026-29111" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-6.el8_10.1?arch=x86_64&distro=rhel-8.10&upstream=libcap-2.48-6.el8_10.1.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=rhel-8.10&upstream=ncurses-6.1-10.20180224.el8.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=rhel-8.10&upstream=ncurses-6.1-10.20180224.el8.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=rhel-8.10&upstream=sqlite-3.26.0-20.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false }, { "id" : "CVE-2022-35737", "title" : "SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-35737" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=rhel-8.10&upstream=expat-2.5.0-1.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "title" : "An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "title" : "An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "title" : "An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "title" : "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false }, { "id" : "CVE-2026-41080", "title" : "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-41080" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=rhel-8.10&upstream=gnutls-3.6.16-8.el8_10.5.src.rpm", "issues" : [ { "id" : "CVE-2022-2509", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-2509" ], "unique" : false }, { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false }, { "id" : "CVE-2024-0567", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0567" ], "unique" : false }, { "id" : "CVE-2026-1584", "title" : "Gnutls: gnutls: remote denial of service via crafted clienthello with invalid psk binder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1584" ], "unique" : false }, { "id" : "CVE-2026-33845", "title" : "Gnutls: gnutls: denial of service via dtls zero-length fragment", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-33845" ], "unique" : false }, { "id" : "CVE-2026-33846", "title" : "Gnutls: gnutls: denial of service via heap buffer overflow in dtls handshake fragment reassembly", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-33846" ], "unique" : false }, { "id" : "CVE-2023-0361", "title" : "A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2023-0361" ], "unique" : false }, { "id" : "CVE-2026-42011", "title" : "Gnutls: gnutls: security bypass due to incorrect name constraint handling", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2026-42011" ], "unique" : false }, { "id" : "CVE-2026-42010", "title" : "Gnutls: gnutls: authentication bypass via nul character in username", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-42010" ], "unique" : false }, { "id" : "CVE-2025-32988", "title" : "Gnutls: vulnerability in gnutls othername san export", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32988" ], "unique" : false }, { "id" : "CVE-2025-32990", "title" : "Gnutls: vulnerability in gnutls certtool template parsing", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32990" ], "unique" : false }, { "id" : "CVE-2025-6395", "title" : "Gnutls: null pointer dereference in _gnutls_figure_common_ciphersuite()", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6395" ], "unique" : false }, { "id" : "CVE-2026-3833", "title" : "Gnutls: gnutls: policy bypass due to case-sensitive nameconstraints comparison", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3833" ], "unique" : false }, { "id" : "CVE-2023-5981", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5981" ], "unique" : false }, { "id" : "CVE-2024-12243", "title" : "Gnutls: gnutls impacted by inefficient der decoding in libtasn1 leading to remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12243" ], "unique" : false }, { "id" : "CVE-2024-28834", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28834" ], "unique" : false }, { "id" : "CVE-2025-14831", "title" : "Gnutls: gnutls: denial of service via excessive resource consumption during certificate verification", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14831" ], "unique" : false }, { "id" : "CVE-2025-32989", "title" : "Gnutls: vulnerability in gnutls sct extension parsing", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32989" ], "unique" : false }, { "id" : "CVE-2024-28835", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28835" ], "unique" : false }, { "id" : "CVE-2025-9820", "title" : "Gnutls: stack-based buffer overflow in gnutls_pkcs11_token_init() function", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9820" ], "unique" : false }, { "id" : "CVE-2026-3832", "title" : "Gnutls: gnutls: security bypass allows acceptance of revoked server certificates via crafted ocsp response", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-3832" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-2509", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-2509" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtirpc@1.1.4-12.el8_10?arch=x86_64&distro=rhel-8.10&upstream=libtirpc-1.1.4-12.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2021-46828", "title" : "In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2021-46828" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-46828", "title" : "In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2021-46828" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64&distro=rhel-8.10&upstream=pcre2-10.32-3.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2022-1586", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1586" ], "unique" : false }, { "id" : "CVE-2022-1587", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1587" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-1586", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1586" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=rhel-8.10&upstream=libgcrypt-1.8.5-7.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false }, { "id" : "CVE-2024-2236", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-2236" ], "unique" : false }, { "id" : "CVE-2026-41990", "title" : "Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds check but do not use attacker-controlled data.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-41990" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/lua@5.3.4-12.el8?arch=x86_64&distro=rhel-8.10&upstream=lua-5.3.4-12.el8.src.rpm", "issues" : [ { "id" : "CVE-2021-44964", "title" : "Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2021-44964" ], "unique" : false }, { "id" : "CVE-2022-33099", "title" : "An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-33099" ], "unique" : false }, { "id" : "CVE-2022-28805", "title" : "singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2022-28805" ], "unique" : false }, { "id" : "CVE-2021-43519", "title" : "Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43519" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-44964", "title" : "Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2021-44964" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/lua-libs@5.3.4-12.el8?arch=x86_64&distro=rhel-8.10&upstream=lua-5.3.4-12.el8.src.rpm", "issues" : [ { "id" : "CVE-2021-44964", "title" : "Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2021-44964" ], "unique" : false }, { "id" : "CVE-2022-33099", "title" : "An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-33099" ], "unique" : false }, { "id" : "CVE-2022-28805", "title" : "singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2022-28805" ], "unique" : false }, { "id" : "CVE-2021-43519", "title" : "Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43519" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-44964", "title" : "Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2021-44964" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bash@4.4.20-6.el8_10?arch=x86_64&distro=rhel-8.10&upstream=bash-4.4.20-6.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2022-3715", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3715" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-3715", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3715" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/dbus-libs@1.12.8-28.el8_10?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=dbus-1.12.8-28.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2022-42010", "title" : "An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-42010" ], "unique" : false }, { "id" : "CVE-2022-42011", "title" : "An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-42011" ], "unique" : false }, { "id" : "CVE-2022-42012", "title" : "An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-42012" ], "unique" : false }, { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-42010", "title" : "An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-42010" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gmp@6.1.2-11.el8?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=gmp-6.1.2-11.el8.src.rpm", "issues" : [ { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/avahi-libs@0.7-27.el8_10.1?arch=x86_64&distro=rhel-8.10&upstream=avahi-0.7-27.el8_10.1.src.rpm", "issues" : [ { "id" : "CVE-2021-3468", "title" : "A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-3468" ], "unique" : false }, { "id" : "CVE-2023-1981", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1981" ], "unique" : false }, { "id" : "CVE-2023-38469", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-38469" ], "unique" : false }, { "id" : "CVE-2023-38470", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-38470" ], "unique" : false }, { "id" : "CVE-2023-38471", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-38471" ], "unique" : false }, { "id" : "CVE-2023-38472", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-38472" ], "unique" : false }, { "id" : "CVE-2023-38473", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-38473" ], "unique" : false }, { "id" : "CVE-2021-3502", "title" : "A flaw was found in avahi 0.8-5. A reachable assertion is present in avahi_s_host_name_resolver_start function allowing a local attacker to crash the avahi service by requesting hostname resolutions through the avahi socket or dbus methods for invalid hostnames. The highest threat from this vulnerability is to the service availability.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-3502" ], "unique" : false }, { "id" : "CVE-2024-52615", "title" : "Avahi: avahi wide-area dns uses constant source port", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-52615" ], "unique" : false }, { "id" : "CVE-2024-52616", "title" : "Avahi: avahi wide-area dns predictable transaction ids", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-52616" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-3468", "title" : "A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-3468" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.32.1-48.el8_10?arch=x86_64&distro=rhel-8.10&upstream=util-linux-2.32.1-48.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=rhel-8.10&upstream=gcc-8.5.0-28.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libblkid@2.32.1-48.el8_10?arch=x86_64&distro=rhel-8.10&upstream=util-linux-2.32.1-48.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false }, { "id" : "CVE-2026-27456", "title" : "util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27456" ], "unique" : false }, { "id" : "CVE-2026-3184", "title" : "Util-linux: util-linux: access control bypass due to improper hostname canonicalization", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-3184" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=rhel-8.10&upstream=gcc-8.5.0-28.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libmount@2.32.1-48.el8_10?arch=x86_64&distro=rhel-8.10&upstream=util-linux-2.32.1-48.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=rhel-8.10&upstream=libtasn1-4.13-5.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2021-46848", "title" : "GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2021-46848" ], "unique" : false }, { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-46848", "title" : "GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2021-46848" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcom_err@1.45.6-7.el8_10?arch=x86_64&distro=rhel-8.10&upstream=e2fsprogs-1.45.6-7.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2022-1304", "title" : "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.", "source" : "redhat-csaf", "cvssScore" : 5.8, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1304" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-1304", "title" : "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.", "source" : "redhat-csaf", "cvssScore" : 5.8, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1304" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=rhel-8.10&upstream=python-pip-9.0.3-24.el8.src.rpm", "issues" : [ { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.23.22-2.el8?arch=x86_64&distro=rhel-8.10&upstream=p11-kit-0.23.22-2.el8.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.6-28.el8_10?arch=x86_64&distro=rhel-8.10&upstream=bzip2-1.0.6-28.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/alsa-lib@1.2.10-2.el8?arch=x86_64&distro=rhel-8.10&upstream=alsa-lib-1.2.10-2.el8.src.rpm", "issues" : [ { "id" : "CVE-2026-25068", "title" : "alsa-lib 1.2.15.2 Topology Decoder Heap-based Buffer Overflow", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-25068" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-25068", "title" : "alsa-lib 1.2.15.2 Topology Decoder Heap-based Buffer Overflow", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-25068" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64&distro=rhel-8.10&upstream=rpm-4.14.3-32.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=openssl-1.1.1k-15.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2022-1473", "title" : "Resource leakage when decoding certificates and keys", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1473" ], "unique" : false }, { "id" : "CVE-2022-3358", "title" : "Using a Custom Cipher with NID_undef may lead to NULL encryption", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3358" ], "unique" : false }, { "id" : "CVE-2022-3602", "title" : "X.509 Email Address 4-byte Buffer Overflow", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3602" ], "unique" : false }, { "id" : "CVE-2022-3786", "title" : "X.509 Email Address Variable Length Buffer Overflow", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3786" ], "unique" : false }, { "id" : "CVE-2022-4450", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-4450" ], "unique" : false }, { "id" : "CVE-2023-0215", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0215" ], "unique" : false }, { "id" : "CVE-2023-0216", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0216" ], "unique" : false }, { "id" : "CVE-2023-0217", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0217" ], "unique" : false }, { "id" : "CVE-2023-0401", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0401" ], "unique" : false }, { "id" : "CVE-2023-5363", "title" : "Incorrect cipher key & IV length processing", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2023-0286", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2023-0286" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "title" : "Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2022-1292", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1292" ], "unique" : false }, { "id" : "CVE-2022-2068", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2022-2068" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "title" : "NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2020-1971", "title" : "EDIPARTYNAME NULL pointer dereference", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2020-1971" ], "unique" : false }, { "id" : "CVE-2022-4304", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4304" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "title" : "SSL_select_next_proto buffer overread", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "title" : "Missing ASN1_TYPE validation in TS_RESP_verify_response() function", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "title" : "ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "title" : "Out-of-bounds read & write in RFC 3211 KEK Unwrap", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "title" : "PKCS12 Decoding crashes", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "title" : "Missing ASN1_TYPE validation in PKCS#12 parsing", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2022-1343", "title" : "OCSP_basic_verify may incorrectly verify the response signing certificate", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1343" ], "unique" : false }, { "id" : "CVE-2022-2097", "title" : "AES OCB fails to encrypt some bytes", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-2097" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "title" : "Excessive time spent in DH check / generation with large Q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2022-4203", "source" : "redhat-csaf", "cvssScore" : 4.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4203" ], "unique" : false }, { "id" : "CVE-2025-68160", "title" : "Heap out-of-bounds write in BIO_f_linebuffer on short writes", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "title" : "Unauthenticated/unencrypted trailing bytes with low-level OCB function calls", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "title" : "Unbounded memory growth with session handling in TLSv1.3", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=rhel-8.10&upstream=curl-7.61.1-34.el8_10.11.src.rpm", "issues" : [ { "id" : "CVE-2022-32207", "title" : "When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2022-32207" ], "unique" : false }, { "id" : "CVE-2022-22576", "title" : "An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2022-22576" ], "unique" : false }, { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false }, { "id" : "CVE-2022-27775", "title" : "An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-27775" ], "unique" : false }, { "id" : "CVE-2022-27782", "title" : "libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-27782" ], "unique" : false }, { "id" : "CVE-2024-2398", "title" : "HTTP/2 push headers memory-leak", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-2398" ], "unique" : false }, { "id" : "CVE-2022-32206", "title" : "curl < 7.84.0 supports \"chained\" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable \"links\" in this \"decompression chain\" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a \"malloc bomb\", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-32206" ], "unique" : false }, { "id" : "CVE-2023-23916", "title" : "An allocation of resources without limits or throttling vulnerability exists in curl